Does Softaculous have any unpatched vulnerabilities?

No. All known vulnerabilities in Softaculous have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Softaculous compatible with WordPress 6.8.5?

According to WordPress.org data, Softaculous 2.2.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Softaculous compatible with PHP 5.3+?

Softaculous requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Softaculous updated?

Softaculous was last updated on Aug 6, 2025. Frequent updates are generally a positive security signal.

What is Softaculous's security score?

Softaculous has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Softaculous Security & Risk Analysis

wordpress.org/plugins/softaculous

Softaculous provides a single-login centralized panel where you can manage tons of your WordPress websites efficiently, unitedly as well as singularly …

10K active installs v2.2.7 PHP 5.3+ WP 4.4+ Updated Aug 6, 2025

backupmanage-sitespluginssitessoftaculous

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Softaculous Safe to Use in 2026?

Generally Safe

Score 100/100

Softaculous has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago

Risk Assessment

The plugin "softaculous" v2.2.7 presents a mixed security posture. While it demonstrates good practices in several areas, such as exclusively using prepared statements for SQL queries and having no recorded CVEs, there are significant concerns that warrant attention. The presence of 6 AJAX handlers, with a concerning 5 of them lacking proper authentication checks, represents a substantial attack surface. This indicates potential for unauthorized actions to be performed if these handlers are exposed and can be triggered externally.

The static analysis also identified 5 instances of the dangerous `unserialize` function, which, if used with user-supplied data, can lead to remote code execution vulnerabilities. Although no taint flows were found in this specific analysis, the combination of `unserialize` and unprotected AJAX endpoints creates a high-risk scenario. The plugin's vulnerability history is clean, which is a positive sign, suggesting a generally secure development history or a lack of past discovery. However, this should not negate the risks identified in the current static analysis. The plugin's strengths lie in its database interaction and output escaping, but the unprotected entry points and use of potentially dangerous functions are critical weaknesses.

Key Concerns

AJAX handlers without auth checks
Dangerous function: unserialize

Vulnerabilities

None known

Softaculous Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Softaculous Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

33 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$active = unserialize($sresult[0]['option_value']);functions.php:275

unserialize$outdated_plugins = unserialize($body);functions.php:302

unserialize$api_data = unserialize($body);functions.php:410

unserialize$var = @unserialize($str);functions.php:834

unserialize$var = @unserialize($str);functions.php:843

SQL Query Safety

100% prepared2 total queries

Output Escaping

66% escaped50 total outputs

Attack Surface

5 unprotected

Softaculous Attack Surface

Entry Points6

Unprotected5

AJAX Handlers 6

noprivwp_ajax_my_wpc_actionsfunctions.php:2064

noprivwp_ajax_wpcentral_login_and_actfunctions.php:2068

authwp_ajax_wpcentral_login_and_actfunctions.php:2075

authwp_ajax_softaculous_dismissnoticefunctions.php:2081

authwp_ajax_my_softaculous_fetch_authkeyfunctions.php:2086

authwp_ajax_my_wpc_fetch_authkeyfunctions.php:2089

WordPress Hooks 6

actionadmin_enqueue_scriptsfunctions.php:2052

filterplugin_row_metafunctions.php:2055

actionadmin_noticesfunctions.php:2078

actionadmin_menufunctions.php:2084

actionadmin_noticesfunctions.php:2807

actionplugins_loadedsoftaculous.php:49

Maintenance & Trust

Softaculous Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 6, 2025

PHP min version5.3

Downloads107K

Community Trust

Rating0/100

Number of ratings0

Active installs10K

Alternatives

Softaculous Alternatives

ManageWP Worker

worker

A better way to manage dozens of WordPress websites.

1.0M 1 CVE

Solid Central – Site Management, Backups, Security, and Reporting

ithemes-sync

Manage multiple WordPress sites from one dashboard.

30K 3 CVEs

The WP Remote WordPress Plugin

wpremote

100

Manage updates, backups, and more across all your WordPress sites with WP Remote.

30K 1 CVE

MainWP Dashboard: Self-hosted WordPress Management for Agencies

mainwp

Run updates, backups, security and reporting across all client sites from your own server. Keep data private and prove your value with branded reports …

20K 6 CVEs

CMS Commander – Manage Multiple Sites

cms-commander-client

CMS Commander helps you to manage multiple WordPress sites much faster from a single powerful dashboard.

4K 2 CVEs

Developer Profile

Softaculous Developer Profile

Softaculous

10 plugins · 4.1M total installs

trust score

Avg Security Score

95/100

Avg Patch Time

333 days

View full developer profile

Detection Fingerprints

How We Detect Softaculous

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/softaculous/images/logo.png/wp-content/plugins/softaculous/css/normalize.css/wp-content/plugins/softaculous/css/style.css/wp-content/plugins/softaculous/js/moment.min.js/wp-content/plugins/softaculous/js/jquery.dataTables.min.js/wp-content/plugins/softaculous/js/dataTables.buttons.min.js/wp-content/plugins/softaculous/js/buttons.flash.min.js/wp-content/plugins/softaculous/js/buttons.html5.min.js+2 more

Script Paths

/wp-content/plugins/softaculous/js/moment.min.js/wp-content/plugins/softaculous/js/jquery.dataTables.min.js/wp-content/plugins/softaculous/js/dataTables.buttons.min.js/wp-content/plugins/softaculous/js/buttons.flash.min.js/wp-content/plugins/softaculous/js/buttons.html5.min.js/wp-content/plugins/softaculous/js/buttons.print.min.js+1 more

Version Parameters

softaculous/css/style.css?ver=softaculous/js/softaculous.js?ver=

HTML / DOM Fingerprints

CSS Classes

softaculous-dashboard-widgetsoftaculous-error-msgsoftaculous-success-msg

HTML Comments

Data Attributes

data-softaculous-nonce

JS Globals

softaculous_varssoftaculous_ajaxurl

Shortcode Output

[softaculous-dashboard]

FAQ