Does FireEMS Stats have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is FireEMS Stats compatible with WordPress 5.5.18?

According to WordPress.org data, FireEMS Stats 4.0.1 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

Is FireEMS Stats compatible with PHP 7.0+?

FireEMS Stats requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is FireEMS Stats updated?

FireEMS Stats was last updated on Sep 10, 2020. Frequent updates are generally a positive security signal.

What is FireEMS Stats's security score?

FireEMS Stats has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FireEMS Stats Security & Risk Analysis

wordpress.org/plugins/fireems-stats

Plugin that allows your Fire or EMS Organizaiton to list its monthly and annual activity.

10 active installs v4.0.1 PHP 7.0+ WP 5.0+ Updated Sep 10, 2020

emsems-statsfire-departmentfire-statsmonthly-calls

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FireEMS Stats Safe to Use in 2026?

Generally Safe

Score 85/100

FireEMS Stats has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "fireems-stats" v4.0.1 plugin presents a significant security risk due to its extensive attack surface of 10 unprotected AJAX handlers. While the plugin demonstrates good practices in using prepared statements for all SQL queries and has no recorded vulnerability history, the lack of authentication checks on numerous entry points is a critical concern. The presence of dangerous functions like `unserialize`, `ini_set`, and `set_time_limit` further amplifies the risk, especially when combined with unprotected AJAX endpoints, as these functions can be leveraged for various malicious activities if user input is not properly validated and sanitized. Furthermore, only 20% of output is properly escaped, indicating a potential for cross-site scripting (XSS) vulnerabilities.

Despite the positive aspects such as no known CVEs and secure SQL handling, the sheer number of unprotected AJAX endpoints and the use of potentially dangerous functions without adequate safeguards create a serious vulnerability. The absence of taint analysis data is noted, but the existing code signals strongly suggest areas requiring immediate attention. Overall, the plugin has a weak security posture regarding input validation and access control for its AJAX functionalities, overshadowing its strengths in other areas. Remediation efforts should prioritize securing all AJAX handlers and thoroughly auditing the use of dangerous functions.

Key Concerns

Multiple unprotected AJAX handlers
Low percentage of properly escaped output
Presence of dangerous functions
Limited nonce checks
Limited capability checks

Vulnerabilities

None known

FireEMS Stats Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

FireEMS Stats Release Timeline

v4.0.1Current

v4.0.0

v2.2.1

v2.1.0

v1.1.1

v1.0.1

Code Analysis

Analyzed Apr 16, 2026

FireEMS Stats Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$array = unserialize( $result );includes/class-fireems-stats-shared.php:78

ini_set@ini_set('display_errors', 'On');update-check/Puc/v4p10/DebugBar/Extension.php:142

set_time_limit@set_time_limit(60);update-check/Puc/v4p10/Vcs/PluginUpdateChecker.php:38

SQL Query Safety

100% prepared17 total queries

Output Escaping

20% escaped105 total outputs

Attack Surface

10 unprotected

FireEMS Stats Attack Surface

Entry Points11

Unprotected10

AJAX Handlers 10

authwp_ajax_get_month_detailincludes/class-fireems-stats.php:164

authwp_ajax_update_month_dataincludes/class-fireems-stats.php:166

authwp_ajax_get_column_detailincludes/class-fireems-stats.php:171

authwp_ajax_update_column_arrayincludes/class-fireems-stats.php:173

authwp_ajax_add_new_columnincludes/class-fireems-stats.php:175

authwp_ajax_delete_columnincludes/class-fireems-stats.php:177

authwp_ajax_add_prior_yearincludes/class-fireems-stats.php:180

authwp_ajax_delete_prior_yearincludes/class-fireems-stats.php:182

authwp_ajax_puc_v4_debug_check_nowupdate-check/Puc/v4p10/DebugBar/Extension.php:20

authwp_ajax_puc_v4_debug_request_infoupdate-check/Puc/v4p10/DebugBar/PluginExtension.php:11

