WP-Safety

Operational Security & Risk Analysis

wordpress.org/plugins/operational

Track Admin area activity

0 active installs v1.1.0 PHP + WP 5.9+ Updated Jun 3, 2025
activity-logadmin-logevent-logevent-trackerlogger
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Operational Safe to Use in 2026?

Generally Safe

Score 100/100

Operational has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago
Risk Assessment

Based on the provided static analysis and vulnerability history, the "operational" plugin v1.1.0 exhibits a generally strong security posture. The absence of any detected dangerous functions, SQL injection vulnerabilities (all queries use prepared statements), and properly escaped output are significant strengths. Furthermore, the plugin has no recorded CVEs, indicating a clean historical record and likely good security practices in its development. The lack of file operations and external HTTP requests also contributes positively to its security profile.

However, there are a few areas that warrant attention. The most notable concern is the absence of nonce checks and capability checks. While the attack surface appears to be zero entry points, the lack of these fundamental WordPress security mechanisms means that even if an entry point were discovered or introduced in a future version, it would be inherently unprotected. The single external HTTP request, though not inherently malicious, should be scrutinized to ensure it's not vulnerable to man-in-the-middle attacks or does not inadvertently expose sensitive data. The complete absence of taint analysis flows is also a bit unusual for a plugin, suggesting either a very simple codebase or potential limitations in the analysis tool's ability to identify flows in this specific plugin.

In conclusion, "operational" v1.1.0 is currently a low-risk plugin due to its clean code signals and lack of known vulnerabilities. Its core functionality appears to be implemented securely. The primary weaknesses lie in the missing common WordPress security checks (nonces and capabilities) and a single, unanalyzed external HTTP request. Addressing these would significantly harden the plugin's security, even with its current limited attack surface.

Key Concerns

  • Missing nonce checks
  • Missing capability checks
  • External HTTP request without analysis
Vulnerabilities
None known

Operational Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Operational Release Timeline

v0.1.1
Code Analysis
Analyzed Apr 16, 2026

Operational Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
8 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped8 total outputs
Attack Surface

Operational Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionwp_loginadmin/class-operational-admin.php:233
actionclear_auth_cookieadmin/class-operational-admin.php:252
actionregister_new_useradmin/class-operational-admin.php:276
actionprofile_updateadmin/class-operational-admin.php:296
actionwp_login_failedadmin/class-operational-admin.php:316
actionactivated_pluginadmin/class-operational-admin.php:402
actiondeactivated_pluginadmin/class-operational-admin.php:437
actionswitch_themeadmin/class-operational-admin.php:470
actionadmin_menuadmin/class-operational-admin.php:553
actionadmin_initadmin/class-operational-admin.php:554
actionadmin_enqueue_scriptsincludes/class-operational.php:151
actionadmin_enqueue_scriptsincludes/class-operational.php:152
actionplugins_loadedincludes/class-operational.php:155
actionwp_enqueue_scriptsincludes/class-operational.php:170
actionwp_enqueue_scriptsincludes/class-operational.php:171
Maintenance & Trust

Operational Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 3, 2025
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Operational Alternatives

WP Activity Log

WP Activity Log

wp-security-audit-log

B
82

The #1 user-rated activity log plugin for event logging, activity monitoring and change tracking.

300K 11 CVEs
Adminify Activity Logs

Adminify Activity Logs

adminify-activity-logs

A
100

Track WordPress dashboard activities with this free plugin. Monitor user actions, filter by time, role for complete site security and accountability

300 No CVEs
Complete Security, Activity Log & WooCommerce Analytics Tracker – Activity Guard

Complete Security, Activity Log & WooCommerce Analytics Tracker – Activity Guard

notifier-to-slack

A
100

Track user, support forum & system activity log, monitor WooCommerce analytics with complete WordPress Security with activity guard.

70 No CVEs
Unbranded Portal Connector

Unbranded Portal Connector

unbranded-portal-connector

A
100

Log all of your user activity and report directly into your Unbranded Portal, without bloating your database.

50 No CVEs
Logify WP – Activity Log & User Audit Log

Logify WP – Activity Log & User Audit Log

logify-wp

A
100

Logify WP - Activity Log & User Audit Log tracks critical changes, logins, and updates with searchable logs for site security.

200 No CVEs
Developer Profile

Operational Developer Profile

Shash

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Operational

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/operational/admin/js/operational-admin.js/wp-content/plugins/operational/admin/css/operational-admin.css
Script Paths
/wp-content/plugins/operational/admin/js/operational-admin.js
Version Parameters
operational/css/operational-admin.css?ver=operational/js/operational-admin.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Operational