Does Term Management Tools have any unpatched vulnerabilities?

No. All known vulnerabilities in Term Management Tools have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Term Management Tools compatible with WordPress 6.9.4?

According to WordPress.org data, Term Management Tools 2.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Term Management Tools compatible with PHP 7.1+?

Term Management Tools requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Term Management Tools updated?

Term Management Tools was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is Term Management Tools's security score?

Term Management Tools has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Term Management Tools Security & Risk Analysis

wordpress.org/plugins/term-management-tools

Allows you to merge terms, move terms between taxonomies, and set term parents, individually or in bulk.

10K active installs v2.0.2 PHP 7.1+ WP 4.2+ Updated Dec 11, 2025

admincategorytagtaxonomyterm

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Term Management Tools Safe to Use in 2026?

Generally Safe

Score 100/100

Term Management Tools has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The term-management-tools plugin v2.0.2 exhibits a generally strong security posture with several positive indicators. The absence of any recorded vulnerabilities, including critical or high severity ones, and the complete reliance on prepared statements for all SQL queries are significant strengths. Furthermore, the plugin demonstrates good practice by implementing a nonce check and a capability check, indicating an effort to control access and prevent common web attacks. The zero-count for dangerous functions, file operations, and external HTTP requests also contribute to a reduced attack surface.

However, the static analysis does reveal a potential area of concern. The presence of one taint flow with an unsanitized path, despite its high severity classification not being explicitly detailed, warrants attention. This suggests a potential for sensitive data to be mishandled or exposed if this flow is triggered by user input. While the overall attack surface is zero, and all identified outputs are generally escaped (67% is decent, but not perfect), this single unsanitized path is the primary risk identified in the code.

In conclusion, the plugin is well-maintained with a history of no vulnerabilities, and it adheres to many security best practices. The main weakness identified is the single high-severity taint flow with an unsanitized path. Addressing this specific flow should be the priority to further strengthen the plugin's security.

Key Concerns

High severity taint flow with unsanitized path
Output escaping not 100%

Vulnerabilities

None known

Term Management Tools Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Term Management Tools Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared8 total queries

Output Escaping

67% escaped6 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<class-Handlers> (classes\class-Handlers.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Term Management Tools Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionload-edit-tags.phpclasses\class-TermManagementTools.php:66

actionadmin_noticesclasses\class-TermManagementTools.php:67

actionadmin_enqueue_scriptsclasses\class-TermManagementTools.php:94

actionadmin_footerclasses\class-TermManagementTools.php:95

filterterm_management_tools_changed_taxonomy__terms_and_child_termsclasses\class-WPML.php:45

actionterm_management_tools_changed_taxonomy__reset_parent_forclasses\class-WPML.php:58

actionterm_management_tools_term_changed_taxonomyclasses\class-WPML.php:68

Maintenance & Trust

Term Management Tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version7.1

Downloads471K

Community Trust

Rating98/100

Number of ratings76

Active installs10K

Alternatives

Term Management Tools Alternatives

Taxonomy Images

taxonomy-images

Associate images from your media library to categories, tags and custom taxonomies.

10K No CVEs

Taxonomy Switcher

taxonomy-switcher

100

Switch the taxonomy for all terms or only child terms of a specified parent term.

2K 1 CVE

Bulk Add Terms

bulk-add-terms

A lightweight plugin to add thousands of taxonomy terms in one go.

600 No CVEs

Ajax Load More for Terms

ajax-load-more-for-terms

100

Ajax Load More extension that adds compatibility for infinite scrolling WordPress terms using term_query.

100 No CVEs

Custom Taxonomy Templates

custom-taxonomy-templates

Define custom templates for taxonomy archive views.

90 No CVEs

Developer Profile

Term Management Tools Developer Profile

scribu

20 plugins · 28K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

4851 days

View full developer profile

Detection Fingerprints

How We Detect Term Management Tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/term-management-tools/assets/src/script.js/wp-content/plugins/term-management-tools/assets/script.js

Script Paths