Does SnapShots have any unpatched vulnerabilities?

No. All known vulnerabilities in SnapShots have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SnapShots compatible with WordPress 6.7.5?

According to WordPress.org data, SnapShots 2.8.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is SnapShots compatible with PHP 7.4+?

SnapShots requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SnapShots updated?

SnapShots was last updated on Dec 4, 2024. Frequent updates are generally a positive security signal.

What is SnapShots's security score?

SnapShots has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SnapShots Security & Risk Analysis

wordpress.org/plugins/snapshots

Quickly Create SnapShots of your development sites and restore them with a click.

20 active installs v2.8.2 PHP 7.4+ WP 6.6+ Updated Dec 4, 2024

databasedevdevelopmentsnapshots

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is SnapShots Safe to Use in 2026?

Generally Safe

Score 92/100

SnapShots has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'snapshots' plugin v2.8.2 exhibits a generally good security posture, with no known historical vulnerabilities and a relatively small attack surface. The static analysis reveals a lack of unprotected entry points, indicating that basic security measures like authentication and authorization checks are likely in place for most interactions. Furthermore, the plugin demonstrates good practices in output escaping, with a high percentage of outputs being properly handled.

However, there are specific areas of concern. The presence of the 'exec' function is a significant red flag, as it can be exploited for Remote Code Execution if not handled with extreme care and sanitization. The taint analysis revealing two flows with unsanitized paths is particularly worrying in conjunction with the 'exec' function. This suggests a potential pathway for attackers to inject malicious commands. The lack of nonce checks is also a notable weakness, particularly if there are any hidden or less obvious entry points that weren't captured by the initial attack surface scan.

Overall, while the plugin's history is clean, the static analysis points to critical potential risks. The 'exec' function combined with unsanitized taint flows presents a high-risk scenario for code injection. The absence of nonce checks further amplifies this risk. It is strongly recommended to investigate and thoroughly sanitize all inputs leading to the 'exec' function and to implement nonce checks on all applicable entry points.

Key Concerns

Dangerous function 'exec' used
Taint flows with unsanitized paths
No nonce checks
SQL queries not fully prepared
Unescaped output detected

Vulnerabilities

None known

SnapShots Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

SnapShots Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec( $rawcmd, $output, $error );includes\plugin.php:215

SQL Query Safety

50% prepared2 total queries

Output Escaping

75% escaped8 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

backup (includes\plugin.php:165)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SnapShots Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actioninitincludes\plugin.php:14

actioninitincludes\plugin.php:15

actionadmin_bar_menuincludes\plugin.php:16

filterupgrader_pre_installincludes\upgrade.php:14

filterupgrader_post_installincludes\upgrade.php:32

Maintenance & Trust

SnapShots Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 4, 2024

PHP min version7.4

Downloads6K

Community Trust

Rating74/100

Number of ratings3

Active installs20

Alternatives

SnapShots Alternatives

Suicide

suicide

Remove all content from your blog's database (by table). Multisite compatible.

30 No CVEs

Query Monitor – The developer tools panel for WordPress

query-monitor

Query Monitor is the developer tools panel for WordPress and WooCommerce.

200K 1 CVE

Yoast Test Helper

yoast-test-helper

100

This plugin makes testing Yoast SEO, Yoast SEO add-ons and integrations and resetting the different features a lot easier.

60K No CVEs

What The File

what-the-file

100

What The File is the best tool to find out what template parts are used to display the page you're currently viewing!

40K No CVEs

Prevent Browser Caching

prevent-browser-caching

Updates the assets version of all CSS and JS files. Shows the latest changes on the site without asking the client to clear browser cache.

10K No CVEs

Developer Profile

SnapShots Developer Profile

EverPress

28 plugins · 121K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

255 days

View full developer profile

Detection Fingerprints

How We Detect SnapShots

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/snapshots/assets/style.css/wp-content/plugins/snapshots/assets/script.js

Script Paths

/wp-content/plugins/snapshots/assets/script.js

Version Parameters

snapshots/style.css?ver=snapshots/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

snapshot-extra-titlesearch-snapshotrestore-snapshotdelete-snapshot

Data Attributes

data-datedata-name

JS Globals

snapshots

FAQ