Does Sidebar Manager Light have any unpatched vulnerabilities?

Yes — Sidebar Manager Light currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Sidebar Manager Light compatible with WordPress 5.9.13?

According to WordPress.org data, Sidebar Manager Light 1.18 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

How often is Sidebar Manager Light updated?

Sidebar Manager Light was last updated on Mar 4, 2022. Frequent updates are generally a positive security signal.

What is Sidebar Manager Light's security score?

Sidebar Manager Light has a WP-Safety security score of 42/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sidebar Manager Light Security & Risk Analysis

wordpress.org/plugins/sidebar-manager-light

Create custom sidebars (widget areas) and replace any existing sidebar so you can display relevant content on different pages.

1K active installs v1.18 PHP + WP 3.0+ Updated Mar 4, 2022

custom-sidebarcustom-widget-area-widgetsreplace-sidebarreplace-widget-areasidebar

D · High Risk

CVEs total2

Unpatched2

Last CVEMay 7, 2025

Plugin page Download

Safety Verdict

Is Sidebar Manager Light Safe to Use in 2026?

High Risk

Score 42/100

Sidebar Manager Light carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: May 7, 2025Updated 4yr ago

Risk Assessment

The "sidebar-manager-light" plugin version 1.18 presents a mixed security posture. While it demonstrates some good practices, such as using prepared statements for all SQL queries and a majority of properly escaped outputs, several significant concerns exist. The presence of an unprotected AJAX handler is a critical entry point that could be exploited by attackers. Furthermore, the analysis reveals a dangerous use of the `unserialize` function, which is notorious for its potential to lead to remote code execution if used with untrusted input. The taint analysis highlighting three high-severity unsanitized path flows further exacerbates these concerns, indicating potential for directory traversal or similar attacks.

The plugin's vulnerability history, with two known CVEs and both currently unpatched, is a major red flag. The fact that these are medium severity issues, and the most recent vulnerability was only a short time ago, suggests a pattern of security weaknesses that are not being promptly addressed. The common vulnerability type being Cross-Site Request Forgery (CSRF) in the past, while not directly evident in the current static analysis findings, points to historical issues with input validation and state-changing operations. In conclusion, while the plugin avoids some common pitfalls like raw SQL queries, the combination of an unprotected AJAX endpoint, the use of `unserialize`, high-severity taint flows, and a history of unpatched vulnerabilities indicates a significant risk that requires immediate attention and remediation.

Key Concerns

Unprotected AJAX handler found
Dangerous function 'unserialize' used
High severity unsanitized path flows (3)
Two unpatched CVEs found
Zero capability checks on entry points

Vulnerabilities

Sidebar Manager Light Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-47647medium · 4.3Cross-Site Request Forgery (CSRF)

Sidebar Manager Light <= 1.18 - Cross-Site Request Forgery

May 7, 2025Unpatched

CVE-2025-32112medium · 6.1Cross-Site Request Forgery (CSRF)

Sidebar Manager Light <= 1.1.8 - Cross-Site Request Forgery

Apr 4, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Sidebar Manager Light Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

163 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$value = unserialize( urldecode( $value ) );include\otw_components\otw_functions\otw_functions.php:596

Output Escaping

73% escaped223 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

otw_get (include\otw_components\otw_functions\otw_functions.php:558)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Sidebar Manager Light Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_otw_sml_items_by_typeotw_sidebar_manager.php:162

WordPress Hooks 18

actionadmin_menuinclude\otw_components\otw_factory\otw_factory.class.php:34

actionadmin_print_stylesinclude\otw_components\otw_factory\otw_factory.class.php:36

actionadmin_noticesinclude\otw_components\otw_factory\otw_factory.class.php:38

filterpre_set_site_transient_update_pluginsinclude\otw_components\otw_factory\otw_factory.class.php:40

filterplugins_apiinclude\otw_components\otw_factory\otw_factory.class.php:42

actionwp_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:90

actionadmin_enqueue_scriptsinclude\otw_components\otw_functions\otw_component.class.php:94

filterposts_whereinclude\otw_sbm_core.php:978

filterposts_whereinclude\otw_sbm_core.php:1054

filterposts_whereinclude\otw_sbm_core.php:1620

actionplugins_loadedotw_sidebar_manager.php:146

actionadmin_menuotw_sidebar_manager.php:150

actionadmin_noticesotw_sidebar_manager.php:151

filtersidebars_widgetsotw_sidebar_manager.php:152

filterotwfcr_noticeotw_sidebar_manager.php:153

actionadmin_enqueue_scriptsotw_sidebar_manager.php:157

actionadmin_print_stylesotw_sidebar_manager.php:158

actioninitotw_sidebar_manager.php:167

Maintenance & Trust

Sidebar Manager Light Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMar 4, 2022

PHP min version

Downloads72K

Community Trust

Rating86/100

Number of ratings13

Active installs1K

Alternatives

Sidebar Manager Light Alternatives

Easy Custom Sidebars

easy-custom-sidebars

This plugin allows you to replace any sidebar/widget area in your theme without writing a single line of code!

10K No CVEs

Custom Sidebars – Dynamic Sidebar Classic Widget Area Manager

custom-sidebars

Flexible sidebars for custom classic widget configurations on any page or post. Create custom sidebars with ease!

100K 3 CVEs

Lightweight Sidebar Manager

sidebar-manager

100

Create new sidebar areas and display them conditionally on certain pages. Works with all themes.

90K 1 CVE

Content Aware Sidebars – Fastest Widget Area Plugin

content-aware-sidebars

Display new sidebars on any post, page, category etc. Works with Classic Widgets, Block Widgets, and all themes!

30K 1 CVE

Ocean Custom Sidebar

ocean-custom-sidebar

100

Generates an unlimited number of sidebars and place them on any page you wish. Go to Theme Panel > Sidebars to create your custom sidebars.

30K No CVEs

Developer Profile

Sidebar Manager Light Developer Profile

OTWthemes

12 plugins · 6K total installs

trust score

Avg Security Score

66/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sidebar Manager Light

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sidebar-manager-light/css/otw_sbm_admin.css/wp-content/plugins/sidebar-manager-light/js/otw_manage_sidebar.js

Script Paths

/wp-content/plugins/sidebar-manager-light/js/otw_manage_sidebar.js

Version Parameters

sidebar-manager-light/css/otw_sbm_admin.css?ver=sidebar-manager-light/js/otw_manage_sidebar.js?ver=

HTML / DOM Fingerprints

CSS Classes

otw-sml-sidebar-optionsotw-sml-add-sidebar-wrapperotw-sml-sidebar-list-wrapper

Data Attributes

data-otw_sml_sidebar_id

JS Globals

otw_sml_plugin_url

FAQ