Does Theme Manager have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Theme Manager compatible with WordPress 4.7.33?

According to WordPress.org data, Theme Manager 2.0.1 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Theme Manager updated?

Theme Manager was last updated on Mar 10, 2017. Frequent updates are generally a positive security signal.

What is Theme Manager's security score?

Theme Manager has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Theme Manager Security & Risk Analysis

wordpress.org/plugins/theme-manager

Theme Manager allows you to delete your themes straight from your dashboard simply and easy.

100 active installs v2.0.1 PHP + WP 3.0+ Updated Mar 10, 2017

dashboarddelete-themeremove-themethemethemes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Theme Manager Safe to Use in 2026?

Generally Safe

Score 85/100

Theme Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The 'theme-manager' plugin v2.0.1 presents a mixed security posture. On the positive side, the plugin demonstrates good practices regarding database interactions, utilizing prepared statements for all SQL queries and showing no known past vulnerabilities. It also avoids external HTTP requests and bundled libraries, which reduces potential attack vectors.

However, significant concerns arise from the static analysis. The plugin has a direct entry point via an unprotected AJAX handler, which is a critical oversight. Furthermore, all output is unescaped, meaning any data displayed to users, especially if originating from user input or dynamic sources, is vulnerable to Cross-Site Scripting (XSS) attacks. The lack of nonce checks on the AJAX handler further exacerbates this risk, allowing for potential Cross-Site Request Forgery (CSRF) if the AJAX action is sensitive.

While the vulnerability history is clean, this does not negate the clear risks identified in the current version's code. The absence of documented vulnerabilities might indicate a lack of deep security auditing or that the identified weaknesses have not yet been exploited. The plugin needs immediate attention to address the unprotected AJAX handler and the universal lack of output escaping.

Key Concerns

Unprotected AJAX handler
All output unescaped
Missing nonce checks on AJAX

Vulnerabilities

None known

Theme Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Theme Manager Release Timeline

v2.0.1Current

v2.0

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Theme Manager Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped12 total outputs

Attack Surface

1 unprotected

Theme Manager Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_thememanager_processortheme-manager.php:142

WordPress Hooks 3

actionadmin_menutheme-manager.php:38

actionadmin_enqueue_scriptstheme-manager.php:152

actionadmin_footer_texttheme-manager.php:159

Maintenance & Trust

Theme Manager Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedMar 10, 2017

PHP min version

Downloads8K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

Theme Manager Alternatives

Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes

disable-email-notification-for-auto-updates

100

This plugin disables email notifications for auto-updates and blocks updates for specific plugins, hide plugins, WordPress core, and themes.

3K No CVEs

Site Extensions Snapshot

site-extensions-snapshot

100

A dashboard to view installed plugins and themes with status, plus CSV export.

10 No CVEs

Child Theme Configurator

child-theme-configurator

100

When using the Customizer is not enough - Create a child theme from your installed themes and customize styles, templates, functions and more.

300K No CVEs

Hello Plus

hello-plus

100

Hello+ is a free WordPress plugin designed to work seamlessly with Elementor’s Hello suite of themes.

80K No CVEs

YITH WooCommerce Catalog Mode

yith-woocommerce-catalog-mode

YITH WooCommerce Catalog Mode, a plugin for disabling sales in your e-commerce and turn it into an e-commerce into an online catalogue.

60K 1 CVE

Developer Profile

Theme Manager Developer Profile

Mitch

12 plugins · 11K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Theme Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/theme-manager/assets/css/app.css

Script Paths

/wp-content/plugins/theme-manager/assets/js/ajax.js

Version Parameters

theme-manager/assets/css/app.css?ver=1.0.0theme-manager/assets/js/ajax.js?ver=

HTML / DOM Fingerprints

CSS Classes

importer-itemimport-systemimporter-titleimporter-actionimporter-descdetails-tableaction-buttons

Data Attributes

data-itemdata-slug

JS Globals

window.thememanager

Shortcode Output

<a href="#TB_inline?width=300&height=350&inlineId=<a href="#TB_inline?width=100&height=100&inlineId=delete-<div id="<div id="delete-

FAQ