Does Monitor have any unpatched vulnerabilities?

No. All known vulnerabilities in Monitor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Monitor compatible with WordPress 6.9.4?

According to WordPress.org data, Monitor 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Monitor compatible with PHP 8.1+?

Monitor requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Monitor updated?

Monitor was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Monitor's security score?

Monitor has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Monitor Security & Risk Analysis

wordpress.org/plugins/satollo-monitor

Track and store internal site events for analysis and debugging: abilities calls, http calls, emails, scheduled jobs, ...

0 active installs v1.0.0 PHP 8.1+ WP 6.9+ Updated Mar 13, 2026

debuglogging

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Monitor Safe to Use in 2026?

Generally Safe

Score 100/100

Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The satollo-monitor plugin v1.0.0 exhibits a mixed security posture. While it demonstrates good practices in output escaping and a lack of known vulnerabilities historically, significant concerns arise from its attack surface and the use of dangerous functions.

Specifically, the plugin exposes six AJAX handlers without any authentication or capability checks. This is a major risk, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure. The presence of the `unserialize` function is also a concern, especially when combined with an unprotected attack surface. If user-supplied data is unserialized without proper validation, it could lead to remote code execution vulnerabilities.

Despite the lack of recorded vulnerabilities and a generally good output escaping rate, the critical weaknesses in authentication for AJAX endpoints and the potential for deserialization vulnerabilities create a high-risk profile. Developers should prioritize implementing robust nonce and capability checks for all AJAX handlers and carefully sanitize any data passed to `unserialize`.

Key Concerns

Unprotected AJAX handlers
Use of dangerous function: unserialize
Low capability check coverage

Vulnerabilities

None known

Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Monitor Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

130 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$filters = unserialize($log->filters);admin\admin-ajax.php:34

unserialize$filters = unserialize($log->filters);admin\admin-ajax.php:73

unserialize$args = unserialize($log->args);admin\admin-ajax.php:97

unserialize$args = unserialize($log->params);admin\admin-ajax.php:124

unserializeforeach (unserialize($item->ready_jobs) as $job) {admin\scheduler\logs.php:73

unserializeforeach (unserialize($item->executed_jobs) as $job) {admin\scheduler\logs.php:80

SQL Query Safety

54% prepared52 total queries

Output Escaping

94% escaped139 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<admin-ajax> (admin\admin-ajax.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

Monitor Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_monitor-ability-dataadmin\admin-ajax.php:8

authwp_ajax_monitor-emails-filtersadmin\admin-ajax.php:25

authwp_ajax_monitor-users-roleadmin\admin-ajax.php:47

authwp_ajax_monitor-scheduler-filtersadmin\admin-ajax.php:63

authwp_ajax_monitor-http-argsadmin\admin-ajax.php:87

authwp_ajax_monitor-rest-paramsadmin\admin-ajax.php:114

WordPress Hooks 15

actioninitadmin\admin.php:31

actionadmin_enqueue_scriptsadmin\admin.php:38

actionadmin_menuadmin\admin.php:45

filterwp_mailsatollo-monitor.php:65

actionwp_mail_succeededsatollo-monitor.php:93

actionwp_mail_failedsatollo-monitor.php:103

filterrest_pre_dispatchsatollo-monitor.php:137

actionafter_execute_abilitysatollo-monitor.php:145

actionwp_loadedsatollo-monitor.php:188

filterpre_unschedule_eventsatollo-monitor.php:204

actionwp_loadedsatollo-monitor.php:214

filterpre_http_requestsatollo-monitor.php:235

filterhttp_api_debugsatollo-monitor.php:257

filterrest_post_dispatchsatollo-monitor.php:280

actionmonitor_clean_logssatollo-monitor.php:351

Scheduled Events 2

monitor_clean_logs

monitor_scheduler_test

Maintenance & Trust

Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version8.1

Downloads87

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Monitor Alternatives

Log Deprecated Notices

log-deprecated-notices

Logs the usage of deprecated files, functions, and function arguments, and identifies where the deprecated functionality is being used.

1K No CVEs

Developer Loggers for Simple History

developer-loggers-for-simple-history

Useful loggers for SimpleHistory for developers during development of a site or to maintain a live site.

400 1 CVE

Issues Tracker

issues-tracker

Issues Tracker allows you view and search WordPress logs, receive security advice, track 404 errors, and view your server settings.

50 No CVEs

Quick debug.log Viewer

quick-debug-log-viewer

100

Easily view and manage your WordPress debug.log file directly from the admin area — no FTP access required.

20 No CVEs

Log Deprecated Notices Extender

log-deprecated-notices-extender

This developer-oriented WordPress plugin extends Andrew Nacin's Log Deprecated Notices to show a link in the WP 3.3+ Toolbar.

10 No CVEs

Developer Profile

Monitor Developer Profile

Stefano Lissa

14 plugins · 515K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

650 days

View full developer profile

Detection Fingerprints

How We Detect Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/satollo-monitor/admin/assets/css/dashboard.css/wp-content/plugins/satollo-monitor/admin/assets/js/dashboard.js

Script Paths

/wp-content/plugins/satollo-monitor/admin/assets/js/dashboard.js

Version Parameters

satollo-monitor/admin/assets/css/dashboard.css?ver=satollo-monitor/admin/assets/js/dashboard.js?ver=

HTML / DOM Fingerprints

CSS Classes

satollo-monitor-dashboard

REST Endpoints

/wp/v2/abilities/

FAQ