Does Eli's PHP Compatibility Scanner have any unpatched vulnerabilities?

No. All known vulnerabilities in Eli's PHP Compatibility Scanner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Eli's PHP Compatibility Scanner compatible with WordPress 6.9.4?

According to WordPress.org data, Eli's PHP Compatibility Scanner 1.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Eli's PHP Compatibility Scanner compatible with PHP 7.4+?

Eli's PHP Compatibility Scanner requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Eli's PHP Compatibility Scanner updated?

Eli's PHP Compatibility Scanner was last updated on Mar 9, 2026. Frequent updates are generally a positive security signal.

What is Eli's PHP Compatibility Scanner's security score?

Eli's PHP Compatibility Scanner has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Eli's PHP Compatibility Scanner Security & Risk Analysis

wordpress.org/plugins/eli-php-compatibility-scanner

A comprehensive WordPress plugin that scans your plugins and themes for PHP version compatibility issues using the PHPCompatibility ruleset.

100 active installs v1.1.1 PHP 7.4+ WP 4.5+ Updated Mar 9, 2026

code-qualitycompatibilityphpcstestingwordpress-development

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Eli's PHP Compatibility Scanner Safe to Use in 2026?

Generally Safe

Score 100/100

Eli's PHP Compatibility Scanner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 26d ago

Risk Assessment

The "eli-php-compatibility-scanner" plugin version 1.1.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping, SQL query preparation, and has no recorded historical vulnerabilities. This suggests a commitment to secure coding principles in these areas.

However, significant concerns arise from the static analysis. The plugin exposes 9 AJAX handlers with no authentication or capability checks, representing a substantial attack surface with direct entry points. Furthermore, taint analysis reveals 3 flows with unsanitized paths, including 2 critical severity issues, indicating potential for sensitive data to be manipulated or exposed. The presence of 3 dangerous function calls (exec) also raises a red flag, especially when combined with the unprotected AJAX endpoints.

While the lack of known CVEs is reassuring, it does not negate the critical risks identified in the current code analysis. The high number of unprotected AJAX handlers and critical taint flows, coupled with the use of dangerous functions, presents a clear and present danger. The plugin requires immediate attention to address these security weaknesses.

Key Concerns

Unprotected AJAX handlers
Critical severity taint flows
Dangerous function calls (exec)
Flows with unsanitized paths

Vulnerabilities

None known

Eli's PHP Compatibility Scanner Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Eli's PHP Compatibility Scanner Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

47 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($command, $output, $return_code);includes\Core\class-scanner.php:127

execexec($command, $output, $return_code);includes\Core\class-scanner.php:199

exec@exec($cmd, $output, $return_code);includes\Core\class-scanner.php:270

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped47 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

handle_save_options (includes\Ajax\class-ajaxhandler.php:267)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Eli's PHP Compatibility Scanner Attack Surface

Entry Points9

Unprotected9

AJAX Handlers 9

authwp_ajax_phpcompat_checker_scanincludes\Ajax\class-ajaxhandler.php:38

authwp_ajax_phpcompat_checker_targetsincludes\Ajax\class-ajaxhandler.php:39

authwp_ajax_phpcompat_checker_preflightincludes\Ajax\class-ajaxhandler.php:40

authwp_ajax_phpcompat_checker_batch_scanincludes\Ajax\class-ajaxhandler.php:41

authwp_ajax_phpcompat_checker_progressincludes\Ajax\class-ajaxhandler.php:42

authwp_ajax_phpcompat_checker_process_batchincludes\Ajax\class-ajaxhandler.php:43

authwp_ajax_phpcompat_checker_load_optionsincludes\Ajax\class-ajaxhandler.php:44

authwp_ajax_phpcompat_checker_save_optionsincludes\Ajax\class-ajaxhandler.php:45

authwp_ajax_phpcompat_checker_stop_scanincludes\Ajax\class-ajaxhandler.php:46

WordPress Hooks 3

actionadmin_menuincludes\class-plugin.php:80

actionadmin_enqueue_scriptsincludes\class-plugin.php:81

actioninitphp-compatibility-scanner.php:64

Maintenance & Trust

Eli's PHP Compatibility Scanner Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 9, 2026

PHP min version7.4

Downloads891

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Eli's PHP Compatibility Scanner Alternatives

FakerPress

fakerpress

100

FakerPress is a clean way to generate fake and dummy content to your WordPress, great for developers who need testing

10K No CVEs

Unbounce Landing Pages

unbounce

100

Unbounce is the most powerful standalone landing page builder available.

10K No CVEs

Plugin Compatibility Checker

plugin-compatibility-checker

100

Scan and check your plugins for PHP and WordPress compatibility. Requires a $1/month Portal subscription to obtain a license key.

8K No CVEs

Plugin Check (PCP)

plugin-check

100

Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.

7K No CVEs

Instapage Plugin

instapage

Instapage plugin - the best way for WordPress to seamlessly publish landing pages as a natural extension of your WordPress blog or website.

5K 1 CVE

Developer Profile

Eli's PHP Compatibility Scanner Developer Profile

Eli Hanna

2 plugins · 110 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

38 days

View full developer profile

Detection Fingerprints

How We Detect Eli's PHP Compatibility Scanner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eli-php-compatibility-scanner/assets/dist/admin.css/wp-content/plugins/eli-php-compatibility-scanner/assets/dist/admin.js

Script Paths

/wp-content/plugins/eli-php-compatibility-scanner/assets/dist/admin.js

Version Parameters

eli-php-compatibility-scanner/assets/dist/admin.css?ver=eli-php-compatibility-scanner/assets/dist/admin.js?ver=

HTML / DOM Fingerprints

JS Globals

PHPCompatChecker

FAQ