Client IP Detector Plugin Security & Risk Analysis

wordpress.org/plugins/client-ip-detector

A Simple widget to display client IP Address and print if the client is connecting via IPv6 or IPv4.

10 active installs v1.2 PHP + WP 2.6.0+ Updated Dec 17, 2012
client-ipipipv4ipv6
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Client IP Detector Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Client IP Detector Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The client-ip-detector plugin v1.2 presents a generally good security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals indicate a lack of dangerous functions, no raw SQL queries, no file operations, and no external HTTP requests, all of which are positive indicators of secure coding practices.

However, a notable concern arises from the output escaping. With 19 total outputs and only 21% properly escaped, there's a significant risk of cross-site scripting (XSS) vulnerabilities. While taint analysis shows no unsanitized paths, this might be an oversight or due to the limited attack surface analyzed. The vulnerability history being empty is a positive sign, suggesting the plugin has historically been secure or has not been a target for vulnerabilities.

In conclusion, the plugin benefits from a small attack surface and the absence of common dangerous functionalities. The primary weakness lies in the inadequate output escaping, which requires immediate attention to mitigate potential XSS risks. Despite this, the overall security foundation appears strong, but the output escaping issue needs to be addressed to achieve a truly robust security profile.

Key Concerns

  • Low percentage of properly escaped output
Vulnerabilities
None known

Client IP Detector Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Client IP Detector Plugin Release Timeline

v1.2Current
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

Client IP Detector Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
4 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

21% escaped19 total outputs
Attack Surface

Client IP Detector Plugin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initclient-ip-detector.php:102
Maintenance & Trust

Client IP Detector Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedDec 17, 2012
PHP min version
Downloads2K

Community Trust

Rating80/100
Number of ratings1
Active installs10
Developer Profile

Client IP Detector Plugin Developer Profile

alessiobravi

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Client IP Detector Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/client-ip-detector/client-ip-detector.php

HTML / DOM Fingerprints

CSS Classes
client-ip-detector-widgetclient-ip-detector-widget-subtitleclient-ip-detector-widget-addressclient-ip-detector-widget-statistics
Data Attributes
client-ip-detector-widgetclient-ip-detector-widget-subtitleclient-ip-detector-widget-addressclient-ip-detector-widget-statistics
FAQ

Frequently Asked Questions about Client IP Detector Plugin