Does Disk Usage have any unpatched vulnerabilities?

No. All known vulnerabilities in Disk Usage have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Disk Usage compatible with WordPress 2.2.2?

According to WordPress.org data, Disk Usage 2.0 has been tested up to WordPress 2.2.2. Check the plugin's changelog for the latest compatibility information.

How often is Disk Usage updated?

Disk Usage was last updated on Aug 29, 2007. Frequent updates are generally a positive security signal.

What is Disk Usage's security score?

Disk Usage has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Disk Usage Security & Risk Analysis

wordpress.org/plugins/disk-usage

Displays disk space used by your WordPress website.

10 active installs v2.0 PHP + WP 1.5+ Updated Aug 29, 2007

admindiskquotawebspace

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Disk Usage Safe to Use in 2026?

Generally Safe

Score 85/100

Disk Usage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 18yr ago

Risk Assessment

The 'disk-usage' plugin v2.0 exhibits a mixed security posture. On one hand, the absence of known CVEs and a history of no recorded vulnerabilities are positive indicators, suggesting a generally stable plugin. Furthermore, the plugin does not perform file operations or external HTTP requests, and all SQL queries utilize prepared statements, which are good security practices. However, the static analysis reveals significant concerns. The presence of the 'exec' function, a powerful but potentially dangerous system command execution function, is a critical red flag, especially without any apparent authentication or capability checks on its usage. The taint analysis also indicates two flows with unsanitized paths, which could lead to vulnerabilities if these paths are influenced by user input. The complete lack of output escaping is another major weakness, as it opens the door to Cross-Site Scripting (XSS) vulnerabilities where dynamic data is displayed to users.

Key Concerns

Dangerous function 'exec' found
Flows with unsanitized paths found
No output escaping
No nonce checks
No capability checks

Vulnerabilities

None known

Disk Usage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Disk Usage Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($command,$res);disk-usage.php:42

execexec($command,$res);disk-usage.php:49

execexec($command,$res);disk-usage.php:189

Output Escaping

0% escaped7 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

dprx_du_loadjs (disk-usage.php:103)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Disk Usage Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actioninitdisk-usage.php:27

actionadmin_menudisk-usage.php:34

actionadmin_print_scriptsdisk-usage.php:99

actionadmin_print_scriptsdisk-usage.php:100

actioninitdisk-usage.php:125

Maintenance & Trust

Disk Usage Maintenance & Trust

Maintenance Signals

WordPress version tested2.2.2

Last updatedAug 29, 2007

PHP min version

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Disk Usage Alternatives

WP Disk Free

wp-disk-free

Plugin used to check how much free space is available on the disk/partition used to host a Wordpress installation.

50 No CVEs

Content Space Analyzer

content-space-analyzer

100

Analyze your WordPress installation in batches, discover the heaviest files/folders, and remove selected files from wp-content.

0 No CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Redux Framework

redux-framework

Redux is a simple, truly extensible, and fully responsive options framework for WordPress themes and plugins. It ships with an integrated demo.

1.0M 6 CVEs

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Developer Profile

Disk Usage Developer Profile

Roland Rust

9 plugins · 180 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Disk Usage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/disk-usage/treemap.css

HTML / DOM Fingerprints

CSS Classes

wrap

JS Globals

dprx_du_jsdprxu

FAQ