WP-Safety

Content Manager Light Security & Risk Analysis

wordpress.org/plugins/content-manager-light

Build your custom Responsive page layout and fill it with ready to use content items. Easy, no coding.

80 active installs v3.2 PHP + WP 3.6+ Updated May 7, 2022
columnscustom-page-layoutgridmanage-contentwidgets
42
D · High Risk
CVEs total2
Unpatched2
Last CVEJun 26, 2025
Plugin page Download
Safety Verdict

Is Content Manager Light Safe to Use in 2026?

High Risk

Score 42/100

Content Manager Light carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Jun 26, 2025Updated 3yr ago
Risk Assessment

The content-manager-light v3.2 plugin exhibits a concerning security posture, primarily due to a significant number of unprotected AJAX handlers, which represent a large attack surface without proper authentication. While the plugin utilizes prepared statements for SQL queries, indicating good database hygiene, the static analysis reveals potential risks associated with the use of dangerous functions like `unserialize` and a substantial percentage of improperly escaped output. This combination of an open attack surface and potential for insecure data handling is worrying. The plugin's vulnerability history further amplifies these concerns. With two known medium-severity CVEs, both currently unpatched and primarily related to Cross-site Scripting, it indicates a pattern of past security weaknesses that have not been adequately addressed. This history suggests a recurring need for vigilance and prompt patching, which has not been the case. In conclusion, while there are some positive signs like prepared SQL statements, the plugin's security is significantly undermined by its large unprotected attack surface, potential for insecure deserialization and output, and a history of unpatched vulnerabilities.

Key Concerns

  • 10 unprotected AJAX handlers
  • 5 dangerous functions (unserialize)
  • 43% of outputs not properly escaped
  • 2 unpatched medium severity CVEs
  • Bundled outdated jQuery v1.8.3
Vulnerabilities
2

Content Manager Light Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-24771medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Manager Light <= 3.2 - Reflected Cross-Site Scripting

Jun 26, 2025Unpatched
CVE-2025-31770medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Content Manager Light <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Apr 1, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Content Manager Light Code Analysis

Dangerous Functions
5
Raw SQL Queries
0
0 prepared
Unescaped Output
53
71 escaped
Nonce Checks
3
Capability Checks
2
File Operations
3
External Requests
2
Bundled Libraries
3

Dangerous Functions Found

unserialize$value = unserialize( urldecode( $value ) );include\otw_components\otw_functions\otw_functions.php:600
unserialize$templates_array = unserialize( $templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:172
unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:354
unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:384
unserialize$saved_templates_array = unserialize( $saved_templates );include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:421

Bundled Libraries

Select2jQuery1.8.3TinyMCE

Output Escaping

57% escaped124 total outputs
Attack Surface
10 unprotected

Content Manager Light Attack Surface

Entry Points11
Unprotected10

AJAX Handlers 10

authwp_ajax_otw_grid_manager_column_dialoginclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:64
authwp_ajax_otw_grid_manager_save_templateinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:65
authwp_ajax_otw_grid_manager_delete_templateinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:66
authwp_ajax_otw_grid_manager_load_templateinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:67
authwp_ajax_otw_shortcode_editor_dialoginclude\otw_components\otw_shortcode\otw_shortcode.class.php:166
authwp_ajax_otw_shortcode_get_codeinclude\otw_components\otw_shortcode\otw_shortcode.class.php:167
authwp_ajax_otw_shortcode_live_previewinclude\otw_components\otw_shortcode\otw_shortcode.class.php:168
authwp_ajax_otw_shortcode_live_reloadinclude\otw_components\otw_shortcode\otw_shortcode.class.php:169
authwp_ajax_otw_shortcode_preview_shortcodesinclude\otw_components\otw_shortcode\otw_shortcode.class.php:170
authwp_ajax_otw_shortcode_preview_front_shortcodesinclude\otw_components\otw_shortcode\otw_shortcode.class.php:171

Shortcodes 1

[otw_shortcode_grid_column] include\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:70
WordPress Hooks 22
actionadmin_menuinclude\otw_components\otw_factory\otw_factory.class.php:34
actionadmin_print_stylesinclude\otw_components\otw_factory\otw_factory.class.php:36
actionadmin_noticesinclude\otw_components\otw_factory\otw_factory.class.php:38
filterpre_set_site_transient_update_pluginsinclude\otw_components\otw_factory\otw_factory.class.php:40
filterplugins_apiinclude\otw_components\otw_factory\otw_factory.class.php:42
actionwp_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:90
actionadmin_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:94
filterthe_contentinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:71
filterthe_contentinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:72
filterthe_contentinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:73
actionadd_meta_boxesinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:100
actionsave_postinclude\otw_components\otw_grid_manager_light\otw_grid_manager.class.php:101
actionadmin_footerinclude\otw_components\otw_shortcode\otw_shortcode.class.php:164
filtermce_external_pluginsinclude\otw_components\otw_shortcode\otw_shortcode.class.php:175
filtermce_buttonsinclude\otw_components\otw_shortcode\otw_shortcode.class.php:176
actionwp_footerinclude\otw_components\otw_shortcode\otw_shortcode.class.php:185
actionadmin_footerinclude\otw_components\otw_shortcode\shortcodes\otw_shortcode_html_editor.class.php:13
actionwp_footerinclude\otw_components\otw_shortcode\shortcodes\otw_shortcode_html_editor.class.php:15
actionadmin_menuinclude\otw_lcm_functions.php:16
actionadmin_print_stylesinclude\otw_lcm_functions.php:18
filterotwfcr_noticeinclude\otw_lcm_functions.php:20
actioninitotw_content_manager.php:87
Maintenance & Trust

