Does SitePush have any unpatched vulnerabilities?

No. All known vulnerabilities in SitePush have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SitePush compatible with WordPress 3.6.1?

According to WordPress.org data, SitePush 0.4.2 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is SitePush updated?

SitePush was last updated on Sep 9, 2013. Frequent updates are generally a positive security signal.

What is SitePush's security score?

SitePush has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SitePush Security & Risk Analysis

wordpress.org/plugins/sitepush

Easily move content and code between WordPress sites. Pull your site's DB to a dev site, push new code to a staging site, etc.

30 active installs v0.4.2 PHP + WP 3.3.1+ Updated Sep 9, 2013

deploymentdevelopmentmigratemigrationmove

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SitePush Safe to Use in 2026?

Generally Safe

Score 85/100

SitePush has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The 'sitepush' plugin version 0.4.2 exhibits a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) associated with this plugin, and the static analysis shows a strong emphasis on security best practices, with a high percentage of SQL queries using prepared statements and a significant number of capability checks in place. The limited attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events lacking authentication, is also a positive indicator.

However, several concerning signals emerge from the code analysis. The presence of dangerous functions like `shell_exec`, `popen`, and `exec` is a significant red flag, as these can be exploited for remote code execution if not handled with extreme care and proper sanitization. Furthermore, the low percentage of properly escaped output (3%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where untrusted data displayed to users could be manipulated to execute malicious scripts.

The taint analysis reveals two flows with unsanitized paths. While these are not classified as critical or high severity, they still represent potential security weaknesses that could be exploited. The absence of any recorded vulnerabilities in the plugin's history is reassuring, but it does not negate the risks identified in the static and taint analyses. The plugin appears to have strengths in its overall structure and adherence to some security best practices, but the use of dangerous functions and inadequate output escaping present clear and present dangers that require immediate attention.

Key Concerns

Dangerous functions (shell_exec, popen, exec) detected
Low percentage of properly escaped output
Unsanitized paths found in taint analysis

Vulnerabilities

None known

SitePush Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

SitePush Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_execif( ! @shell_exec("{$this->options->mysql_path} --version") )classes\class-sitepush-core.php:237

shell_execif( ! @shell_exec("{$this->options->mysqldump_path} --version") )classes\class-sitepush-core.php:239

shell_execif( ! @shell_exec("{$this->options->rsync_path} --version") )classes\class-sitepush-core.php:780

popenif(!$fh = popen($command . ' 2>&1', "r"))classes\class-sitepush-core.php:1065

execexec($command . ' 2>&1', $output, $result );classes\class-sitepush-core.php:1085

shell_exec$output .= "Server user: " . shell_exec('whoami') . "<br />";classes\class-sitepush-options.php:1091

shell_exec$output .= "Server groups: " . shell_exec('id') . "<br />";classes\class-sitepush-options.php:1092

SQL Query Safety

91% prepared11 total queries

Output Escaping

3% escaped61 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

section_config_text (classes\class-sitepush-options-screen.php:56)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SitePush Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actioninitclasses\class-sitepush-plugin.php:42

actionadmin_initclasses\class-sitepush-plugin.php:45

actionadmin_menuclasses\class-sitepush-plugin.php:46

actionadmin_headclasses\class-sitepush-plugin.php:47

actionadmin_noticesclasses\class-sitepush-plugin.php:49

filterwp_authenticate_userclasses\class-sitepush-plugin.php:55

filterplugin_action_linksclasses\class-sitepush-plugin.php:69

filterplugin_action_linksclasses\class-sitepush-plugin.php:80

filterthe_contentclasses\class-sitepush-plugin.php:90

filterwp_nav_menuclasses\class-sitepush-plugin.php:93

filterwidget_textclasses\class-sitepush-plugin.php:96

filterclean_urlclasses\class-sitepush-plugin.php:100

Maintenance & Trust

SitePush Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedSep 9, 2013

PHP min version

Downloads11K

Community Trust

Rating94/100

Number of ratings15

Active installs30

Alternatives

SitePush Alternatives

Migrate to WordPress.com

wpcom-migration

100

A WordPress plugin that helps users to migrate their sites to WordPress.com

1K No CVEs

Transferito: WP Migration

transferito

100

The easiest 1-Click WordPress Migration plugin that will migrate, clone, transfer and move your WordPress site to any host in seconds.

500 No CVEs

All-in-One WP Migration and Backup

all-in-one-wp-migration

Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.

5.0M 13 CVEs

Migrate Guru – Site Migration & Cloning

migrate-guru

100

Effortlessly migrate, clone, or transfer your WordPress site to over 5,000 web hosts with Migrate Guru, trusted by Cloudways, Pantheon, and Dreamhost.

200K No CVEs

Backup Migration

backup-backup

Backup Migration

100K 12 CVEs

Developer Profile

SitePush Developer Profile

Mark Rowatt Anderson

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SitePush

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sitepush/assets/css/sitepush.css/wp-content/plugins/sitepush/assets/js/sitepush.js

Version Parameters

sitepush/assets/css/sitepush.css?ver=sitepush/assets/js/sitepush.js?ver=

HTML / DOM Fingerprints

CSS Classes

sitepush-settings

HTML Comments

<!-- SitePush: This program is free software; you can redistribute it and/or modify<!-- SitePush: This program is distributed in the hope that it will be useful,<!-- SitePush: You should have received a copy of the GNU General Public License+2 more

Data Attributes

data-sp-sitepush-key

JS Globals

sitepush_vars

FAQ

SitePush Security & Risk Analysis

Is SitePush Safe to Use in 2026?

Generally Safe

Key Concerns

SitePush Security Vulnerabilities

SitePush Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

SitePush Attack Surface

SitePush Maintenance & Trust

Maintenance Signals

Community Trust

SitePush Alternatives

Migrate to WordPress.com

Transferito: WP Migration

All-in-One WP Migration and Backup

Migrate Guru – Site Migration & Cloning

Backup Migration

SitePush Developer Profile

How We Detect SitePush

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about SitePush