Shortcodes 1

[fems] public/class-fireems-stats-public.php:231

WordPress Hooks 36

actionplugins_loadedincludes/class-fireems-stats.php:142

actionadmin_enqueue_scriptsincludes/class-fireems-stats.php:157

actionadmin_enqueue_scriptsincludes/class-fireems-stats.php:159

actionadmin_menuincludes/class-fireems-stats.php:161

actionadmin_post_update_settingsincludes/class-fireems-stats.php:169

actionwp_enqueue_scriptsincludes/class-fireems-stats.php:197

actionwp_enqueue_scriptsincludes/class-fireems-stats.php:199

actioninitincludes/class-fireems-stats.php:201

filterquery_varsincludes/class-fireems-stats.php:203

actionwidgets_initincludes/class-fireems-stats.php:218

actionupgrader_process_completeincludes/class-fireems-stats.php:232

filterdebug_bar_panelsupdate-check/Puc/v4p10/DebugBar/Extension.php:17

actiondebug_bar_enqueue_scriptsupdate-check/Puc/v4p10/DebugBar/Extension.php:18

filterupgrader_post_installupdate-check/Puc/v4p10/Plugin/Package.php:32

actiondelete_site_transient_update_pluginsupdate-check/Puc/v4p10/Plugin/Package.php:33

actionadmin_initupdate-check/Puc/v4p10/Plugin/Ui.php:17

filterplugin_row_metaupdate-check/Puc/v4p10/Plugin/Ui.php:24

filterplugin_row_metaupdate-check/Puc/v4p10/Plugin/Ui.php:25

actionall_admin_noticesupdate-check/Puc/v4p10/Plugin/Ui.php:26

filterplugins_apiupdate-check/Puc/v4p10/Plugin/UpdateChecker.php:94

filtercron_schedulesupdate-check/Puc/v4p10/Scheduler.php:50

actionadmin_initupdate-check/Puc/v4p10/Scheduler.php:67

actionload-update-core.phpupdate-check/Puc/v4p10/Scheduler.php:71

actionupgrader_process_completeupdate-check/Puc/v4p10/Scheduler.php:78

actioninitupdate-check/Puc/v4p10/UpdateChecker.php:98

filterupgrader_source_selectionupdate-check/Puc/v4p10/UpdateChecker.php:142

filterhttp_request_host_is_externalupdate-check/Puc/v4p10/UpdateChecker.php:146

actionplugins_loadedupdate-check/Puc/v4p10/UpdateChecker.php:152

actionpuc_api_errorupdate-check/Puc/v4p10/UpdateChecker.php:261

filterupgrader_pre_installupdate-check/Puc/v4p10/UpgraderStatus.php:17

filterupgrader_package_optionsupdate-check/Puc/v4p10/UpgraderStatus.php:18

filterupgrader_post_installupdate-check/Puc/v4p10/UpgraderStatus.php:19

actionupgrader_process_completeupdate-check/Puc/v4p10/UpgraderStatus.php:20

filterupgrader_pre_downloadupdate-check/Puc/v4p10/Vcs/GitHubApi.php:310

filterhttp_request_argsupdate-check/Puc/v4p10/Vcs/GitHubApi.php:379

actionrequests-requests.before_redirectupdate-check/Puc/v4p10/Vcs/GitHubApi.php:380

Maintenance & Trust

FireEMS Stats Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedSep 10, 2020

PHP min version7.0

Downloads9K

Community Trust

Rating90/100

Number of ratings2

Active installs10

Alternatives

FireEMS Stats Alternatives

Einsatzverwaltung

einsatzverwaltung

100

Public incident reports for fire departments and other rescue services

1K No CVEs

Conditional Menus

conditional-menus

This plugin enables you to set conditional menus per posts, pages, categories, archive pages, etc.

60K 2 CVEs

GS Portfolio for Envato

gs-envato-portfolio

Best Responsive Envato Portfolio Plugin to display Themeforest & Codecanyon Items.

4K 1 unpatched

Themify Icons

themify-icons

Nifty plugin that enables you to use the Themify Icons (https://themify.me/themify-icons) font on your site.

3K 2 CVEs

Page Specific Menu Items

page-specific-menu-items

Allows user to select menu items page wise.

2K No CVEs

Developer Profile

FireEMS Stats Developer Profile

Mike

2 plugins · 50 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FireEMS Stats

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/fireems-stats/admin/css/fireems-stats-admin.min.css/wp-content/plugins/fireems-stats/admin/css/colors/fireems-stats-admin-/wp-content/plugins/fireems-stats/admin/js/fems-admin.min.js

Script Paths

/wp-content/plugins/fireems-stats/admin/js/fems-admin.min.js

Version Parameters

fireems-stats/admin/css/fireems-stats-admin.min.css?ver=fireems-stats/admin/css/colors/fireems-stats-admin-fireems-stats/admin/js/fems-admin.min.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-fems-noncedata-fems-yeardata-fems-statid

JS Globals

ajax_params

FAQ