Vulnerabilities and security researches foradminify adminify
Direction: descendingApr 16, 2026
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2026-1060
- CVE, Research URL
- Date
- Jan 28, 2026
- Research Description
- The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to __return_true, allowing unauthenticated attackers to retrieve the complete list of available addons, their installation status, version numbers, and download URLs.
- Affected versions
-
max 4.0.7.8.
- Status
-
vulnerable
Jan 10, 2026
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2025-68592
- CVE, Research URL
- Date
- Dec 24, 2025
- Research Description
- Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
- Affected versions
-
max 4.0.6.1.
- Status
-
vulnerable
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2025-68593
- CVE, Research URL
- Date
- Dec 24, 2025
- Research Description
- Missing Authorization vulnerability in Liton Arefin WP Adminify adminify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Adminify: from n/a through <= 4.0.6.1.
- Affected versions
-
max 4.0.6.1.
- Status
-
vulnerable
May 06, 2025
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2022-4974
- CVE, Research URL
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
max 2.0.5.
- Status
-
vulnerable
Oct 25, 2024
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2024-8959
- CVE, Research URL
- Date
- Oct 24, 2024
- Research Description
- The WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.0.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
- Affected versions
-
max 4.0.1.7.
- Status
-
vulnerable
Jun 06, 2024
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2023-4060
- CVE, Research URL
- Date
- Sep 12, 2023
- Research Description
- The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
max 3.1.6.
- Status
-
vulnerable
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2023-44266
- CVE, Research URL
- Date
- Oct 02, 2023
- Research Description
- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.
- Affected versions
-
max 3.1.8.
- Status
-
vulnerable
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # CVE-2023-52132
- CVE, Research URL
- Date
- Dec 31, 2023
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6.
- Affected versions
-
max 3.1.7.
- Status
-
vulnerable
WP Adminify – WordPress Dashboard Customization | Custom Login | Admin Columns | Dashboard Widget | Media Library Folders # 2156fb79293577a0d7765373137e934198b6c7f4
- CVE, Research URL
- Date
- Feb 28, 2022
- Research Description
- WP Adminify – Custom WordPress Dashboard, Login and Admin Customizer [adminify] < 3.1.4 WordPress WP Adminify – Powerhouse Toolkit for WordPress Dashboard plugin <= 2.0.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress WP Adminify – Powerhouse Toolkit for WordPress Dashboard plugin (versions <= 2.0.4).
- Affected versions
-
max 3.1.4.
- Status
-
vulnerable