Changelog Manager Security & Risk Analysis

wordpress.org/plugins/changelog-manager

Advanced changelog management system with AI Helper, CSV export, custom themes and email notifications.

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Jan 20, 2026
changelognotificationsreleasesupdatesversion-control
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Changelog Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Changelog Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The changelog-manager v1.0.0 plugin exhibits a strong security posture based on the provided static analysis. All identified entry points, including AJAX handlers and shortcodes, are protected by appropriate authentication and capability checks. The code demonstrates excellent security practices by utilizing prepared statements for all SQL queries and ensuring 100% of output is properly escaped, mitigating risks of SQL injection and Cross-Site Scripting (XSS). The absence of dangerous functions, external HTTP requests, and critical or high-severity taint flows further reinforces its secure design.

The vulnerability history is also exceptionally clean, with no recorded CVEs. This indicates a history of responsible development and a lack of known security flaws. The plugin's small attack surface and the thorough implementation of security checks like nonces and capability checks are commendable strengths. However, the presence of a single file operation warrants a slight consideration, though without further context on the nature of this operation, it's difficult to assign a definitive risk. Overall, the plugin appears very secure and well-maintained.

Vulnerabilities
None known

Changelog Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Changelog Manager Release Timeline

v1.0.1
v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Changelog Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
473 escaped
Nonce Checks
19
Capability Checks
13
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped475 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
<admin-display-changelog> (admin/partials/admin-display-changelog.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Changelog Manager Attack Surface

Entry Points13
Unprotected0

AJAX Handlers 10

authwp_ajax_chanma_delete_entryincludes/class-changelog-manager.php:15
authwp_ajax_chanma_delete_roadmap_itemincludes/class-changelog-manager.php:16
authwp_ajax_chanma_ai_chatincludes/class-changelog-manager.php:17
authwp_ajax_chanma_export_csvincludes/class-changelog-manager.php:19
authwp_ajax_chanma_add_projectincludes/class-changelog-manager.php:20
authwp_ajax_chanma_delete_projectincludes/class-changelog-manager.php:21
authwp_ajax_chanma_restart_tutorialincludes/class-changelog-manager.php:22
authwp_ajax_chanma_complete_tutorialincludes/class-changelog-manager.php:27
authwp_ajax_chanma_subscribeincludes/class-changelog-manager.php:31
noprivwp_ajax_chanma_subscribeincludes/class-changelog-manager.php:32

Shortcodes 3

[chanma_roadmap] includes/class-changelog-manager.php:28
[chanma_changelog] includes/class-changelog-manager.php:29
[chanma_subscribe] includes/class-changelog-manager.php:30
WordPress Hooks 23
actionadmin_noticesadmin/partials/admin-display-statistics.php:6
actionadmin_footeradmin/partials/admin-display-statistics.php:391
actionplugins_loadedchangelog-manager.php:71
actionshutdownchangelog-manager.php:74
actioninitincludes/class-changelog-manager.php:8
actioninitincludes/class-changelog-manager.php:9
actioninitincludes/class-changelog-manager.php:10
actionadmin_menuincludes/class-changelog-manager.php:11
actionadmin_enqueue_scriptsincludes/class-changelog-manager.php:12
actionwp_enqueue_scriptsincludes/class-changelog-manager.php:13
actionadmin_initincludes/class-changelog-manager.php:14
actionwp_footerincludes/class-changelog-manager.php:18
actionadmin_initincludes/class-changelog-manager.php:23
actionwp_insert_postincludes/class-changelog-manager.php:33
actiontemplate_redirectincludes/class-changelog-manager.php:34
actionadmin_post_chanma_free_save_settingsincludes/class-changelog-manager.php:42
actionadmin_post_nopriv_chanma_free_save_settingsincludes/class-changelog-manager.php:43
actionadmin_noticesincludes/class-changelog-manager.php:976
actionadmin_noticesincludes/class-changelog-manager.php:984
actionadmin_noticesincludes/class-changelog-manager.php:1030
actioninitincludes/class-gutenberg-blocks.php:14
actionenqueue_block_editor_assetsincludes/class-gutenberg-blocks.php:15
filterblock_categories_allincludes/class-gutenberg-blocks.php:16
Maintenance & Trust

Changelog Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 20, 2026
PHP min version7.4
Downloads145

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Changelog Manager Developer Profile

agolollo

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Changelog Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/changelog-manager/assets/css/admin-style.css/wp-content/plugins/changelog-manager/assets/js/admin-script.js
Script Paths
/wp-content/plugins/changelog-manager/assets/js/admin-script.js
Version Parameters
changelog-manager/assets/css/admin-style.css?ver=changelog-manager/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
chanma-changelog-form-wrapperchanma-form-headerchanma-form-header-contentchanma-form-descriptionchanma-form-header-badgechanma-version-badgechanma-changelog-formchanma-entry-section+20 more
HTML Comments
This file contains the HTML and PHP code for the Changelog tab, allowing administrators to add, edit, and delete changelog entries.Handle form submission - MOVED to handle_form_submission in class-changelog-manager.phpHeader della formCheck if we are editing an existing entry
Data Attributes
data-actiondata-post-iddata-entry-id
JS Globals
chanma_admin_vars
FAQ

Frequently Asked Questions about Changelog Manager