Does DX localhost have any unpatched vulnerabilities?

No. All known vulnerabilities in DX localhost have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is DX localhost compatible with WordPress 5.2.24?

According to WordPress.org data, DX localhost 1.5 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

Is DX localhost compatible with PHP 5.6+?

DX localhost requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DX localhost updated?

DX localhost was last updated on Nov 15, 2019. Frequent updates are generally a positive security signal.

What is DX localhost's security score?

DX localhost has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DX localhost Security & Risk Analysis

wordpress.org/plugins/dx-localhost

Display a yellow notice box when you're working on localhost

10 active installs v1.5 PHP 5.6+ WP 3.1+ Updated Nov 15, 2019

developmentlocalhostnoticeproductiontoolbar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DX localhost Safe to Use in 2026?

Generally Safe

Score 85/100

DX localhost has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "dx-localhost" v1.5 plugin exhibits a generally strong security posture in many areas. Its lack of external dependencies, file operations, and HTTP requests are positive signs. Furthermore, the absence of known CVEs and a clean vulnerability history suggest a mature and well-maintained codebase regarding past security issues.

However, the static analysis reveals significant concerns regarding output escaping, with only 6% of outputs being properly escaped. This indicates a high potential for cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is reflected in the output without adequate sanitization. The taint analysis showing two flows with unsanitized paths, even without critical or high severity, is also a red flag. While not currently flagged as severe, these unsanitized paths are potential entry points for malicious input that could be exploited if the application logic evolves or if attackers find ways to leverage them.

In conclusion, while the plugin has a clean history and avoids common pitfalls like raw SQL queries, the low output escaping rate and identified unsanitized paths present real security risks. The plugin's small attack surface is a mitigating factor, but these code-level weaknesses require attention to prevent potential vulnerabilities, particularly XSS.

Key Concerns

Low output escaping rate
Unsanitized paths in taint analysis

Vulnerabilities

None known

DX localhost Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

DX localhost Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

6% escaped16 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

dx_localhost_options_cb (dx-localhost.php:177)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

DX localhost Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_menudx-localhost.php:50

actionadmin_initdx-localhost.php:51

actionplugins_loadeddx-localhost.php:52

actionadmin_bar_menudx-localhost.php:53

actionadmin_enqueue_scriptsdx-localhost.php:54

actionwp_enqueue_scriptsdx-localhost.php:55

actionadmin_enqueue_scriptsdx-localhost.php:56

Maintenance & Trust

DX localhost Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedNov 15, 2019

PHP min version5.6

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs10

Alternatives

DX localhost Alternatives

WP Dev Flag

wp-dev-flag

Shows a floating badge on the front end, to visually distinguish your development site from production.

10 No CVEs

What The File

what-the-file

100

What The File is the best tool to find out what template parts are used to display the page you're currently viewing!

40K No CVEs

Display Environment Type

display-environment-type

100

Displays WordPress 5.5's environment type setting in the admin bar and the "At a Glance" dashboard widget.

1K No CVEs

Local Development

local-development

100

Places development notice for plugins or themes that are in local development. Prevents updating of selected plugins and themes.

90 1 CVE

WP-ngrok

wp-ngrok

Expose your local WordPress to the world. only work in your localhost

30 No CVEs

Developer Profile

DX localhost Developer Profile

Mario Peshev

13 plugins · 5K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

164 days

View full developer profile

Detection Fingerprints

How We Detect DX localhost

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dx-localhost/assets/css/dx-localhost.css

HTML / DOM Fingerprints

CSS Classes

dx-localhost-notice

Data Attributes

id="dx-localhost-notice"

Shortcode Output

You are working on

FAQ