WP-Safety

JS Error Logger Security & Risk Analysis

wordpress.org/plugins/js-error-logger

Logs front-end javascript errors, and displays them in a dashboard widget

10 active installs v1.3.1 PHP 7.4+ WP 5.0+ Updated Dec 11, 2025
dashboard-widgetdebugerror-reportingjavascriptjs
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is JS Error Logger Safe to Use in 2026?

Generally Safe

Score 100/100

JS Error Logger has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "js-error-logger" plugin v1.3.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices with 100% of SQL queries using prepared statements and nearly all output being properly escaped. The absence of known CVEs and a clean vulnerability history also suggest a relatively mature and secure codebase in the past. However, significant security concerns arise from the attack surface analysis, specifically the presence of 7 AJAX handlers, 5 of which lack authentication checks. This creates a substantial entry point for potential attacks. While taint analysis shows no critical or high severity unsanitized paths, the unprotected AJAX handlers could still be exploited to trigger actions or log data in unintended ways, especially if combined with other vulnerabilities or social engineering. The plugin has a single cron event and limited file operations, which are positive indicators of reduced risk in those areas. Overall, the plugin's strengths lie in its secure data handling (SQL, output escaping) and lack of past vulnerabilities, but the unprotected AJAX endpoints represent a notable weakness that requires immediate attention to mitigate potential security risks.

Key Concerns

  • Unprotected AJAX handlers (5)
  • Limited nonce checks (2)
  • Limited capability checks (1)
Vulnerabilities
None known

JS Error Logger Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

JS Error Logger Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
122 escaped
Nonce Checks
2
Capability Checks
1
File Operations
6
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped123 total outputs
Attack Surface
5 unprotected

JS Error Logger Attack Surface

Entry Points7
Unprotected5

AJAX Handlers 7

authwp_ajax_jserrlog_log_errorclasses\Plugin.php:41
noprivwp_ajax_jserrlog_log_errorclasses\Plugin.php:42
authwp_ajax_jserrlog_refresh_dashboard_logclasses\Plugin.php:56
authwp_ajax_jserrlog_refresh_logclasses\Plugin.php:58
authwp_ajax_jserrlog_purge_logclasses\Plugin.php:59
authwp_ajax_jserrlog_dismissed_notice_handlerclasses\Plugin.php:61
authwp_ajax_jserrlog_update_settingsclasses\Plugin.php:65
WordPress Hooks 18
actionjserrlog-cleanupclasses\Logger.php:14
actionwp_enqueue_scriptsclasses\Plugin.php:36
actionwp_enqueue_scriptsclasses\Plugin.php:43
actionadmin_enqueue_scriptsclasses\Plugin.php:49
actionwp_dashboard_setupclasses\Plugin.php:55
actionadmin_noticesclasses\Plugin.php:60
filterplugin_action_linksclasses\Plugin.php:62
actionadmin_menuclasses\Plugin.php:63
actionadmin_enqueue_scriptsclasses\Plugin.php:64
actionadmin_footerclasses\Plugin.php:66
actionadmin_enqueue_scriptsclasses\Plugin.php:145
actionwp_enqueue_scriptsclasses\Plugin.php:632
actionadmin_enqueue_scriptsclasses\Plugin.php:635
filterscript_loader_srcclasses\Plugin.php:642
actionadmin_enqueue_scriptsclasses\Plugin.php:689
actioninitjs-error-logger.php:29
actionwp_enqueue_scriptstemplates\early-loader.php:25
actionadmin_enqueue_scriptstemplates\early-loader.php:26

Scheduled Events 1

jserrlog-cleanup
Maintenance & Trust

JS Error Logger Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 11, 2025
PHP min version7.4
Downloads1K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

JS Error Logger Alternatives

Simple Log Viewer

Simple Log Viewer

simple-log-viewer

A
100

A simple plugin to log errors in real time in a metabox in the admin panel, too integrated with WP-CLI

10 No CVEs
Error Log Monitor

Error Log Monitor

error-log-monitor

A
99

Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.

20K 1 CVE
SOGO Add Script to Individual Pages Header Footer

SOGO Add Script to Individual Pages Header Footer

oh-add-script-header-footer

A
85

Simple plugin to add script to header and footer for individual pages & posts

20K No CVEs
TC Custom JavaScript

TC Custom JavaScript

tc-custom-javascript

B
84

Add custom JavaScript to your site from a professional editor in the WordPress admin.

10K 1 CVE
Jquery Validation For Contact Form 7

Jquery Validation For Contact Form 7

jquery-validation-for-contact-form-7

A
99

New standard of advance validation for Contact Form 7.

9K 1 CVE
Developer Profile

JS Error Logger Developer Profile

JFG Media

3 plugins · 190 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect JS Error Logger

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/js-error-logger/res/toastr/toastr.min.js/wp-content/plugins/js-error-logger/js/settings.js/wp-content/plugins/js-error-logger/js/error-logger.js
Script Paths
/wp-content/plugins/js-error-logger/js/error-logger.js
Version Parameters
js-error-logger/js/error-logger.js?ver=js-error-logger/res/toastr/toastr.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
jserrlog-log-tablejserrlog-settings-formjserrlog-accent-color
HTML Comments
<!-- JS Error Logger --><!-- JSERRLOG -->
Data Attributes
data-jserrlog-noncedata-jserrlog-urldata-jserrlog-log-id
JS Globals
jserrlog
REST Endpoints
/wp-json/js-error-logger/v1/log/wp-json/js-error-logger/v1/settings
FAQ

Frequently Asked Questions about JS Error Logger