Does phpinfo() WP have any unpatched vulnerabilities?

No. All known vulnerabilities in phpinfo() WP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is phpinfo() WP compatible with WordPress 6.8.5?

According to WordPress.org data, phpinfo() WP 6.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is phpinfo() WP compatible with PHP 5.0+?

phpinfo() WP requires PHP 5.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is phpinfo() WP updated?

phpinfo() WP was last updated on May 3, 2025. Frequent updates are generally a positive security signal.

What is phpinfo() WP's security score?

phpinfo() WP has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

phpinfo() WP Security & Risk Analysis

wordpress.org/plugins/phpinfo-wp

A simple plugin to look up server info and manage server configuration of wordpress site

3K active installs v6.1 PHP 5.0+ WP 4.7+ Updated May 3, 2025

apachehtaccessphpinfoserver-info

A · Safe

CVEs total2

Unpatched0

Last CVEJun 19, 2024

Plugin page Download

Safety Verdict

Is phpinfo() WP Safe to Use in 2026?

Generally Safe

Score 99/100

phpinfo() WP has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 19, 2024Updated 11mo ago

Risk Assessment

The phpinfo-wp plugin v6.1 exhibits a mixed security posture. On one hand, the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected. Furthermore, all SQL queries are properly prepared, and there are no identified taint flows of critical or high severity. This suggests that the core functionality of the plugin, as analyzed, does not expose direct input validation or direct database manipulation vulnerabilities through common entry points.

However, significant concerns arise from the output escaping and vulnerability history. A concerning 0% of output is properly escaped, meaning sensitive information or unexpected data could be rendered directly in the browser, potentially leading to XSS vulnerabilities. The plugin has a history of 2 medium severity CVEs, specifically related to Exposure of Sensitive Information and Cross-Site Request Forgery, with the most recent one being June 19, 2024, which is unpatched. This history, coupled with the lack of output escaping, strongly suggests a pattern of insecure handling of data and a persistent risk of sensitive information disclosure and potentially client-side attacks.

In conclusion, while the plugin has a low direct attack surface and secure database practices, the prevalent lack of output escaping and the recent, unpatched medium-severity vulnerabilities significantly undermine its security. The identified historical vulnerability types indicate a consistent weakness in how the plugin manages and presents data. Users should be extremely cautious, and the lack of output escaping should be addressed immediately.

Key Concerns

Unpatched medium severity CVEs
100% of output not properly escaped
0 capability checks on entry points

Vulnerabilities

phpinfo() WP Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-35776medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

phpinfo() WP <= 5.0 - Unauthenticated Information Exposure

Jun 19, 2024 Patched in 6.0 (70d)

CVE-2023-26542medium · 5.4Cross-Site Request Forgery (CSRF)

phpinfo() WP <= 4.0 - Cross-Site Request Forgery

Feb 24, 2023 Patched in 5.0 (333d)

Code Analysis

Analyzed Mar 16, 2026

phpinfo() WP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped13 total outputs

Attack Surface

phpinfo() WP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menuphpinfo-wp.php:26

actionadmin_enqueue_scriptsphpinfo-wp.php:27

filterclean_urlphpinfo-wp.php:28

filterplugin_row_metaphpinfo-wp.php:29

filterplugin_action_linksphpinfo-wp.php:30

filteradmin_footer_textphpinfo-wp.php:118

Maintenance & Trust

phpinfo() WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 3, 2025

PHP min version5.0

Downloads43K

Community Trust

Rating84/100

Number of ratings5

Active installs3K

Alternatives

phpinfo() WP Alternatives

Apache Status & Info

htaccess-server-info-server-status

100

Apache server-info and server-status monitoring right in your WordPress admin.

100 No CVEs

Redirection

redirection

Manage 301 redirects, track 404 errors, and improve your site. No knowledge of Apache or Nginx required.

2.0M 5 CVEs

Spider Blocker

spiderblocker

SpiderBlocker will block most common bots that consume bandwidth and slow down your blog.

20K No CVEs

Custom PHP Settings

custom-php-settings

100

This plugin makes it possible to override php settings.

10K No CVEs

PHP Server Info

php-server-info

A very simple plugin for displaying full PHP Info from within the WordPress Admin menu.

200 No CVEs

Developer Profile

phpinfo() WP Developer Profile

Exeebit

1 plugin · 3K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

202 days

View full developer profile

Detection Fingerprints

How We Detect phpinfo() WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/phpinfo-wp/css/style.css/wp-content/plugins/phpinfo-wp/js/scripts.js

Script Paths

js/scripts.js#async

HTML / DOM Fingerprints

FAQ