Does Advanced Cron Manager – debug & control have any unpatched vulnerabilities?

No. All known vulnerabilities in Advanced Cron Manager – debug & control have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Advanced Cron Manager – debug & control compatible with WordPress 6.9.4?

According to WordPress.org data, Advanced Cron Manager – debug & control 2.7.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Advanced Cron Manager – debug & control compatible with PHP 5.3+?

Advanced Cron Manager – debug & control requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Advanced Cron Manager – debug & control updated?

Advanced Cron Manager – debug & control was last updated on Mar 10, 2026. Frequent updates are generally a positive security signal.

What is Advanced Cron Manager – debug & control's security score?

Advanced Cron Manager – debug & control has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Advanced Cron Manager – debug & control Security & Risk Analysis

wordpress.org/plugins/advanced-cron-manager

View, pause, remove, edit and add WP Cron events and schedules.

30K active installs v2.7.0 PHP 5.3+ WP 5.0+ Updated Mar 10, 2026

croncron-managercrontrolmanagerwpcron

A · Safe

CVEs total3

Unpatched0

Last CVEOct 30, 2024

Download

Safety Verdict

Is Advanced Cron Manager – debug & control Safe to Use in 2026?

Generally Safe

Score 98/100

Advanced Cron Manager – debug & control has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Oct 30, 2024Updated 24d ago

Risk Assessment

The "advanced-cron-manager" plugin version 2.7.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in its SQL query handling and output escaping, with 100% of SQL queries using prepared statements and 99% of outputs being properly escaped. It also avoids file operations and external HTTP requests, which are common vectors for vulnerabilities. However, a significant concern arises from the presence of 14 AJAX handlers, all of which lack authentication checks. This creates a substantial attack surface, potentially allowing unauthenticated users to trigger sensitive operations within the plugin.

The vulnerability history for this plugin is noteworthy. While there are no currently unpatched CVEs, the plugin has a history of 3 medium-severity vulnerabilities, primarily related to Missing Authorization and Cross-site Scripting. The fact that these vulnerabilities have been addressed in past versions is positive, but the recurring types suggest potential ongoing weaknesses in authorization enforcement or input sanitization that might not be fully captured by static analysis alone. The absence of any identified taint flows is a good sign, indicating no obvious direct pathways for malicious data to compromise the system in this particular version's static analysis, but this does not negate the risks posed by the unprotected AJAX endpoints.

In conclusion, while the plugin exhibits strong technical implementation in areas like SQL and output handling, the unprotected AJAX endpoints represent a critical security weakness that could be exploited by attackers. The historical trend of medium-severity vulnerabilities, especially those related to authorization and XSS, warrants continued vigilance. Users should prioritize ensuring that any sensitive functionalities exposed through AJAX are adequately secured, either by the plugin itself in future updates or through server-level configurations if possible. The current static analysis does not reveal critical code-level flaws, but the attack surface is a significant point of concern.

Key Concerns

14 AJAX handlers without auth checks
0 Nonce checks on AJAX handlers
History of 3 medium severity CVEs

Vulnerabilities

Advanced Cron Manager – debug & control Security Vulnerabilities

CVEs by Year

3 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

3 total CVEs

CVE-2024-4004medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Cron Manager – debug & control <= 2.5.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Oct 30, 2024 Patched in 2.5.7 (212d)

CVE-2024-43154medium · 4.3Missing Authorization

Advanced Cron Manager – debug & control <= 2.5.9 - Missing Authorization

Aug 7, 2024 Patched in 2.5.10 (8d)

CVE-2024-31926medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced Cron Manager – debug & control <= 2.5.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Apr 10, 2024 Patched in 2.5.3 (7d)

