Does News Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in News Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is News Manager compatible with WordPress 4.5.33?

According to WordPress.org data, News Manager 1.1.0 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is News Manager updated?

News Manager was last updated on Jun 16, 2016. Frequent updates are generally a positive security signal.

What is News Manager's security score?

News Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

News Manager Security & Risk Analysis

wordpress.org/plugins/news-manager

Every CMS site needs a news section. News Manager allows you add, manage and display news, date archives, AJAX Calendar, Categories, Tags and more.

700 active installs v1.1.0 PHP + WP 4.0+ Updated Jun 16, 2016

newsnews-categoriesnews-managementnews-manager

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is News Manager Safe to Use in 2026?

Generally Safe

Score 85/100

News Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The news-manager plugin v1.1.0 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The plugin has a small attack surface, with only two AJAX handlers and no REST API routes, shortcodes, or cron events. Crucially, all identified entry points have authorization checks, and the plugin demonstrates good practices by performing nonce checks and capability checks. The code also shows a strong commitment to data integrity with all SQL queries utilizing prepared statements. There are no recorded vulnerabilities (CVEs) for this plugin, which is a positive indicator of its historical security. However, a notable area for improvement is output escaping, with 42% of outputs not being properly escaped. This could potentially lead to Cross-Site Scripting (XSS) vulnerabilities if the unsanitized data is rendered in a web browser. While no direct evidence of exploitable taint flows or dangerous functions was found in this specific analysis, the unescaped output remains a concern that could be exploited in conjunction with other factors.

Key Concerns

Unescaped output detected (42%)

Vulnerabilities

None known

News Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

News Manager Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

60 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

58% escaped104 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

get_widget_calendar_month (includes\widgets.php:189)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

News Manager Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

noprivwp_ajax_get-news-widget-calendar-monthincludes\widgets.php:158

authwp_ajax_get-news-widget-calendar-monthincludes\widgets.php:159

WordPress Hooks 22

actioninitincludes\query.php:18

actionpre_get_postsincludes\query.php:19

filterquery_varsincludes\query.php:22

actioninitincludes\settings.php:31

actionadmin_menuincludes\settings.php:32

actionadmin_initincludes\settings.php:33

actionafter_setup_themeincludes\settings.php:34

filterplugin_action_linksincludes\settings.php:37

actionwidgets_initincludes\widgets.php:18

actioninitnews-manager.php:108

actioninitnews-manager.php:109

actionplugins_loadednews-manager.php:110

actionplugins_loadednews-manager.php:111

actionadmin_footernews-manager.php:112

actionadmin_enqueue_scriptsnews-manager.php:113

actionwp_enqueue_scriptsnews-manager.php:114

actionadmin_noticesnews-manager.php:115

filtermap_meta_capnews-manager.php:118

filterpost_updated_messagesnews-manager.php:119

filterplugin_row_metanews-manager.php:120

filterrequestnews-manager.php:121

filterpost_type_linknews-manager.php:122

Maintenance & Trust

News Manager Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedJun 16, 2016

PHP min version

Downloads44K

Community Trust

Rating78/100

Number of ratings9

Active installs700

Alternatives

News Manager Alternatives

IssueM

issuem

Create, Organize, and Publish Issues with WordPress

600 1 CVE

XML Sitemap Generator for Google

google-sitemap-generator

Generate multiple types of sitemaps to improve SEO and get your website indexed quickly.

1.0M 3 CVEs

Hostinger Reach – AI-Powered Email Marketing for WordPress

hostinger-reach

100

Launch and grow your email marketing effortlessly with Hostinger Reach. Collect contacts, sync subscribers, and send emails – all in one, AI powered.

1.0M No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Developer Profile

News Manager Developer Profile

dFactory

12 plugins · 357K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

247 days

View full developer profile

Detection Fingerprints

How We Detect News Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/news-manager/css/style.css/wp-content/plugins/news-manager/css/admin.css/wp-content/plugins/news-manager/css/jquery.datepicker.css/wp-content/plugins/news-manager/js/admin.js/wp-content/plugins/news-manager/js/jquery.datepicker.js/wp-content/plugins/news-manager/js/front.js

Script Paths

/wp-content/plugins/news-manager/js/admin.js/wp-content/plugins/news-manager/js/jquery.datepicker.js/wp-content/plugins/news-manager/js/front.js

Version Parameters

news-manager/css/style.css?ver=news-manager/css/admin.css?ver=news-manager/css/jquery.datepicker.css?ver=news-manager/js/admin.js?ver=news-manager/js/jquery.datepicker.js?ver=news-manager/js/front.js?ver=

HTML / DOM Fingerprints

CSS Classes

news-manager-widget-wrap

HTML Comments

Data Attributes

data-nm-post-iddata-nm-post-typedata-nm-archive-iddata-nm-archive-type

JS Globals

news_manager_admin_paramsnews_manager_front_params

REST Endpoints

/wp-json/news-manager/v1

Shortcode Output

[news-manager-widget]

FAQ