Does Debug Log have any unpatched vulnerabilities?

No. All known vulnerabilities in Debug Log have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Debug Log compatible with WordPress 4.5.33?

According to WordPress.org data, Debug Log 0.3 has been tested up to WordPress 4.5.33. Check the plugin's changelog for the latest compatibility information.

How often is Debug Log updated?

Debug Log was last updated on May 2, 2016. Frequent updates are generally a positive security signal.

What is Debug Log's security score?

Debug Log has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Debug Log Security & Risk Analysis

wordpress.org/plugins/debug-log

View and Delete the debug log from the Tools menu. Extremely light and simple.

100 active installs v0.3 PHP + WP 2.6.0+ Updated May 2, 2016

debugerrorlog

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Debug Log Safe to Use in 2026?

Generally Safe

Score 85/100

Debug Log has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "debug-log" plugin v0.3 exhibits a generally strong security posture, particularly in its handling of database queries and its minimal attack surface. The static analysis reveals no AJAX handlers, REST API routes, or shortcodes, significantly reducing potential entry points for malicious actors. Furthermore, all SQL queries are correctly implemented using prepared statements, and there are no recorded vulnerabilities or CVEs, indicating a history of secure development and maintenance. The taint analysis also shows no flows with unsanitized paths, which is a positive sign. However, a notable concern is the complete lack of output escaping, meaning any data displayed by the plugin could potentially be vulnerable to cross-site scripting (XSS) attacks if that data is not inherently safe. While the presence of a file operation and a nonce check suggest some level of security awareness, the absence of capability checks for these operations could be a weakness if they handle sensitive files or actions.

Key Concerns

0% of outputs are properly escaped
1 file operation found without clear auth/capability checks
1 nonce check found, but no capability checks listed

Vulnerabilities

None known

Debug Log Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Debug Log Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped8 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

readycat_debug_log (debug-log.php:25)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Debug Log Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menudebug-log.php:115

Maintenance & Trust

Debug Log Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33

Last updatedMay 2, 2016

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Debug Log Alternatives

Error Log Viewer by BestWebSoft

error-log-viewer

Get latest error log messages to diagnose website problems. Define and fix issues faster.

6K 5 CVEs

Debug

debug

Debug can help you to find errors in your wordpress website via editing wp-config.php file and email notification.

2K 1 CVE

Debug Log Viewer

debug-log-viewer

Effortlessly view, search, filter and manage your WordPress debug.log in the admin dashboard. Real-time monitoring and email alerts

1K 1 CVE

BugFu Console Debugger

bugfu-console-debugger

Log/Debug the PHP code in your Theme/Plugin with your Browser Console (no extension needed)

300 No CVEs

WP Output Log File

wp-output-log-file

100

Manage log files with custom directory and filename. Download and delete logs regardless of WP_DEBUG.

100 No CVEs

Developer Profile

Debug Log Developer Profile

Andrew Klimek

2 plugins · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Debug Log

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

notice-warningnotice-successnotice-error

Data Attributes

value="Delete Log"

FAQ