Does Watchlog RUM have any unpatched vulnerabilities?

No. All known vulnerabilities in Watchlog RUM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Watchlog RUM compatible with WordPress 6.9.4?

According to WordPress.org data, Watchlog RUM 0.2.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Watchlog RUM compatible with PHP 7.4+?

Watchlog RUM requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Watchlog RUM updated?

Watchlog RUM was last updated on Dec 27, 2025. Frequent updates are generally a positive security signal.

What is Watchlog RUM's security score?

Watchlog RUM has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Watchlog RUM Security & Risk Analysis

wordpress.org/plugins/watchlog-rum

Real User Monitoring (RUM) for WordPress powered by Watchlog.

0 active installs v0.2.0 PHP 7.4+ WP 5.8+ Updated Dec 27, 2025

analyticsmonitoringperformancerum

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Watchlog RUM Safe to Use in 2026?

Generally Safe

Score 100/100

Watchlog RUM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "watchlog-rum" v0.2.0 plugin exhibits a strong security posture based on the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface. Furthermore, the code demonstrates good practices with 100% of SQL queries utilizing prepared statements and a high percentage (95%) of outputs being properly escaped. The single capability check also indicates an awareness of access control.

However, a notable concern arises from the complete lack of nonce checks. While the plugin has a very small attack surface and the available capability checks mitigate some risk, the absence of nonces on any potential (though currently zero) entry points leaves it vulnerable to Cross-Site Request Forgery (CSRF) attacks if new entry points are added in future versions without corresponding security measures. The taint analysis showing zero flows is positive, but this is likely due to the plugin's limited functionality and lack of user-supplied input processing, which could change.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the positive static analysis results, suggests the developers are either new or have a strong focus on security. The lack of historical vulnerabilities is a positive indicator, but the absence of nonce checks remains a concerning oversight that should be addressed to ensure robust security.

Key Concerns

Missing nonce checks

Vulnerabilities

None known

Watchlog RUM Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Watchlog RUM Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped22 total outputs

Attack Surface

Watchlog RUM Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionadmin_initincludes\class-watchlog-rum.php:50

actionadmin_menuincludes\class-watchlog-rum.php:51

actionwp_enqueue_scriptsincludes\class-watchlog-rum.php:52

actionplugins_loadedwatchlog-rum.php:34

Maintenance & Trust

Watchlog RUM Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 27, 2025

PHP min version7.4

Downloads96

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Watchlog RUM Alternatives

SpeedVitals RUM

speedvitals-rum

100

Integrates SpeedVitals RUM Script in your WordPress Website

40 No CVEs

Vibes

vibes

Truthful user experience and browsing performances monitoring.

400 1 CVE

Site24x7 Real User Monitoring

site24x7-rum

Real User Monitoring (RUM) by Site24x7 provides deep and accurate insight into real users’experience on your WordPress setup.

100 No CVEs

Core Web Vitals – Real User Monitoring (RUM)

core-web-vitals-real-user-monitoring-rum

100

Track Core Web Vitals (LCP, INP, CLS, FCP, TTFB) from real users with comprehensive analytics, GA4 integration, and performance insights.

0 No CVEs

LinkRivers Site Monitor

linkrivers-site-monitor

100

Professional website monitoring for local businesses. Track uptime, SSL, page speed, SEO health, and Real User Monitoring.

0 No CVEs

Developer Profile

Watchlog RUM Developer Profile

watchlog

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Watchlog RUM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/watchlog-rum/includes/js/dist/bundle.js/wp-content/plugins/watchlog-rum/includes/js/dist/watchlog-rum-script.js

Script Paths