Does CMS Commander – Manage Multiple Sites have any unpatched vulnerabilities?

No. All known vulnerabilities in CMS Commander – Manage Multiple Sites have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CMS Commander – Manage Multiple Sites compatible with WordPress 6.6.5?

According to WordPress.org data, CMS Commander – Manage Multiple Sites 2.288 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is CMS Commander – Manage Multiple Sites updated?

CMS Commander – Manage Multiple Sites was last updated on Sep 12, 2024. Frequent updates are generally a positive security signal.

What is CMS Commander – Manage Multiple Sites's security score?

CMS Commander – Manage Multiple Sites has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CMS Commander – Manage Multiple Sites Security & Risk Analysis

wordpress.org/plugins/cms-commander-client

CMS Commander helps you to manage multiple WordPress sites much faster from a single powerful dashboard.

4K active installs v2.288 PHP + WP + Updated Sep 12, 2024

affiliatebackupsmanagemanage-multiple-sitesmanager

A · Safe

CVEs total2

Unpatched0

Last CVEJun 19, 2023

Plugin page Download

Safety Verdict

Is CMS Commander – Manage Multiple Sites Safe to Use in 2026?

Generally Safe

Score 90/100

CMS Commander – Manage Multiple Sites has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 19, 2023Updated 1yr ago

Risk Assessment

The "cms-commander-client" v2.288 plugin exhibits a mixed security posture. On the positive side, static analysis reveals no identified critical vulnerabilities through taint analysis, and all output appears to be properly escaped. Furthermore, a significant majority of SQL queries utilize prepared statements, and there are no immediately obvious vulnerabilities related to direct entry points like AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks.

However, there are significant concerns stemming from the plugin's vulnerability history. The presence of two historical high-severity vulnerabilities, particularly those related to 'Insufficient Verification of Data Authenticity' and 'Deserialization of Untrusted Data', indicates a past tendency to handle external data or complex object structures in ways that are prone to exploitation. The fact that the last vulnerability was relatively recent (June 2023) suggests that these types of issues may still be a recurring theme, even if they are not immediately apparent in the current static analysis. The absence of nonce checks and capability checks across the plugin's code, while not directly leading to exploitable entry points in this specific analysis, leaves potential for indirect vulnerabilities if other parts of WordPress or future code additions are not handled with sufficient checks.

In conclusion, while the current static analysis doesn't reveal direct, exploitable flaws in the analyzed code for v2.288, the plugin's history of high-severity vulnerabilities necessitates a cautious approach. The underlying patterns of past weaknesses suggest that the developers may have struggled with secure data handling, and a thorough review of the plugin's implementation regarding data authentication and deserialization is recommended, even if not directly flagged in this static scan. The lack of comprehensive security checks like nonces and capability checks is a notable weakness.

Key Concerns

Two high severity historical vulnerabilities
No nonce checks detected
No capability checks detected
Presence of file operations
Presence of external HTTP requests

Vulnerabilities

CMS Commander – Manage Multiple Sites Security Vulnerabilities

CVEs by Year

1 CVE in 2016

2016

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

CVE-2023-3325high · 8.1Insufficient Verification of Data Authenticity

CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

Jun 19, 2023 Patched in 2.288 (218d)

WF-a859505e-87ba-49f0-910b-de6141976f86-cms-commander-clienthigh · 8.5Deserialization of Untrusted Data

CMS Commander – Manage Multiple Sites Plugin <= 2.21 - PHP Object Injection

Jun 1, 2016 Patched in 2.22 (2792d)

Code Analysis

Analyzed Mar 16, 2026

CMS Commander – Manage Multiple Sites Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

58% prepared12 total queries

Attack Surface

CMS Commander – Manage Multiple Sites Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actioncmsc_backup_tasksinit.php:193

filtercmsc_website_addinit.php:267

filtercmsc_stats_filterinit.php:269

filtercron_schedulesinit.php:270

actioncmsc_remote_uploadinit.php:271

actioninitinit.php:273

filterinstall_plugin_complete_actionsinit.php:274

Maintenance & Trust

CMS Commander – Manage Multiple Sites Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedSep 12, 2024

PHP min version

Downloads273K

Community Trust

Rating92/100

Number of ratings25

Active installs4K

Alternatives

CMS Commander – Manage Multiple Sites Alternatives

Advanced Ads – Ad Manager & AdSense

advanced-ads

The only complete toolkit for all ad types. Grow your revenue with AdSense, Amazon—or any affiliate network. Get pinpoint targeting and best support!

100K 8 CVEs

AdRotate Banner Manager

adrotate

Easily manage, and schedule ads on your WordPress site with AdRotate. Support for Google AdSense, Amazon, and custom banners. Start monetizing today!

20K 9 CVEs

Simple URLs – Link Cloaking, Product Displays, and Affiliate Link Management

simple-urls

Simple URLs helps you to manage links, create product displays, and grow your affiliate marketing business.

4K 6 CVEs

Remote Website Management Plugin by Watchful

watchful

100

A web developers toolbox for remotely managing and monitoring tens, hundreds, or thousands of WordPress websites at once.

4K No CVEs

Affiliate Links – Link Cloaking and Management

affiliate-links

Create any redirect links to any website from your WordPress Admin. Perfect for the affiliate links masking.

3K 3 CVEs

Developer Profile

CMS Commander – Manage Multiple Sites Developer Profile

Thomas Hoefter

1 plugin · 4K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

1505 days

View full developer profile

Detection Fingerprints

How We Detect CMS Commander – Manage Multiple Sites

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cms-commander-client/css/style.css/wp-content/plugins/cms-commander-client/js/admin.js/wp-content/plugins/cms-commander-client/js/frontend.js/wp-content/plugins/cms-commander-client/js/script.js

Script Paths

/wp-content/plugins/cms-commander-client/js/admin.js/wp-content/plugins/cms-commander-client/js/frontend.js/wp-content/plugins/cms-commander-client/js/script.js

Version Parameters

cms-commander-client/css/style.css?ver=cms-commander-client/js/admin.js?ver=cms-commander-client/js/frontend.js?ver=cms-commander-client/js/script.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-cmsc-parent-iddata-cmsc-post-iddata-cmsc-noncedata-cmsc-user-id

JS Globals

cmsc_admincmsc_frontendcmsc_varsCMSC_CoreCMSC_Worker_Version

REST Endpoints

/wp-json/cmsc/v1/get-posts/wp-json/cmsc/v1/get-page-data/wp-json/cmsc/v1/save-post/wp-json/cmsc/v1/get-plugin-details

FAQ