Does Web Change Detector have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Web Change Detector compatible with WordPress 6.9.4?

According to WordPress.org data, Web Change Detector 4.2.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Web Change Detector compatible with PHP 7.4+?

Web Change Detector requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Web Change Detector updated?

Web Change Detector was last updated on Mar 17, 2026. Frequent updates are generally a positive security signal.

What is Web Change Detector's security score?

Web Change Detector has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Web Change Detector Security & Risk Analysis

wordpress.org/plugins/webchangedetector

Visually check your site during WP auto updates or run monitoring. Get alerts and instantly see what changed.

200 active installs v4.2.2 PHP 7.4+ WP 5.5+ Updated Mar 17, 2026

auto-updatesmonitoringvisual-checkvisual-regression-testvrt

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Web Change Detector Safe to Use in 2026?

Generally Safe

Score 100/100

Web Change Detector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'webchangedetector' v4.2.2 plugin exhibits a concerning security posture primarily due to a large attack surface exposed through AJAX handlers without authentication checks. While the static analysis indicates good practices in other areas, such as the complete absence of dangerous functions, 100% prepared SQL statements, and nearly all output being properly escaped, the unprotected AJAX endpoints represent a significant risk. The lack of nonce checks and capability checks on these 25 AJAX handlers means that any user, even unauthenticated ones, could potentially trigger arbitrary actions on the website by interacting with these endpoints. The taint analysis shows some unsanitized paths, although no critical or high severity issues were identified, suggesting that while data might not be handled perfectly, it doesn't immediately lead to severe compromises. The plugin's clean vulnerability history is a positive sign, indicating a lack of past exploitable issues, but this does not mitigate the immediate risks presented by the unprotected entry points. Overall, the plugin has strengths in its code hygiene regarding SQL and output escaping but a critical weakness in its handling of AJAX endpoints, demanding immediate attention to implement proper authentication and authorization checks.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without nonce checks
Unsanitized paths in taint analysis

Vulnerabilities

None known

Web Change Detector Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Web Change Detector Release Timeline

v4.2.2Current

v4.2.1

v4.2.0

v4.1.1

v4.1.0

v4.0.6

v4.0.5

v4.0.4

v4.0.3

v4.0.1

v4.0.0

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.8

v3.1.7

v3.1.6

v3.1.5

Code Analysis

Analyzed Apr 16, 2026

Web Change Detector Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

1798 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared15 total queries

Output Escaping

99% escaped1815 total outputs

Data Flows · Security

5 unsanitized

Data Flow Analysis

10 flows5 with unsanitized paths

create_trial_account (admin/class-webchangedetector-admin-account.php:59)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

25 unprotected

Web Change Detector Attack Surface

Entry Points25

Unprotected25

AJAX Handlers 25

authwp_ajax_get_dashboard_usage_statsadmin/ajax/class-webchangedetector-account-ajax-handler.php:58

authwp_ajax_wcd_create_ai_feedback_ruleadmin/ajax/class-webchangedetector-ai-ajax-handler.php:54

authwp_ajax_wcd_toggle_ai_feedback_ruleadmin/ajax/class-webchangedetector-ai-ajax-handler.php:55

authwp_ajax_wcd_delete_ai_feedback_ruleadmin/ajax/class-webchangedetector-ai-ajax-handler.php:56

authwp_ajax_wcd_update_ai_feedback_rule_scopeadmin/ajax/class-webchangedetector-ai-ajax-handler.php:57

authwp_ajax_get_processing_queueadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:69

authwp_ajax_update_comparison_statusadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:70

authwp_ajax_get_batch_comparisons_viewadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:71

authwp_ajax_load_failed_queuesadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:72

authwp_ajax_get_batch_processing_statusadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:73

authwp_ajax_get_new_change_detectionsadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:74

authwp_ajax_get_completed_pre_screenshotsadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:75

authwp_ajax_get_failed_queues_jsonadmin/ajax/class-webchangedetector-screenshots-ajax-handler.php:76

authwp_ajax_post_urladmin/ajax/class-webchangedetector-settings-ajax-handler.php:58

authwp_ajax_wcd_disable_wizardadmin/ajax/class-webchangedetector-settings-ajax-handler.php:59

authwp_ajax_create_website_and_groups_ajaxadmin/ajax/class-webchangedetector-settings-ajax-handler.php:60

authwp_ajax_wcd_get_initial_setupadmin/ajax/class-webchangedetector-settings-ajax-handler.php:61

authwp_ajax_wcd_save_initial_setupadmin/ajax/class-webchangedetector-settings-ajax-handler.php:62

authwp_ajax_wcd_update_sync_types_with_local_labelsadmin/ajax/class-webchangedetector-settings-ajax-handler.php:63

authwp_ajax_wcd_complete_initial_setupadmin/ajax/class-webchangedetector-settings-ajax-handler.php:64

authwp_ajax_wcd_export_logsadmin/ajax/class-webchangedetector-settings-ajax-handler.php:65

authwp_ajax_sync_urlsadmin/ajax/class-webchangedetector-settings-ajax-handler.php:66

authwp_ajax_sync_urlsadmin/ajax/class-webchangedetector-wordpress-ajax-handler.php:69

authwp_ajax_wcd_get_admin_bar_statusadmin/ajax/class-webchangedetector-wordpress-ajax-handler.php:70

authwp_ajax_wcd_sync_postsadmin/ajax/class-webchangedetector-wordpress-ajax-handler.php:71

