Does Health Check & Troubleshooting have any unpatched vulnerabilities?

Yes — Health Check & Troubleshooting currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Health Check & Troubleshooting compatible with WordPress 6.6.5?

According to WordPress.org data, Health Check & Troubleshooting 1.7.1 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Health Check & Troubleshooting compatible with PHP 5.6+?

Health Check & Troubleshooting requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Health Check & Troubleshooting updated?

Health Check & Troubleshooting was last updated on Jul 25, 2024. Frequent updates are generally a positive security signal.

What is Health Check & Troubleshooting's security score?

Health Check & Troubleshooting has a WP-Safety security score of 57/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Health Check & Troubleshooting Security & Risk Analysis

wordpress.org/plugins/health-check

Health Check identifies common problems, and helps you troubleshoot plugin and theme conflicts.

300K active installs v1.7.1 PHP 5.6+ WP 4.4+ Updated Jul 25, 2024

health-check

C · Use Caution

CVEs total5

Unpatched1

Last CVEDec 15, 2025

Plugin page Download

Safety Verdict

Is Health Check & Troubleshooting Safe to Use in 2026?

Use With Caution

Score 57/100

Health Check & Troubleshooting has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

5 known CVEs 1 unpatched Last CVE: Dec 15, 2025Updated 1yr ago

Risk Assessment

The health-check plugin v1.7.1 exhibits a mixed security posture. While it demonstrates good practices in areas like output escaping and SQL query sanitization, several concerning findings from the static analysis, combined with its vulnerability history, warrant careful consideration.

The static analysis reveals an attack surface with 8 total entry points, of which 3 are unprotected AJAX handlers. This lack of authorization on a portion of its AJAX endpoints is a significant concern, as it could allow unauthenticated users to trigger potentially sensitive actions. The presence of the dangerous `exec` function, although not flagged in taint analysis as critical or high, is an inherent risk that should be monitored. The taint analysis itself shows no critical or high severity unsanitized paths, which is a positive indicator.

However, the plugin's vulnerability history is a major red flag. With 5 known CVEs, including 1 currently unpatched, and past vulnerabilities covering Path Traversal, CSRF, and Missing Authorization, it suggests a recurring pattern of exploitable weaknesses. The fact that the last vulnerability was as recent as December 2025 and remains unpatched is particularly alarming. While the plugin has strengths in code hygiene, the persistent nature of vulnerabilities and the presence of unprotected entry points create a substantial risk profile.

Key Concerns

Unprotected AJAX handlers
1 currently unpatched CVE
Dangerous function 'exec' found
Past vulnerabilities: Path Traversal, CSRF, Missing Auth

Vulnerabilities

Health Check & Troubleshooting Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

2 CVEs in 2019

2019

1 CVE in 2023

2023

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

Medium

Low

5 total CVEs

CVE-2025-64253low · 2.7Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Health Check & Troubleshooting <= 1.7.1 - Authenticated (Admin+) Path Traversal

Dec 15, 2025Unpatched

CVE-2022-47161medium · 6.3Cross-Site Request Forgery (CSRF)

Health Check & Troubleshooting <= 1.5.1 - Cross-Site Request Forgery via health_check_troubleshoot_get_captures

Mar 31, 2023 Patched in 1.6.0 (298d)

WF-95ad0139-eb12-4c02-95fb-cd19b6a6ab02-health-checkmedium · 4.3Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Health Check & Troubleshooting <= 1.2.3 - Path Traversal

Jan 25, 2019 Patched in 1.2.4 (1824d)

WF-bfd16372-9173-4168-8604-5c117d05c349-health-checkhigh · 8Cross-Site Request Forgery (CSRF)

Health Check & Troubleshooting <= 1.2.3 - Cross-Site Request Forgery

Jan 25, 2019 Patched in 1.2.4 (1824d)

WF-5278e8d4-d23e-47ce-b920-dfb7ec56387c-health-checkhigh · 8.8Missing Authorization

Health Check & Troubleshooting <= 1.2.3 - Missing Authorization Checks

Jan 25, 2018 Patched in 1.2.4 (2189d)

Code Analysis

Analyzed Mar 16, 2026

Health Check & Troubleshooting Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

97 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$gs = exec( 'gs --version' );HealthCheck\BackCompat\class-wp-debug-data.php:566