Code Analysis

Analyzed Mar 16, 2026

Advanced Cron Manager – debug & control Code Analysis

Dangerous Functions

Raw SQL Queries

25 prepared

Unescaped Output

151 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared25 total queries

Output Escaping

99% escaped153 total outputs

Attack Surface

14 unprotected

Advanced Cron Manager – debug & control Attack Surface

Entry Points14

Unprotected14

AJAX Handlers 14

authwp_ajax_acm/schedule/add/formadvanced-cron-manager.php:156

authwp_ajax_acm/schedule/edit/formadvanced-cron-manager.php:157

authwp_ajax_acm/event/add/formadvanced-cron-manager.php:158

authwp_ajax_acm/rerender/schedulesadvanced-cron-manager.php:162

authwp_ajax_acm/schedule/insertadvanced-cron-manager.php:163

authwp_ajax_acm/schedule/editadvanced-cron-manager.php:164

authwp_ajax_acm/schedule/removeadvanced-cron-manager.php:165

authwp_ajax_acm/rerender/eventsadvanced-cron-manager.php:169

authwp_ajax_acm/event/insertadvanced-cron-manager.php:170

authwp_ajax_acm/event/runadvanced-cron-manager.php:171

authwp_ajax_acm/event/removeadvanced-cron-manager.php:172

authwp_ajax_acm/event/pauseadvanced-cron-manager.php:173

authwp_ajax_acm/event/unpauseadvanced-cron-manager.php:174

authwp_ajax_acm/server/settings/saveadvanced-cron-manager.php:178

WordPress Hooks 15

actionadmin_noticesadvanced-cron-manager.php:70

actionadmin_menuadvanced-cron-manager.php:136

actionadvanced-cron-manager/screen/mainadvanced-cron-manager.php:139

actionadvanced-cron-manager/screen/mainadvanced-cron-manager.php:140

actionadvanced-cron-manager/screen/sidebaradvanced-cron-manager.php:143

actionadvanced-cron-manager/screen/wrap/afteradvanced-cron-manager.php:146

actionadvanced-cron-manager/screen/wrap/afteradvanced-cron-manager.php:147

filteradvanced-cron-manager/screen/event/details/tabsadvanced-cron-manager.php:150

actionadmin_enqueue_scriptsadvanced-cron-manager.php:153

filtercron_schedulesadvanced-cron-manager.php:161

filteradvanced-cron-manager/events/arrayadvanced-cron-manager.php:168

actionadvanced-cron-manager/screen/sidebaradvanced-cron-manager.php:177

actionplugins_loadedadvanced-cron-manager.php:179

actionplugins_loadedadvanced-cron-manager.php:185

actionadvanced-cron-manager/screen/sidebaradvanced-cron-manager.php:187

Maintenance & Trust

Advanced Cron Manager – debug & control Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version5.3

Downloads802K

Community Trust

Rating94/100

Number of ratings38

Active installs30K

Alternatives

Advanced Cron Manager – debug & control Alternatives

amr cron manager

amr-cron-manager

Overview of wp cron jobs in the site's timezone. The lists show if the action exists and any arguments to the cron job.

200 1 unpatched

Advanced Cron Scheduler for WordPress

migrate-wp-cron-to-action-scheduler

100

The Advanced Cron Scheduler for WordPress plugin helps to easily replace or migrate Native WordPress Cron to the Action Scheduler Library.

200 No CVEs

ShieldClimb – Fix Pending and Past-due Tasks for WooCommerce

shieldclimb-fix-pending-and-past-due-tasks

100

Fix Pending and Past-due Tasks for WooCommerce – Speed up order processing, prevent stuck scheduled tasks, and optimize performance.

10 No CVEs

WP Crontrol

wp-crontrol

WP Crontrol enables you to take control of the cron events on your WordPress website.

300K 3 CVEs

File Manager

wp-file-manager

file manager provides you ability to edit, delete, upload, download, copy and paste files and folders.

1.0M 12 CVEs

Developer Profile

Advanced Cron Manager – debug & control Developer Profile

Kuba Mikita

9 plugins · 51K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

237 days

View full developer profile

Detection Fingerprints

How We Detect Advanced Cron Manager – debug & control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-cron-manager/css/main.css/wp-content/plugins/advanced-cron-manager/css/vendor.css/wp-content/plugins/advanced-cron-manager/js/main.js/wp-content/plugins/advanced-cron-manager/js/vendor.js/wp-content/plugins/advanced-cron-manager/vendor/vendor/sprintf/sprintf.min.js

Script Paths

/wp-content/plugins/advanced-cron-manager/js/main.js/wp-content/plugins/advanced-cron-manager/js/vendor.js/wp-content/plugins/advanced-cron-manager/vendor/vendor/sprintf/sprintf.min.js

Version Parameters

/wp-content/plugins/advanced-cron-manager/css/main.css?ver=/wp-content/plugins/advanced-cron-manager/css/vendor.css?ver=/wp-content/plugins/advanced-cron-manager/js/main.js?ver=/wp-content/plugins/advanced-cron-manager/js/vendor.js?ver=

HTML / DOM Fingerprints

CSS Classes

acm-slidebaracm-slidebar__headeracm-slidebar__bodyacm-preview-modalacm-preview-modal__overlayacm-preview-modal__containeracm-preview-modal__headeracm-preview-modal__close+9 more

Data Attributes

data-acm-slidebardata-acm-preview-modaldata-action="acm/schedule/add/form"data-action="acm/schedule/edit/form"data-action="acm/event/add/form"data-action="acm/schedule/insert"+8 more

JS Globals

ACMsprintf

REST Endpoints

/wp-json/acm/v1/settings

FAQ