WordPress Hooks 24

actionadmin_noticesadmin/class-webchangedetector-admin-notices.php:35

actionwcd_daily_sync_eventadmin/class-webchangedetector-admin.php:294

actioninitadmin/class-webchangedetector-autoupdates.php:48

actionautomatic_updates_completeadmin/class-webchangedetector-autoupdates.php:54

actionwcd_check_update_completionadmin/class-webchangedetector-autoupdates.php:57

actionwcd_cron_check_post_queuesadmin/class-webchangedetector-autoupdates.php:60

actionwcd_save_update_group_settingsadmin/class-webchangedetector-autoupdates.php:63

actionwcd_wp_version_checkadmin/class-webchangedetector-autoupdates.php:66

actionwp_maybe_auto_updateadmin/class-webchangedetector-autoupdates.php:69

actionwcd_sync_auto_update_scheduleadmin/class-webchangedetector-autoupdates.php:72

actionplugins_loadedincludes/class-webchangedetector.php:243

actionadmin_enqueue_scriptsincludes/class-webchangedetector.php:262

actionadmin_enqueue_scriptsincludes/class-webchangedetector.php:263

actionadmin_menuincludes/class-webchangedetector.php:264

actionpost_updatedincludes/class-webchangedetector.php:269

actionsave_postincludes/class-webchangedetector.php:270

actionwcd_async_single_post_syncincludes/class-webchangedetector.php:273

actionwcd_async_full_syncincludes/class-webchangedetector.php:274

actionadmin_bar_menuincludes/class-webchangedetector.php:277

actionwp_enqueue_scriptsincludes/class-webchangedetector.php:279

actionwp_enqueue_scriptsincludes/class-webchangedetector.php:328

actionwp_enqueue_scriptsincludes/class-webchangedetector.php:329

filtergu_primary_branchwebchangedetector.php:111

actionadmin_noticeswebchangedetector.php:139

Scheduled Events 6

wcd_daily_sync_event

wcd_sync_auto_update_schedule

wcd_check_update_completion

wp_version_check

wcd_wp_version_check

Maintenance & Trust

Web Change Detector Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 17, 2026

PHP min version7.4

Downloads7K

Community Trust

Rating100/100

Number of ratings4

Active installs200

Alternatives

Web Change Detector Alternatives

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K 7 CVEs

WP Umbrella: Update Backup Restore & Monitoring

wp-health

Everything you need to sell WordPress maintenance and manage multiple sites effortlessly: backup, update, uptime monitoring, and security.

60K 1 CVE

Modular DS: Monitor, update, and backup multiple websites

modular-connector

Manage all your WordPress sites from one place. Automate updates, backups, uptime monitoring, security, maintenance reports, and more.

40K 3 CVEs

The WP Remote WordPress Plugin

wpremote

100

Manage updates, backups, and more across all your WordPress sites with WP Remote.

30K 1 CVE

Manage – Centralized site maintenance and monitoring

manage

100

Manage provides a centralized dashboard to monitor, optimize, and maintain your WordPress sites without switching between individual sites.

20K No CVEs

Developer Profile

Web Change Detector Developer Profile

Mike Miler

2 plugins · 200 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Web Change Detector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webchangedetector/admin/css/webchangedetector-admin.css/wp-content/plugins/webchangedetector/public/css/webchangedetector-public.css/wp-content/plugins/webchangedetector/public/js/webchangedetector-public.js

Script Paths

/wp-content/plugins/webchangedetector/public/js/webchangedetector-public.js

Version Parameters

webchangedetector/admin/css/webchangedetector-admin.css?ver=webchangedetector/public/css/webchangedetector-public.css?ver=webchangedetector/public/js/webchangedetector-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

wcd-detector-containerwcd-detector-loadingwcd-detector-loadedwcd-detector-diff-containerwcd-detector-diff-imagewcd-detector-diff-canvaswcd-detector-diff-overlaywcd-detector-diff-slider+2 more

HTML Comments

Data Attributes

data-wcd-detector-iddata-wcd-detector-urldata-wcd-detector-selectordata-wcd-detector-diff-thresholddata-wcd-detector-animation-speeddata-wcd-detector-show-legend

JS Globals

WebChangeDetectorPublic

Shortcode Output

[web_change_detector]

FAQ