WP-Safety

PZ Frontend Manager Security & Risk Analysis

wordpress.org/plugins/pz-frontend-manager

PZ Frontend Manager allows your clients to manage their platform without accessing the wp-admin dashboard.

10 active installs v1.0.6 PHP 7.4+ WP 6.1+ Updated Jun 27, 2024
admindashboardfrontendfrontend-dashboardrole
91
A · Safe
CVEs total1
Unpatched0
Last CVEJul 1, 2024
Plugin page Download
Safety Verdict

Is PZ Frontend Manager Safe to Use in 2026?

Generally Safe

Score 91/100

PZ Frontend Manager has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 1, 2024Updated 1yr ago
Risk Assessment

The "pz-frontend-manager" plugin exhibits a mixed security posture. While it shows good practices in SQL query preparation (92% prepared) and output escaping (74% properly escaped), significant concerns arise from its attack surface. A large number of AJAX handlers (10 out of 11) lack authentication checks, creating a wide potential entry point for attackers. Furthermore, the taint analysis revealed two high-severity flows with unsanitized data, indicating a risk of cross-site scripting (XSS) or other injection vulnerabilities if these flows are triggered by user input. The plugin's vulnerability history shows one previously disclosed medium-severity CVE, a Cross-Site Request Forgery (CSRF), which suggests that the developers have addressed past issues. However, the presence of unprotected AJAX endpoints and high-severity taint flows, even without currently unpatched CVEs, indicates that new vulnerabilities could be introduced or exploited.

Key Concerns

  • 10 unprotected AJAX handlers
  • 2 high severity taint flows
  • 5 flows with unsanitized paths
  • 0 capability checks on entry points
  • Bundled Select2 library
  • 1 medium severity CVE (past)
Vulnerabilities
1

PZ Frontend Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-6244medium · 4.3Cross-Site Request Forgery (CSRF)

PZ Frontend Manager <= 1.0.5 - Cross-Site Request Forgery to Profile Picture Update

Jul 1, 2024 Patched in 1.0.6 (3d)
Code Analysis
Analyzed Mar 16, 2026

PZ Frontend Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
12 prepared
Unescaped Output
206
601 escaped
Nonce Checks
9
Capability Checks
0
File Operations
3
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

92% prepared13 total queries

Output Escaping

74% escaped807 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

12 flows5 with unsanitized paths
user_regerror_redirection (admin\classes\class-core.php:656)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
10 unprotected

PZ Frontend Manager Attack Surface

Entry Points14
Unprotected10

AJAX Handlers 11

authwp_ajax_pzfm_remove_itemadmin\includes\ajax-hooks.php:2
authwp_ajax_pzfm_generate_passwordadmin\includes\ajax-hooks.php:129
noprivwp_ajax_pzfm_generate_passwordadmin\includes\ajax-hooks.php:130
authwp_ajax_pzfm_bg_images_removeadmin\includes\ajax-hooks.php:137
authwp_ajax_pzfm_get_categoriesadmin\includes\ajax-hooks.php:147
authwp_ajax_pzfm_save_categoriesadmin\includes\ajax-hooks.php:161
authwp_ajax_pzfm_get_tagadmin\includes\ajax-hooks.php:209
authwp_ajax_pzfm_save_tagadmin\includes\ajax-hooks.php:222
authwp_ajax_pzfm_user_activation_actionadmin\includes\ajax-hooks.php:270
authwp_ajax_pzfm_user_request_actionadmin\includes\ajax-hooks.php:290
authwp_ajax_pzfm_upload_avataradmin\includes\ajax-hooks.php:347

