Does WP Server Health Stats have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Server Health Stats have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Server Health Stats compatible with WordPress 6.5.8?

According to WordPress.org data, WP Server Health Stats 1.8.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is WP Server Health Stats compatible with PHP 7.4.0+?

WP Server Health Stats requires PHP 7.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Server Health Stats updated?

WP Server Health Stats was last updated on Jul 1, 2024. Frequent updates are generally a positive security signal.

What is WP Server Health Stats's security score?

WP Server Health Stats has a WP-Safety security score of 87/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Server Health Stats Security & Risk Analysis

wordpress.org/plugins/wp-server-stats

Monitor your WP site the right way with most important stats like Database, PHP details, PHP Memory, RAM Usage, CPU load, Server Uptime & more.

10K active installs v1.8.0 PHP 7.4.0+ WP 5.0+ Updated Jul 1, 2024

healthinformationisaumyaserverstats

A · Safe

CVEs total3

Unpatched0

Last CVEJun 24, 2024

Plugin page Download

Safety Verdict

Is WP Server Health Stats Safe to Use in 2026?

Generally Safe

Score 87/100

WP Server Health Stats has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 24, 2024Updated 1yr ago

Risk Assessment

The 'wp-server-stats' plugin v1.8.0 presents a mixed security posture. On the positive side, the code analysis indicates good practices in several areas. All identified AJAX entry points have authentication checks, there are no vulnerable REST API routes or shortcodes, and SQL queries are exclusively handled using prepared statements. Furthermore, a very high percentage of output is properly escaped, and there are no file operations or instances of unsanitized paths in taint flows. This suggests a reasonable effort has been made to prevent common web vulnerabilities.

However, significant concerns arise from the presence of the 'shell_exec' dangerous function and the plugin's vulnerability history. The 'shell_exec' function, if not handled with extreme care, can be a vector for remote code execution. While no critical taint flows were identified in the current analysis, the historical presence of critical vulnerabilities, including embedded malicious code and cross-site scripting, coupled with a recent critical vulnerability recorded on 2024-06-24, indicates a recurring pattern of security weaknesses that have required significant attention. The existence of three known CVEs, even if currently patched, suggests past issues that could potentially resurface or be discovered in new forms.

In conclusion, while v1.8.0 shows improvements in specific secure coding practices, the historical context of critical vulnerabilities and the presence of 'shell_exec' warrant caution. The plugin has a history of being targeted with severe issues. Users should remain vigilant and ensure the plugin is always updated to the absolute latest version, as past vulnerabilities have been critical in nature. The 'shell_exec' function requires thorough auditing to ensure it is not exploitable.

Key Concerns

Dangerous function: shell_exec
Total known CVEs: 3 (1 critical, 2 medium)
Last vulnerability: 2024-06-24 (critical)

Vulnerabilities

WP Server Health Stats Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

2 CVEs in 2024

2024

Patched Has unpatched

Severity Breakdown

Critical

Medium

3 total CVEs

CVE-2024-6297critical · 10Embedded Malicious Code

Several WordPress.org Plugins <= Various Versions - Injected Backdoor

Jun 24, 2024 Patched in 1.7.8 (107d)

CVE-2024-31250medium · 4.3Cross-Site Request Forgery (CSRF)

WP Server Health Stats <= 1.7.3 - Cross-Site Request Forgery

Apr 5, 2024 Patched in 1.7.4 (7d)

CVE-2022-2887medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP Server Health Stats <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 18, 2022 Patched in 1.7.0 (523d)

Code Analysis

Analyzed Mar 16, 2026

WP Server Health Stats Code Analysis

Dangerous Functions

Raw SQL Queries

9 prepared

Unescaped Output

150 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_exec$returnVal = shell_exec('cat /proc/cpuinfo');wp-server-stats.php:272

shell_exec$cpu_count = shell_exec('cat /proc/cpuinfo |grep "physical id" | sort | uniq | wc -l');wp-server-stats.php:290

shell_exec$cpu_core_count = shell_exec("echo \"$((`cat /proc/cpuinfo | grep cores | grep -o -E '[0-9]+' | uniqwp-server-stats.php:307

shell_exec$total_ram = shell_exec("grep -w 'MemTotal' /proc/meminfo | grep -o -E '[0-9]+'");wp-server-stats.php:323

shell_exec$ram_cache = shell_exec("grep -w 'Cached' /proc/meminfo | grep -o -E '[0-9]+'");wp-server-stats.php:338

shell_exec$ram_buffer = shell_exec("grep -w 'Buffers' /proc/meminfo | grep -o -E '[0-9]+'");wp-server-stats.php:351

shell_exec$free_ram = shell_exec("grep -w 'MemFree' /proc/meminfo | grep -o -E '[0-9]+'");wp-server-stats.php:362

shell_exec$cpu_load = trim(shell_exec("echo $((`ps aux|awk 'NR > 0 { s +=$3 }; END {print s}'| cut -d . -f 1` wp-server-stats.php:604

shell_exec$uptime = trim(shell_exec("cut -d. -f1 /proc/uptime"));wp-server-stats.php:614

