Does DreamCore Monitor have any unpatched vulnerabilities?

No. All known vulnerabilities in DreamCore Monitor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DreamCore Monitor compatible with WordPress 6.7.5?

According to WordPress.org data, DreamCore Monitor 1.1.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is DreamCore Monitor compatible with PHP 7.4+?

DreamCore Monitor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DreamCore Monitor updated?

DreamCore Monitor was last updated on Sep 25, 2025. Frequent updates are generally a positive security signal.

What is DreamCore Monitor's security score?

DreamCore Monitor has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DreamCore Monitor Security & Risk Analysis

wordpress.org/plugins/dreamcore-monitor

WordPress monitoring solution that tracks login attempts, core status, plugin updates, theme status, and file integrity.

10 active installs v1.1.0 PHP 7.4+ WP 5.0+ Updated Sep 25, 2025

adminintegrityloginmonitoringsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DreamCore Monitor Safe to Use in 2026?

Generally Safe

Score 100/100

DreamCore Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The "dreamcore-monitor" v1.1.0 plugin exhibits a generally strong security posture, with a well-defined attack surface that appears to be protected by authorization checks. The absence of known CVEs and a clean vulnerability history are positive indicators. The code also demonstrates good practices with a high percentage of SQL queries using prepared statements and a reasonable rate of output escaping.

However, the static analysis reveals two concerning taint flows with unsanitized paths. While rated as high severity, their specific impact isn't detailed, but they represent potential vectors for malicious input to be processed without proper sanitization, which could lead to vulnerabilities if exploited. Additionally, the presence of external HTTP requests, while not inherently a vulnerability, could be a point of concern if they are not implemented securely and can be influenced by user input or external factors.

Overall, "dreamcore-monitor" v1.1.0 is a reasonably secure plugin, especially given its lack of past vulnerabilities. The primary area for improvement lies in thoroughly investigating and sanitizing the identified unsanitized taint flows. Addressing these potential weaknesses will further strengthen its security.

Key Concerns

High severity unsanitized taint flows
External HTTP requests present

Vulnerabilities

None known

DreamCore Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

DreamCore Monitor Code Analysis

Dangerous Functions

Raw SQL Queries

54 prepared

Unescaped Output

126

379 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

74% prepared73 total queries

Output Escaping

75% escaped505 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths

<dreamcore-monitor-admin-user-agents> (admin\partials\dreamcore-monitor-admin-user-agents.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DreamCore Monitor Attack Surface

Entry Points12

Unprotected0

REST API Routes 12

GET/wp-json/dreamcore-monitor/v1/core-versionincludes\class-dreamcore-monitor-core.php:109

GET/wp-json/dreamcore-monitor/v1/site-infoincludes\class-dreamcore-monitor-core.php:127

GET/wp-json/dreamcore-monitor/v1/integrityincludes\class-dreamcore-monitor-integrity.php:207

GET/wp-json/dreamcore-monitor/v1/loginsincludes\class-dreamcore-monitor-logins.php:68

GET/wp-json/dreamcore-monitor/v1/logins/syncincludes\class-dreamcore-monitor-logins.php:96

POST/wp-json/dreamcore-monitor/v1/logins/reset-syncincludes\class-dreamcore-monitor-logins.php:127

GET/wp-json/dreamcore-monitor/v1/logins/sync-statsincludes\class-dreamcore-monitor-logins.php:148

GET/wp-json/dreamcore-monitor/v1/ordersincludes\class-dreamcore-monitor-orders.php:113

GET/wp-json/dreamcore-monitor/v1/pluginsincludes\class-dreamcore-monitor-plugins.php:116

GET/wp-json/dreamcore-monitor/v1/themesincludes\class-dreamcore-monitor-themes.php:109

GET/wp-json/dreamcore-monitor/v1/user-agentsincludes\class-dreamcore-monitor-user-agents.php:258

GET/wp-json/dreamcore-monitor/v1/user-agents/statsincludes\class-dreamcore-monitor-user-agents.php:292

