Does Error Log Monitor have any unpatched vulnerabilities?

No. All known vulnerabilities in Error Log Monitor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Error Log Monitor compatible with WordPress 6.8.5?

According to WordPress.org data, Error Log Monitor 1.7.12 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Error Log Monitor compatible with PHP 7.4+?

Error Log Monitor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Error Log Monitor updated?

Error Log Monitor was last updated on Oct 1, 2025. Frequent updates are generally a positive security signal.

What is Error Log Monitor's security score?

Error Log Monitor has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Error Log Monitor Security & Risk Analysis

wordpress.org/plugins/error-log-monitor

Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.

20K active installs v1.7.12 PHP 7.4+ WP 4.5+ Updated Oct 1, 2025

adminadministrationdashboard-widgeterror-reportingphp

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 25, 2019

Plugin page Download

Safety Verdict

Is Error Log Monitor Safe to Use in 2026?

Generally Safe

Score 99/100

Error Log Monitor has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 25, 2019Updated 6mo ago

Risk Assessment

The "error-log-monitor" plugin v1.7.12 exhibits a mixed security posture. On one hand, the static analysis shows a commendable lack of readily exposed attack vectors such as unprotected AJAX handlers, REST API routes, shortcodes, or cron events. This suggests a good understanding of fundamental WordPress security by the developers.

However, significant concerns arise from the code analysis. A striking 100% of SQL queries are executed without prepared statements, which is a major risk for SQL injection vulnerabilities. Additionally, while the plugin has a moderate number of file operations and nonce checks, it also presents a high rate of unsanitized taint flows, specifically four identified flows with unsanitized paths, all flagged as high severity. This, coupled with only 67% of output being properly escaped, indicates potential for cross-site scripting (XSS) and other injection attacks.

The plugin's vulnerability history reveals one previously known high-severity CVE, indicating a past incident that required patching. The absence of currently unpatched vulnerabilities is positive, but the historical presence of a high-severity issue, particularly related to missing authorization (a common pattern), combined with the current taint analysis findings, suggests a recurring theme of injection-related risks that need diligent attention and robust sanitization practices. The plugin has strengths in minimizing its attack surface but weaknesses in secure data handling and processing.

Key Concerns

100% of SQL queries are not using prepared statements
4 high severity taint flows with unsanitized paths
33% of output is not properly escaped
1 previously known high severity CVE
Bundled library Freemius v1.0 may be outdated

Vulnerabilities

Error Log Monitor Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

Patched Has unpatched

Severity Breakdown

High

1 total CVE

WF-3fda31fa-efc9-44b9-99ba-9e3e23aa2ee0-error-log-monitorhigh · 8.8Missing Authorization

Freemius SDK <= 2.2.3 - Missing Authorization to Arbitrary Options Update

Feb 25, 2019 Patched in 1.6.5 (1793d)

Code Analysis

Analyzed Mar 16, 2026

Error Log Monitor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

78 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

0% prepared4 total queries

Output Escaping

67% escaped117 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

form_handler (scb\AdminPage.php:225)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Error Log Monitor Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

actionwp_dashboard_setupElm\DashboardWidget.php:73

actionwp_network_dashboard_setupElm\DashboardWidget.php:74

actionadmin_initElm\DashboardWidget.php:75

actionadmin_enqueue_scriptsElm\DashboardWidget.php:88

actionplugins_loadedElm\Plugin.php:34

actioninitElm\Plugin.php:37

actionelm_settings_changedElm\Plugin.php:40

actionshutdownElm\Plugin.php:429

actionadmin_noticesElm\SetupWizard.php:15

actionadmin_enqueue_scriptsElm\SetupWizard.php:28

action_admin_menuscb\AdminPage.php:62

actionadmin_initscb\AdminPage.php:135

actionadmin_menuscb\AdminPage.php:138

actionadmin_noticesscb\AdminPage.php:245

filtercron_schedulesscb\Cron.php:60

actionactivate_pluginscb\load.php:42

actionplugins_loadedscb\load.php:48

actionload-post.phpscb\PostMetabox.php:64

actionload-post-new.phpscb\PostMetabox.php:65

actionadd_meta_boxesscb\PostMetabox.php:86

actionsave_postscb\PostMetabox.php:87

actionwidgets_initscb\Widget.php:31

Maintenance & Trust

Error Log Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 1, 2025

PHP min version7.4

Downloads631K

Community Trust

Rating86/100

Number of ratings48

Active installs20K

Alternatives

Error Log Monitor Alternatives

Dashboard Posts Stats

dashboard-posts-stats

Add a nice graph with your published posts during the last 30 days on a dashboard widget.

10 No CVEs

Microplugins

microplugins

100

Añade funcionalidad al sitio mediante código desde la administración.

10 No CVEs

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Adminimize

adminimize

Adminimize that lets you hide 'unnecessary' items from the WordPress backend

200K 2 CVEs

WP phpMyAdmin

wp-phpmyadmin-extension

[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 𝐵𝓎 𝒫𝓊𝓋𝑜𝓍 ] phpMyAdmin - Database Browser & Manager (for MySQL & MariaDB)

50K 2 CVEs

Developer Profile

Error Log Monitor Developer Profile

Janis Elsts

7 plugins · 431K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

469 days

View full developer profile

Detection Fingerprints

How We Detect Error Log Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/error-log-monitor/css/dashboard-widget.css/wp-content/plugins/error-log-monitor/js/dashboard-widget.js

Script Paths

/wp-content/plugins/error-log-monitor/js/dashboard-widget.js

Version Parameters

error-log-monitor/js/dashboard-widget.js?ver=error-log-monitor/css/dashboard-widget.css?ver=

HTML / DOM Fingerprints

CSS Classes

ws_php_error_log

Data Attributes

data-elm-log-actiondata-elm-log-targetdata-elm-log-nonce

JS Globals

Elm

REST Endpoints

/wp-json/elm-log-monitor/v1/settings/wp-json/elm-log-monitor/v1/log-entries

FAQ