WP Settings & Health Dashboard Security & Risk Analysis

wordpress.org/plugins/wp-settings

Complete health dashboard to monitor site speed, server settings, and database bloat. Includes easy one-click backups and system diagnostics.

10 active installs v2.9.0 PHP 7.4+ WP 5.8+ Updated Mar 28, 2026
database-healthsite-healthspeedsql-checksystem-info
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is WP Settings & Health Dashboard Safe to Use in 2026?

Generally Safe

Score 100/100

WP Settings & Health Dashboard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'wp-settings' plugin v2.5.8 presents a mixed security profile. While the static analysis reveals a zero attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, indicating a deliberate effort to limit external interaction points, there are significant concerns within the code itself. A concerningly low 12% of output is properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate sanitization. Furthermore, the taint analysis shows 100% of analyzed flows with unsanitized paths, and while no critical or high severity issues were flagged, this pattern strongly suggests potential for various injection vulnerabilities if any of these paths are ever exposed to external input.

The plugin's vulnerability history is a positive indicator, showing zero known CVEs, unpatched vulnerabilities, or common vulnerability types. This suggests a history of relatively secure development. However, the lack of documented vulnerabilities does not negate the risks identified in the static analysis, particularly the unescaped output and unsanitized taint flows. The absence of nonce and capability checks on any potential entry points (though none were identified) is also a general weakness, as it leaves room for potential future vulnerabilities if entry points are added without proper security.

In conclusion, the 'wp-settings' plugin v2.5.8 has strengths in its limited attack surface and clean vulnerability history. However, the high rate of unescaped output and the presence of unsanitized taint flows are critical weaknesses that significantly increase the risk of XSS and other injection-based attacks. Until these code-level issues are addressed, the plugin should be considered moderately risky, despite its lack of publicly known vulnerabilities.

Key Concerns

  • Low output escaping rate
  • Unsanitized paths in taint flows
  • No nonce checks
  • No capability checks
Vulnerabilities
None known

WP Settings & Health Dashboard Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Settings & Health Dashboard Release Timeline

v2.9.0Current
v2.8.2
v2.8.1
v2.6.0
v2.5.9
v2.0
Code Analysis
Analyzed Mar 17, 2026

WP Settings & Health Dashboard Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
7 prepared
Unescaped Output
37
5 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

70% prepared10 total queries

Output Escaping

12% escaped42 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
getDatabaseContent (wp-settings.php:409)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Settings & Health Dashboard Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 2
actionadmin_menuwp-settings.php:74
actionwp_print_scriptswp-settings.php:89
Maintenance & Trust

WP Settings & Health Dashboard Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 28, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

WP Settings & Health Dashboard Developer Profile

codecompiled

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Settings & Health Dashboard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-settings/js/wp-settings-script.js/wp-content/plugins/wp-settings/css/wp-settings-style.css
Script Paths
/wp-content/plugins/wp-settings/js/wp-settings-script.js
Version Parameters
wp-settings/js/wp-settings-script.js?ver=wp-settings/css/wp-settings-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
nav-tab-activenav-tab-wrappernav-tab
FAQ

Frequently Asked Questions about WP Settings & Health Dashboard