Does System Report have any unpatched vulnerabilities?

No. All known vulnerabilities in System Report have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is System Report compatible with WordPress 4.8.28?

According to WordPress.org data, System Report 2.1.0 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is System Report updated?

System Report was last updated on Jul 1, 2017. Frequent updates are generally a positive security signal.

What is System Report's security score?

System Report has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

System Report Security & Risk Analysis

wordpress.org/plugins/system-report

Quickly identify important aspects of your server, PHP, WordPress installation, theme and plugins

10 active installs v2.1.0 PHP + WP 3.3+ Updated Jul 1, 2017

informationreportstatussystem

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is System Report Safe to Use in 2026?

Generally Safe

Score 85/100

System Report has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The system-report plugin v2.1.0 exhibits a mixed security posture. While it has no reported vulnerabilities (CVEs) and a seemingly small attack surface based on the provided metrics, the static analysis reveals significant concerns. The presence of the `exec` function is a critical warning sign, as it can be exploited for arbitrary code execution if improperly handled. Furthermore, two identified taint flows with unsanitized paths suggest potential vulnerabilities where user-supplied data could be used to manipulate file paths or other sensitive operations without proper validation. The low percentage of properly escaped output (26%) also indicates a risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

Dangerous function 'exec' found
Taint flows with unsanitized paths (2)
Low percentage of properly escaped output
No capability checks found
No nonce checks found

Vulnerabilities

None known

System Report Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

System Report Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec@exec( $cmd, $output );src\system-load.php:47

SQL Query Safety

67% prepared6 total queries

Output Escaping

26% escaped19 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

get_server_report (views\server.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

System Report Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menusystem-report.php:63

Maintenance & Trust

System Report Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJul 1, 2017

PHP min version

Downloads10K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

System Report Alternatives

Site Status Reporter

site-status-reporter

100

Easily generate and share detailed WordPress site reports with Site Status Reporter, including plugins, themes, PHP, server info, and more—fully custo …

0 No CVEs

atec System Info

atec-system-info

100

atec System Info (Operating system, server, memory, PHP and database details)

200 No CVEs

Happy Ordering

happy-ordering

100

Check Happy Ordering system status and report bugs to improve your ordering experience.

0 No CVEs

Ni WooCommerce Custom Order Status

ni-woocommerce-custom-order-status

WC requires at least: 4.0 WC tested up to: 9.7 Last Updated Date: 10-March-2026 WooCommerce Custom Order Status plug-in allows you to create and manag …

2K 1 CVE

WP System Information

wp-system-info

Show WordPress Site, Current Theme, active plugin and server related information, php info, file & folder persmission at a glance.

800 1 unpatched

Developer Profile

System Report Developer Profile

Aaron Holbrook

4 plugins · 40 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect System Report

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/system-report/assets/css/bootstrap.min.css/wp-content/plugins/system-report/assets/css/system-report.css/wp-content/plugins/system-report/assets/js/bootstrap.min.js/wp-content/plugins/system-report/assets/js/system-report.js

Script Paths

/wp-content/plugins/system-report/assets/js/system-report.js/wp-content/plugins/system-report/assets/js/bootstrap.min.js

Version Parameters

system-report/assets/css/bootstrap.min.css?ver=system-report/assets/css/system-report.css?ver=system-report/assets/js/bootstrap.min.js?ver=system-report/assets/js/system-report.js?ver=

HTML / DOM Fingerprints

CSS Classes

system-report-wrappersystem-report-content

HTML Comments

Data Attributes

data-bs-toggledata-bs-target

JS Globals

window.sr_data

FAQ