Does WPCore Plugin Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in WPCore Plugin Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPCore Plugin Manager compatible with WordPress 6.8.5?

According to WordPress.org data, WPCore Plugin Manager 1.9.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WPCore Plugin Manager updated?

WPCore Plugin Manager was last updated on May 20, 2025. Frequent updates are generally a positive security signal.

What is WPCore Plugin Manager's security score?

WPCore Plugin Manager has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPCore Plugin Manager Security & Risk Analysis

wordpress.org/plugins/wpcore

Create plugin collections and install them in one click on any WordPress site.

10K active installs v1.9.2 PHP + WP 3.5+ Updated May 20, 2025

adminadministrationinstallinstallationplugins

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPCore Plugin Manager Safe to Use in 2026?

Generally Safe

Score 100/100

WPCore Plugin Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The static analysis of the "wpcore" plugin v1.9.2 reveals a seemingly robust security posture with no identified attack surface, dangerous functions, or taint flows. The plugin also boasts a clean vulnerability history, with no known CVEs or common vulnerability types recorded. The code signals indicate a strong adherence to secure coding practices, with 100% of SQL queries utilizing prepared statements and no file operations or external HTTP requests detected. This suggests the plugin is designed with security in mind and has not had publicly disclosed vulnerabilities.

However, a significant concern arises from the "Output escaping" metric, which indicates that 0% of the 11 total outputs are properly escaped. This is a critical weakness that could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly outputted without sanitization. While the plugin appears to avoid common attack vectors and has no historical vulnerabilities, this lack of output escaping represents a substantial risk that could be exploited. The absence of nonce and capability checks, while not directly indicative of a vulnerability without an exposed attack surface, could become a problem if any entry points are introduced in future updates.

Key Concerns

Output not properly escaped

Vulnerabilities

None known

WPCore Plugin Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WPCore Plugin Manager Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped11 total outputs

Attack Surface

WPCore Plugin Manager Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionplugins_loadedwpcore.php:26

Maintenance & Trust

WPCore Plugin Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 20, 2025

PHP min version

Downloads169K

Community Trust

Rating96/100

Number of ratings32

Active installs10K

Alternatives

WPCore Plugin Manager Alternatives

WP Install Profiles

install-profiles

Download custom collections of plugins automatically from the WordPress plugin directory.

400 No CVEs

Plugin Installer Speedup

plugin-installer-speedup

Make plugin installation faster.

10 No CVEs

Upload Larger Plugins

upload-larger-plugins

100

Install plugins of any size (i.e. work around web hosting limits)

7K No CVEs

Wp Favs – Plugin Manager

wpfavs

Wpfavs is a plugin manager tool that let's you import your plugins lists from https://wpfavs.com

3K No CVEs

Bulk Plugin Installation

bulk-plugin-installation

Allows you to install one or more plugins simply by typing their names or download URLs in a textarea.

300 No CVEs

Developer Profile

WPCore Plugin Manager Developer Profile

stueynet

1 plugin · 10K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WPCore Plugin Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpcore/assets/css/wpcore.css/wp-content/plugins/wpcore/assets/js/wpcore.js/wp-content/plugins/wpcore/assets/js/wpcore-admin.js

Version Parameters

wpcore/assets/css/wpcore.css?ver=wpcore/assets/js/wpcore.js?ver=wpcore/assets/js/wpcore-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpcore_ibtnDelwpcore_addrowwpcore_keysmetabox-holder

Data Attributes

id="wpcore_keys"id="wpcore_addrow"class="wpcore_ibtnDel button button-small"data-wpcore-key

JS Globals

wpcoreAdminwpcore_admin_vars

REST Endpoints

/wp-json/wpcore/v1/collection

Shortcode Output

<h3>Collection name and key</h3><p>Plugins in the collection</p><a href="https://wpcore.com/collections/plugin-install.php?tab=plugin-information&plugin=

FAQ