Does WPDB Profiling have any unpatched vulnerabilities?

No. All known vulnerabilities in WPDB Profiling have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WPDB Profiling compatible with WordPress 2.9.2?

According to WordPress.org data, WPDB Profiling 1.3.3 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is WPDB Profiling updated?

WPDB Profiling was last updated on Feb 2, 2010. Frequent updates are generally a positive security signal.

What is WPDB Profiling's security score?

WPDB Profiling has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WPDB Profiling Security & Risk Analysis

wordpress.org/plugins/wpdb-profiling

This plugin will give you the total number of queries to the db per page, as well as the total time it took to render those queries out to the page.

10 active installs v1.3.3 PHP + WP 1.5+ Updated Feb 2, 2010

dbdb-query-totalprofilingqueriesquery

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPDB Profiling Safe to Use in 2026?

Generally Safe

Score 85/100

WPDB Profiling has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The wpdb-profiling plugin v1.3.3 exhibits a generally strong security posture with no recorded vulnerabilities and a code base that avoids dangerous functions and external requests. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface, and importantly, all identified SQL queries utilize prepared statements, mitigating the risk of SQL injection. However, a critical concern arises from the output escaping analysis, which indicates that 100% of outputs are not properly escaped. This presents a high risk of cross-site scripting (XSS) vulnerabilities, as unsanitized data displayed to users could contain malicious scripts.

The taint analysis reveals one flow with an unsanitized path, which, while not classified as critical or high, still represents a potential security weakness that could lead to unintended behavior or data leakage if exploited. The presence of capability checks suggests an awareness of access control, but their effectiveness is limited by the other identified issues. The plugin's vulnerability history being empty is a positive sign, but it does not negate the immediate risks identified in the static analysis.

In conclusion, while the plugin has strengths in its limited attack surface and secure SQL handling, the complete lack of output escaping is a major security flaw that must be addressed. The taint analysis also points to areas needing attention. Prioritizing the implementation of proper output escaping is crucial to improving the overall security of this plugin.

Key Concerns

All outputs unescaped, high XSS risk
Taint flow with unsanitized path

Vulnerabilities

None known

WPDB Profiling Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

WPDB Profiling Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped10 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

update_profiling_options (wpdb-profiling.php:227)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WPDB Profiling Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionwp_headwpdb-profiling.php:24

actionadmin_headwpdb-profiling.php:25

actionwp_footerwpdb-profiling.php:26

actionadmin_footerwpdb-profiling.php:27

actionwp_headwpdb-profiling.php:443

actionadmin_headwpdb-profiling.php:444

actionwp_footerwpdb-profiling.php:445

actionadmin_footerwpdb-profiling.php:446

actionwp_print_scriptswpdb-profiling.php:456

actionadmin_menuwpdb-profiling.php:476

Maintenance & Trust

WPDB Profiling Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedFeb 2, 2010

PHP min version

Downloads7K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WPDB Profiling Alternatives

Advanced Query Loop

advanced-query-loop

100

Transform your Query Loop blocks into powerful, flexible content engines! 🚀

5K No CVEs

SQL Executioner

sql-executioner

Execute arbitrary SQL queries against your WordPress database from the Admin.

2K No CVEs

info

Plugin shows in the admin bar the number of SQL queries, the amount of time in seconds and memory load.

80 No CVEs

LH Log sql queries to file

lh-log-sql-queries-to-file

Log all queries to a text file for development and debugging purposes

10 No CVEs

Show WordPress Queries – Query Interface

query-interface

An interface to show, run & execute wordpress queries, display queries on pages with loading time so you may optimize them etc.

10 No CVEs

Developer Profile

WPDB Profiling Developer Profile

tierrainnovation

7 plugins · 110 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WPDB Profiling

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpdb-profiling/wpdb-profiling.css

HTML / DOM Fingerprints

CSS Classes

greenred

FAQ