Does ServerMonitor have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ServerMonitor compatible with WordPress 4.9.29?

According to WordPress.org data, ServerMonitor 0.3.6 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is ServerMonitor compatible with PHP 5.1.3+?

ServerMonitor requires PHP 5.1.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ServerMonitor updated?

ServerMonitor was last updated on Apr 7, 2018. Frequent updates are generally a positive security signal.

What is ServerMonitor's security score?

ServerMonitor has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ServerMonitor Security & Risk Analysis

wordpress.org/plugins/servermonitor

A simple plugin to view server resource usage (ram, cpu, disk), check your PHP error log, and more.

100 active installs v0.3.6 PHP 5.1.3+ WP 3.4+ Updated Apr 7, 2018

disk-spacedisk-usagememoryserver-infosystem-monitor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ServerMonitor Safe to Use in 2026?

Generally Safe

Score 85/100

ServerMonitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "servermonitor" plugin version 0.3.6 exhibits a concerning security posture despite a clean vulnerability history. While it boasts zero known CVEs and no dangerous functions or raw SQL queries, significant weaknesses are evident in its static analysis. The presence of a single unprotected AJAX handler represents a substantial attack surface, as it's an entry point that lacks authentication checks. This could allow an unauthenticated attacker to trigger unintended actions within the plugin. Furthermore, the taint analysis reveals flows with unsanitized paths, indicating potential risks if malicious input is introduced. The low percentage of properly escaped output (13%) is another major concern, as it exposes the plugin to cross-site scripting (XSS) vulnerabilities where attacker-controlled data could be rendered directly in the browser. The plugin's strength lies in its use of prepared statements for its SQL queries, but this is overshadowed by the critical security gaps in its handling of user input and lack of authorization for its AJAX endpoint.

Key Concerns

Unprotected AJAX handler
Taint flows with unsanitized paths
Low percentage of properly escaped output
No nonce checks
No capability checks

Vulnerabilities

None known

ServerMonitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ServerMonitor Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

ServerMonitor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

13% escaped23 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

servermonitor_info (servermonitor.php:61)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

ServerMonitor Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_servermonitor_monitorajaxservermonitor.php:40

WordPress Hooks 2

actionadmin_menuservermonitor.php:39

actionadmin_initservermonitor.php:49

Maintenance & Trust

ServerMonitor Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 7, 2018

PHP min version5.1.3

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

ServerMonitor Alternatives

Server IP & Memory Usage Display

server-ip-memory-usage

100

Show the memory limit, current memory usage and IP address in the admin footer.

30K No CVEs

Disk Usage Sunburst

disk-usage-sunburst

100

Visualize and drill down the disk usage of your whole WordPress installation. Find and identify big files immediately!

9K No CVEs

System Dashboard

system-dashboard

Central dashboard to monitor various WordPress components, processes and data, including the server.

1K 11 CVEs

MyServerInfo – Memory Usage, PHP Version, Memory Limit, Execution Time, CPU Usage, Disk Usage

my-server-info

100

Displays Usage (CPU , Disk, Memory), PHP and MySQL Version, WP Memory Limit, PHP Execution Time, Max Input Vars, IP Address, Uptime, Timezone.

700 No CVEs

atec System Info

atec-system-info

100

atec System Info (Operating system, server, memory, PHP and database details)

300 No CVEs

Developer Profile

ServerMonitor Developer Profile

Francis Smith

2 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ServerMonitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/servermonitor/css/chartist.min.css/wp-content/plugins/servermonitor/css/monitor.css/wp-content/plugins/servermonitor/js/chartist.min.js/wp-content/plugins/servermonitor/js/smoothie.min.js/wp-content/plugins/servermonitor/js/monitor.js

Script Paths

/wp-content/plugins/servermonitor/js/chartist.min.js/wp-content/plugins/servermonitor/js/smoothie.min.js/wp-content/plugins/servermonitor/js/monitor.js

Version Parameters

servermonitor/css/chartist.min.css?ver=servermonitor/css/monitor.css?ver=servermonitor/js/chartist.min.js?ver=servermonitor/js/smoothie.min.js?ver=servermonitor/js/monitor.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-monitor-type

JS Globals

servermonitor_monitorjsservermonitor_monitorajax

FAQ