SQL Query Safety

100% prepared9 total queries

Output Escaping

96% escaped157 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

dashboard_output (wp-server-stats.php:649)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Server Health Stats Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_process_ajaxwp-server-stats.php:37

authwp_ajax_wpss_cache_purgewp-server-stats.php:44

authwp_ajax_handle_wpss_donate_noticewp-server-stats.php:52

noprivwp_ajax_handle_wpss_donate_noticewp-server-stats.php:53

WordPress Hooks 9

actioninitwp-server-stats.php:33

actionwp_dashboard_setupwp-server-stats.php:34

filteradmin_footer_textwp-server-stats.php:35

actionadmin_enqueue_scriptswp-server-stats.php:36

actionadmin_bar_menuwp-server-stats.php:43

actionadmin_menuwp-server-stats.php:48

actionadmin_initwp-server-stats.php:50

actionadmin_noticeswp-server-stats.php:55

actionplugins_loadedwp-server-stats.php:1566

Maintenance & Trust

WP Server Health Stats Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJul 1, 2024

PHP min version7.4.0

Downloads315K

Community Trust

Rating96/100

Number of ratings109

Active installs10K

Alternatives

WP Server Health Stats Alternatives

atec System Info

atec-system-info

100

atec System Info (Operating system, server, memory, PHP and database details)

200 No CVEs

Web Server Information

wpheka-web-server-information

100

Web Server Information plugin will give you detailed information about your hosting server's configuration and installed modules.

30 No CVEs

Version Info – Server Health Monitor, PHP & MySQL Version Display, Environment Indicators

version-info

100

The #1 technical dashboard for WordPress professionals. Display PHP, MySQL, WP & server versions anywhere in admin. Monitor CPU, RAM, DB size &amp …

10K No CVEs

Server Info for Debugging

server-info-for-debugging

100

Displays server stats and WordPress system information for debugging purposes.

200 No CVEs

Diagnosis

diagnosis

Adds pages to the Dashboard menu with technical details about PHP, MySQL and other server details an administrator might need.

100 No CVEs

Developer Profile

WP Server Health Stats Developer Profile

iSaumya

2 plugins · 30K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

447 days

View full developer profile

Detection Fingerprints

How We Detect WP Server Health Stats

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-server-stats/css/wpss-admin-styles.css/wp-content/plugins/wp-server-stats/css/wpss-dashboard-widget-style.css/wp-content/plugins/wp-server-stats/css/wpss-footer-style.css/wp-content/plugins/wp-server-stats/js/wpss-admin-script.js/wp-content/plugins/wp-server-stats/js/wpss-dashboard-widget-script.js/wp-content/plugins/wp-server-stats/js/wpss-footer-script.js/wp-content/plugins/wp-server-stats/js/wpss-modal.js

Script Paths

/wp-content/plugins/wp-server-stats/js/wpss-admin-script.js/wp-content/plugins/wp-server-stats/js/wpss-dashboard-widget-script.js/wp-content/plugins/wp-server-stats/js/wpss-footer-script.js/wp-content/plugins/wp-server-stats/js/wpss-modal.js

Version Parameters

wp-server-stats/css/wpss-admin-styles.css?ver=wp-server-stats/css/wpss-dashboard-widget-style.css?ver=wp-server-stats/css/wpss-footer-style.css?ver=wp-server-stats/js/wpss-admin-script.js?ver=wp-server-stats/js/wpss-dashboard-widget-script.js?ver=wp-server-stats/js/wpss-footer-script.js?ver=wp-server-stats/js/wpss-modal.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpss-admin-wrapperwpss-dashboard-wrapperwpss-footer-wrapperwpss-advanced-info-tablewpss-server-load-chart

HTML Comments

+2 more

Data Attributes

data-wpss-noncedata-wpss-action

JS Globals

wpss_admin_datawpss_dashboard_datawpss_footer_datawpss_modal_data

REST Endpoints

/wp-json/wp-server-stats/v1/settings/wp-json/wp-server-stats/v1/data

Shortcode Output

[wp_server_stats_info][wp_server_stats_memory_usage][wp_server_stats_server_load]

FAQ