WP-Safety

MultiManager WP – Manage All Your WordPress Sites Easily Security & Risk Analysis

wordpress.org/plugins/multimanager-wp

Helps to automatically connect a WordPress site to the ICDSoft WordPress MultiManager tool which allows users to manage multiple WordPress sites from …

1K active installs v1.1.5 PHP 7.4+ WP 6.3+ Updated Feb 11, 2026
custom-apimanage-sitesmultiple-site-managerrest-api
97
A · Safe
CVEs total1
Unpatched0
Last CVENov 12, 2024
Plugin page Download
Safety Verdict

Is MultiManager WP – Manage All Your WordPress Sites Easily Safe to Use in 2026?

Generally Safe

Score 97/100

MultiManager WP – Manage All Your WordPress Sites Easily has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 12, 2024Updated 1mo ago
Risk Assessment

The static analysis of multimanager-wp v1.1.5 reveals a generally strong security posture, with no identified vulnerabilities in its current code. The plugin demonstrates good practices by effectively escaping all output and utilizing prepared statements for its single SQL query. The absence of dangerous functions, external HTTP requests, and tainted data flows further contributes to its secure design. However, the plugin's vulnerability history is a significant concern. The presence of one previously discovered critical vulnerability, an Authentication Bypass Using an Alternate Path or Channel, even though currently patched, indicates a past weakness that required urgent attention. The fact that this was a critical severity issue and occurred recently suggests a potential for recurring vulnerabilities if development practices do not address the root cause. While the current version appears secure based on static analysis, the historical critical vulnerability warrants a degree of caution, implying that thorough security reviews and testing should remain a priority.

Key Concerns

  • Past critical vulnerability (Authentication Bypass)
Vulnerabilities
1

MultiManager WP – Manage All Your WordPress Sites Easily Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Critical
1

1 total CVE

CVE-2024-11028critical · 9.8Authentication Bypass Using an Alternate Path or Channel

MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation

Nov 12, 2024 Patched in 1.1.0 (1d)
Code Analysis
Analyzed Mar 16, 2026

MultiManager WP – Manage All Your WordPress Sites Easily Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
0
30 escaped
Nonce Checks
0
Capability Checks
16
File Operations
7
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

100% escaped30 total outputs
Attack Surface

MultiManager WP – Manage All Your WordPress Sites Easily Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
filterfilesystem_methodincludes\class-multi-manager-wp-rest-api.php:1129
actionplugins_loadedincludes\class-multi-manager-wp.php:129
actionadmin_enqueue_scriptsincludes\class-multi-manager-wp.php:144
actionadmin_enqueue_scriptsincludes\class-multi-manager-wp.php:145
actionwp_enqueue_scriptsincludes\class-multi-manager-wp.php:160
actionwp_enqueue_scriptsincludes\class-multi-manager-wp.php:161
actionrest_api_initincludes\class-multi-manager-wp.php:215
actionmulti_manager_wp_login_cleanup_expired_tokensincludes\class-multi-manager-wp.php:216

Scheduled Events 1

multi_manager_wp_login_cleanup_expired_tokens
Maintenance & Trust

MultiManager WP – Manage All Your WordPress Sites Easily Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 11, 2026
PHP min version7.4
Downloads13K

Community Trust

Rating0/100
Number of ratings0
Active installs1K
Alternatives

MultiManager WP – Manage All Your WordPress Sites Easily Alternatives

Custom API for WP

Custom API for WP

custom-api-for-wp

A
95

Connect WordPress with External APIs and create no-code custom WordPress REST API endpoints to interact with the WordPress database to perform SQL ope &hellip;

1K 2 CVEs
Custom API Creator

Custom API Creator

custom-api-creator

A
92

Custom API Creator is a WordPress plugin that lets developers create flexible, customize data, and control access with role restrictions.

10 No CVEs
WooCommerce Legacy REST API

WooCommerce Legacy REST API

woocommerce-legacy-rest-api

A
92

The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.

400K No CVEs
Disable REST API

Disable REST API

disable-json-api

A
85

Disable the use of the REST API on your website to site users. Now with User Role support!

90K No CVEs
Make Connector

Make Connector

integromat-connector

A
94

Make Connector. Make lets you design, build, and automate by connecting with WordPress in just a few clicks.

80K 3 CVEs
Developer Profile

MultiManager WP – Manage All Your WordPress Sites Easily Developer Profile

icdsoft

2 plugins · 1K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect MultiManager WP – Manage All Your WordPress Sites Easily

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multimanager-wp/admin/css/multi-manager-wp-admin.css/wp-content/plugins/multimanager-wp/admin/js/multi-manager-wp-admin.js
Script Paths
/wp-content/plugins/multimanager-wp/admin/js/multi-manager-wp-admin.js
Version Parameters
multimanager-wp/admin/css/multi-manager-wp-admin.css?ver=multimanager-wp/admin/js/multi-manager-wp-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
MultiManager_WP_Publicmultimanager_wp_public_object
REST Endpoints
/wp-json/multimanager-wp/
FAQ

Frequently Asked Questions about MultiManager WP – Manage All Your WordPress Sites Easily