Does Passwords Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Passwords Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Passwords Manager compatible with WordPress 6.8.5?

According to WordPress.org data, Passwords Manager 1.5.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Passwords Manager compatible with PHP 7.4+?

Passwords Manager requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Passwords Manager updated?

Passwords Manager was last updated on Apr 15, 2025. Frequent updates are generally a positive security signal.

What is Passwords Manager's security score?

Passwords Manager has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Passwords Manager Security & Risk Analysis

wordpress.org/plugins/passwords-manager

Passwords Manager wordpress plugin let you to store different passwords at one place. Passwords are stored in Wordpress database in encrypted form so …

100 active installs v1.5.2 PHP 7.4+ WP 6.3+ Updated Apr 15, 2025

passwords-collectionpasswords-inventorypasswords-management-systempasswords-managerpasswords-storage-system

A · Safe

CVEs total4

Unpatched0

Last CVEJan 15, 2025

Plugin page Download

Safety Verdict

Is Passwords Manager Safe to Use in 2026?

Generally Safe

Score 95/100

Passwords Manager has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 15, 2025Updated 11mo ago

Risk Assessment

The "passwords-manager" v1.5.2 plugin demonstrates a mixed security posture. On the positive side, the static analysis reveals a robust defense against immediate attack vectors. All identified entry points, including AJAX handlers and shortcodes, appear to have authentication and permission checks in place, which is a significant strength. The plugin also utilizes prepared statements for the vast majority of its SQL queries and incorporates nonce and capability checks, indicating an awareness of common WordPress security practices. Furthermore, no critical or high-severity taint flows were detected, suggesting that data processing within the plugin is likely handled in a relatively safe manner regarding injection vulnerabilities.

However, there are notable areas of concern. The most significant issue stems from the plugin's vulnerability history. With four known CVEs, including two high-severity and two medium-severity vulnerabilities, the plugin has a track record of security flaws. The common types of vulnerabilities found (SQL Injection and Cross-site Scripting) are serious and can lead to data compromise or site defacement. While there are currently no unpatched CVEs for this specific version, the historical pattern suggests a potential for recurring issues or a need for more rigorous security development lifecycle practices. The relatively low percentage of properly escaped output (65%) is also a concern, as it increases the risk of Cross-site Scripting vulnerabilities, even if not immediately evident in the taint analysis for this specific version.

Key Concerns

Historical high-severity vulnerabilities (SQLi/XSS)
Historical medium-severity vulnerabilities (SQLi/XSS)
Moderate output escaping (65% proper)
Bundled library (DataTables)

Vulnerabilities

Passwords Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

3 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2024-12613high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Passwords Manager <= 1.4.8 - Unauthenticated SQL Injection

Jan 15, 2025 Patched in 1.5.1 (1d)

CVE-2024-12614high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Passwords Manager <= 1.4.8 - Missing Authorization to Authenticated (Subscriber+) Add Password + Update Encryption Key

Jan 15, 2025 Patched in 1.5.1 (1d)

CVE-2024-12615medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Passwords Manager <= 1.4.8 - Authenticated (Subscriber+) SQL Injection

Jan 15, 2025 Patched in 1.5.1 (1d)

WF-7c4ceb2e-c718-43e2-bb7b-ab0404271134-passwords-managermedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Passwords Manager <= 1.4.4 - Cross-Site Scripting via pwdms_csv_category parameter

May 21, 2022 Patched in 1.4.5 (612d)

Code Analysis

Analyzed Mar 16, 2026

Passwords Manager Code Analysis

Dangerous Functions

Raw SQL Queries

42 prepared

Unescaped Output

104

189 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

91% prepared46 total queries

Output Escaping

65% escaped293 total outputs

Data Flows

All sanitized

Data Flow Analysis

12 flows

<index> (include\admin-page\addon\csv-import\index.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Passwords Manager Attack Surface

