Does CL WP Info have any unpatched vulnerabilities?

No. All known vulnerabilities in CL WP Info have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CL WP Info compatible with WordPress 6.9.4?

According to WordPress.org data, CL WP Info 1.4.30 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CL WP Info compatible with PHP 7.4+?

CL WP Info requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CL WP Info updated?

CL WP Info was last updated on Feb 25, 2026. Frequent updates are generally a positive security signal.

What is CL WP Info's security score?

CL WP Info has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CL WP Info Security & Risk Analysis

wordpress.org/plugins/cl-wp-info

Show us information about WordPress install, PHP, Database and Hosting Server

100 active installs v1.4.30 PHP 7.4+ WP 5.2+ Updated Feb 25, 2026

debugdevelopmentinfosystem

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CL WP Info Safe to Use in 2026?

Generally Safe

Score 100/100

CL WP Info has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The cl-wp-info plugin version 1.4.30 exhibits a generally strong security posture, with no reported vulnerabilities (CVEs) or critical findings from the static analysis. The code demonstrates good practices in handling SQL queries using prepared statements and a high percentage of properly escaped output, mitigating common risks associated with data manipulation and display. The absence of external HTTP requests and bundled libraries further reduces the attack surface.

However, several areas warrant attention. The taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this instance, represent a potential risk if user-supplied input is not adequately validated before being used in file operations. Furthermore, the complete lack of nonce checks and capability checks across all entry points (although none were identified in the attack surface) is a significant concern. This means that if any entry points were to be introduced or made accessible in the future, they would be inherently unprotected against CSRF attacks and unauthorized access.

In conclusion, while the plugin currently shows no historical vulnerabilities and employs some good security practices, the lack of robust authorization and sanitization mechanisms for potential future entry points is a notable weakness. Continuous monitoring for new vulnerabilities and addressing the identified taint flows and lack of security checks are recommended to maintain a secure environment.

Key Concerns

Taint flow with unsanitized paths
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

CL WP Info Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CL WP Info Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

127 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

89% escaped143 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

cl_wp_server_info (class-cl-wp-info.php:253)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CL WP Info Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menucl-wp-info.php:74

actionadmin_enqueue_scriptscl-wp-info.php:96

actionplugins_loadedcl-wp-info.php:106

Maintenance & Trust

CL WP Info Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.4

Downloads6K

Community Trust

Rating100/100

Number of ratings3

Active installs100

Alternatives

CL WP Info Alternatives

Server Info for Debugging

server-info-for-debugging

100

Displays server stats and WordPress system information for debugging purposes.

200 No CVEs

What Template Am I Using

what-template-am-i-using

This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.

100 No CVEs

Server & Website Info

server-website-info

Display comprehensive server, database, and WordPress information in a clean, modern interface.

10 No CVEs

Query Monitor – The developer tools panel for WordPress

query-monitor

Query Monitor is the developer tools panel for WordPress and WooCommerce.

200K 1 CVE

Monkeyman Rewrite Analyzer

monkeyman-rewrite-analyzer

Making sense of the rewrite mess. Display and play with your rewrite rules.

2K No CVEs

Developer Profile

CL WP Info Developer Profile

Carlos Longarela

2 plugins · 120 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CL WP Info

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cl-wp-info/css/cl-wp-info-admin.min.css/wp-content/plugins/cl-wp-info/js/cl-wp-info-tools.min.js

Script Paths

/wp-content/plugins/cl-wp-info/js/cl-wp-info-tools.min.js

Version Parameters

cl-wp-info/css/cl-wp-info-admin.min.css?ver=cl-wp-info/js/cl-wp-info-tools.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

cl-info-made-bycl-info-generalcl-tabla-generalcl-wpo-toolscl-tool-typecl-wp-info-botoneracl-botonera-btn

Data Attributes

id="cl-wp-info-botonera"id="cl-wpo"id="cl-ttfb"id="cl-http2"id="cl-dns"id="cl-gzip"+7 more

FAQ