WP-Safety

Inspect HTTP Requests Security & Risk Analysis

wordpress.org/plugins/inspect-http-requests

Log, view, and Block WP HTTP requests

100 active installs v1.0.10 PHP + WP 3.0.1+ Updated May 14, 2025
apilogrequestsupdate-checkswp_http
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Inspect HTTP Requests Safe to Use in 2026?

Generally Safe

Score 100/100

Inspect HTTP Requests has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The "inspect-http-requests" plugin v1.0.10 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and includes a reasonable number of nonce and capability checks relative to its entry points. The absence of any recorded vulnerabilities in its history suggests a relatively stable and well-maintained codebase.

However, significant concerns arise from the static analysis. A substantial portion of its attack surface, specifically all four AJAX handlers, lacks authentication checks. This is further exacerbated by the taint analysis, which reveals two flows with unsanitized paths classified as high severity. The low percentage of properly escaped output (29%) also indicates a risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed.

In conclusion, while the plugin has strengths in its SQL handling and historical lack of vulnerabilities, the unprotected AJAX endpoints and high-severity unsanitized paths represent critical security weaknesses that could be exploited. The poor output escaping practices also add to the potential risk landscape.

Key Concerns

  • AJAX handlers without authentication
  • High severity taint flows with unsanitized paths
  • Low percentage of properly escaped output
Vulnerabilities
None known

Inspect HTTP Requests Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Inspect HTTP Requests Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
10 prepared
Unescaped Output
5
2 escaped
Nonce Checks
5
Capability Checks
5
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared10 total queries

Output Escaping

29% escaped7 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
ets_inspect_http_requests_search (admin\class-inspect-http-requests-admin.php:275)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Inspect HTTP Requests Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_ets_inspect_http_requests_update_status_urlincludes\class-inspect-http-requests.php:152
authwp_ajax_ets_inspect_http_requests_searchincludes\class-inspect-http-requests.php:156
authwp_ajax_ets_inspect_http_requests_add_valid_urlincludes\class-inspect-http-requests.php:157
authwp_ajax_ets_inspect_http_requests_delete_urlincludes\class-inspect-http-requests.php:158
WordPress Hooks 8
actionplugins_loadedincludes\class-inspect-http-requests.php:133
actionadmin_enqueue_scriptsincludes\class-inspect-http-requests.php:148
actionadmin_enqueue_scriptsincludes\class-inspect-http-requests.php:149
actionadmin_menuincludes\class-inspect-http-requests.php:150
actionhttp_api_debugincludes\class-inspect-http-requests.php:151
filterpre_http_requestincludes\class-inspect-http-requests.php:153
filterets_inspect_http_requests_ignore_hostnameincludes\class-inspect-http-requests.php:154
filterhttp_request_argsincludes\class-inspect-http-requests.php:155
Maintenance & Trust

Inspect HTTP Requests Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 14, 2025
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

Inspect HTTP Requests Alternatives

Log HTTP Requests

Log HTTP Requests

log-http-requests

A
100

Log and view all WP HTTP requests

2K 1 CVE
Meta for WooCommerce

Meta for WooCommerce

facebook-for-woocommerce

A
93

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K 3 CVEs
Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

Site Mailer – SMTP Replacement, Email API Deliverability & Email Log

site-mailer

A
98

Effortlessly manage transactional emails with Site Mailer. High deliverability, logs and statistics, and no SMTP plugins needed.

200K 1 CVE
Simple JWT Login – Allows you to use JWT on REST endpoints.

Simple JWT Login – Allows you to use JWT on REST endpoints.

simple-jwt-login

B
70

Enhance the WordPress REST API with JWT authentication for secure access by mobile apps, external sites, and third-party services.

5K 1 unpatched
HTTP Requests Manager

HTTP Requests Manager

http-requests-manager

A
100

Limit, Debug, Optimize WP_HTTP requests. Limit by request count, page load time, reduce timeout for each request. Speed up login and admin pages.

1K No CVEs
Developer Profile

Inspect HTTP Requests Developer Profile

expresstechsoftware

14 plugins · 2K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
8 days
View full developer profile
Detection Fingerprints

How We Detect Inspect HTTP Requests

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/inspect-http-requests/admin/css/inspect-http-requests-admin.css/wp-content/plugins/inspect-http-requests/admin/js/inspect-http-requests-admin.js
Script Paths
/wp-content/plugins/inspect-http-requests/admin/js/inspect-http-requests-admin.js
Version Parameters
inspect-http-requests/admin/css/inspect-http-requests-admin.css?ver=inspect-http-requests/admin/js/inspect-http-requests-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
etsInspectHttpRequestsParams
FAQ

Frequently Asked Questions about Inspect HTTP Requests