Does dotenv have any unpatched vulnerabilities?

No. All known vulnerabilities in dotenv have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is dotenv compatible with WordPress 5.7.15?

According to WordPress.org data, dotenv 1.0.3 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is dotenv compatible with PHP 5.6+?

dotenv requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is dotenv updated?

dotenv was last updated on May 28, 2021. Frequent updates are generally a positive security signal.

What is dotenv's security score?

dotenv has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

dotenv Security & Risk Analysis

wordpress.org/plugins/dotenv

A WordPress plugin to set WordPress options from a .env file.

20 active installs v1.0.3 PHP 5.6+ WP 5.2+ Updated May 28, 2021

configconfigurationdeveloperenvironmenttools

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is dotenv Safe to Use in 2026?

Generally Safe

Score 85/100

dotenv has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The static analysis of the 'dotenv' plugin v1.0.3 reveals a strong security posture based on the provided metrics. The absence of any identified attack surface points, dangerous functions, SQL queries (with 100% prepared statements), unescaped output, file operations, external HTTP requests, or nonce/capability checks is highly commendable. The taint analysis also indicates no identified vulnerabilities, further strengthening this assessment. The plugin's vulnerability history is clean, with no recorded CVEs of any severity, suggesting a well-maintained and secure codebase over time. This comprehensive lack of identified weaknesses indicates that the plugin, in its current state and version, adheres to excellent security practices.

Vulnerabilities

None known