WP-Safety

Stalkfish – Error Monitoring and Activity Log Monitoring Security & Risk Analysis

wordpress.org/plugins/stalkfish

Stalkfish actively tracks error, crashes, and activity log on your WordPress site and sends them to your Stalkfish dashboard.

10 active installs v1.2.1 PHP 7.1+ WP 5.6+ Updated Aug 8, 2023
activity-logaudit-logmonitoringuser-activityuser-log
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Stalkfish – Error Monitoring and Activity Log Monitoring Safe to Use in 2026?

Generally Safe

Score 85/100

Stalkfish – Error Monitoring and Activity Log Monitoring has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "stalkfish" v1.2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of recorded CVEs and common vulnerability types in its history suggests a relatively stable past, potentially indicating diligent development or infrequent audits. However, significant concerns arise from its attack surface. With 5 total entry points, 3 are unprotected, including 2 AJAX handlers and 1 REST API route lacking permission callbacks. This presents a clear opportunity for unauthenticated attackers to interact with sensitive plugin functionalities. Furthermore, the taint analysis reveals one flow with unsanitized paths, flagged as high severity. This indicates a potential for attackers to inject malicious data that is not properly handled, leading to unintended consequences or security breaches. The presence of the `assert` dangerous function, while only one instance, warrants attention as it can be misused. The plugin also performs external HTTP requests, which could be a vector if not carefully managed and authenticated. The bundled Select2 library, while common, could also be a potential point of vulnerability if it's an outdated or insecure version (though this is not explicitly stated in the data).

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API route
  • High severity unsanitized taint flow
  • Dangerous function 'assert' present
  • External HTTP requests
Vulnerabilities
None known

Stalkfish – Error Monitoring and Activity Log Monitoring Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Stalkfish – Error Monitoring and Activity Log Monitoring Release Timeline

v1.2.1Current
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Stalkfish – Error Monitoring and Activity Log Monitoring Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
7
400 escaped
Nonce Checks
4
Capability Checks
7
File Operations
2
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

assertassert( $prev_sidebar_id !== $updated_sidebar_id );includes/Pipes/class-widgets-pipe.php:466

Bundled Libraries

Select2

Output Escaping

98% escaped407 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-filterpipe> (includes/class-filterpipe.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Stalkfish – Error Monitoring and Activity Log Monitoring Attack Surface

Entry Points5
Unprotected3

AJAX Handlers 3

authwp_ajax_sf_get_actionsincludes/Settings/class-exclude.php:25
authwp_ajax_sf_get_usersincludes/Settings/class-exclude.php:26
authwp_ajax_mock_log_requestincludes/register-settings.php:156

REST API Routes 2

GET/wp-json/stalkfish/v1/api-keyincludes/API/class-local.php:86
GET/wp-json/stalkfish/v1/triggersincludes/API/class-local.php:103
WordPress Hooks 18
actionrest_api_initincludes/API/class-local.php:77
actioninitincludes/API/class-stalkfishapi.php:16
filterquery_varsincludes/API/class-stalkfishapi.php:17
actionparse_requestincludes/API/class-stalkfishapi.php:18
actionupdated_optionincludes/Pipes/class-settings-pipe.php:555
actionregistered_taxonomyincludes/Pipes/class-taxonomies-pipe.php:116
actioncustomize_save_afterincludes/Pipes/class-widgets-pipe.php:120
filteruser_search_columnsincludes/Settings/class-exclude.php:136
filtersf_settings_tabs_arrayincludes/Settings/class-settings-page.php:33
actionplugins_loadedincludes/activator.php:53
actionplugins_loadedincludes/activator.php:63
actionstalkfish_enqueue_requestincludes/class-logpipe.php:33
actioninitincludes/class-plugin.php:50
actionplugin_action_linksincludes/class-plugin.php:51
actionadmin_noticesincludes/class-plugin.php:141
actionadmin_menuincludes/register-settings.php:35
actionwp_loadedincludes/register-settings.php:68
actioninitincludes/register-settings.php:128
Maintenance & Trust

Stalkfish – Error Monitoring and Activity Log Monitoring Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedAug 8, 2023
PHP min version7.1
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Stalkfish – Error Monitoring and Activity Log Monitoring Alternatives

LogDash Activity Log

LogDash Activity Log

logdash-activity-log

A
90

The ultimate solution for tracking activities and security issues on your WordPress site.

100 1 CVE
Activity Log – Monitor & Record User Changes

Activity Log – Monitor & Record User Changes

aryo-activity-log

A
85

This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.

200K 9 CVEs
Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity

Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity

logtivity

A
99

Logtivity is the activity log service for WordPress admins. Logtivity is a unified activity log platform that tracks activity and errors across all yo &hellip;

2K 1 CVE
WP Admin Audit

WP Admin Audit

wp-admin-audit

A
100

WP Admin Audit monitors the security-relevant activities on your site, keeps an event log and tells you when something out of the ordinary happens.

1K No CVEs
User Login Tracker

User Login Tracker

user-login-tracker

A
100

Monitor user login activity with advanced analytics, visual charts, and comprehensive tracking dashboard.

30 No CVEs
Developer Profile

Stalkfish – Error Monitoring and Activity Log Monitoring Developer Profile

Ram Ratan Maurya

4 plugins · 3K total installs

64
trust score
Avg Security Score
79/100
Avg Patch Time
217 days
View full developer profile
Detection Fingerprints

How We Detect Stalkfish – Error Monitoring and Activity Log Monitoring

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/stalkfish/assets/css/settings.css/wp-content/plugins/stalkfish/assets/js/settings.js
Script Paths
/wp-content/plugins/stalkfish/assets/js/select2/select2.full.js/wp-content/plugins/stalkfish/assets/js/settings.js
Version Parameters
stalkfish/assets/css/settings.css?ver=stalkfish/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
sf_settings
Data Attributes
data-prefix
JS Globals
Stalkfish
FAQ

Frequently Asked Questions about Stalkfish – Error Monitoring and Activity Log Monitoring