Does Sites Monitor have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Sites Monitor compatible with WordPress 6.6.5?

According to WordPress.org data, Sites Monitor 1.7.5 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Sites Monitor compatible with PHP 7.4+?

Sites Monitor requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Sites Monitor updated?

Sites Monitor was last updated on Jan 27, 2025. Frequent updates are generally a positive security signal.

What is Sites Monitor's security score?

Sites Monitor has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Sites Monitor Security & Risk Analysis

wordpress.org/plugins/sites-monitor

Effortlessly monitor your websites from your own WordPress installation. Keep an eye on updates, site health, WP versions, and more.

100 active installs v1.7.5 PHP 7.4+ WP 6.0+ Updated Jan 27, 2025

dashboardmaintenancemanage-multiple-sitesmonitorperformance

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Sites Monitor Safe to Use in 2026?

Generally Safe

Score 92/100

Sites Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'sites-monitor' plugin v1.7.5 exhibits a generally strong security posture with several positive indicators. The absence of known CVEs and the consistent use of prepared statements for all SQL queries are significant strengths, suggesting diligent development practices regarding data protection. Furthermore, the plugin has no recorded vulnerabilities, which is highly encouraging.

However, some areas warrant attention. The presence of a `unserialize` function, a known risk for deserialization vulnerabilities, is a notable concern, especially as there are no explicit capability checks or nonce checks associated with its potential usage. While the taint analysis found no unsanitized paths, this does not entirely negate the inherent risk of `unserialize` if it's used with untrusted input. Additionally, the output escaping is not fully implemented, with 33% of outputs potentially unescaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is outputted without proper sanitization.

In conclusion, 'sites-monitor' v1.7.5 demonstrates a good foundation in secure coding, particularly in database interactions and its vulnerability history. The main areas for improvement lie in mitigating the risks associated with the `unserialize` function and ensuring all outputs are properly escaped to prevent potential XSS attacks.

Key Concerns

Use of unserialize without clear input validation/checks
Incomplete output escaping (33% unescaped)
0 nonce checks on entry points
Bundled library (Freemius v1.0) may be outdated

Vulnerabilities

None known

Sites Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Sites Monitor Release Timeline

v1.7.5Current

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.2

Code Analysis

Analyzed Mar 16, 2026

Sites Monitor Code Analysis

Dangerous Functions

Raw SQL Queries

58 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$serializable = unserialize($signature['serializable']);vendor-prefixed\laravel\serializable-closure\src\Serializers\Signed.php:92

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared58 total queries

Output Escaping

67% escaped12 total outputs

Attack Surface

Sites Monitor Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 13

actionrest_api_initsrc\Controllers\Api\ApiController.php:54

filteris_submenu_visiblesrc\Providers\AppServiceProvider.php:46

filtershow_deactivation_feedback_formsrc\Providers\AppServiceProvider.php:47

actioninitsrc\Providers\MonitorServiceProvider.php:38

filtermanage_sites_posts_columnssrc\Providers\MonitorServiceProvider.php:39

actionmanage_sites_posts_custom_columnsrc\Providers\MonitorServiceProvider.php:40

actionbefore_delete_postsrc\Providers\MonitorServiceProvider.php:48

actionadmin_menusrc\Providers\SettingsServiceProvider.php:39

actionadmin_initsrc\Providers\SettingsServiceProvider.php:40

actionwpsm_push_eventsrc\Providers\SiteServiceProvider.php:89

actionafter_uninstallsrc\Services\LifeCycleService.php:70

actioninitsrc\Services\ResourceService.php:34

actionadmin_enqueue_scriptssrc\Services\ResourceService.php:37

Scheduled Events 1

wpsm_push_event

Maintenance & Trust

Sites Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJan 27, 2025

PHP min version7.4

Downloads6K

Community Trust

Rating100/100

Number of ratings1

Active installs100

Alternatives

Sites Monitor Alternatives

WP-Stack

wp-stack-connect

Wp-stack makes your lives easy by automating the most boring tasks you do on your websites and saves you hours of work and hundreds of dollars every m …

10 No CVEs

WebBooster Update History

webbooster-update-history

100

Display a summary of all updates performed on your WordPress site directly in the Dashboard.

20 No CVEs

ManageWP Worker

worker

A better way to manage dozens of WordPress websites.

1.0M 3 CVEs

Query Monitor

query-monitor

Query Monitor is the developer tools panel for WordPress and WooCommerce.

200K 1 CVE

The WP Remote WordPress Plugin

wpremote

100

Manage updates, backups, and more across all your WordPress sites with WP Remote.

30K 1 CVE

Developer Profile

Sites Monitor Developer Profile

Verdant Studio

4 plugins · 530 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Sites Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sites-monitor/dist/admin.css/wp-content/plugins/sites-monitor/dist/admin.js

Script Paths

/wp-content/plugins/sites-monitor/dist/admin.js

Version Parameters

sites-monitor/dist/admin.asset.php

HTML / DOM Fingerprints

CSS Classes

wp-sites-monitor-frontwp-sites-monitor-list-front

Data Attributes

data-attributesdata-id

JS Globals

wpsmSettings

REST Endpoints

/wp-json/wpsm/v1

Shortcode Output

<div class="wp-sites-monitor-front"<div class="wp-sites-monitor-list-front"

FAQ

Sites Monitor Security & Risk Analysis

Is Sites Monitor Safe to Use in 2026?

Generally Safe

Key Concerns

Sites Monitor Security Vulnerabilities

Sites Monitor Release Timeline

Sites Monitor Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Sites Monitor Attack Surface

Scheduled Events 1

Sites Monitor Maintenance & Trust

Maintenance Signals

Community Trust

Sites Monitor Alternatives

WP-Stack

WebBooster Update History

ManageWP Worker

Query Monitor

The WP Remote WordPress Plugin

Sites Monitor Developer Profile

How We Detect Sites Monitor

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Sites Monitor