SQL Query Safety

75% prepared4 total queries

Output Escaping

92% escaped106 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

initiate_troubleshooting_mode (HealthCheck\class-health-check-troubleshoot.php:31)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Health Check & Troubleshooting Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 6

authwp_ajax_health-check-loopback-no-pluginsHealthCheck\class-health-check.php:61

authwp_ajax_health-check-loopback-individual-pluginsHealthCheck\class-health-check.php:62

authwp_ajax_health-check-loopback-default-themeHealthCheck\class-health-check.php:63

authwp_ajax_health-check-files-integrity-checkHealthCheck\Tools\class-health-check-files-integrity.php:23

authwp_ajax_health-check-view-file-diffHealthCheck\Tools\class-health-check-files-integrity.php:24

authwp_ajax_health-check-mail-checkHealthCheck\Tools\class-health-check-mail-check.php:25

REST API Routes 2

POST/wp-json/health-check/v1/screenshotHealthCheck\class-health-check-screenshots.php:165

POST/wp-json/health-check/v1plugin-compatHealthCheck\Tools\class-health-check-plugin-compatibility.php:19

WordPress Hooks 49

actionplugins_loadedhealth-check.php:61

filtercron_schedulesHealthCheck\BackCompat\class-wp-site-health.php:17

actionadmin_menuHealthCheck\BackCompat\class-wp-site-health.php:19

actionadmin_enqueue_scriptsHealthCheck\BackCompat\class-wp-site-health.php:21

actionsite_health_tab_contentHealthCheck\BackCompat\class-wp-site-health.php:23

actionadmin_initHealthCheck\class-health-check-screenshots.php:28

actioninitHealthCheck\class-health-check-screenshots.php:30

actioninitHealthCheck\class-health-check-screenshots.php:32

actionrest_api_initHealthCheck\class-health-check-screenshots.php:33

actionadmin_bar_menuHealthCheck\class-health-check-screenshots.php:35

actionadmin_enqueue_scriptsHealthCheck\class-health-check-screenshots.php:37

filtersite_health_navigation_tabsHealthCheck\class-health-check-screenshots.php:39

actionsite_health_tab_contentHealthCheck\class-health-check-screenshots.php:40

actionwpHealthCheck\class-health-check-screenshots.php:42

actionplugins_loadedHealthCheck\class-health-check.php:49

filterplugin_action_linksHealthCheck\class-health-check.php:51

actionadmin_noticesHealthCheck\class-health-check.php:54

actionadmin_enqueue_scriptsHealthCheck\class-health-check.php:56

actioninitHealthCheck\class-health-check.php:58

actionload-plugins.phpHealthCheck\class-health-check.php:59

filteruser_has_capHealthCheck\class-health-check.php:65

filtersite_health_navigation_tabsHealthCheck\class-health-check.php:67

actionsite_health_tab_contentHealthCheck\class-health-check.php:68

actioninitHealthCheck\class-health-check.php:70

actionadmin_initHealthCheck\Tools\class-health-check-beta-features.php:25

actionwp_mail_failedHealthCheck\Tools\class-health-check-mail-check.php:47

actionsite_health_tab_contentHealthCheck\Tools\class-health-check-phpinfo.php:27

actionrest_api_initHealthCheck\Tools\class-health-check-plugin-compatibility.php:13

filterhealth_check_tools_tabHealthCheck\Tools\class-health-check-tool.php:21

filteroption_active_pluginsmu-plugin\health-check-troubleshooting-mode.php:76

filteroption_active_sitewide_pluginsmu-plugin\health-check-troubleshooting-mode.php:77

filterpre_option_templatemu-plugin\health-check-troubleshooting-mode.php:79

filterpre_option_stylesheetmu-plugin\health-check-troubleshooting-mode.php:80

filterbulk_actions-pluginsmu-plugin\health-check-troubleshooting-mode.php:82

filterhandle_bulk_actions-pluginsmu-plugin\health-check-troubleshooting-mode.php:83

actioninitmu-plugin\health-check-troubleshooting-mode.php:93

actionadmin_initmu-plugin\health-check-troubleshooting-mode.php:94

actionadmin_enqueue_scriptsmu-plugin\health-check-troubleshooting-mode.php:96

actionadmin_bar_menumu-plugin\health-check-troubleshooting-mode.php:98

filterwp_fatal_error_handler_enabledmu-plugin\health-check-troubleshooting-mode.php:100

actionadmin_noticesmu-plugin\health-check-troubleshooting-mode.php:102

filteruser_has_capmu-plugin\health-check-troubleshooting-mode.php:103

actionplugin_action_linksmu-plugin\health-check-troubleshooting-mode.php:105

actionadmin_noticesmu-plugin\health-check-troubleshooting-mode.php:107

actionadmin_footermu-plugin\health-check-troubleshooting-mode.php:108

actionwp_logoutmu-plugin\health-check-troubleshooting-mode.php:110

actioninitmu-plugin\health-check-troubleshooting-mode.php:111

actionadmin_footermu-plugin\health-check-troubleshooting-mode.php:114

actionactivated_pluginmu-plugin\health-check-troubleshooting-mode.php:122

Maintenance & Trust

Health Check & Troubleshooting Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 25, 2024

