Does Attendance Manager have any unpatched vulnerabilities?

Yes — Attendance Manager currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Attendance Manager compatible with WordPress 6.9.4?

According to WordPress.org data, Attendance Manager 0.6.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Attendance Manager compatible with PHP 7.0+?

Attendance Manager requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Attendance Manager updated?

Attendance Manager was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Attendance Manager's security score?

Attendance Manager has a WP-Safety security score of 73/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Attendance Manager Security & Risk Analysis

wordpress.org/plugins/attendance-manager

Each user can do attendance management by themselves. 管理者のほか、ユーザー自身も編集可能な出勤管理プラグイン。

900 active installs v0.6.2 PHP 7.0+ WP 4.1+ Updated Jan 6, 2026

attendanceemployeeonline-schedulingschedulework

B · Generally Safe

CVEs total3

Unpatched1

Last CVEApr 16, 2025

Plugin page Download

Safety Verdict

Is Attendance Manager Safe to Use in 2026?

Mostly Safe

Score 73/100

Attendance Manager is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Apr 16, 2025Updated 2mo ago

Risk Assessment

The 'attendance-manager' plugin version 0.6.2 presents a mixed security posture. While the static analysis indicates a generally small attack surface with no apparent unauthenticated entry points, several areas raise concerns. The output escaping is notably weak, with only 53% of outputs being properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities, especially if user-supplied data is involved in these unescaped outputs. The vulnerability history is a significant red flag, with three known CVEs, including one high-severity and two medium-severity vulnerabilities. The fact that one high-severity vulnerability remains unpatched is a critical issue.

Key Concerns

Unpatched High Severity CVE
Medium Severity CVEs (2)
Low percentage of properly escaped output
Low percentage of prepared statements

Vulnerabilities

Attendance Manager Security Vulnerabilities

CVEs by Year

2 CVEs in 2019

2019

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-39515medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Attendance Manager <= 0.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 16, 2025Unpatched

CVE-2019-5971high · 8.8Cross-Site Request Forgery (CSRF)

Attendance Manager <= 0.5.6 - Cross-site Request Forgery

Jun 10, 2019 Patched in 0.5.7 (1688d)

CVE-2019-5970medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Attendance Manager <= 0.5.6 - Stored Cross-Site Scripting

Jun 10, 2019 Patched in 0.5.7 (1688d)

Code Analysis

Analyzed Mar 16, 2026

Attendance Manager Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

88% prepared32 total queries

Output Escaping

53% escaped88 total outputs

Data Flows

All sanitized

Data Flow Analysis

5 flows

setting_page (class\class-adminpage.php:55)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Attendance Manager Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 36

filterattmgr_schedule_table_nameclass\class-activation.php:14

actionadmin_menuclass\class-adminpage.php:11

actionadmin_enqueue_scriptsclass\class-adminpage.php:12

actionplugins_loadedclass\class-attmgr.php:69

actionplugins_loadedclass\class-attmgr.php:70

actiontemplate_redirectclass\class-attmgr.php:71

actionplugins_loadedclass\class-attmgr.php:72

actionplugins_loadedclass\class-attmgr.php:74

actionplugins_loadedclass\class-attmgr.php:75

filtercron_schedulesclass\class-cron.php:11

actionwpclass\class-cron.php:13

actiontemplate_redirectclass\class-form.php:11

actiontemplate_redirectclass\class-form.php:12

actioninitclass\class-functions.php:11

actioninitclass\class-functions.php:12

actioninitclass\class-functions.php:13

actioninitclass\class-functions.php:14

actioninitclass\class-functions.php:15

actioninitclass\class-functions.php:16

actioninitclass\class-functions.php:17

actioninitclass\class-functions.php:18

actioninitclass\class-functions.php:19

actionwp_enqueue_scriptsclass\class-functions.php:26

actionplugins_loadedclass\class-updation.php:11

actionplugins_loadedclass\class-updation.php:12

actionuser_new_formclass\class-user.php:55

actionshow_user_profileclass\class-user.php:56

actionedit_user_profileclass\class-user.php:57

actionuser_registerclass\class-user.php:58

actionedit_user_profile_updateclass\class-user.php:59

actionpublish_postclass\class-user.php:63

actionpublish_pageclass\class-user.php:64

actiontrash_postclass\class-user.php:65

actiontrash_pageclass\class-user.php:66

actionmanage_users_columnsclass\class-user.php:68

actionmanage_users_custom_columnclass\class-user.php:69

Maintenance & Trust

Attendance Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 6, 2026

PHP min version7.0

Downloads24K

Community Trust

Rating88/100

Number of ratings5

Active installs900

Alternatives

Attendance Manager Alternatives

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

post-expirator

PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.

100K 5 CVEs

School Management System – WPSchoolPress

wpschoolpress

An extensive plugin for school management with features like attendance, class management, time table, exams, grades, student-teacher-parent notificat …

2K 13 CVEs

Clock In Portal- Staff & Attendance Management

clock-in-portal

Track the attendance of all registered employees with clock in or out system

300 3 unpatched

Conference Scheduler

conference-scheduler

Easily manage and display complex workshop schedules for conferences, and share workshop details in a clean, searchable, responsive interface.

300 2 CVEs

Hr Press Lite

hr-press-lite

100

Hr Press Lite is a modern Employee Management System to track attendance, breaks, and manage employees efficiently. HRM (Human Resource Management) is …

50 No CVEs

Developer Profile

Attendance Manager Developer Profile

tnomi

3 plugins · 2K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

1688 days

View full developer profile

Detection Fingerprints

How We Detect Attendance Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/attendance-manager/admin.css

Version Parameters

attendance-manager/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

attmgr

Data Attributes

name="attmgr_options[starttime]"name="attmgr_options[endtime]"name="attmgr_options[interval]"name="attmgr_options[format_year_month]"name="attmgr_options[format_month_day]"name="attmgr_options[format_time]"

FAQ