Does Server Info have any unpatched vulnerabilities?

No. All known vulnerabilities in Server Info have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Server Info compatible with WordPress 6.8.5?

According to WordPress.org data, Server Info 0.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Server Info compatible with PHP 7.3+?

Server Info requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Server Info updated?

Server Info was last updated on May 19, 2025. Frequent updates are generally a positive security signal.

What is Server Info's security score?

Server Info has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Server Info Security & Risk Analysis

wordpress.org/plugins/server-info

This plugin will show you very useful information about your hosting server such as PHP version, Server OS, Server IP etc.

3K active installs v0.0.1 PHP 7.3+ WP 5.2+ Updated May 19, 2025

admindashboardserver-infoserver-statuswidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Server Info Safe to Use in 2026?

Generally Safe

Score 100/100

Server Info has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The server-info plugin v0.0.1 exhibits a concerning security posture due to a significant lack of protective measures, despite a clean vulnerability history. While the static analysis shows no direct vulnerabilities like unsanitized taint flows or raw SQL queries, the absence of nonces and capability checks on all entry points is a major red flag. The presence of the `exec` function is also a serious concern, as it can be leveraged for remote code execution if proper sanitization and access controls are not rigorously applied, which appears to be the case here given the lack of checks.

The plugin's attack surface is currently zero according to the static analysis, which is an unusual finding given the presence of the `exec` function. This suggests either a very limited scope for the plugin or a potential misinterpretation of the analysis. The clean vulnerability history is a positive sign, but it does not negate the inherent risks introduced by the identified code signals. A plugin with the `exec` function and no authentication or authorization checks on any potential entry points is inherently risky, regardless of past exploits.

In conclusion, while the plugin has no recorded vulnerabilities, its static analysis reveals critical weaknesses. The `exec` function, combined with the complete lack of nonces and capability checks, creates a high-risk scenario for potential privilege escalation or arbitrary code execution. This plugin should not be deployed in a production environment without significant security enhancements.

Key Concerns

Dangerous function 'exec' found
No nonce checks on entry points
No capability checks on entry points
Output escaping is not fully implemented (78%)

Vulnerabilities

None known

Server Info Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Server Info Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$uptime = exec( "uptime", $system );server-info.php:255

SQL Query Safety

100% prepared2 total queries

Output Escaping

78% escaped18 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

display_dashboard_widget (server-info.php:131)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Server Info Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionplugins_loadedserver-info.php:72

actionwp_dashboard_setupserver-info.php:73

actionadmin_menuserver-info.php:74

actionadmin_enqueue_scriptsserver-info.php:75

Maintenance & Trust

Server Info Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 19, 2025

PHP min version7.3

Downloads57K

Community Trust

Rating72/100

Number of ratings10

Active installs3K

Alternatives

Server Info Alternatives

Error Log Monitor

error-log-monitor

Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.

20K 1 CVE

Widget Disable

wp-widget-disable

Disable sidebar and dashboard widgets with an easy to use interface.

10K No CVEs

Dashboard Commander

dashboard-commander

Command your admin dashboard. Manage built-in widgets and dynamically registered widgets. Hide widgets depending upon user capabilities.

900 No CVEs

Dashboard quick links widget

dashboard-quick-link-widget

100

A lightweight plugin to allows admins to create a admin dashboard widget with frequently accessed links for quick access.

700 No CVEs

Admin Dashboard RSS Feed

admin-dashboard-rss-feed

Admin Dashboard RSS Feed displays company news in the WordPress Admin Dashboard using an RSS feed. It provides quick access to the latest updates.

500 1 CVE

Developer Profile

Server Info Developer Profile

Usman Ali Qureshi

4 plugins · 5K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Server Info

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/server-info/assets/css/style.css

Version Parameters

server-info/assets/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

serverinfo_dashboard_widgetdashboard_inf_tableinfohouse_table

FAQ