Does Transients Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in Transients Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Transients Manager compatible with WordPress 6.6.5?

According to WordPress.org data, Transients Manager 2.0.7 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Transients Manager compatible with PHP 5.6.20+?

Transients Manager requires PHP 5.6.20 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Transients Manager updated?

Transients Manager was last updated on Oct 18, 2024. Frequent updates are generally a positive security signal.

What is Transients Manager's security score?

Transients Manager has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Transients Manager Security & Risk Analysis

wordpress.org/plugins/transients-manager

Provides a familiar interface to view, search, edit, and delete Transients.

20K active installs v2.0.7 PHP 5.6.20+ WP 5.3+ Updated Oct 18, 2024

crontooltransient

A · Safe

CVEs total1

Unpatched0

Last CVEOct 22, 2024

Plugin page Download

Safety Verdict

Is Transients Manager Safe to Use in 2026?

Generally Safe

Score 91/100

Transients Manager has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 22, 2024Updated 1yr ago

Risk Assessment

The "transients-manager" v2.0.7 plugin exhibits a generally good security posture with several positive indicators. The complete absence of raw SQL queries, with all 19 utilizing prepared statements, is a strong defensive measure. Furthermore, the plugin successfully implements nonce and capability checks on its entry points, and there are no file operations or external HTTP requests, minimizing common attack vectors. The limited attack surface of two AJAX handlers, both protected by authentication, is also a positive sign. However, there are some areas of concern. A significant portion (32%) of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped data originates from untrusted sources. The presence of one high-severity taint flow with unsanitized paths, despite the total flow count being low, indicates a potential pathway for malicious input to be processed insecurely. The plugin's vulnerability history reveals one medium-severity CVE, which was Cross-Site Request Forgery (CSRF) related. While currently unpatched CVEs are zero, the past existence of a CSRF vulnerability suggests that careful attention to input validation and CSRF protection mechanisms is crucial for this plugin.

Key Concerns

Unsanitized path in taint flow
Significant portion of output unescaped
Past medium-severity CVE (CSRF)

Vulnerabilities

Transients Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-10045medium · 4.3Cross-Site Request Forgery (CSRF)

Transients Manager <= 2.0.6 - Cross-Site Request Forgery

Oct 22, 2024 Patched in 2.0.7 (1d)

Code Analysis

Analyzed Mar 16, 2026

Transients Manager Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared19 total queries

Output Escaping

68% escaped80 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

page_show_transients (src\TransientsManager.php:278)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Transients Manager Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_transients_manager_extra_pluginsrc\CrossPromotion.php:24

authwp_ajax_transients_manager_cross_promo_dismisssrc\CrossPromotion.php:25

WordPress Hooks 11

actionadmin_noticessrc\CrossPromotion.php:22

actionadmin_enqueue_scriptssrc\CrossPromotion.php:23

actionafter_setup_themesrc\TransientsManager.php:122

actionadmin_initsrc\TransientsManager.php:123

actionadmin_initsrc\TransientsManager.php:124

actionadmin_menusrc\TransientsManager.php:125

actionadmin_noticessrc\TransientsManager.php:126

actionadmin_bar_menusrc\TransientsManager.php:127

filterpre_update_optionsrc\TransientsManager.php:128

filterpre_get_optionsrc\TransientsManager.php:129

actionadded_optionsrc\TransientsManager.php:130

Maintenance & Trust

Transients Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 18, 2024

PHP min version5.6.20

Downloads525K

Community Trust

Rating100/100

Number of ratings38

Active installs20K

Alternatives

Transients Manager Alternatives

WPS Bidouille

wps-bidouille

WPS Bidouille provides information about your WordPress and contains optimization tools.

10K 2 CVEs

Cron Logger

cron-logger

Logs wp-cron.php runs.

2K 1 unpatched

Cron Jobs

leira-cron-jobs

Easily manage and monitor your WordPress cron jobs from a clean, intuitive interface.

2K 1 CVE

Text Hover

text-hover

Add hover text (aka tooltips) to content in posts. Handy for providing explanations of names, terms, phrases, abbreviations, and acronyms.

2K 1 CVE

WP Healthcheck

wp-healthcheck

WP Healthcheck is a plugin to check the health of your WordPress install.

1K No CVEs

Developer Profile

Transients Manager Developer Profile

Syed Balkhi

94 plugins · 23.5M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

795 days

View full developer profile

Detection Fingerprints

How We Detect Transients Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/transients-manager/assets/js/extra-plugins.js

Script Paths

/wp-content/plugins/transients-manager/assets/js/extra-plugins.js

Version Parameters

transients-manager/assets/js/extra-plugins.js?ver=

HTML / DOM Fingerprints

CSS Classes

cross-promotioncross-promotion-plugincross-promotion-imagecross-promotion-infointro-textam-tm-extra-plugin-item

Data Attributes

data-plugin

JS Globals

l10nAmTmExtraPluginsam_tm_extra_plugins

REST Endpoints

/wp-json/transients-manager/

FAQ