Entry Points16

Unprotected0

AJAX Handlers 15

authwp_ajax_pwdms_export_detail_listinclude\admin-page\addon\csv-export\index.php:2

authwp_ajax_pwdms_export_csvinclude\admin-page\addon\csv-export\index.php:95

authwp_ajax_get_new_catsinclude\pms-categories-ajax-action.php:338

authwp_ajax_post_new_catsinclude\pms-categories-ajax-action.php:339

authwp_ajax_edit_catsinclude\pms-categories-ajax-action.php:340

authwp_ajax_import_dummy_datainclude\pms-functions.php:102

authwp_ajax_get_new_passinclude\pms-passwords-ajax-action.php:446

noprivwp_ajax_get_new_passinclude\pms-passwords-ajax-action.php:447

authwp_ajax_post_new_passinclude\pms-passwords-ajax-action.php:448

authwp_ajax_edit_passinclude\pms-passwords-ajax-action.php:449

authwp_ajax_clone_passinclude\pms-passwords-ajax-action.php:450

authwp_ajax_decrypt_passinclude\pms-passwords-ajax-action.php:451

noprivwp_ajax_decrypt_passinclude\pms-passwords-ajax-action.php:452

authwp_ajax_pms_save_settinginclude\pms-settings-ajax-action.php:42

authwp_ajax_pms_send_email_helpinclude\pms-settings-ajax-action.php:88

Shortcodes 1

[pms_pass] include\pms-front-shortcode.php:35

WordPress Hooks 11

filtermce_external_pluginsinclude\pms-front-shortcode.php:13

filtermce_buttonsinclude\pms-front-shortcode.php:14

actionadmin_headinclude\pms-front-shortcode.php:17

actionadmin_menuinclude\pms-functions.php:6

actionadmin_enqueue_scriptsinclude\pms-srcipts-styles.php:82

actionwp_enqueue_scriptsinclude\pms-srcipts-styles.php:107

actionwp_enqueue_scriptsinclude\pms-srcipts-styles.php:112

actioninitpasswords-manager.php:37

actionactivated_pluginpasswords-manager.php:107

actioninitpasswords-manager.php:119

filterplugin_row_metapasswords-manager.php:149

Maintenance & Trust

Passwords Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 15, 2025

PHP min version7.4

Downloads7K

Community Trust

Rating100/100

Number of ratings5

Active installs100

Alternatives

Passwords Manager Alternatives

No alternatives data available yet.

Developer Profile

Passwords Manager Developer Profile

8 plugins · 5K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

183 days

View full developer profile

Detection Fingerprints

How We Detect Passwords Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/passwords-manager/assets/libs/fontawesome/all.css/wp-content/plugins/passwords-manager/assets/libs/bootstrap/css/bootstrap.min.css/wp-content/plugins/passwords-manager/assets/libs/datatable/datatables.min.css/wp-content/plugins/passwords-manager/assets/libs/datatable/rowReorder.dataTables.min.css/wp-content/plugins/passwords-manager/assets/libs/datatable/responsive.dataTables.min.css/wp-content/plugins/passwords-manager/assets/libs/sweetalert/sweetalert2.min.css/wp-content/plugins/passwords-manager/assets/libs/owl-carousel/css/owl.carousel.min.css/wp-content/plugins/passwords-manager/assets/libs/owl-carousel/css/owl.theme.default.min.css+9 more

Script Paths

/wp-content/plugins/passwords-manager/assets/js/crypto

Version Parameters

passwords-manager_fontawesome_minpasswords-manager_bootstrap_minpasswords-manager_datatablepasswords-manager_rowdatatablepasswords-manager_respdatatablepasswords-manager_sweetalertpasswords-manager-owl-carousel-csspasswords-manager-owl-carousel-themepasswords-manager_adminpasswords-manager_clipboardpasswords-manager_datatablepasswords-manager_rowdatatablepasswords-manager_responsivedatatablepasswords-manager_popperpasswords-manager_bootstrap_minpasswords-manager_sweetalertpasswords-manager-owl-carousel-jspasswords-manager_crypto

HTML / DOM Fingerprints

CSS Classes

pms-admin-wrapper

HTML Comments

include script & style fileinclude encryption fileinclude frontend shortcode fileinclude encryption file+5 more

Data Attributes

data-bs-toggledata-bs-targetaria-controlsaria-expandeddata-bs-parent

JS Globals

PWDMS_VARPWDMS_NAMEPWDMS_PLUGIN_URLPWDMS_PLUGIN_DIRPWDMS_ASSETSPWDMS_IMG+2 more

FAQ

Passwords Manager Security & Risk Analysis

Is Passwords Manager Safe to Use in 2026?

Generally Safe

Key Concerns

Passwords Manager Security Vulnerabilities

CVEs by Year

Severity Breakdown

Passwords Manager Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Passwords Manager Attack Surface

AJAX Handlers 15

Shortcodes 1

Passwords Manager Maintenance & Trust

Maintenance Signals

Community Trust

Passwords Manager Alternatives

Passwords Manager Developer Profile

How We Detect Passwords Manager

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Passwords Manager