PHP min version5.6

Downloads5.3M

Community Trust

Rating72/100

Number of ratings179

Active installs300K

Alternatives

Health Check & Troubleshooting Alternatives

Health Endpoint

health-endpoint

Creates a /health endpoint that returns a 200 OK HTTP status code while WordPress is performing correctly.

3K No CVEs

Check Conflicts

check-conflicts

The plugin allows you to disable/enable plugins and/or activate a default theme for checking conflict between them only for your IP; other users won&# …

1K No CVEs

Site Health Tools

site-health-tools

100

Introduces additional common tools to the Site Health interface.

200 No CVEs

UptimeMonster Site Monitor

uptimemonster-site-monitor

Monitor all activities and error logs of your WordPress site with UptimeMonster. Effortlessly simplify website management.

200 No CVEs

Simple SEO Criteria Check

simple-seo-criteria-check

The plugin 'Simple SEO Criteria Checklist" evaluates your post URLs, internal and external post links and image meta data.

60 No CVEs

Developer Profile

Health Check & Troubleshooting Developer Profile

WordPress.org

34 plugins · 14.9M total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1718 days

View full developer profile

Detection Fingerprints

How We Detect Health Check & Troubleshooting

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/health-check/assets/css/health-check-admin-styles.css/wp-content/plugins/health-check/assets/js/health-check-admin.js/wp-content/plugins/health-check/assets/js/health-check-debug-log-viewer.js/wp-content/plugins/health-check/assets/js/health-check-files-integrity.js/wp-content/plugins/health-check/assets/js/health-check-loopback.js/wp-content/plugins/health-check/assets/js/health-check-mail-check.js/wp-content/plugins/health-check/assets/js/health-check-phpinfo.js/wp-content/plugins/health-check/assets/js/health-check-plugin-compatibility.js+3 more

Script Paths

/wp-content/plugins/health-check/assets/js/health-check-admin.js

Version Parameters

health-check/assets/css/health-check-admin-styles.css?ver=health-check/assets/js/health-check-admin.js?ver=health-check/assets/js/health-check-debug-log-viewer.js?ver=health-check/assets/js/health-check-files-integrity.js?ver=health-check/assets/js/health-check-loopback.js?ver=health-check/assets/js/health-check-mail-check.js?ver=health-check/assets/js/health-check-phpinfo.js?ver=health-check/assets/js/health-check-plugin-compatibility.js?ver=health-check/assets/js/health-check-screenshots.js?ver=health-check/assets/js/health-check-troubleshoot.js?ver=health-check/assets/js/health-check-site-health.js?ver=

HTML / DOM Fingerprints

CSS Classes

health-check-admin-noticehealth-check-pagehealth-check-columnhealth-check-tools-wrapperhealth-check-debug-log-viewerhealth-check-mail-checkhealth-check-plugin-compatibilityhealth-check-phpinfo+7 more

HTML Comments

+9 more

Data Attributes

data-health-check-site-health-troubleshoot-actiondata-health-check-site-health-troubleshoot-plugindata-health-check-site-health-troubleshoot-themedata-health-check-site-health-troubleshoot-closedata-health-check-debug-log-viewer-searchdata-health-check-mail-check-test-send+12 more

JS Globals

healthCheckAdminhealthCheckTroubleshoothealthCheckDebugLogViewerhealthCheckFilesIntegrityhealthCheckMailCheckhealthCheckPluginCompatibility+4 more

REST Endpoints

/wp-json/health-check/v1/troubleshoot/plugins/wp-json/health-check/v1/troubleshoot/themes/wp-json/health-check/v1/troubleshoot/enable-plugin/wp-json/health-check/v1/troubleshoot/disable-plugin/wp-json/health-check/v1/troubleshoot/switch-theme/wp-json/health-check/v1/troubleshoot/disable-all-plugins/wp-json/health-check/v1/troubleshoot/enable-all-plugins/wp-json/health-check/v1/troubleshoot/exit

FAQ