Does System Update Exporter have any unpatched vulnerabilities?

No. All known vulnerabilities in System Update Exporter have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is System Update Exporter compatible with WordPress 6.9.4?

According to WordPress.org data, System Update Exporter 1.0.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is System Update Exporter compatible with PHP 7.4+?

System Update Exporter requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is System Update Exporter updated?

System Update Exporter was last updated on Unknown. Frequent updates are generally a positive security signal.

What is System Update Exporter's security score?

System Update Exporter has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

System Update Exporter Security & Risk Analysis

wordpress.org/plugins/system-update-exporter

System Update Exporter exports pending WordPress updates and system info in Excel, Word, or CSV for easy reporting.

0 active installs v1.0.2 PHP 7.4+ WP 5.6+ Updated Unknown

exportplugin-managementplugin-updatessystem-statusupdates

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is System Update Exporter Safe to Use in 2026?

Generally Safe

Score 100/100

System Update Exporter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "system-update-exporter" plugin v1.0.2 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs, critical taint flows, and the consistent use of prepared statements for SQL queries are significant strengths. Furthermore, the plugin demonstrates good practices by implementing capability checks and nonce checks in its code, suggesting an effort to control access to its functionalities. The limited attack surface reported, with no exposed AJAX handlers, REST API routes, or shortcodes without proper checks, is also a positive indicator. However, a notable concern is the significant percentage of improperly escaped output (34%). While the plugin has no recorded vulnerabilities to date, this oversight could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data or dynamic content is not sufficiently sanitized before being displayed. The presence of file operations without further context also warrants a slight caution, though the absence of taint flows related to paths mitigates immediate risk.

Key Concerns

Improperly escaped output detected

Vulnerabilities

None known

System Update Exporter Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

System Update Exporter Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

73 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

66% escaped110 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

systupex_save_roles_capabilities (admin\settings.php:177)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

System Update Exporter Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menuadmin\admin-menu.php:49

actionadmin_post_export_updatesadmin\admin-page.php:156

actionadmin_initadmin\settings.php:62

actionupdate_option_systupex_allowed_rolesadmin\settings.php:217

actionadmin_post_export_updatesincludes\Export.php:271

actionadmin_enqueue_scriptssystem-update-exporter.php:55

Maintenance & Trust

System Update Exporter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads319

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

System Update Exporter Alternatives

Disable Updates – Updates Manager, Disable Automatic Updates, Disable All Updates

webcraftic-updates-manager

100

Disable updates and automatic updates for WordPress core, plugins, and themes, with the option to disable plugin or theme updates individually.

9K No CVEs

Hide Updates

hide-updates

This plugin hides update notifications for core, plugin, and theme updates in the WordPress admin for all everyone except specified users.

6K No CVEs

Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes

disable-email-notification-for-auto-updates

100

This plugin disables email notifications for auto-updates and blocks updates for specific plugins, hide plugins, WordPress core, and themes.

3K No CVEs

Updater by BestWebSoft

updater

100

Automatically update WordPress core, plugins, themes, and translations. Schedule updates and get email notifications – no FTP needed.

2K 1 CVE

WP Disable Automatic Updates

wp-disable-automatic-updates

This plugin allows you to disable all types of automatic Wordpress Updates very simply with some special features.

2K No CVEs

Developer Profile

System Update Exporter Developer Profile

Umbradev

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect System Update Exporter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/system-update-exporter/assets/css/admin-styles.css/wp-content/plugins/system-update-exporter/assets/js/admin-scripts.js

Script Paths

/wp-content/plugins/system-update-exporter/assets/js/admin-scripts.js

Version Parameters

system-update-exporter/assets/css/admin-styles.css?ver=system-update-exporter/assets/js/admin-scripts.js?ver=

HTML / DOM Fingerprints

FAQ