Does Cloudways Site Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Cloudways Site Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cloudways Site Manager compatible with WordPress 6.9.4?

According to WordPress.org data, Cloudways Site Manager 6.37 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cloudways Site Manager compatible with PHP 7.0+?

Cloudways Site Manager requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cloudways Site Manager updated?

Cloudways Site Manager was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is Cloudways Site Manager's security score?

Cloudways Site Manager has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cloudways Site Manager Security & Risk Analysis

wordpress.org/plugins/cloudways-site-manager

Easily manage and update all your WordPress sites hosted on Cloudways.

1K active installs v6.37 PHP 7.0+ WP 4.0+ Updated Feb 25, 2026

cloudways

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Cloudways Site Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Cloudways Site Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The cloudways-site-manager plugin, version 6.37, exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices in other areas, such as a high percentage of properly escaped output and SQL queries using prepared statements, the presence of two AJAX handlers without any authentication or capability checks presents a significant attack surface. This allows any authenticated user to potentially trigger these endpoints, which could lead to unintended actions or information disclosure depending on their functionality. The lack of nonce checks on these AJAX handlers further exacerbates this risk, making them susceptible to Cross-Site Request Forgery (CSRF) attacks.

The absence of any recorded CVEs or past vulnerabilities is a positive indicator, suggesting a historically stable plugin. However, this does not negate the immediate risks posed by the current static analysis findings. The taint analysis shows no critical or high severity flows, which is encouraging. Nevertheless, the combination of unprotected entry points and missing security checks means that the plugin's overall security is compromised. A balanced conclusion would be that while the plugin appears to have a clean history and good internal coding practices, the exposed AJAX handlers represent a substantial security weakness that requires immediate attention.

Key Concerns

Unprotected AJAX handlers
Missing nonce checks on AJAX
Limited capability checks

Vulnerabilities

None known

Cloudways Site Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Cloudways Site Manager Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

73 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

70% prepared10 total queries

Output Escaping

97% escaped75 total outputs

Attack Surface

2 unprotected

Cloudways Site Manager Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_bvadmcloudways_site_manager.php:153