WordPress Hooks 24

actioninitinc\login-url.php:11

actionlogin_initinc\login-url.php:38

actionwp_logoutinc\login-url.php:83

actiontemplate_redirectinc\login-url.php:93

filterwp_logout_urlinc\login-url.php:119

actionadmin_post_dreamcore_export_loginsincludes\admin\class-dreamcore-monitor-admin.php:54

actionadmin_initincludes\class-dreamcore-monitor-integrity.php:97

actionadmin_enqueue_scriptsincludes\class-dreamcore-monitor-integrity.php:99

actionadmin_enqueue_scriptsincludes\class-dreamcore-monitor.php:403

actionadmin_enqueue_scriptsincludes\class-dreamcore-monitor.php:405

actionadmin_menuincludes\class-dreamcore-monitor.php:407

actionadmin_initincludes\class-dreamcore-monitor.php:409

actionwp_loginincludes\class-dreamcore-monitor.php:419

actionwp_login_failedincludes\class-dreamcore-monitor.php:421

actionrest_api_initincludes\class-dreamcore-monitor.php:423

actionrest_api_initincludes\class-dreamcore-monitor.php:431

actionrest_api_initincludes\class-dreamcore-monitor.php:439

actionrest_api_initincludes\class-dreamcore-monitor.php:447

actionrest_api_initincludes\class-dreamcore-monitor.php:455

actionrest_api_initincludes\class-dreamcore-monitor.php:463

actionrest_api_initincludes\class-dreamcore-monitor.php:471

actionwp_enqueue_scriptsincludes\class-dreamcore-monitor.php:507

actionwp_enqueue_scriptsincludes\class-dreamcore-monitor.php:509

actionwpincludes\class-dreamcore-monitor.php:520

Scheduled Events 1

dreamcore_monitor_verify_api_key_daily

Maintenance & Trust

DreamCore Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedSep 25, 2025

PHP min version7.4

Downloads258

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

DreamCore Monitor Alternatives

SiteSignal

sitesignal

100

SiteSignal WordPress connector for AI visibility, website health, performance monitoring, and technical audits.

10 No CVEs

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

WP Ghost (Hide My WP Ghost) – Security & Firewall

hide-my-wp

Hide and Secure WP paths, wp-login, wp-admin, and more. Hack Prevention, Security, Brute Force protection, 8G Firewall, 2FA Passkey Login, and more.

100K 7 CVEs

Unauthorised Login Redirect

unauthorised-login-redirect

This plugin allows you to effectively hide your wp-login.php and wp-admin by requiring that you access it via a custom URL.

200 No CVEs

Protector – Login Security & Hide Admin URL

wp-admin-protect

100

Protect your WP Admin access. Easily change your wp-login URL by adding a secret term to hide your login page from bots and unwanted visitors.

200 No CVEs

Developer Profile

DreamCore Monitor Developer Profile

ifsolutions

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DreamCore Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dreamcore-monitor/assets/css/dreamcore-monitor-public.css/wp-content/plugins/dreamcore-monitor/assets/js/dreamcore-monitor-public.js/wp-content/plugins/dreamcore-monitor/admin/css/dreamcore-monitor-admin.css

Version Parameters

dreamcore-monitor/assets/css/dreamcore-monitor-public.css?ver=dreamcore-monitor/assets/js/dreamcore-monitor-public.js?ver=dreamcore-monitor/admin/css/dreamcore-monitor-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

integrity-statsstat-itemstat-item.not-modifiedstat-item.modifiedstat-item.missingstat-numberstat-labeldreamcore-monitor-notice+8 more

HTML Comments

Plugin Name: DreamCore Monitor

Description: A comprehensive WordPress monitoring solution that tracks login attempts, core status, plugin updates, theme status, file integrity, and WooCommerce orders with REST API support.

Data Attributes

data-dcm-action="export_logins"

JS Globals

DreamcoreMonitorAdmindcm_monitor_ajax_object

REST Endpoints

/wp-json/dreamcore-monitor/v1/settings/wp-json/dreamcore-monitor/v1/logs/wp-json/dreamcore-monitor/v1/security-scan/wp-json/dreamcore-monitor/v1/file-integrity

Shortcode Output

[dreamcore_monitor_dashboard][dreamcore_monitor_security_alert][dreamcore_monitor_file_integrity_report]

FAQ