Content Manager Light Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedMay 7, 2022
PHP min version
Downloads26K

Community Trust

Rating100/100
Number of ratings4
Active installs80
Alternatives

Content Manager Light Alternatives

EleSpare – News, Magazine and Blog Addons for Elementor

EleSpare – News, Magazine and Blog Addons for Elementor

elespare

A
99

EleSpare provides pre-designed templates, header/footer builders, and various post layouts for creating stunning news, magazine, and blog sites with E &hellip;

10K 2 CVEs
Lightweight Grid Columns

Lightweight Grid Columns

lightweight-grid-columns

A
85

Easily add desktop, tablet and mobile friendly columns to your content using an easy to use shortcode.

10K No CVEs
Ultimate Addons for SiteOrigin

Ultimate Addons for SiteOrigin

addon-so-widgets-bundle

A
85

An ultimate collection of addons for SiteOrigin. SiteOrigin Widgets Bundle is required.

7K No CVEs
Footer Mega Grid Columns – For Legacy / Classic / Old Widget Screen

Footer Mega Grid Columns – For Legacy / Classic / Old Widget Screen

footer-mega-grid-columns

A
100

Footer Mega Grid Columns register a footer widget area for theme and allow you to add and display footer widgets in grid view with multiple columns.

2K No CVEs
Grid Shortcodes

Grid Shortcodes

grid-shortcodes

A
100

A responsive and easy-to-use tool for dividing your content in your posts/pages. This ultra-lightweight plugin allows you to put your content in colum &hellip;

2K 1 CVE
Developer Profile

Content Manager Light Developer Profile

OTWthemes

12 plugins · 6K total installs

70
trust score
Avg Security Score
66/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Content Manager Light

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/content-manager-light/include/otw_components/otw_grid_manager_light/css/otw-grid-manager.css/wp-content/plugins/content-manager-light/include/otw_components/otw_grid_manager_light/css/otw-grid-manager-admin.css/wp-content/plugins/content-manager-light/include/otw_components/otw_form/css/otw-form.css/wp-content/plugins/content-manager-light/include/otw_components/otw_form/css/otw-form-admin.css/wp-content/plugins/content-manager-light/include/otw_components/otw_factory/css/font-awesome.css/wp-content/plugins/content-manager-light/include/otw_components/otw_factory/css/otw_factory.css/wp-content/plugins/content-manager-light/include/otw_components/otw_shortcode/css/otw-shortcode-admin.css/wp-content/plugins/content-manager-light/css/otw_content_manager.css
Script Paths
/wp-content/plugins/content-manager-light/include/otw_components/otw_grid_manager_light/js/otw-grid-manager.js/wp-content/plugins/content-manager-light/include/otw_components/otw_grid_manager_light/js/otw-grid-manager-admin.js/wp-content/plugins/content-manager-light/include/otw_components/otw_form/js/otw-form.js/wp-content/plugins/content-manager-light/include/otw_components/otw_form/js/otw-form-admin.js/wp-content/plugins/content-manager-light/include/otw_components/otw_factory/js/otw_factory.js/wp-content/plugins/content-manager-light/include/otw_components/otw_shortcode/js/otw-shortcode-admin.js+1 more
Version Parameters
content-manager-light/css/otw_content_manager.css?ver=otw_components/otw_grid_manager_light/css/otw-grid-manager.css?ver=otw_components/otw_grid_manager_light/css/otw-grid-manager-admin.css?ver=otw_components/otw_form/css/otw-form.css?ver=otw_components/otw_form/css/otw-form-admin.css?ver=otw_components/otw_factory/css/font-awesome.css?ver=otw_components/otw_factory/css/otw_factory.css?ver=otw_components/otw_shortcode/css/otw-shortcode-admin.css?ver=otw_components/otw_grid_manager_light/js/otw-grid-manager.js?ver=otw_components/otw_grid_manager_light/js/otw-grid-manager-admin.js?ver=otw_components/otw_form/js/otw-form.js?ver=otw_components/otw_form/js/otw-form-admin.js?ver=otw_components/otw_factory/js/otw_factory.js?ver=otw_components/otw_shortcode/js/otw-shortcode-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
otw-shortcode-wrapperotw-form-wrapperotw-grid-manager-wrapper
HTML Comments
<!-- otw components --><!-- OTW Factory Plugin -->
Data Attributes
data-otw-componentdata-otw-grid-managerdata-otw-formdata-otw-shortcode
JS Globals
OTW_FactoryOTW_GridManagerOTW_FormOTW_Shortcode
Shortcode Output
[otw_shortcode
FAQ

Frequently Asked Questions about Content Manager Light