WP-Safety

Permissions & Security Audit Security & Risk Analysis

wordpress.org/plugins/permissions-security-audit

Permissions & Security Audit is a plugin that runs a series of tests to check common security issues with the following areas:

50 active installs v1.2 PHP 5.4+ WP 5.2+ Updated Mar 4, 2021
filefolderspermissionpermissionssecurity
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Permissions & Security Audit Safe to Use in 2026?

Generally Safe

Score 85/100

Permissions & Security Audit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "permissions-security-audit" v1.2 plugin presents a generally positive security posture, with no known vulnerabilities or exploitable attack surface points identified in the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with improper authentication or authorization checks is a significant strength. Furthermore, the plugin exclusively uses prepared statements for SQL queries and shows a clean history of CVEs, indicating a commitment to secure coding practices.

However, the static analysis reveals a critical concern regarding output escaping, with 0% of the 15 identified outputs being properly escaped. This indicates a high risk of cross-site scripting (XSS) vulnerabilities if any user-supplied data is reflected directly in the output without proper sanitization. While the plugin demonstrates strong practices in other areas, this lack of output escaping represents a significant weakness that could be exploited by attackers to inject malicious scripts into the website.

Given the clean vulnerability history and controlled attack surface, the overall risk is moderate, leaning towards low, primarily due to the identified output escaping issue. The plugin's strengths in preventing unauthorized access and securing database interactions are commendable. However, the unescaped output is a severe oversight that must be addressed to mitigate the risk of XSS attacks. Future development should prioritize addressing this gap in output sanitization.

Key Concerns

  • No output escaping detected
Vulnerabilities
None known

Permissions & Security Audit Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Permissions & Security Audit Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
15
0 escaped
Nonce Checks
0
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped15 total outputs
Attack Surface

Permissions & Security Audit Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_menusrc\security_audit.php:126
actionadmin_enqueue_scriptssrc\security_audit.php:131
actioninitsrc\security_audit.php:136
actionrest_api_initsrc\security_audit.php:144
actionrest_api_initsrc\security_audit.php:149
actionrest_api_initsrc\security_audit.php:154
actionrest_api_initsrc\security_audit.php:160
actionrest_api_initsrc\security_audit.php:165
actionrest_api_initsrc\security_audit.php:171
Maintenance & Trust

Permissions & Security Audit Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedMar 4, 2021
PHP min version5.4
Downloads2K

Community Trust

Rating40/100
Number of ratings1
Active installs50
Alternatives

Permissions & Security Audit Alternatives

AutoCHMOD

AutoCHMOD

autochmod

A
85

Protect folders and files from unhautorized changes managing filesystem permissions.

30 No CVEs
File Permissions & Size Check

File Permissions & Size Check

wp-file-permission-check

A
85

Simple plugin that checks your WordPress install and shows your file permissions, size, and last modified date.

300 No CVEs
Guard Dog Security & Site Lock

Guard Dog Security & Site Lock

folder-auditor

A
100

Audit your site to keep WordPress clean and secure. Enable our one-of-a-kind SITE LOCK to give your site the ultimate security.

200 No CVEs
Reset file and folder permissions

Reset file and folder permissions

reset-file-and-folder-permissions

A
100

A WordPress plugin to reset file permissions to 0644, directory permissions to 0755, and file/folder ownership for security and maintenance purposes.

100 No CVEs
WPFront User Role Editor

WPFront User Role Editor

wpfront-user-role-editor

A
94

Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.

30K 5 CVEs
Developer Profile

Permissions & Security Audit Developer Profile

Andrew Stewart

2 plugins · 50 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Permissions & Security Audit

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/permissions-security-audit/views/css/admin.css/wp-content/plugins/permissions-security-audit/views/js/icwpsecurityauditadmin.js
Script Paths
/wp-content/plugins/permissions-security-audit/views/js/icwpsecurityauditadmin.js
Version Parameters
plugins/permissions-security-audit/views/css/admin.css?ver=plugins/permissions-security-audit/views/js/icwpsecurityauditadmin.js?ver=

HTML / DOM Fingerprints

REST Endpoints
/wp-json/innocow-wp-security-audit/v1/entities/permissions/wp-json/innocow-wp-security-audit/v1/entities/ownership/wp-json/innocow-wp-security-audit/v1/entities/folders/wp-json/innocow-wp-security-audit/v1/server/process/details/wp-json/innocow-wp-security-audit/v1/configuration/wp/wp-json/innocow-wp-security-audit/v1/configuration/sys
FAQ

Frequently Asked Questions about Permissions & Security Audit