WP-Safety

WP Log Action Security & Risk Analysis

wordpress.org/plugins/wp-log-action

Add error or debug logging in your code and leave it there. Logs will only be recorded with this plugin, otherwise will be ignored.

40 active installs v0.54 PHP + WP 5.3+ Updated May 6, 2025
activitydebugdeveloper-toollogwarning
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 10, 2024
Download
Safety Verdict

Is WP Log Action Safe to Use in 2026?

Generally Safe

Score 99/100

WP Log Action has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 10, 2024Updated 11mo ago
Risk Assessment

The "wp-log-action" plugin version 0.54 demonstrates a generally good security posture with several positive indicators. The absence of any critical or high severity taint flows, along with 100% proper output escaping and a high percentage of SQL queries using prepared statements, suggests diligent coding practices regarding input sanitization and output rendering. The limited attack surface, with no unprotected AJAX handlers, REST API routes, or shortcodes, further minimizes direct exposure to common web vulnerabilities. However, the presence of two flows with unsanitized paths in the taint analysis is a significant concern, even if they did not reach critical or high severity. This indicates a potential for vulnerabilities if those paths are ever exposed to user input. The vulnerability history, while showing no currently unpatched CVEs, does include one medium severity "Cross-site Scripting" vulnerability from late 2024. This past XSS vulnerability, coupled with the unsanitized path flows, suggests a need for ongoing vigilance and thorough code reviews to prevent future security incidents. The lack of nonce checks on entry points is also a weakness, though its impact is lessened by the limited unprotected attack surface.

Key Concerns

  • Unsanitized path taint flows detected
  • No nonce checks on entry points
  • Past medium severity XSS vulnerability
Vulnerabilities
1

WP Log Action Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-24619medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Log Action <= 0.51 - Reflected Cross-Site Scripting

Dec 10, 2024 Patched in 0.52 (134d)
Code Analysis
Analyzed Mar 16, 2026

WP Log Action Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
7 prepared
Unescaped Output
0
21 escaped
Nonce Checks
0
Capability Checks
2
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

64% prepared11 total queries

Output Escaping

100% escaped21 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
search_box (wpla-output-table.php:228)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Log Action Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 26
actionadmin_menuoptions-page.php:22
actionadmin_initoptions-page.php:30
actionadmin_enqueue_scriptsoptions-page.php:152
actionwp_log_debug_hookwp-log-action.php:33
actionwp_log_debug_query_startwp-log-action.php:35
actionwp_log_debug_query_stopwp-log-action.php:36
actiondoing_it_wrong_runwp-log-action.php:39
actiondeprecated_function_runwp-log-action.php:42
actionactivated_pluginwp-log-action.php:45
actiondeactivated_pluginwp-log-action.php:46
actiondelete_pluginwp-log-action.php:48
actiondeleted_pluginwp-log-action.php:49
actionupgrader_process_completewp-log-action.php:51
action_core_updated_successfullywp-log-action.php:54
actionplugins_loadedwp-log-action.php:57
actionwpla_activationwp-log-action.php:85
actionwpla_deactivationwp-log-action.php:93
actionwpmu_new_blogwp-log-action.php:117
filterwpmu_drop_tableswp-log-action.php:128
actionadmin_menuwp-log-action.php:136
actionadmin_initwp-log-action.php:196
actionadmin_enqueue_scriptswp-log-action.php:218
filterplugin_action_linkswp-log-action.php:233
actionwpla_daily_purgewp-log-action.php:262
actionadmin_initwp-log-action.php:284
filterqueryWPLA_Logger.php:214

Scheduled Events 1

wpla_daily_purge
Maintenance & Trust

WP Log Action Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 6, 2025
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs40
Alternatives

WP Log Action Alternatives

LogIQ

LogIQ

log-iq

A
100

A powerful and user-friendly debug log viewer for WordPress with editor integration.

10 No CVEs
Debug Suite

Debug Suite

debug-suite

A
100

A powerful, enterprise-grade debugging toolkit for WordPress developers with advanced log management, error tracking, and development tools.

0 No CVEs
Developer Debug Mode

Developer Debug Mode

developer-debug-mode

A
100

Toggle WordPress debug mode instantly. No wp-config.php editing needed. Features auto-save, admin bar quick toggle, and debug log viewer.

0 No CVEs
Loginator

Loginator

loginator

A
100

Adds a simple global function for logging to files for developers.

0 No CVEs
PAS Debug Log Manager

PAS Debug Log Manager

pas-debug-log-manager

A
92

A simple WordPress plugin that allows users to view and manage the WordPress debug log. Provides options to clear the log, toggle debug logging, and d &hellip;

0 No CVEs
Developer Profile

WP Log Action Developer Profile

webheadcoder

6 plugins · 95K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
649 days
View full developer profile
Detection Fingerprints

How We Detect WP Log Action

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-log-action/css/wpla.css/wp-content/plugins/wp-log-action/js/wpla.js
Script Paths
/wp-content/plugins/wp-log-action/js/wpla.js
Version Parameters
wp-log-action/css/wpla.css?ver=wp-log-action/js/wpla.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-log-typedata-log-time-startdata-log-time-enddata-s
JS Globals
wpla
FAQ

Frequently Asked Questions about WP Log Action