Does Context Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Context Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Context Manager compatible with WordPress 3.7.41?

According to WordPress.org data, Context Manager 1.2.0 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is Context Manager updated?

Context Manager was last updated on Nov 13, 2013. Frequent updates are generally a positive security signal.

What is Context Manager's security score?

Context Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Context Manager Security & Risk Analysis

wordpress.org/plugins/context-manager

Make your site react to users' context by changing your theme's CSS and JavaScript files, navigation menus, sidebars and the HTML body tag.

20 active installs v1.2.0 PHP + WP 3.2+ Updated Nov 13, 2013

contextruleswidget-logicwp_enqueue_scriptswp_enqueue_styles

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Context Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Context Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The 'context-manager' plugin v1.2.0 exhibits a mixed security posture. On the positive side, it demonstrates excellent practices by having zero known CVEs, zero unpatched vulnerabilities, and zero taint flows, indicating a generally secure development history and a clean bill of health regarding complex security flaws.

However, the static analysis reveals several areas of concern. The presence of seven instances of `create_function` is a significant red flag. This deprecated PHP function is a known source of security vulnerabilities, particularly code injection, as it can be exploited to execute arbitrary code if user-supplied data is not rigorously sanitized before being passed to it. Furthermore, the output escaping is only 50% properly handled, meaning that some user-generated content might be displayed directly to users, creating a risk of Cross-Site Scripting (XSS) attacks. The complete absence of nonce and capability checks on the limited entry points, while seemingly benign given the zero entry points, suggests a lack of defense-in-depth that could become a problem if new entry points are introduced in future versions without adequate security measures.

In conclusion, while the plugin has a clean vulnerability history, the static analysis points to potential weaknesses. The reliance on `create_function` and incomplete output escaping are immediate risks that should be addressed. The lack of basic security checks on entry points, though currently moot, represents a gap in secure coding practices. Addressing these issues will significantly improve the plugin's overall security.

Key Concerns

Use of dangerous function: create_function
Incomplete output escaping
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Context Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Context Manager Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_filter( 'context_manager_reaction_menu_handlers', create_function( '$v', '$v[\'Context_Manager_Rreactions\menu\active-parent.php:3

create_functionadd_filter( 'context_manager_reaction_menu_handlers', create_function( '$v', '$v[\'Context_Manager_Rreactions\menu\child-page.php:3

create_functionadd_filter( 'context_manager_reaction_menu_handlers', create_function( '$v', '$v[\'Context_Manager_Rreactions\menu\inactive-parent.php:3

create_functionarray_map( create_function( '$v', 'return $v->ID;' ), $nav_menu_items ),reactions\menu.php:34

create_functionarray_map( create_function( '$v', 'return empty( $v->menu_item_parent ) ? $v->title : "-- " . $v->tireactions\menu.php:35

create_functionarray_map( create_function( '$v', 'return $v->description;' ), $this->handlers )reactions\menu.php:59

create_functioncreate_function( '$v', 'return $GLOBALS[\'wp_registered_widgets\'][$v][\'name\'];' ),reactions\widgets.php:32

Output Escaping

50% escaped4 total outputs

Attack Surface

Context Manager Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 18

actionadmin_print_styles-post.phpadmin\admin.php:16

actionadmin_print_styles-post-new.phpadmin\admin.php:17

actionadmin_print_scripts-post.phpadmin\admin.php:19

actionadmin_print_scripts-post-new.phpadmin\admin.php:20

filterpost_updated_messagesadmin\admin.php:22

actionadmin_initadmin\meta-box-reactions.php:19

actioninitplugin.php:58

actionwp_enqueue_scriptsreactions\assets.php:8

filterbody_classreactions\body_class.php:8

filtercontext_manager_reaction_menu_handlersreactions\menu\active-parent.php:3

filterwp_nav_menu_objectsreactions\menu\active-parent.php:13

filtercontext_manager_reaction_menu_handlersreactions\menu\child-page.php:3

filterwp_nav_menu_objectsreactions\menu\child-page.php:14

filtercontext_manager_reaction_menu_handlersreactions\menu\inactive-parent.php:3

filterwp_nav_menu_objectsreactions\menu\inactive-parent.php:12

actionwpreactions\menu.php:13

actionwpreactions\widgets.php:8

filtersidebars_widgetsreactions\widgets.php:55

Maintenance & Trust

Context Manager Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedNov 13, 2013

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings5

Active installs20

Alternatives

Context Manager Alternatives

Hide Widgets (SP Display Widgets)

sp-display-widgets

This plugin hide widgets on specified pages. Adds checkboxes to each widget to either show or hide it on every site page.

80 No CVEs

Menu Rules

menu-rules

An extension of the menu system with context-based rules and a flexible framework to write your own.

10 No CVEs

Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets

widget-options

0ddcemmihs4a843ekhaoofzosrunf4bl Widget Options gives you super powers to control your site’s sidebar widgets and all Gutenberg blocks on pages, posts …

100K 1 unpatched

YARPP – Yet Another Related Posts Plugin

yet-another-related-posts-plugin

The best WordPress plugin for displaying related posts. Simple and flexible, with a powerful proven algorithm and inbuilt caching.

100K 8 CVEs

Speculative Loading

speculation-rules

100

Enables browsers to speculatively prerender or prefetch pages to achieve near-instant loads based on user interaction.

70K No CVEs

Developer Profile

Context Manager Developer Profile

Phill Brown

2 plugins · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Context Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/context-manager/reactions/assets.php

HTML / DOM Fingerprints

FAQ