Does WP Log Action have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Log Action compatible with WordPress 6.8.5?

According to WordPress.org data, WP Log Action 0.54 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Log Action updated?

WP Log Action was last updated on May 6, 2025. Frequent updates are generally a positive security signal.

What is WP Log Action's security score?

WP Log Action has a WP-Safety security score of 91/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Log Action Security & Risk Analysis

wordpress.org/plugins/wp-log-action

Add error or debug logging in your code and leave it there. Logs will only be recorded with this plugin, otherwise will be ignored.

30 active installs v0.54 PHP + WP 5.3+ Updated May 6, 2025

activitydebugdeveloper-toollogwarning

A · Safe

CVEs total1

Unpatched0

Last CVEDec 10, 2024

Download

Safety Verdict

Is WP Log Action Safe to Use in 2026?

Generally Safe

Score 91/100

WP Log Action has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Dec 10, 2024Updated 1yr ago

Risk Assessment

The "wp-log-action" plugin version 0.54 demonstrates a generally good security posture with several positive indicators. The absence of any critical or high severity taint flows, along with 100% proper output escaping and a high percentage of SQL queries using prepared statements, suggests diligent coding practices regarding input sanitization and output rendering. The limited attack surface, with no unprotected AJAX handlers, REST API routes, or shortcodes, further minimizes direct exposure to common web vulnerabilities. However, the presence of two flows with unsanitized paths in the taint analysis is a significant concern, even if they did not reach critical or high severity. This indicates a potential for vulnerabilities if those paths are ever exposed to user input. The vulnerability history, while showing no currently unpatched CVEs, does include one medium severity "Cross-site Scripting" vulnerability from late 2024. This past XSS vulnerability, coupled with the unsanitized path flows, suggests a need for ongoing vigilance and thorough code reviews to prevent future security incidents. The lack of nonce checks on entry points is also a weakness, though its impact is lessened by the limited unprotected attack surface.

Key Concerns

Unsanitized path taint flows detected
No nonce checks on entry points
Past medium severity XSS vulnerability

Vulnerabilities

1 published

WP Log Action Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-24619medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Log Action <= 0.51 - Reflected Cross-Site Scripting

Dec 10, 2024 Patched in 0.52 (134d)

Version History

WP Log Action Release Timeline

v0.54Current

v0.53

v0.52

v0.511 CVE

v0.501 CVE

v0.401 CVE

v0.341 CVE

v0.331 CVE

v0.321 CVE

v0.311 CVE

v0.221 CVE

v0.211 CVE

v0.41 CVE

v0.31 CVE

v0.21 CVE

v0.11 CVE

Code Analysis

Analyzed Mar 16, 2026

WP Log Action Code Analysis

Dangerous Functions

Raw SQL Queries

7 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

64% prepared11 total queries

Output Escaping

100% escaped21 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

search_box (wpla-output-table.php:228)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Log Action Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 26

actionadmin_menuoptions-page.php:22

actionadmin_initoptions-page.php:30

actionadmin_enqueue_scriptsoptions-page.php:152

actionwp_log_debug_hookwp-log-action.php:33

actionwp_log_debug_query_startwp-log-action.php:35

actionwp_log_debug_query_stopwp-log-action.php:36

actiondoing_it_wrong_runwp-log-action.php:39

actiondeprecated_function_runwp-log-action.php:42

actionactivated_pluginwp-log-action.php:45

actiondeactivated_pluginwp-log-action.php:46

actiondelete_pluginwp-log-action.php:48

actiondeleted_pluginwp-log-action.php:49

actionupgrader_process_completewp-log-action.php:51

action_core_updated_successfullywp-log-action.php:54

actionplugins_loadedwp-log-action.php:57

actionwpla_activationwp-log-action.php:85

actionwpla_deactivationwp-log-action.php:93

actionwpmu_new_blogwp-log-action.php:117

filterwpmu_drop_tableswp-log-action.php:128

actionadmin_menuwp-log-action.php:136

actionadmin_initwp-log-action.php:196

actionadmin_enqueue_scriptswp-log-action.php:218

filterplugin_action_linkswp-log-action.php:233

actionwpla_daily_purgewp-log-action.php:262

actionadmin_initwp-log-action.php:284

filterqueryWPLA_Logger.php:214

Scheduled Events 1

wpla_daily_purge

Maintenance & Trust

WP Log Action Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 6, 2025

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

WP Log Action Alternatives

LogIQ – Intelligent Debug Log Viewer

log-iq

100

Stop digging through raw log files. LogIQ gives WordPress developers a smart, searchable, and beautiful debug log viewer — right inside the admin.

10 No CVEs

MCP Tracker

mcp-tracker

100

Records and displays MCP-related REST API requests made to your WordPress site.

10 No CVEs

Plain Logger

plain-logger

Requires at least: 3.9 Tested up to: 4.7 Stable tag: 1.1.2

10 No CVEs

Debug Suite

debug-suite

100

A powerful, enterprise-grade debugging toolkit for WordPress developers with advanced log management, error tracking, and development tools.

0 No CVEs

Developer Debug Mode

developer-debug-mode

100

Toggle WordPress debug mode instantly. No wp-config.php editing needed. Features auto-save, admin bar quick toggle, and debug log viewer.

0 No CVEs

Developer Profile

WP Log Action Developer Profile

webheadcoder

6 plugins · 95K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

649 days

View full developer profile

Detection Fingerprints

How We Detect WP Log Action

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-log-action/css/wpla.css/wp-content/plugins/wp-log-action/js/wpla.js

Script Paths

/wp-content/plugins/wp-log-action/js/wpla.js

Version Parameters

wp-log-action/css/wpla.css?ver=wp-log-action/js/wpla.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-log-typedata-log-time-startdata-log-time-enddata-s

JS Globals

wpla

FAQ

WP Log Action Security & Risk Analysis

Is WP Log Action Safe to Use in 2026?

Generally Safe

Key Concerns

WP Log Action Security Vulnerabilities

CVEs by Year

Severity Breakdown

WP Log Action Release Timeline

WP Log Action Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

WP Log Action Attack Surface

Scheduled Events 1

WP Log Action Maintenance & Trust

Maintenance Signals

Community Trust

WP Log Action Alternatives

LogIQ – Intelligent Debug Log Viewer

MCP Tracker

Plain Logger

Debug Suite

Developer Debug Mode

WP Log Action Developer Profile

How We Detect WP Log Action

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Log Action