Admin WordPress Plugins That Need Review
246 indexed plugins
Plugins
246
Active Installs
4m+
Average Score
63
Audited
246
Needs Review
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #101 | Simple Client Dashboard | 47 | 38 | 36 | 2k+ | Missing direct file access protection | ||
| #102 | Advanced Custom Fields – Location Field add-on | 48 | 51 | 6 | 900 | Output is not escaped | ||
| #103 | Custom Background Extended | 48 | 13 | 23 | 800 | Input is not validated | ||
| #104 | Custom Header Extended | 48 | 19 | 11 | 1k+ | Unsafe printing function | ||
| #105 | WP Attachment Export | 48 | 16 | 25 | 600 | Input is not sanitized | ||
| #106 | Dashboard quick links widget | 49 | 22 | 16 | 700 | Output is not escaped | ||
| #107 | Users by Date Registered | 49 | 13 | 20 | 1k+ | Nonce verification recommended | ||
| #108 | Adjust Admin Categories | 51 | 30 | 12 | 10k+ | Output is not escaped | ||
| #109 | Hide Admin Bar | 51 | 35 | 17 | 20k+ | Unsafe printing function | ||
| #110 | Visual Sitemap | 51 | 23 | 6 | 400 | Output is not escaped | ||
| #111 | Easy WP Page Navigation | 52 | 60 | 8 | 800 | Non Singular String Literal Domain | ||
| #112 | Plugins Load Order | 52 | 32 | 16 | 500 | Non Singular String Literal Domain | ||
| #113 | Bulk Actions Select All | 53 | 26 | 22 | 800 | Text Domain Mismatch | ||
| #114 | WP Login Logo | 53 | 28 | 9 | 500 | Unsafe printing function | ||
| #115 | WP Login Timeout Settings | 54 | 27 | 7 | 600 | Output is not escaped | ||
| #116 | Posts Columns Manager | 56 | 47 | 2 | 800 | Output is not escaped | ||
| #117 | Require Featured Image | 56 | 20 | 6 | 3k+ | Output is not escaped | ||
| #118 | Video Dashboard | 56 | 33 | 1 | 500 | Output is not escaped | ||
| #119 | Remove admin menus by role | 57 | 5 | 54 | 8k+ | Input is not validated | ||
| #120 | Filter Orders by Product for WooCommerce | 57 | 9 | 21 | 4k+ | Nonce verification recommended | ||
| #121 | Admin Page Notes | 58 | 17 | 15 | 800 | Text Domain Mismatch | ||
| #122 | Custom Meta Widget | 58 | 55 | 2 | 7k+ | Output is not escaped | ||
| #123 | View Admin As | 58 | 307 | 135 | 9k+ | Non Singular String Literal Domain | ||
| #124 | Admin Menu Groups | 60 | 26 | 10 | 800 | Output is not escaped | ||
| #125 | whatwedo ACF Cleaner | 61 | 8 | 20 | 800 | Input is not validated | ||
| #126 | Bulk Edit YOAST SEO fields in Spreadsheet | 61 | 56 | 16 | 1k+ | Non Singular String Literal Domain | ||
| #127 | Dashboard Widget Sidebar | 62 | 9 | 16 | 400 | Input is not validated | ||
| #128 | Disable Visual Editor WYSIWYG | 62 | 10 | 12 | 1k+ | Nonce verification recommended | ||
| #129 | Falcon – WordPress Optimizations & Tweaks | 62 | 47 | 66 | 2k+ | Short PHP open tag found | ||
| #130 | Uber Login Logo | 62 | 16 | 5 | 10k+ | Unsafe printing function | ||
| #131 | Admin CSS MU | 64 | 30 | 582 | 10k+ | Non-prefixed global variable | ||
| #132 | Admin filter posts by year | 64 | 8 | 32 | 400 | Non-prefixed function | ||
| #133 | Disable REST API | 65 | 12 | 15 | 80k+ | Output is not escaped | ||
| #134 | Featured Galleries | 65 | 15 | 10 | 3k+ | Output is not escaped | ||
| #135 | Calculated fields for ACF | 66 | 5 | 18 | 1k+ | Non-prefixed global variable | ||
| #136 | Custom Posts Per Page | 66 | 20 | 2 | 900 | Unsafe printing function | ||
| #137 | Custom Posts Per Page Reloaded | 66 | 40 | 3 | 700 | Text Domain Mismatch | ||
| #138 | HiFi (Head Injection, Foot Injection) | 66 | 13 | 11 | 2k+ | Output is not escaped | ||
| #139 | Add Logo to Admin | 67 | 14 | 3 | 6k+ | Unsafe printing function | ||
| #140 | Hide Plugins | 67 | 7 | 15 | 1k+ | Nonce verification recommended | ||
| #141 | WP Logout Redirect | 67 | 20 | 5 | 400 | Unsafe printing function | ||
| #142 | Desert Companion | 68 | 412 | 837 | 20k+ | Non-prefixed global variable | ||
| #143 | Pinterest Verify Meta Tag | 68 | 20 | 6 | 600 | Output is not escaped | ||
| #144 | Slim Maintenance Mode | 68 | 9 | 10 | 10k+ | Output is not escaped | ||
| #145 | Sortable Word Count Reloaded | 68 | 18 | 6 | 2k+ | Output is not escaped | ||
| #146 | Automatic Domain Changer | 69 | 37 | 14 | 10k+ | Text Domain Mismatch | ||
| #147 | Dashboard Commander | 69 | 13 | 2 | 900 | Output is not escaped | ||
| #148 | Purchased Items Column for WooCommerce Orders | 70 | 10 | 8 | 800 | Output is not escaped | ||
| #149 | SubHeading | 70 | 22 | 13 | 1k+ | Non Singular String Literal Domain | ||
| #150 | Change Administrator Email Address | 71 | 12 | 9 | 700 | Output is not escaped |