Does Session Monitor have any unpatched vulnerabilities?

No. All known vulnerabilities in Session Monitor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Session Monitor compatible with WordPress 6.8.5?

According to WordPress.org data, Session Monitor 1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Session Monitor compatible with PHP 7.4+?

Session Monitor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Session Monitor updated?

Session Monitor was last updated on May 30, 2025. Frequent updates are generally a positive security signal.

What is Session Monitor's security score?

Session Monitor has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Session Monitor Security & Risk Analysis

wordpress.org/plugins/session-monitor

This plugin adds real-time user status indicators to the WordPress admin users list. It tracks activity with minimal impact, even on large sites.

0 active installs v1.0 PHP 7.4+ WP 6.0+ Updated May 30, 2025

activitymonitorofflineonlineusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Session Monitor Safe to Use in 2026?

Generally Safe

Score 100/100

Session Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "session-monitor" plugin version 1.0 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code adheres to many WordPress security best practices, including the use of prepared statements for all SQL queries, proper output escaping for all outputs, and the implementation of both nonce and capability checks on its single AJAX entry point. There are no identified dangerous functions, file operations, or external HTTP requests, further minimizing the attack surface. The absence of any critical or high-severity taint flows indicates that user input is likely handled safely, and the plugin has no known historical vulnerabilities, suggesting a stable and well-maintained codebase.

While the plugin demonstrates excellent adherence to secure coding practices, the overall attack surface is minimal, with only one AJAX handler. This is a positive indicator. However, it's important to note that even with robust internal checks, the security of any plugin is also dependent on the overall WordPress environment and the security of other installed plugins and themes. The lack of any recorded vulnerabilities in its history is a significant strength, implying a history of diligent security awareness and robust development. In conclusion, "session-monitor" v1.0 appears to be a highly secure plugin with no apparent vulnerabilities based on the data provided.

Vulnerabilities

None known

Session Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Session Monitor Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Data Flows

All sanitized

Data Flow Analysis

2 flows

sm_ajax_get_status (session-monitor.php:67)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Session Monitor Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_session_monitor_get_statussession-monitor.php:29

WordPress Hooks 6

actioninitsession-monitor.php:22

actionadmin_initsession-monitor.php:23

filtermanage_users_columnssession-monitor.php:25

filtermanage_users_custom_columnsession-monitor.php:26

actionadmin_headsession-monitor.php:27

actionadmin_enqueue_scriptssession-monitor.php:30

Maintenance & Trust

Session Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 30, 2025

PHP min version7.4

Downloads213

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Session Monitor Alternatives

Fullworks Active Users Monitor

fullworks-active-users-monitor

100

Real-time monitoring of logged-in WordPress users with visual indicators, filtering, and comprehensive admin tools.

30 No CVEs

WP-UserOnline

wp-useronline

Enable you to display how many users are online on your Wordpress blog with detailed statistics.

10K 4 CVEs

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity

logtivity

100

Logtivity is the activity log service for WordPress admins. Logtivity is a unified activity log platform that tracks activity and errors across all yo …

2K No CVEs

WP Online Active Users

online-active-users

100

WP Online Active Users is a lightweight, powerful plugin to monitor and display how many users are currently online active on your WordPress website.

2K No CVEs

UptimeMonster Site Monitor

uptimemonster-site-monitor

Monitor all activities and error logs of your WordPress site with UptimeMonster. Effortlessly simplify website management.

200 No CVEs

Developer Profile

Session Monitor Developer Profile

Amzil Ayoub

6 plugins · 30 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Session Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/session-monitor/js/session-monitor.js

Script Paths

/wp-content/plugins/session-monitor/js/session-monitor.js

Version Parameters

session-monitor.js?ver=

HTML / DOM Fingerprints

CSS Classes

session-statusstatus-col-headingcolumn-sm_status

Data Attributes

data-user-id

JS Globals

session_monitor_vars

FAQ