Does NGINX Manager have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is NGINX Manager compatible with WordPress 3.9.40?

According to WordPress.org data, NGINX Manager 1.3.4.4 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is NGINX Manager updated?

NGINX Manager was last updated on May 5, 2014. Frequent updates are generally a positive security signal.

What is NGINX Manager's security score?

NGINX Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

NGINX Manager Security & Risk Analysis

wordpress.org/plugins/nginx-manager

Easily purge Nginx cache. Each time a post is modified clear the cached version of the page and of all the related page.

20 active installs v1.3.4.4 PHP + WP 3.0+ Updated May 5, 2014

cachenginxperformancepurge

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is NGINX Manager Safe to Use in 2026?

Generally Safe

Score 85/100

NGINX Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "nginx-manager" v1.3.4.4 plugin exhibits a mixed security posture. On one hand, it shows strengths in its handling of database queries, exclusively using prepared statements, and a lack of known vulnerabilities, suggesting a generally stable codebase. The absence of obvious direct attack vectors like unprotected AJAX handlers or REST API routes further contributes to a seemingly robust front-end security. However, critical concerns arise from the static analysis. The presence of `create_function`, a deprecated and potentially insecure PHP function, is a red flag, as is the complete lack of proper output escaping for all identified outputs. Furthermore, the taint analysis revealing three flows with unsanitized paths, even without critical or high severity, indicates potential avenues for unintended behavior or data manipulation. The single cron event also presents a potential, albeit less direct, attack surface if not properly secured. The absence of nonces on the limited entry points and only one capability check suggests that authorization might not be as granular or robust as it could be for all operations.

Key Concerns

Outputs not properly escaped
Taint flows with unsanitized paths
Dangerous function create_function used
Missing nonce checks
Only one capability check

Vulnerabilities

None known

NGINX Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

NGINX Manager Release Timeline

v1.3.4.4Current

v1.3.4.3

v1.3.4.2

v1.3.4.1

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3

v1.2.2

v1.2.1

v1.2

v1.1.1

Code Analysis

Analyzed Mar 16, 2026

NGINX Manager Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functioncreate_function(nginx-manager.php:178

create_functioncreate_function(nginx-manager.php:287

SQL Query Safety

100% prepared10 total queries

Output Escaping

0% escaped30 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

nginxm_upgrade_page (admin\upgrade.php:198)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

NGINX Manager Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actionadmin_menuadmin\admin.php:15

actionadmin_print_scriptsadmin\admin.php:18

actionadmin_print_stylesadmin\admin.php:19

actioninitnginx-manager.php:71

actionpublish_postnginx-manager.php:86

actionpublish_pagenginx-manager.php:87

actioncomment_postnginx-manager.php:88

actionwp_set_comment_statusnginx-manager.php:91

actiontransition_post_statusnginx-manager.php:105

actiondelete_postnginx-manager.php:106

actionwp_headersnginx-manager.php:109

actionnm_check_log_file_size_dailynginx-manager.php:112

actionedit_attachmentnginx-manager.php:115

actionwpmu_new_blognginx-manager.php:118

actiontransition_post_statusnginx-manager.php:121

actionedit_termnginx-manager.php:124

actiondelete_termnginx-manager.php:125

actioncheck_ajax_referernginx-manager.php:128

actionngg_ajax_image_savenginx-manager.php:135

actionngg_update_gallerynginx-manager.php:136

actionngg_gallery_sortnginx-manager.php:137

actionadmin_noticesnginx-manager.php:176

actionadmin_noticesnginx-manager.php:285

Scheduled Events 1

nm_check_log_file_size_daily

Maintenance & Trust

NGINX Manager Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedMay 5, 2014

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

NGINX Manager Alternatives

TNC Toolbox: Web Performance

tnc-toolbox

Multi-stack caching for WordPress: ea-NGINX (cPanel) and LiteSpeed (OpenLS/Enterprise). Auto-detects web server!

1K 2 CVEs

Nginx Cache Purge Preload

fastcgi-cache-purge-and-preload-nginx

The most comprehensive solution for managing Nginx (FastCGI, Proxy, SCGI, UWSGI) cache operations directly from your WordPress dashboard.

100 1 CVE

Nginx Helper

nginx-helper

100

Cleans nginx's fastcgi/proxy cache or redis-cache whenever a post is edited/published. Also does a few more things.

100K No CVEs

Proxy Cache Purge

varnish-http-purge

100

Automatically empty proxy cached content when your site is modified.

40K No CVEs

Nginx Cache

nginx-cache

Purge the Nginx cache (FastCGI, Proxy, uWSGI) automatically when content changes or manually within WordPress.

10K No CVEs

Developer Profile

NGINX Manager Developer Profile

Hpatoio

1 plugin · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect NGINX Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nginx-manager/admin/css/nginxm_admin.css/wp-content/plugins/nginx-manager/admin/js/nginxm_admin.js/wp-content/plugins/nginx-manager/admin/js/nginxm_settings.js/wp-content/plugins/nginx-manager/nginxm.js

Script Paths

/wp-content/plugins/nginx-manager/admin/js/nginxm_admin.js/wp-content/plugins/nginx-manager/admin/js/nginxm_settings.js/wp-content/plugins/nginx-manager/nginxm.js

Version Parameters

nginx-manager/admin/css/nginxm_admin.css?ver=nginx-manager/admin/js/nginxm_admin.js?ver=nginx-manager/admin/js/nginxm_settings.js?ver=nginx-manager/nginxm.js?ver=

HTML / DOM Fingerprints

CSS Classes

nginx-manager-settings

HTML Comments

NGINX Manager SettingsNGINX Manager Settings |NGINX Manager Settings >NGINX Manager Settings >>

Data Attributes

data-nginxm-actiondata-nginxm-nonce

JS Globals

nginxmAdminnginxmSettings

REST Endpoints

/wp-json/nginx-manager/v1/clear_all_cache/wp-json/nginx-manager/v1/clear_post_cache/wp-json/nginx-manager/v1/clear_term_cache

FAQ