Does WP Crontrol have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Crontrol have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Crontrol compatible with WordPress 6.9.4?

According to WordPress.org data, WP Crontrol 1.21.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP Crontrol compatible with PHP 7.4+?

WP Crontrol requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Crontrol updated?

WP Crontrol was last updated on Jan 28, 2026. Frequent updates are generally a positive security signal.

What is WP Crontrol's security score?

WP Crontrol has a WP-Safety security score of 96/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Crontrol Security & Risk Analysis

wordpress.org/plugins/wp-crontrol

WP Crontrol enables you to take control of the cron events on your WordPress website.

300K active installs v1.21.0 PHP 7.4+ WP 6.4+ Updated Jan 28, 2026

croncrontroldebugwoocommercewp-cron

A · Safe

CVEs total3

Unpatched0

Last CVEAug 21, 2025

Plugin page Download

Safety Verdict

Is WP Crontrol Safe to Use in 2026?

Generally Safe

Score 96/100

WP Crontrol has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 21, 2025Updated 2mo ago

Risk Assessment

The static analysis of WP-Crontrol v1.21.0 indicates a generally strong security posture, with a zero attack surface for direct entry points and a high percentage of properly escaped output. The plugin demonstrates good practices by utilizing prepared statements for all SQL queries and implementing a substantial number of nonce and capability checks. However, the presence of file operations and external HTTP requests, while not explicitly flagged as problematic in the static analysis, warrants careful consideration in conjunction with its vulnerability history.

The vulnerability history reveals a concerning pattern of past security flaws, including Server-Side Request Forgery (SSRF), download of code without integrity checks, and Cross-Site Scripting (XSS). The fact that the last vulnerability was in August 2025 suggests that this version has had known security issues, and while there are currently no unpatched CVEs, the types of past vulnerabilities are serious. This history indicates a recurring need for vigilance regarding input sanitization and secure handling of external resources.

In conclusion, while WP-Crontrol v1.21.0 exhibits good static security hygiene in many areas, its historical vulnerability profile necessitates a cautious approach. The plugin has shown susceptibility to critical vulnerability types, and although this specific version is listed as having no unpatched vulnerabilities at the time of this analysis, the past incidents should not be ignored. Continued monitoring and timely updates are crucial for mitigating the risks associated with its historical security weaknesses.

Key Concerns

Past high severity vulnerability (SSRF)
Past medium severity vulnerability (Code Download)
Past medium severity vulnerability (XSS)
Presence of file operations
Presence of external HTTP requests

Vulnerabilities

WP Crontrol Security Vulnerabilities

CVEs by Year

1 CVE in 2015

2015

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2025-8678medium · 5.9Server-Side Request Forgery (SSRF)

WP Crontrol - 1.17.0 - 1.19.1 - Authenticated (Administrator+) Blind Server-Side Request Forgery

Aug 21, 2025 Patched in 1.19.2 (5d)

CVE-2024-28850high · 7.5Download of Code Without Integrity Check

WP Crontrol <= 1.16.1 - Remote Code Execution

Mar 24, 2024 Patched in 1.16.2 (398d)

WF-2a82666d-4c35-4aba-9163-834eef6c50ad-wp-crontrolmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Crontrol < 1.3 - Reflected Cross-Site Scripting

Aug 21, 2015 Patched in 1.3 (3077d)

Code Analysis

Analyzed Mar 16, 2026

WP Crontrol Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

133 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped136 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

action_handle_posts (src\bootstrap.php:168)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Crontrol Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 21

actioninitsrc\bootstrap.php:58

actionadmin_initsrc\bootstrap.php:59

actionadmin_menusrc\bootstrap.php:60

filterremovable_query_argssrc\bootstrap.php:63

filterpre_unschedule_eventsrc\bootstrap.php:64

filterplugin_row_metasrc\bootstrap.php:65

actionload-tools_page_wp-crontrolsrc\bootstrap.php:67

filtercron_schedulessrc\bootstrap.php:69

actionadmin_enqueue_scriptssrc\bootstrap.php:72

actioncrontrol/tab-headersrc\bootstrap.php:73

actionactivated_pluginsrc\bootstrap.php:74

actiondeactivated_pluginsrc\bootstrap.php:75

actionswitch_themesrc\bootstrap.php:76

filterschedule_eventsrc\bootstrap.php:196

filterschedule_eventsrc\bootstrap.php:258

filterschedule_eventsrc\bootstrap.php:321

filterschedule_eventsrc\bootstrap.php:415

filterschedule_eventsrc\bootstrap.php:498

filterschedule_eventsrc\bootstrap.php:580

actionadmin_noticessrc\event-list-table.php:101

filtercron_requestsrc\event.php:40

Maintenance & Trust

WP Crontrol Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 28, 2026

PHP min version7.4

Downloads7.6M

Community Trust

Rating90/100

Number of ratings163

Active installs300K

Alternatives

WP Crontrol Alternatives

Cron Logger

cron-logger

Logs wp-cron.php runs.

2K 1 unpatched

WP Cron Cleaner

wp-cron-cleaner

100

View all your cron scheduled tasks, then clean what you want.

500 No CVEs

Advanced Cron Scheduler for WordPress

migrate-wp-cron-to-action-scheduler

100

The Advanced Cron Scheduler for WordPress plugin helps to easily replace or migrate Native WordPress Cron to the Action Scheduler Library.

200 No CVEs

Re{code} Cron Viewer

recode-cron-viewer

100

A lightweight WordPress plugin to view and debug all scheduled WP-Cron tasks.

0 No CVEs

Advanced Cron Manager – debug & control

advanced-cron-manager

View, pause, remove, edit and add WP Cron events and schedules.

30K 3 CVEs

Developer Profile

WP Crontrol Developer Profile

John Blackbourn

3 plugins · 700K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

870 days

View full developer profile

Detection Fingerprints

How We Detect WP Crontrol

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-crontrol/wp-crontrol.css/wp-content/plugins/wp-crontrol/wp-crontrol.js

Script Paths

/wp-content/plugins/wp-crontrol/wp-crontrol.js

Version Parameters

wp-crontrol/wp-crontrol.css?ver=wp-crontrol/wp-crontrol.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-crontrol-wrapwp_crontrolcrontrol-message-wrapcrontrol-cron-event-tablewp-crontrol-admin-wrapwp-crontrol-add-cron-wrapwp-crontrol-controlswp-crontrol-edit-cron-wrap

HTML Comments

Data Attributes

data-crontrol-hookdata-crontrol-iddata-crontrol-action

JS Globals

wp_crontrol_optionswpCrontrolCrontrolwp_crontrol_nonce

REST Endpoints

/wp-json/wp-crontrol/v1/events/wp-json/wp-crontrol/v1/schedules

FAQ