Does Citation Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Citation Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Citation Manager compatible with WordPress 3.0.5?

According to WordPress.org data, Citation Manager 0.9.6 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Citation Manager updated?

Citation Manager was last updated on Dec 13, 2010. Frequent updates are generally a positive security signal.

What is Citation Manager's security score?

Citation Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Citation Manager Security & Risk Analysis

wordpress.org/plugins/citation-manager

Citation Manager - Management and display of external, manual citations to WordPress content

10 active installs v0.9.6 PHP + WP 2.9+ Updated Dec 13, 2010

citationmetashortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Citation Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Citation Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "citation-manager" plugin v0.9.6 exhibits a mixed security posture. On the positive side, it has a relatively small attack surface with all identified entry points (AJAX, shortcodes) appearing to have authentication and capability checks. The absence of file operations, external HTTP requests, and known historical vulnerabilities are also encouraging signs. However, several significant concerns are raised by the static analysis. The presence of the `unserialize` function is a critical danger signal, especially when combined with insufficient output escaping. While no critical or high severity taint flows were identified in this specific analysis, the combination of unsanitized paths in taint flows and the potential for unserialization vulnerabilities creates a substantial risk. The plugin also shows a worrying lack of proper output escaping, with 0% of outputs being correctly handled, leaving it open to Cross-Site Scripting (XSS) attacks. The low percentage of SQL queries using prepared statements also indicates a potential for SQL injection vulnerabilities, though this is somewhat mitigated by the small number of queries. Overall, while the plugin has a clean vulnerability history and a somewhat protected attack surface, the dangerous functions, lack of output escaping, and potential for SQL injection create a considerable risk that needs urgent attention.

Key Concerns

Dangerous function unserialize found
No properly escaped output found
Low percentage of prepared SQL statements
Taint flows with unsanitized paths

Vulnerabilities

None known

Citation Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Citation Manager Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$citation_value = unserialize(base64_decode($citation['meta_value']));citations-metabox.php:50

unserialize$cit = unserialize(base64_decode($citation['meta_value']));citations.php:55

SQL Query Safety

14% prepared7 total queries

Output Escaping

0% escaped33 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

newCitationBox (citations-metabox.php:216)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Citation Manager Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 1

authwp_ajax_newcitationboxcitations-metabox.php:11

Shortcodes 3

[citation-count-total] citations.php:125

[citation-count] citations.php:133

[citation-dump] citations.php:168

WordPress Hooks 11

actionadmin_initcitations-metabox.php:12

actionadmin_headcitations-metabox.php:13

actionsave_postcitations-metabox.php:19

actiondelete_postcitations-metabox.php:20

actionadmin_initcitations-settings.php:16

actionadmin_menucitations-settings.php:19

actioninitcitations.php:48

filterthe_contentcitations.php:111

actionadmin_headcitations.php:185

actionwp_headcitations.php:191

filterplugin_row_metacitations.php:202

Maintenance & Trust

Citation Manager Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedDec 13, 2010

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Citation Manager Alternatives

WebMan Amplifier

webman-amplifier

Amplifies functionality of WP themes. Provides custom post types, shortcodes, metaboxes, icons. Theme developer's best friend!

2K 1 CVE

Get Custom Field Values

get-custom-field-values

Use widgets, shortcodes, and/or template tags to easily retrieve and display custom field values for posts or pages.

1K 4 CVEs

Flexia Core

flexia-core

Core plugin for Flexia theme. Controls all the plugin territory functionality for Flexia.

200 No CVEs

Meta Content

Bildquellenangaben

bildquellen-copyright-statement

Bildquellen für jedes Bild ganz einfach vergeben.

100 No CVEs

Developer Profile

Citation Manager Developer Profile

mikegogulski

3 plugins · 90 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Citation Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/citation-manager/citations-admin.css/wp-content/plugins/citation-manager/citations.css

HTML / DOM Fingerprints

CSS Classes

citationcitationscitation-dumpcitation-post-titlecitation-list

Shortcode Output

[citation-count-total][citation-count][citation-dump]

FAQ