WP-Safety

WP Quick Maintenance Security & Risk Analysis

wordpress.org/plugins/wp-quick-maintenance

WP Quick Maintenance Plugin will help you easily enable maintenance mode on your site or add a coming soon page for a new website.

30 active installs v0.1 PHP + WP 3.0+ Updated Unknown
adminadministrationcoming-sooncontact-formlanding-page
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Quick Maintenance Safe to Use in 2026?

Generally Safe

Score 100/100

WP Quick Maintenance has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The wp-quick-maintenance plugin v0.1 exhibits a concerning security posture, primarily due to its exposed attack surface. All four identified AJAX handlers lack authentication checks, presenting a direct entry point for unauthorized actions. Furthermore, the presence of the `unserialize` function, combined with two high-severity taint flows with unsanitized paths, indicates a significant risk of remote code execution or data manipulation if an attacker can control the serialized data processed by these flows. While the plugin shows good practice with SQL queries using prepared statements and a lack of external HTTP requests or file operations, these strengths are overshadowed by the critical vulnerabilities in its entry point and data handling.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This might suggest it has not been a significant target or that prior versions have not contained exploitable flaws. However, this absence of history should not be mistaken for security; the static and taint analysis clearly reveal potential weaknesses that could be exploited. The plugin demonstrates a mixed bag of practices: strong on SQL and external interaction, but critically weak on input validation and access control for its AJAX endpoints. A balanced conclusion would be that while it avoids some common pitfalls, the identified high-risk issues, particularly the unprotected AJAX handlers and unsanitized data flows, demand immediate attention.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Dangerous function used (unserialize)
  • Low percentage of properly escaped output
Vulnerabilities
None known

WP Quick Maintenance Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WP Quick Maintenance Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
2 prepared
Unescaped Output
78
24 escaped
Nonce Checks
4
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$datetime = unserialize( $meta_value );metabox\helpers\cmb_Meta_Box_types.php:502

SQL Query Safety

100% prepared2 total queries

Output Escaping

24% escaped102 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
sanitize_field (metabox\init.php:686)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

WP Quick Maintenance Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_cmb_oembed_handlermetabox\init.php:1096
noprivwp_ajax_cmb_oembed_handlermetabox\init.php:1097
authwp_ajax_wqm_send_mail_to_adminwp-quick-maintenance.php:429
noprivwp_ajax_wqm_send_mail_to_adminwp-quick-maintenance.php:430
WordPress Hooks 23
filtercmb_meta_boxesmetabox\example-functions.php:21
actioninitmetabox\example-functions.php:811
filterget_post_metadatametabox\helpers\cmb_Meta_Box_ajax.php:115
filterupdate_post_metadatametabox\helpers\cmb_Meta_Box_ajax.php:117
filtercmb_show_onmetabox\init.php:171
actionadmin_enqueue_scriptsmetabox\init.php:175
actionadmin_menumetabox\init.php:178
actionadd_attachmentmetabox\init.php:179
actionedit_attachmentmetabox\init.php:180
actionsave_postmetabox\init.php:181
actionadmin_enqueue_scriptsmetabox\init.php:182
actionadmin_headmetabox\init.php:185
actionshow_user_profilemetabox\init.php:200
actionedit_user_profilemetabox\init.php:201
actionuser_new_formmetabox\init.php:202
actionpersonal_options_updatemetabox\init.php:204
actionedit_user_profile_updatemetabox\init.php:205
actionuser_registermetabox\init.php:206
actionadmin_headmetabox\init.php:209
actionwp_loadedwp-quick-maintenance.php:18
actionadmin_initwp-quick-maintenance.php:322
actionadmin_menuwp-quick-maintenance.php:323
actioninitwp-quick-maintenance.php:393
Maintenance & Trust

WP Quick Maintenance Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedUnknown
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings2
Active installs30
Alternatives

WP Quick Maintenance Alternatives

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

A
96

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs
Maintenance Mode with Site Build Status

Maintenance Mode with Site Build Status

maintenance-mode-with-site-build-status

A
85

Add a maintenance page to your website that ALSO tells your customers and visitors exactly what stage of progress your website is in.

10 No CVEs
Under Construction page display for certain page is in under maintenance.

Under Construction page display for certain page is in under maintenance.

under-construction-for-specific-pages

A
85

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

10 No CVEs
Uni-theme Maintenance Mode

Uni-theme Maintenance Mode

uni-theme-maintenance-mode

A
85

Currently only in Ukrainian translation!

10 No CVEs
Simple Maintenance 4 wp

Simple Maintenance 4 wp

simple-maintenance-4-wp

A
85

Display a simple maintenance mode page while your site is undergoing scheduled maintenance The plugin does not require any additional configuration o …

0 No CVEs
Developer Profile

WP Quick Maintenance Developer Profile

help4cms

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Quick Maintenance

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
wp_quick_maintenance_page
FAQ

Frequently Asked Questions about WP Quick Maintenance