WP-Safety

NIS2 Compliance Security & Risk Analysis

wordpress.org/plugins/nis2-compliance

A comprehensive security compliance plugin implementing logging, monitoring and vulnerability management features.

10 active installs v1.5.2 PHP 7.4+ WP 6.0+ Updated Dec 18, 2025
complianceloggingmonitoringsecurityvulnerability
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NIS2 Compliance Safe to Use in 2026?

Generally Safe

Score 100/100

NIS2 Compliance has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "nis2-compliance" plugin v1.5.2 presents a mixed security posture. On the positive side, it demonstrates good practices with a high percentage of properly escaped outputs and a strong reliance on prepared statements for SQL queries. The absence of any historical CVEs is a significant strength, suggesting a history of stable and secure development. However, the static analysis reveals notable concerns. The presence of one AJAX handler without authentication checks creates a potential entry point for unauthorized actions. Furthermore, the taint analysis indicates four flows with unsanitized paths, all classified as high severity. This is a critical weakness, as unsanitized input can lead to severe vulnerabilities if not handled correctly, despite the absence of critical severity taint flows.

The plugin's vulnerability history is excellent, with zero recorded CVEs. This indicates a likely proactive approach to security by the developers. However, the static analysis findings, particularly the unprotected AJAX handler and the high-severity unsanitized taint flows, cannot be ignored. The strength in output escaping and SQL preparedness is commendable, but these are undermined by the identified input sanitization issues and the direct attack surface. The overall risk is moderate, with significant potential for exploitation if the unsanitized taint flows are indeed exploitable.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized taint flows (4)
Vulnerabilities
None known

NIS2 Compliance Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

NIS2 Compliance Code Analysis

Dangerous Functions
0
Raw SQL Queries
20
35 prepared
Unescaped Output
32
446 escaped
Nonce Checks
20
Capability Checks
21
File Operations
3
External Requests
5
Bundled Libraries
0

SQL Query Safety

64% prepared55 total queries

Output Escaping

93% escaped478 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths
ajax_toggle_suppress_toggle (admin\class-nis2-admin.php:360)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

NIS2 Compliance Attack Surface

Entry Points23
Unprotected1

AJAX Handlers 20

authwp_ajax_nis2_toggle_suppress_toggleadmin\class-nis2-admin.php:32
authwp_ajax_nis2_unblock_ipincludes\class-nis2-access-protection.php:73
authwp_ajax_nis2_add_whitelist_ipincludes\class-nis2-access-protection.php:74
authwp_ajax_nis2_remove_whitelist_ipincludes\class-nis2-access-protection.php:75
authwp_ajax_nis2_check_complianceincludes\class-nis2-compliance-checker.php:184
authwp_ajax_nis2_get_compliance_reportincludes\class-nis2-compliance-checker.php:185
authwp_ajax_nis2_export_logsincludes\class-nis2-logger.php:69
authwp_ajax_nis2_clear_logsincludes\class-nis2-logger.php:70
authwp_ajax_nis2_create_test_logincludes\class-nis2-logger.php:71
authwp_ajax_nis2_manual_integrity_checkincludes\class-nis2-monitor.php:46
authwp_ajax_nis2_only_core_integrity_checkincludes\class-nis2-monitor.php:47
authwp_ajax_nis2_reset_file_baselineincludes\class-nis2-monitor.php:48
authwp_ajax_nis2_ignore_file_changeincludes\class-nis2-monitor.php:49
authwp_ajax_nis2_bulk_ignore_file_changeincludes\class-nis2-monitor.php:50
authwp_ajax_nis2_all_ignore_file_changeincludes\class-nis2-monitor.php:51
authwp_ajax_nis2_export_monitorincludes\class-nis2-monitor.php:52
authwp_ajax_nis2_manual_vulnerability_scanincludes\class-nis2-vulnerability-scanner.php:106
authwp_ajax_nis2_mark_vulnerability_resolvedincludes\class-nis2-vulnerability-scanner.php:107
authwp_ajax_nis2_ignore_vulnerabilityincludes\class-nis2-vulnerability-scanner.php:108
authwp_ajax_nis2_export_vulnerabilityincludes\class-nis2-vulnerability-scanner.php:109

