WP-Safety

Plainview Activity Monitor Security & Risk Analysis

wordpress.org/plugins/plainview-activity-monitor

Real-time monitoring of users, content, functionality, appearance, security, and updates.

200 active installs v20180826 PHP + WP 3.9+ Updated Aug 26, 2018
activitiesactivitylogging
84
B · Generally Safe
CVEs total1
Unpatched0
Last CVEAug 26, 2018
Plugin page Download
Safety Verdict

Is Plainview Activity Monitor Safe to Use in 2026?

Mostly Safe

Score 84/100

Plainview Activity Monitor is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVELast CVE: Aug 26, 2018Updated 7yr ago
Risk Assessment

The plainview-activity-monitor plugin, version 20180826, exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and avoiding external HTTP requests, it has significant areas of concern. The static analysis revealed the presence of dangerous functions like `unserialize` and `exec`, alongside a critical taint flow with unsanitized input. The absence of nonce checks and capability checks on all entry points is a major weakness, especially considering the presence of dangerous functions that could be leveraged.

The vulnerability history indicates a past high-severity OS Command Injection vulnerability, which is concerning given the `exec` function is present in the code. This suggests a history of exploitable flaws that could have severe consequences if similar vulnerabilities are introduced or if the existing ones are not thoroughly mitigated. The fact that the last known vulnerability was on the same date as the plugin version implies the potential for self-inflicted vulnerabilities or a direct link to the code's state.

In conclusion, while the plugin uses prepared statements and avoids external requests, the presence of dangerous functions, a critical taint flow, a lack of essential security checks (nonces and capabilities), and a history of high-severity vulnerabilities paint a picture of moderate to high risk. The absence of any current unpatched CVEs is positive, but the underlying code quality and historical issues warrant caution.

Key Concerns

  • Dangerous functions present (unserialize, exec)
  • Critical severity taint flow found
  • Missing nonce checks on entry points
  • Missing capability checks on entry points
  • High severity CVE in history
  • Unescaped output percentage (58%)
Vulnerabilities
1

Plainview Activity Monitor Security Vulnerabilities

CVEs by Year

1 CVE in 2018
2018
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2018-15877high · 8.8Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Plainview Activity Monitor < 20180826 - Remote Command Injection

Aug 26, 2018 Patched in 20180826 (1976d)
Code Analysis
Analyzed Mar 16, 2026

Plainview Activity Monitor Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
16 prepared
Unescaped Output
20
28 escaped
Nonce Checks
0
Capability Checks
0
File Operations
10
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$object->$key = @unserialize( base64_decode( $object->$key ) );src\sdk\traits\db_aware_object.php:268
unserializereturn unserialize( base64_decode( $string) );src\sdk\wordpress\base.php:1015
execexec( 'dig -x ' . $ip, $output );src\traits\activities_overview.php:360

SQL Query Safety

100% prepared16 total queries

Output Escaping

58% escaped48 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<tabs> (src\sdk\wordpress\tabs\tabs.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Plainview Activity Monitor Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 20
actionplainview_activity_monitor_manifest_hooksdev\examples\1_minimal\PVAM_Example_1.php:23
actionplainview_activity_monitor_manifest_hooksdev\examples\2_minimal_expanded\PVAM_Example_2.php:23
filterpost_password_expiressrc\hooks\post_password.php:26
filterupgrader_post_installsrc\hooks\upgrader_post_install.php:25
actionadmin_menusrc\Plainview_Activity_Monitor.php:32
actionnetwork_admin_menusrc\Plainview_Activity_Monitor.php:33
actionplugins_loadedsrc\Plainview_Activity_Monitor.php:35
actionplainview_activity_monitor_display_activity_table_columnsrc\traits\activities.php:11
actionplainview_activity_monitor_get_activity_descriptionsrc\traits\activities.php:12
actionplainview_activity_monitor_get_activity_table_columnssrc\traits\activities.php:13
actionplainview_activity_monitor_add_filter_settingssrc\traits\activities_overview.php:17
actionplainview_activity_monitor_save_filter_settingssrc\traits\activities_overview.php:18
actionplainview_activity_monitor_list_activitiessrc\traits\database.php:20
actionplainview_activity_monitor_list_activitiessrc\traits\database.php:21
actionplainview_activity_monitor_list_distinct_valuessrc\traits\database.php:22
actionplainview_activity_monitor_log_hooksrc\traits\database.php:23
actionplainview_activity_monitor_prune_activitiessrc\traits\database.php:24
actionplainview_activity_monitor_remove_activitiessrc\traits\database.php:25
actionplainview_activity_monitor_get_logged_hookssrc\traits\hooks.php:20
actionplainview_activity_monitor_manifest_hookssrc\traits\hooks.php:21
Maintenance & Trust

Plainview Activity Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedAug 26, 2018
PHP min version
Downloads29K

Community Trust

Rating72/100
Number of ratings12
Active installs200
Alternatives

Plainview Activity Monitor Alternatives

BuddyPress Group Email Subscription

BuddyPress Group Email Subscription

buddypress-group-email-subscription

A
92

This powerful plugin allows users to receive email notifications of group activity. Weekly or daily digests are available.

1K No CVEs
UptimeMonster Site Monitor

UptimeMonster Site Monitor

uptimemonster-site-monitor

A
92

Monitor all activities and error logs of your WordPress site with UptimeMonster. Effortlessly simplify website management.

200 No CVEs
DM User Tracking

DM User Tracking

dm-user-tracking-plugin

A
100

An extensive, customisable, fully featured user tracking plugin.

10 No CVEs
Lyon Site Activity

Lyon Site Activity

lyon-site-activity

A
85

A simple, lightweight plugin that gives site administrators an at-a-glance view of recent content edits.

10 No CVEs
User Activity Tracker

User Activity Tracker

user-activity-tracker

A
100

Track and monitor user activity effortlessly with User Activity Tracker. Stay informed about actions taken on your site.

10 No CVEs
Developer Profile

Plainview Activity Monitor Developer Profile

edward_plainview

3 plugins · 9K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
603 days
View full developer profile
Detection Fingerprints

How We Detect Plainview Activity Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/plainview-activity-monitor/css/icon.svg
Script Paths
/wp-content/plugins/plainview-activity-monitor/js/js.js
Version Parameters
plainview-activity-monitor/js/js.js?ver=

HTML / DOM Fingerprints

CSS Classes
hookspvampluginswith_groupsgroupinactivepluginactive+1 more
Data Attributes
data-group
JS Globals
PLAINVIEW_ACTIVITY_MONITOR_VERSION
FAQ

Frequently Asked Questions about Plainview Activity Monitor