WP-Safety

Code Manager Security & Risk Analysis

wordpress.org/plugins/code-manager

Write, test and deploy PHP, JavaScript, CSS and HTML code blocks from the WordPress dashboard.

500 active installs v1.0.45 PHP 7.0+ WP + Updated Dec 2, 2025
code-blockscode-snippetscss-editorjavascript-editorphp-editor
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Code Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Code Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The "code-manager" v1.0.45 plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. While the plugin demonstrates good practices in its use of prepared statements for SQL queries and a reasonable rate of output escaping, the fact that all 13 identified AJAX entry points lack authentication checks is a major weakness. This opens the door for unauthorized users to trigger potentially sensitive actions or manipulate plugin functionality without proper authorization.

The static analysis also revealed three flows with unsanitized paths, with one flagged as high severity, indicating a potential for path traversal or insecure file operations if these flows are triggered by user input. The absence of known historical vulnerabilities is a positive sign, suggesting either a well-maintained codebase or a lack of prior focused security scrutiny. However, this should not overshadow the immediate risks posed by the unprotected AJAX endpoints and the identified high-severity taint flow.

In conclusion, while the "code-manager" plugin has some strengths in its database and output handling, the lack of authentication on its AJAX handlers and the presence of high-severity taint flows represent significant security risks. The plugin requires immediate attention to secure these entry points and address the identified path-related vulnerabilities to improve its overall security. The absence of historical vulnerabilities is a positive but does not mitigate the current risks.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flow (unsanitized path)
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
Vulnerabilities
None known

Code Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Code Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
33 prepared
Unescaped Output
67
189 escaped
Nonce Checks
18
Capability Checks
4
File Operations
7
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

89% prepared37 total queries

Output Escaping

74% escaped256 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths
search_box (Code_Manager\Code_Manager_List.php:411)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

Code Manager Attack Surface

Entry Points13
Unprotected13

AJAX Handlers 13

authwp_ajax_code_manager_exportCode_Manager\Code_Manager.php:46
noprivwp_ajax_code_manager_exportCode_Manager\Code_Manager.php:47
authwp_ajax_code_manager_update_codeCode_Manager\Code_Manager.php:48
authwp_ajax_code_manager_activate_codeCode_Manager\Code_Manager.php:49
authwp_ajax_code_manager_activate_code_previewCode_Manager\Code_Manager.php:50
authwp_ajax_code_manager_deactivate_code_previewCode_Manager\Code_Manager.php:51
authwp_ajax_code_manager_reset_previewCode_Manager\Code_Manager.php:52
authwp_ajax_code_manager_get_code_listCode_Manager\Code_Manager.php:53
authwp_ajax_code_manager_code_name_existsCode_Manager\Code_Manager.php:54
authwp_ajax_code_manager_is_code_preview_enabledCode_Manager\Code_Manager.php:55
authwp_ajax_code_manager_get_codeCode_Manager\Code_Manager.php:56
noprivwp_ajax_code_manager_get_codeCode_Manager\Code_Manager.php:57
authwp_ajax_code_manager_alert_offCode_Manager\Code_Manager.php:58
WordPress Hooks 21
actionafter_uninstallcode-manager.php:150
actionwp_logincode-manager.php:165
actionwp_logoutcode-manager.php:176
filtersupport_forum_urlcode-manager.php:192
filterplugin_iconcode-manager.php:202
filteris_submenu_visiblecode-manager.php:222
actionplugins_loadedcode-manager.php:241
actionadmin_action_code_manager_exportCode_Manager\Code_Manager.php:45
filterset-screen-optionCode_Manager\Code_Manager_List_View.php:102
actionadmin_footerCode_Manager\WP_List_Table.php:167
actionadmin_initincludes\class-code-manager.php:66
actioninitincludes\class-code-manager.php:103
actionadmin_menuincludes\class-code-manager.php:121
actionadmin_menuincludes\class-code-manager.php:124
filtersubmenu_fileincludes\class-code-manager.php:125
actionadmin_enqueue_scriptsincludes\class-code-manager.php:128
actionadmin_enqueue_scriptsincludes\class-code-manager.php:129
actionin_admin_headerincludes\class-code-manager.php:130
actioninitincludes\class-code-manager.php:148
actionwp_enqueue_scriptsincludes\class-code-manager.php:151
actionwp_enqueue_scriptsincludes\class-code-manager.php:152
Maintenance & Trust

Code Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version7.0
Downloads85K

Community Trust

Rating98/100
Number of ratings8
Active installs500
Alternatives

Code Manager Alternatives

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

A
99

Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.

3.0M 3 CVEs
SiteOrigin CSS

SiteOrigin CSS

so-css

A
100

Powerful, simple CSS editing for WordPress. Visual controls & real-time previews for effortless site customization.

100K No CVEs
Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts

Woody Code Snippets – Insert PHP, CSS, JS, and Header/Footer Scripts

insert-php

A
91

Insert PHP, JavaScript, CSS, HTML, ads, and tracking code into WordPress headers, footers, pages, and content using conditional logic, without editing …

60K 7 CVEs
FluentSnippets – The High-Performance file based Custom Code Snippets Plugin

FluentSnippets – The High-Performance file based Custom Code Snippets Plugin

easy-code-manager

A
99

Add header and footer scripts, PHP Snippets, Custom CSS /JS snippets with advanced conditional logic, and more...

40K 1 CVE
Visual CSS Style Editor

Visual CSS Style Editor

yellow-pencil-visual-theme-customizer

A
94

Style your WordPress site visually. Discover the most popular front-end design plugin! Try live demo.

40K 5 CVEs
Developer Profile

Code Manager Developer Profile

Passionate Programmer Peter

2 plugins · 11K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
185 days
View full developer profile
Detection Fingerprints

How We Detect Code Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/code-manager/code-manager-config.php/wp-content/plugins/code-manager/vendor/freemius/assets/img/code-manager.png/wp-content/plugins/code-manager/includes/class-code-manager-switch.php
Version Parameters
code-manager/code-manager-config.php?ver=code-manager/includes/class-code-manager-switch.php?ver=

HTML / DOM Fingerprints

Data Attributes
data-cm-iddata-cm-namedata-cm-type
JS Globals
code_manager_fs
REST Endpoints
/wp-json/code-manager/
FAQ

Frequently Asked Questions about Code Manager