Shortcodes 3

[pzfm-login-form] admin\classes\class-core.php:31
[pzfm-register] admin\classes\class-core.php:32
[pzfm-popup-login] admin\classes\class-core.php:33
WordPress Hooks 67
actionafter_setup_themeadmin\classes\class-core.php:13
actioninitadmin\classes\class-core.php:15
actioninitadmin\classes\class-core.php:16
actionwpadmin\classes\class-core.php:17
actionwpadmin\classes\class-core.php:18
actionwpadmin\classes\class-core.php:19
actionwpadmin\classes\class-core.php:20
actionwpadmin\classes\class-core.php:21
actionwpadmin\classes\class-core.php:22
actiontemplate_redirectadmin\classes\class-core.php:23
actiontemplate_redirectadmin\classes\class-core.php:24
actiontemplate_redirectadmin\classes\class-core.php:25
actionwp_footeradmin\classes\class-core.php:26
filtertheme_page_templatesadmin\classes\class-core.php:28
filterpage_templateadmin\classes\class-core.php:29
filterbody_classadmin\classes\class-core.php:40
filtershow_admin_baradmin\classes\class-core.php:240
actionadmin_noticesadmin\classes\class-core.php:675
actionwp_enqueue_scriptsadmin\classes\class-scripts.php:7
actionadmin_enqueue_scriptsadmin\classes\class-scripts.php:8
actionwp_footeradmin\classes\class-scripts.php:9
actionwp_print_stylesadmin\classes\class-scripts.php:10
actionadmin_noticesadmin\classes\class-scripts.php:192
actionadmin_noticesadmin\includes\activation-hooks.php:54
actionadmin_bar_menuadmin\includes\activation-hooks.php:70
filterdisplay_post_statesadmin\includes\activation-hooks.php:77
filterplugin_action_linksadmin\includes\activation-hooks.php:87
actionplugins_loadedadmin\includes\hooks.php:10
filterpzfm_post_row_data_authoradmin\includes\hooks.php:12
filterpzfm_post_row_data_dateadmin\includes\hooks.php:19
filterpzfm_post_row_data_categoriesadmin\includes\hooks.php:23
filterpzfm_post_row_data_tagsadmin\includes\hooks.php:41
actionpzfm_dashboard_contentadmin\includes\hooks.php:59
filterpzfm_personal_info_fieldsadmin\includes\hooks.php:63
filterajax_query_attachments_argsadmin\includes\hooks.php:71
actionwp_headadmin\includes\hooks.php:79
filterpzfm_email_meta_tagsadmin\includes\hooks.php:93
actionpzfm_after_users_headeradmin\includes\hooks.php:102
actionpzfm_after_users_detailsadmin\includes\hooks.php:108
actionpzfm_after_users_headeradmin\includes\hooks.php:123
actionpzfm_after_users_detailsadmin\includes\hooks.php:130
actionpzfm_send_email_notifadmin\includes\hooks.php:142
actionpzfm_after_save_user_profileadmin\includes\hooks.php:160
actionpzfm_after_save_user_profileadmin\includes\hooks.php:186
actionpzfm_after_footer_hookadmin\includes\hooks.php:207
actionpzfm_before_registration_formadmin\includes\hooks.php:239
actionpzfm_after_registration_formadmin\includes\hooks.php:259
actionpzfm_after_registration_form_fieldsadmin\includes\hooks.php:266
actionwp_footeradmin\includes\hooks.php:273
actionpzfm_after_save_popadmin\includes\hooks.php:274
filterpzfm_users_argsadmin\includes\hooks.php:285
actionpzfm_after_save_user_profileadmin\includes\hooks.php:301
actioninitadmin\includes\hooks.php:326
actionpzfm_after_save_user_registrationadmin\includes\hooks.php:334
actionpzfm_after_save_contactadmin\includes\hooks.php:374
actionpzfm_field_generator_after_label_phoneadmin\includes\hooks.php:404
actiongsfd_posts_table_filteradmin\includes\hooks.php:406
filterpzfm_post_queryadmin\includes\hooks.php:421
actionpzfm_after_save_settingsadmin\includes\hooks.php:453
actionpzfm_after_save_admin_settingsadmin\includes\hooks.php:454
filterpzfm_login_urladmin\includes\hooks.php:498
filterpzfm_register_urladmin\includes\hooks.php:515
filterpzfm_logout_urladmin\includes\hooks.php:533
filtertiny_mce_before_initadmin\includes\hooks.php:537
actionpzfm_after_save_contactadmin\includes\hooks.php:566
filteroption_active_pluginsadmin\includes\mu-plugins\disable-plugins.php:18
actionplugins_loadedpz-frontend-manager.php:58
Maintenance & Trust

PZ Frontend Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJun 27, 2024
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings4
Active installs10
Alternatives

PZ Frontend Manager Alternatives

Frontend Dashboard Notification

Frontend Dashboard Notification

frontend-dashboard-notification

A
85

Frontend Dashboard Notification is an add-on for Frontend Dashboard WordPress plugin which allows user to show notification in Frontend Dashboard page &hellip;

60 No CVEs
Rimplates

Rimplates

rimplates

A
85

Rimplates is a dashboard maker for wordpress. Using this Plugin is simple, install it, Rimplates will appear on your admin dashboard menu (with abilit &hellip;

10 No CVEs
Announce from the Dashboard

Announce from the Dashboard

announce-from-the-dashboard

B
84

Announcement to users on the Dashboard.

7K 2 CVEs
Role Based Redirect

Role Based Redirect

role-based-redirect

A
100

Redirect users after login/logout by role. Optionally hide admin bar and block dashboard access for selected roles.

2K No CVEs
WP Frontend Admin – Display WP Admin Pages in the Frontend

WP Frontend Admin – Display WP Admin Pages in the Frontend

display-admin-page-on-frontend

A
99

Show Gutenberg Editor in the Frontend. Display WP Admin Pages in the Frontend. Create custom dashboards in the front end, Allow to Edit in the Fronten &hellip;

600 1 CVE
Developer Profile

PZ Frontend Manager Developer Profile

Project Zealous

1 plugin · 10 total installs

94
trust score
Avg Security Score
91/100
Avg Patch Time
3 days
View full developer profile
Detection Fingerprints

How We Detect PZ Frontend Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pz-frontend-manager/assets/css/dashboard-style.css/wp-content/plugins/pz-frontend-manager/assets/css/frontend-style.css/wp-content/plugins/pz-frontend-manager/assets/js/frontend.js/wp-content/plugins/pz-frontend-manager/assets/js/frontend.min.js/wp-content/plugins/pz-frontend-manager/assets/js/autocomplete.js/wp-content/plugins/pz-frontend-manager/assets/js/autocomplete.min.js
Script Paths
/wp-content/plugins/pz-frontend-manager/assets/js/frontend.js/wp-content/plugins/pz-frontend-manager/assets/js/autocomplete.js
Version Parameters
pz-frontend-manager/assets/css/dashboard-style.css?ver=pz-frontend-manager/assets/css/frontend-style.css?ver=pz-frontend-manager/assets/js/frontend.js?ver=pz-frontend-manager/assets/js/autocomplete.js?ver=

HTML / DOM Fingerprints

CSS Classes
pzfm-login-formpzfm-register-formpzfm-dashboard-containerpzfm-user-profilepzfm-post-listpzfm-media-uploader
Data Attributes
data-pzfm-actiondata-pzfm-id
JS Globals
pzfm_ajax_objectpzfm_vars
Shortcode Output
[pzfm-login][pzfm-register][pzfm-dashboard][pzfm-user-profile]
FAQ

Frequently Asked Questions about PZ Frontend Manager