Does WP phpMyAdmin have any unpatched vulnerabilities?

No. All known vulnerabilities in WP phpMyAdmin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP phpMyAdmin compatible with WordPress 6.7.5?

According to WordPress.org data, WP phpMyAdmin 5.2.2.01 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is WP phpMyAdmin updated?

WP phpMyAdmin was last updated on Oct 17, 2025. Frequent updates are generally a positive security signal.

What is WP phpMyAdmin's security score?

WP phpMyAdmin has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP phpMyAdmin Security & Risk Analysis

wordpress.org/plugins/wp-phpmyadmin-extension

[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 𝐵𝓎 𝒫𝓊𝓋𝑜𝓍 ] phpMyAdmin - Database Browser & Manager (for MySQL & MariaDB)

50K active installs v5.2.2.01 PHP + WP 6.0+ Updated Oct 17, 2025

databasemanagermysqlphpminiadminphpmyadmin

A · Safe

CVEs total2

Unpatched0

Last CVEAug 1, 2022

Plugin page Download

Safety Verdict

Is WP phpMyAdmin Safe to Use in 2026?

Generally Safe

Score 99/100

WP phpMyAdmin has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 1, 2022Updated 5mo ago

Risk Assessment

The "wp-phpmyadmin-extension" v5.2.2.01 plugin exhibits a mixed security posture. While it demonstrates some good practices, such as a significant percentage of SQL queries using prepared statements and the presence of nonce and capability checks, there are notable areas of concern. The static analysis reveals a dangerous function (`unserialize`) and a concerning number of flows with unsanitized paths, including one identified as high severity in the taint analysis. This suggests a potential for vulnerabilities if user-controlled data is not handled rigorously before being passed to `unserialize` or within these unsanitized paths.

The vulnerability history, with two known CVEs, one high and one medium severity, and a common pattern of Cross-site Scripting (XSS) vulnerabilities, further reinforces the need for caution. The fact that the last vulnerability was in August 2022 and is currently unpatched is a significant red flag. While the static analysis doesn't explicitly point to XSS in this specific version's reported metrics, the historical trend indicates a recurring weakness in output sanitization or input validation. Overall, the plugin has strengths in its controlled entry points and SQL practices, but the presence of `unserialize`, unsanitized path flows, and a history of XSS vulnerabilities necessitate a cautious approach and thorough review, especially considering the unpatched CVE.

Key Concerns

High severity taint flow found
Unsanitized paths found in taint analysis
Dangerous function: unserialize
Vulnerability history: 1 High severity CVE
Vulnerability history: 1 Medium severity CVE
Output escaping: only 49% properly escaped

Vulnerabilities

WP phpMyAdmin Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

WF-0234419b-9e39-4153-a3b7-bb913f2b6bcd-wp-phpmyadmin-extensionmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP phpMyAdmin <= 5.2.0.3 - Reflected Cross-Site Scripting

Aug 1, 2022 Patched in 5.2.0.4 (540d)

CVE-2022-2407high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP phpMyAdmin <= 5.2.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 1, 2022 Patched in 5.2.0.4 (540d)

Code Analysis

Analyzed Mar 16, 2026

WP phpMyAdmin Code Analysis

Dangerous Functions

Raw SQL Queries

46 prepared

Unescaped Output

80 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif ( @unserialize($serialized_string) !== false ) return $serialized_string;library.php:3813

SQL Query Safety

77% prepared60 total queries

Output Escaping

49% escaped163 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths

force_redirect_to_https (library.php:103)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP phpMyAdmin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

actionadmin_initindex.php:74

actionadmin_initindex.php:75

actionwp_logoutindex.php:76

actionwp_headlibrary.php:4768

actionadmin_headlibrary.php:4769

actionwp_enqueue_scriptslibrary_wp.php:73

actionadmin_enqueue_scriptslibrary_wp.php:74

actionadmin_footerlibrary_wp.php:148

actioninitlibrary_wp.php:163

actionadmin_initlibrary_wp.php:210

filtermce_external_pluginslibrary_wp.php:212

filtermce_buttons_2library_wp.php:213

filtertiny_mce_versionlibrary_wp.php:215

actionwplibrary_wp.php:231

actionplugins_loadedlibrary_wp.php:540

actionwplibrary_wp.php:550

actionwp_footerlibrary_wp.php:700

actioninitlibrary_wp.php:711

actionwp_loadedlibrary_wp.php:854

actionshutdownlibrary_wp.php:859

actioninitlibrary_wp.php:1732

actionadmin_headlibrary_wp.php:1743

actioncurrent_screenlibrary_wp.php:1744

actionwplibrary_wp.php:1753

filterupload_mimeslibrary_wp.php:1759

filterwp_handle_uploadlibrary_wp.php:1760

actioninitlibrary_wp.php:1822

actionnetwork_admin_menulibrary_wp.php:1912

actionadmin_menulibrary_wp.php:1914

actionactivated_pluginlibrary_wp.php:1916

actionnetwork_admin_noticeslibrary_wp.php:2103

actionadmin_noticeslibrary_wp.php:2104

filterwp_php_error_messagelibrary_wp.php:2187

actionwp_footerlibrary_wp.php:2375

filterwidget_textlibrary_wp.php:2399

filtersite_transient_update_pluginslibrary_wp.php:3266

Maintenance & Trust

WP phpMyAdmin Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedOct 17, 2025

PHP min version

Downloads1.1M

Community Trust

Rating92/100

Number of ratings58

Active installs50K

Alternatives

WP phpMyAdmin Alternatives

Database Backup for WordPress

wp-db-backup

Database Backup for WordPress is your one-stop database backup solution for WordPress.

70K 4 CVEs

WP-DBManager

wp-dbmanager

Manages your WordPress database.

60K 5 CVEs

Database Manager – WP Adminer

pexlechris-adminer

100

Manage the database from your WordPress Dashboard using Adminer.

20K 1 CVE

SQL Executioner

sql-executioner

Execute arbitrary SQL queries against your WordPress database from the Admin.

2K No CVEs

Run SQL Query

run-sql-query

Run SQL Query is a simple plugin to quickly execute any type of SQL query into the WordPress's DB and export the results in a CSV format file.

700 No CVEs

Developer Profile

WP phpMyAdmin Developer Profile

Puvox Software

16 plugins · 51K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

540 days

View full developer profile

Detection Fingerprints

How We Detect WP phpMyAdmin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-phpmyadmin-extension/assets/media/menu_icon.png

HTML / DOM Fingerprints

JS Globals

WpPhpMyAdminExtension

FAQ