WP-Safety

WPSupervisor Client Security & Risk Analysis

wordpress.org/plugins/wpsupervisor-client

Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your WPSupervisor Admin Panel.

10 active installs v1.1.10 PHP + WP 3.0+ Updated Apr 9, 2013
adminadministrationamazonapiauthentication
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPSupervisor Client Safe to Use in 2026?

Generally Safe

Score 85/100

WPSupervisor Client has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago
Risk Assessment

The WPSupervisor-Client plugin v1.1.10 presents a mixed security posture. While it exhibits strengths in its limited attack surface, with no identified AJAX handlers, REST API routes, or shortcodes that are unprotected, and a good percentage of SQL queries utilizing prepared statements, significant concerns arise from its code signals. The presence of five dangerous functions (exec, system, passthru, create_function, unserialize) is a red flag, as these can be exploited for remote code execution or deserialization vulnerabilities if used improperly with user-supplied input. The taint analysis further highlights this risk, revealing two flows with unsanitized paths, both classified as high severity. This indicates a potential for attackers to inject malicious code or data that is not properly validated or sanitized before being processed by these dangerous functions or other vulnerable code paths. The lack of any documented vulnerability history or CVEs is positive, suggesting that the plugin may have been developed with security in mind or has not yet been a target of widespread exploits. However, this absence of history should not overshadow the critical risks identified in the static and taint analysis.

Key Concerns

  • Unsanitized taint flows found (High Severity)
  • Dangerous functions detected (exec, system, passthru, create_function, unseriali
  • Missing nonce checks
  • Missing capability checks
  • Low percentage of properly escaped output
Vulnerabilities
None known

WPSupervisor Client Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WPSupervisor Client Code Analysis

Dangerous Functions
5
Raw SQL Queries
20
70 prepared
Unescaped Output
5
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
161
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

exec$log = @exec($command, $output, $return);backup.class.php:1634
system$log = @system($command, $return);backup.class.php:1643
passthru$log = passthru($command, $return);backup.class.php:1653
create_functionadd_filter( $_name, create_function( '$a' , 'global $iwp_mmb_filters; return array_merge($a, $iwp_mmcore.class.php:207
unserialize$unserialized_data = unserialize($data);wps-client.php:117

SQL Query Safety

78% prepared90 total queries

Output Escaping

44% escaped9 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
reply_comment (addons\comments\comments.class.php:199)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WPSupervisor Client Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 16
actionnetwork_admin_noticescore.class.php:87
actionadmin_noticescore.class.php:91
actionadmin_noticescore.class.php:94
actionrightnow_endcore.class.php:167
actionadmin_initcore.class.php:168
actioninitcore.class.php:169
actionsetup_themecore.class.php:170
actionset_auth_cookiecore.class.php:171
actionset_logged_in_cookiecore.class.php:172
filterall_pluginscore.class.php:729
filteriwp_mmb_stats_filterplugins\cleanup\cleanup.php:19
filteriwp_mmb_stats_filterplugins\extra_html_example\extra_html_example.php:10
filteriwp_website_addstats.class.php:818
filteriwp_website_addwps-client.php:512
actioninitwps-client.php:1200
filterinstall_plugin_complete_actionswps-client.php:1203

Scheduled Events 2

iwp_client_backup_tasks
iwp_client_backup_tasks
Maintenance & Trust

WPSupervisor Client Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedApr 9, 2013
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

WPSupervisor Client Alternatives

IthStatsWP Client

IthStatsWP Client

ithstatswp-client

A
85

Install this plugin on unlimited sites and manage them all from a central dashboard.

10 No CVEs
BugHerd

BugHerd

bugherd

A
100

BugHerd is the visual feedback tool for websites.

3K No CVEs
LatePoint Manager

LatePoint Manager

latepoint-manager

A
85

LatePoint Manager is a new role for LatePoint - Appointment Booking & Reservation plugin. You can contronl pending Appointment Booking list and ma …

200 No CVEs
WP Site Monitor

WP Site Monitor

wp-site-monitor

A
100

Extends official WP REST API to provide extra endpoints to help manage sites remotely.

10 No CVEs
User Role Blocker

User Role Blocker

user-role-blocker

A
85

A simple and nice plugin to block existing users from logging into the admin panel by assigning them to the 'Blocked' user role, as simple a …

0 No CVEs
Developer Profile

WPSupervisor Client Developer Profile

Profit Marketer

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WPSupervisor Client

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about WPSupervisor Client