Does DB Snapshot have any unpatched vulnerabilities?

No. All known vulnerabilities in DB Snapshot have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DB Snapshot compatible with WordPress 4.8.28?

According to WordPress.org data, DB Snapshot 0.2.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is DB Snapshot updated?

DB Snapshot was last updated on Jul 5, 2017. Frequent updates are generally a positive security signal.

What is DB Snapshot's security score?

DB Snapshot has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DB Snapshot Security & Risk Analysis

wordpress.org/plugins/db-snapshot

Extends WP-CLI to include a db checkpoint for development purposes.

10 active installs v0.2.1 PHP + WP 4.4+ Updated Jul 5, 2017

databasewp-cli

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DB Snapshot Safe to Use in 2026?

Generally Safe

Score 85/100

DB Snapshot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "db-snapshot" v0.2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries, properly escaping all output, and lacking known vulnerabilities (CVEs). The absence of a large attack surface with unprotected entry points is also a strength. However, the presence of the 'exec' dangerous function is a significant concern, as it can be exploited to execute arbitrary system commands if not handled with extreme care. Furthermore, the taint analysis revealing a flow with unsanitized paths and a critical severity is highly concerning. This indicates that user-supplied data might be directly used in a way that could lead to code execution or other severe security breaches.

The vulnerability history being empty suggests that either the plugin has been developed with security in mind or that past vulnerabilities have been promptly addressed. However, this doesn't negate the risks identified in the static analysis. The critical taint flow and the use of 'exec' are specific, actionable risks that require immediate attention. While the plugin adheres to some best practices, these identified critical flaws significantly elevate the risk profile, demanding a thorough review and remediation of the code paths involved in the identified taint flow.

Key Concerns

Critical taint flow with unsanitized path
Use of dangerous function 'exec'

Vulnerabilities

None known

DB Snapshot Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

DB Snapshot Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec( $command );db-checkpoint.php:474

execexec( $command );db-checkpoint.php:487

Output Escaping

100% escaped1 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

<db-checkpoint> (db-checkpoint.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DB Snapshot Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_bar_menudb-checkpoint.php:338

actionadmin_bar_menudb-checkpoint.php:339

actionadmin_bar_menudb-checkpoint.php:341

actioninitdb-checkpoint.php:346

actioninitdb-checkpoint.php:352

actionplugins_loadeddb-checkpoint.php:501

Maintenance & Trust

DB Snapshot Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJul 5, 2017

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

DB Snapshot Alternatives

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.

3.0M 14 CVEs

Better Search Replace

better-search-replace

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.

1.0M 15 CVEs

Backuply – Backup, Restore, Migrate and Clone

backuply

Backup, restores, and migration with Backuply are fairly simple with a wide range of storage options from Local Backups, FTP to cloud options like AWS …

600K 5 CVEs

Database Addon for Contact Form 7 – CFDB7

contact-form-cfdb7

Save and manage Contact Form 7 messages. Never lose important data. It is a lightweight contact form 7 database plugin.

600K 7 CVEs

Developer Profile

DB Snapshot Developer Profile

Gary Kovar

4 plugins · 40 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DB Snapshot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/db-snapshot/db-snapshot.php/wp-content/plugins/db-snapshot/db-snapshot-admin.php

Script Paths

/wp-content/plugins/db-snapshot/db-snapshot-admin.js

Version Parameters

db-snapshot/db-snapshot.php?ver=db-snapshot/db-snapshot-admin.js?ver=

HTML / DOM Fingerprints

HTML Comments

+28 more

JS Globals

window.dbsnapback_noncewindow.dbsnapback_plugin_dir

FAQ