Does PHP Vitals have any unpatched vulnerabilities?

No. All known vulnerabilities in PHP Vitals have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PHP Vitals compatible with WordPress 6.8.5?

According to WordPress.org data, PHP Vitals 1.2.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is PHP Vitals compatible with PHP 7.0+?

PHP Vitals requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is PHP Vitals updated?

PHP Vitals was last updated on Sep 4, 2025. Frequent updates are generally a positive security signal.

What is PHP Vitals's security score?

PHP Vitals has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PHP Vitals Security & Risk Analysis

wordpress.org/plugins/php-vitals

How fast is your web host? Dozens of PHP speed tests, 1 overall grade: The easy way to compare hosting performance.

400 active installs v1.2.1 PHP 7.0+ WP 6.2+ Updated Sep 4, 2025

benchmarkhostingperformancephpspeed

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PHP Vitals Safe to Use in 2026?

Generally Safe

Score 100/100

PHP Vitals has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The php-vitals plugin v1.2.1 exhibits a generally good security posture with several positive indicators. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and complete output escaping demonstrate sound development practices. Furthermore, the plugin has no recorded vulnerabilities (CVEs), which suggests a history of stable and secure code.

However, a significant concern is the presence of one AJAX handler that lacks authentication checks. This represents a direct entry point that could be exploited by unauthenticated users. While the plugin has no recorded taint analysis findings, the single unprotected AJAX endpoint is a concrete risk that could be leveraged in conjunction with other potential WordPress vulnerabilities or social engineering tactics.

In conclusion, while the plugin's codebase is largely secure in terms of common vulnerability patterns like SQL injection and output issues, the unprotected AJAX endpoint introduces a notable risk. The lack of historical vulnerabilities is a positive sign, but this single identified weakness warrants attention and mitigation.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

PHP Vitals Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PHP Vitals Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

61 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

100% escaped61 total outputs

Attack Surface

1 unprotected

PHP Vitals Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 4

authwp_ajax_phpvitals_run_benchmarkincludes\class-php-vitals-ajax.php:9

authwp_ajax_phpvitals_save_resultsincludes\class-php-vitals-ajax.php:10

authwp_ajax_phpvitals_get_gradesincludes\class-php-vitals-ajax.php:12

authwp_ajax_phpvitals_save_hosting_infoincludes\class-php-vitals-ajax.php:13

WordPress Hooks 4

actionadmin_enqueue_scriptsadmin\class-php-vitals-admin.php:8

actionadmin_enqueue_scriptsadmin\class-php-vitals-admin.php:9

actionadmin_menuadmin\class-php-vitals-admin.php:10

filterplugin_action_links_php-vitalsadmin\class-php-vitals-admin.php:11

Maintenance & Trust

PHP Vitals Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 4, 2025

PHP min version7.0

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs400

Alternatives

PHP Vitals Alternatives

Hosting Benchmark tool

wpbenchmark

Benchmark your hosting server CPU, memory and disk, compare with others using simple Wordpress plugin.

4K 1 CVE

A2 Optimized WP – Turbocharge and secure your WordPress site

a2-optimized-wp

Make your site faster and more secure with the click of a few buttons

70K 1 CVE

Speedtest Pro

speedtest-pro

100

Speedtest Pro analyzes your site's performance with comprehensive server benchmarks and speed testing tools.

30 No CVEs

Hosting Stability Meter

hosting-stability-meter

Benchmarks stability measuring in time. Detailed interactive graph for hosting performance peaks and dips let you know hosting is good or bad.

10 No CVEs

Super Host Speed Benchmark

super-host-speed-benchmark

Test and benchmark the speed of your hosting provider, based on the speed of their mysql database, which tends to be the main cause of Wordpress being …

10 No CVEs

Developer Profile

PHP Vitals Developer Profile

Webslice

1 plugin · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PHP Vitals

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/php-vitals/admin/css/php-vitals-admin.css/wp-content/plugins/php-vitals/admin/js/php-vitals-admin.js

Script Paths

/wp-content/plugins/php-vitals/admin/js/php-vitals-admin.js

Version Parameters

php-vitals/admin/css/php-vitals-admin.css?ver=php-vitals/admin/js/php-vitals-admin.js?ver=

HTML / DOM Fingerprints

JS Globals

window.phpvitals

FAQ