Shortcodes 3

[nis2_status] public\class-nis2-shortcodes.php:34
[nis2_security_badge] public\class-nis2-shortcodes.php:35
[nis2_last_update] public\class-nis2-shortcodes.php:36
WordPress Hooks 48
actionadmin_initadmin\class-nis2-admin.php:27
actionadmin_noticesadmin\class-nis2-admin.php:28
filteradmin_body_classadmin\class-nis2-admin.php:29
actionwp_login_failedincludes\class-nis2-access-protection.php:43
actionwp_authenticate_userincludes\class-nis2-access-protection.php:44
filterauthenticateincludes\class-nis2-access-protection.php:45
actionlogin_enqueue_scriptsincludes\class-nis2-access-protection.php:49
actionlogin_formincludes\class-nis2-access-protection.php:59
filterwp_authenticate_userincludes\class-nis2-access-protection.php:60
actionrest_api_initincludes\class-nis2-access-protection.php:70
actionnis2_daily_scanincludes\class-nis2-access-protection.php:78
filterrest_pre_dispatchincludes\class-nis2-access-protection.php:395
actionnis2_daily_scanincludes\class-nis2-compliance-checker.php:186
filterpre_get_ready_cron_jobsincludes\class-nis2-cron.php:19
actionnis2_log_eventincludes\class-nis2-logger.php:68
actionnis2_daily_scanincludes\class-nis2-logger.php:72
actionwp_loginincludes\class-nis2-logger.php:80
actionwp_login_failedincludes\class-nis2-logger.php:81
actionwp_logoutincludes\class-nis2-logger.php:82
actionactivated_pluginincludes\class-nis2-logger.php:85
actiondeactivated_pluginincludes\class-nis2-logger.php:86
actionswitch_themeincludes\class-nis2-logger.php:87
actionuser_registerincludes\class-nis2-logger.php:90
actiondelete_userincludes\class-nis2-logger.php:91
actionprofile_updateincludes\class-nis2-logger.php:92
action_core_updated_successfullyincludes\class-nis2-logger.php:95
actionsave_postincludes\class-nis2-logger.php:98
actiondelete_postincludes\class-nis2-logger.php:99
actionupdated_optionincludes\class-nis2-logger.php:102
filterwp_handle_uploadincludes\class-nis2-logger.php:105
actionnis2_integrity_checkincludes\class-nis2-monitor.php:45
action_core_updated_successfullyincludes\class-nis2-monitor.php:55
actionupgrader_process_completeincludes\class-nis2-monitor.php:56
actionupdate_option_nis2_integrity_enabledincludes\class-nis2-monitor.php:62
actionnis2_vulnerability_checkincludes\class-nis2-vulnerability-scanner.php:105
actionupgrader_process_completeincludes\class-nis2-vulnerability-scanner.php:112
actionadmin_noticesincludes\class-nis2-vulnerability-scanner.php:118
actionupdate_option_nis2_vulnerability_scanning_enabledincludes\class-nis2-vulnerability-scanner.php:121
actioninitincludes\class-nis2.php:55
actionadmin_initincludes\class-nis2.php:64
actionadmin_menuincludes\class-nis2.php:65
actionadmin_enqueue_scriptsincludes\class-nis2.php:66
actionwp_enqueue_scriptsincludes\class-nis2.php:67
filternis2_registered_cronsincludes\class-nis2.php:642
actionplugins_loadednis2.php:39
actionwp_headpublic\class-nis2-public.php:27
actionwp_footerpublic\class-nis2-public.php:28
actioninitpublic\class-nis2-shortcodes.php:27

Scheduled Events 1

nis2_vulnerability_check
Maintenance & Trust

NIS2 Compliance Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 18, 2025
PHP min version7.4
Downloads575

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

NIS2 Compliance Alternatives

Simple IP Logger

Simple IP Logger

simple-ip-logger

A
100

ページ単位でアクセスIPアドレスを記録する軽量プラグイン。アクセス傾向の監視、不要なIPのフィルタリング、広告トラフィックの検証に役立ちます。

40 No CVEs
Nyambush

Nyambush

nyambush

A
100

Connect your WordPress site to Nyambush ASM platform for continuous vulnerability monitoring and security assessment.

0 No CVEs
OnyxFlo Watchdog for WooCommerce

OnyxFlo Watchdog for WooCommerce

onyxflo-watchdog

A
100

Monitors WooCommerce orders for changes or mismatches and automatically flags suspicious orders to help ensure accuracy and prevent errors.

0 No CVEs
Resilience Compliance Manager

Resilience Compliance Manager

resilience-compliance-manager

A
100

CRA compliance for WordPress developers. Checklist, document generator, vulnerability scanner, and incident reporting for the 2026 EU deadline.

0 No CVEs
SOCHQ AI Log Agent

SOCHQ AI Log Agent

sochq-log-agent

A
100

Capture PHP request telemetry and ship JSON batches to your HTTPS webhook every 15 minutes. Minimal setup: set a Webhook URL.

0 No CVEs
Developer Profile

NIS2 Compliance Developer Profile

Babini Mazzari

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NIS2 Compliance

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nis2-compliance/assets/css/nis2-compliance.css/wp-content/plugins/nis2-compliance/assets/js/nis2-compliance.js
Script Paths
https://www.google.com/recaptcha/api.js
Version Parameters
nis2-compliance/assets/css/nis2-compliance.css?ver=nis2-compliance/assets/js/nis2-compliance.js?ver=

HTML / DOM Fingerprints

CSS Classes
nis2-compliance-settings
HTML Comments
NIS2 Compliance Settings
JS Globals
nis2_compliance_ajax_object
REST Endpoints
/wp-json/nis2-compliance/v1/settings/wp-json/nis2-compliance/v1/scan/wp-json/nis2-compliance/v1/logs
FAQ

Frequently Asked Questions about NIS2 Compliance