noprivwp_ajax_bvadmcloudways_site_manager.php:154

WordPress Hooks 69

filterupgrader_clear_destinationcallback\wings\manage.php:354

filterupgrader_source_selectioncallback\wings\manage.php:404

filterupgrader_pre_installcallback\wings\manage.php:516

filterupgrader_post_installcallback\wings\manage.php:517

filterupgrader_clear_destinationcallback\wings\manage.php:518

filterupgrader_source_selectioncallback\wings\manage.php:566

filterupgrader_source_selectioncallback\wings\manage.php:719

filterupgrader_post_installcallback\wings\manage.php:721

actionwp_footercloudways_site_manager.php:63

actioncwmgr_clear_bv_services_configcloudways_site_manager.php:64

actionadmin_initcloudways_site_manager.php:79

filterall_pluginscloudways_site_manager.php:80

filterplugin_row_metacloudways_site_manager.php:81

actionnetwork_admin_menucloudways_site_manager.php:84

actionadmin_menucloudways_site_manager.php:86

filterplugin_action_linkscloudways_site_manager.php:88

actionadmin_headcloudways_site_manager.php:89

actionwp_loadedcloudways_site_manager.php:151

filterauto_update_corecloudways_site_manager.php:172

filterauto_update_themecloudways_site_manager.php:175

filterthemes_auto_update_enabledcloudways_site_manager.php:176

filterauto_update_plugincloudways_site_manager.php:179

filterplugins_auto_update_enabledcloudways_site_manager.php:180

filterauto_update_translationcloudways_site_manager.php:183

actionpre_post_updatewp_actlog.php:478

actionsave_postwp_actlog.php:479

actionpost_stuckwp_actlog.php:480

actionpost_unstuckwp_actlog.php:481

actiondelete_postwp_actlog.php:482

actioncomment_postwp_actlog.php:485

actionedit_commentwp_actlog.php:486

actiontransition_comment_statuswp_actlog.php:487

actioncreate_termwp_actlog.php:490

actionpre_delete_termwp_actlog.php:491

actiondelete_termwp_actlog.php:492

filterwp_update_term_datawp_actlog.php:493

actionuser_registerwp_actlog.php:496

actionwpmu_new_userwp_actlog.php:497

actionprofile_updatewp_actlog.php:498

actiondelete_userwp_actlog.php:499

actionwpmu_delete_userwp_actlog.php:500

actionactivate_pluginwp_actlog.php:503

actiondeactivate_pluginwp_actlog.php:504

actionswitch_themewp_actlog.php:505

actionwp_insert_sitewp_actlog.php:508

actionarchive_blogwp_actlog.php:509

actionunarchive_blogwp_actlog.php:510

actionactivate_blogwp_actlog.php:511

actiondeactivate_blogwp_actlog.php:512

actionwp_delete_sitewp_actlog.php:513

actionwp_loginwp_actlog.php:516

actionwp_logoutwp_actlog.php:517

actionpassword_resetwp_actlog.php:518

actionupgrader_process_completewp_actlog.php:521

action_core_updated_successfullywp_actlog.php:522

actionwoocommerce_attribute_addedwp_actlog.php:525

actionwoocommerce_attribute_updatedwp_actlog.php:526

actionwoocommerce_before_attribute_deletewp_actlog.php:527

actionwoocommerce_attribute_deletedwp_actlog.php:528

actionwoocommerce_tax_rate_addedwp_actlog.php:530

actionwoocommerce_tax_rate_deletedwp_actlog.php:531

actionwoocommerce_tax_rate_updatedwp_actlog.php:532

actionwoocommerce_grant_product_download_accesswp_actlog.php:534

actionwoocommerce_ajax_revoke_access_to_product_downloadwp_actlog.php:535

actionwoocommerce_shipping_zone_method_addedwp_actlog.php:537

actionwoocommerce_shipping_zone_method_status_toggledwp_actlog.php:538

actionwoocommerce_shipping_zone_method_deletedwp_actlog.php:539

actionlogin_headwp_login_whitelabel.php:24

filterlogin_messagewp_login_whitelabel.php:25

Maintenance & Trust

Cloudways Site Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs1K

Alternatives

Cloudways Site Manager Alternatives

Cloudways WordPress Migrator

bv-cloudways-automated-migration

100

The easiest way to migrate your site to Cloudways

20K No CVEs

Developer Profile

Cloudways Site Manager Developer Profile

Cloudways

3 plugins · 421K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

144 days

View full developer profile

Detection Fingerprints

How We Detect Cloudways Site Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cloudways-site-manager/assets/css/cw-custom-styles.css/wp-content/plugins/cloudways-site-manager/assets/css/cw-common.css/wp-content/plugins/cloudways-site-manager/assets/css/cw-dashboard.css/wp-content/plugins/cloudways-site-manager/assets/js/cw-common.js/wp-content/plugins/cloudways-site-manager/assets/js/cw-dashboard.js

Script Paths

/wp-content/plugins/cloudways-site-manager/wp_admin.js/wp-content/plugins/cloudways-site-manager/assets/js/cw-common.js/wp-content/plugins/cloudways-site-manager/assets/js/cw-dashboard.js

Version Parameters

cloudways-site-manager/assets/css/cw-custom-styles.css?ver=cloudways-site-manager/assets/css/cw-common.css?ver=cloudways-site-manager/assets/css/cw-dashboard.css?ver=cloudways-site-manager/assets/js/cw-common.js?ver=cloudways-site-manager/assets/js/cw-dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes

cw-common-widgetcw-dashboard-widgetcw-settings-pagecw-admin-headercw-admin-sidebarcw-modalcw-tooltip

HTML Comments

Copyright 2017 Cloudways Site ManagerThis program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be usefulYou should have received a copy of the GNU General Public License+1 more

Data Attributes

data-cw-modal-iddata-cw-tooltip-textdata-cw-widget-type

JS Globals

window.cwCommonwindow.cwDashboardvar CWMGRWPAPIvar CWMGRWPSettingsvar CWMGRWPSiteInfo

REST Endpoints

/wp-json/cloudways-site-manager/v1/settings/wp-json/cloudways-site-manager/v1/site-info/wp-json/cloudways-site-manager/v1/actions

Shortcode Output

[cloudways_site_manager_widget][cloudways_site_manager_status]

FAQ