Does The WP Remote WordPress Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in The WP Remote WordPress Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is The WP Remote WordPress Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, The WP Remote WordPress Plugin 6.36 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is The WP Remote WordPress Plugin compatible with PHP 7.0+?

The WP Remote WordPress Plugin requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is The WP Remote WordPress Plugin updated?

The WP Remote WordPress Plugin was last updated on Jan 29, 2026. Frequent updates are generally a positive security signal.

What is The WP Remote WordPress Plugin's security score?

The WP Remote WordPress Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

The WP Remote WordPress Plugin Security & Risk Analysis

wordpress.org/plugins/wpremote

Manage updates, backups, and more across all your WordPress sites with WP Remote.

30K active installs v6.36 PHP 7.0+ WP 4.0+ Updated Jan 29, 2026

backupmanage-multiple-sitesmonitoringsite-managementupdate

A · Safe

CVEs total1

Unpatched0

Last CVENov 29, 2021

Plugin page Download

Safety Verdict

Is The WP Remote WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

The WP Remote WordPress Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 29, 2021Updated 2mo ago

Risk Assessment

The wpremote plugin v6.36 presents a mixed security posture. While it demonstrates good practices in output escaping (97%) and SQL query preparation (71%), significant concerns arise from its attack surface and the presence of dangerous functions. The static analysis reveals two AJAX handlers, both lacking authentication checks, creating direct entry points for potential exploitation. The inclusion of 'exec' and 'popen' functions is a critical red flag, as these can be misused for command injection if user input is not meticulously sanitized. Although the vulnerability history shows only one medium severity CVE from 2021 and no currently unpatched vulnerabilities, the static analysis findings are more immediate and concerning.

The absence of taint analysis results is unusual and could indicate a lack of thorough security testing or that no critical taint flows were detected within the analyzed code. However, the presence of unprotected AJAX endpoints and dangerous functions like 'exec' and 'popen' overshadows the positive aspects. The plugin's history of a medium severity XSS vulnerability suggests a past susceptibility to input validation issues, which could be exacerbated by the current lack of authentication on its AJAX handlers. The overall risk is moderate, leaning towards high due to the combination of unprotected entry points and powerful, potentially dangerous functions. A thorough review and remediation of the unauthenticated AJAX handlers and a careful audit of how 'exec' and 'popen' are utilized are strongly recommended.

Key Concerns

2 unprotected AJAX handlers
Use of dangerous functions (exec, popen)
1 medium CVE in vulnerability history

Vulnerabilities

The WP Remote WordPress Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-769fbe66-fcf5-4b16-8cc3-7c9bc561257a-wpremotemedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The WP Remote WordPress Plugin <= 4.64 - Reflected Cross-Site Scripting

Nov 29, 2021 Patched in 4.65 (785d)

Code Analysis

Analyzed Mar 16, 2026

The WP Remote WordPress Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

137 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

exec$execRes = exec('crontab -l', $output, $retval);callback\wings\security.php:19

popen$handle = popen('crontab -l', 'rb');callback\wings\security.php:27

SQL Query Safety

71% prepared17 total queries

Output Escaping

97% escaped141 total outputs

Attack Surface

2 unprotected

The WP Remote WordPress Plugin Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_bvadmplugin.php:160

noprivwp_ajax_bvadmplugin.php:161

WordPress Hooks 225

filterupgrader_clear_destinationcallback\wings\manage.php:345

filterupgrader_source_selectioncallback\wings\manage.php:395

filterupgrader_pre_installcallback\wings\manage.php:507

filterupgrader_post_installcallback\wings\manage.php:508

filterupgrader_clear_destinationcallback\wings\manage.php:509

filterupgrader_source_selectioncallback\wings\manage.php:557

filterupgrader_source_selectioncallback\wings\manage.php:710

filterupgrader_post_installcallback\wings\manage.php:712

actioninitform_testing\form_testing.php:67

filterakismet_get_api_keyform_testing\form_testing.php:74

filterwpcf7_skip_spam_checkform_testing\handlers\contact_form7.php:26

actionwpcf7_before_send_mailform_testing\handlers\contact_form7.php:30

filterfrm_is_field_hiddenform_testing\handlers\formidable_form.php:26

filterfrm_send_emailform_testing\handlers\formidable_form.php:30

filtergform_pre_send_emailform_testing\handlers\gravity_form.php:41

filterninja_forms_pre_validate_field_settingsform_testing\handlers\ninja_form.php:26

filterninja_forms_run_action_type_recaptchaform_testing\handlers\ninja_form.php:33

filterninja_forms_action_email_sendform_testing\handlers\ninja_form.php:37

filterwpforms_process_bypass_captchaform_testing\handlers\wp_form.php:26

filterwpforms_entry_emailform_testing\handlers\wp_form.php:30

actionwpr_clear_php_error_configphp_error_monitoring\monitoring.php:33

actionwp_footerplugin.php:65

actionwpr_clear_bv_services_configplugin.php:66

actionadmin_initplugin.php:76

filterall_pluginsplugin.php:77

filterplugin_row_metaplugin.php:78

filterdebug_informationplugin.php:79

actionnetwork_admin_menuplugin.php:81

actionadmin_menuplugin.php:83

filterplugin_action_linksplugin.php:85

actionadmin_headplugin.php:86

actionadmin_noticesplugin.php:90

actionadmin_enqueue_scriptsplugin.php:91

actionwpr_remove_bv_preload_includeplugin.php:102

actionwp_loadedplugin.php:158

actionwpr_clear_pt_configplugin.php:178

filterauto_update_coreplugin.php:198

filterauto_update_themeplugin.php:201

filterthemes_auto_update_enabledplugin.php:202

filterauto_update_pluginplugin.php:205

filterplugins_auto_update_enabledplugin.php:206

filterauto_update_translationplugin.php:209

filtersite_transient_update_pluginsplugin.php:215

actionwpr_clear_wp_2fa_configplugin.php:231

actioninitprotect\fw.php:934

actioninitprotect\fw.php:940

filterauthenticateprotect\lp.php:98

actionwp_loginprotect\lp.php:99

actionwp_login_failedprotect\lp.php:100

actionwp_enqueue_scriptswp_2fa\wp_2fa.php:45

filterauthenticatewp_2fa\wp_2fa.php:46

actionlogin_formwp_2fa\wp_2fa.php:47

actionpre_post_updatewp_actlog.php:478

actionsave_postwp_actlog.php:479

actionpost_stuckwp_actlog.php:480

actionpost_unstuckwp_actlog.php:481

actiondelete_postwp_actlog.php:482

actioncomment_postwp_actlog.php:485

actionedit_commentwp_actlog.php:486

actiontransition_comment_statuswp_actlog.php:487

actioncreate_termwp_actlog.php:490

actionpre_delete_termwp_actlog.php:491

actiondelete_termwp_actlog.php:492

filterwp_update_term_datawp_actlog.php:493

actionuser_registerwp_actlog.php:496

actionwpmu_new_userwp_actlog.php:497

actionprofile_updatewp_actlog.php:498

actiondelete_userwp_actlog.php:499

actionwpmu_delete_userwp_actlog.php:500

actionactivate_pluginwp_actlog.php:503

actiondeactivate_pluginwp_actlog.php:504

actionswitch_themewp_actlog.php:505

actionwp_insert_sitewp_actlog.php:508

actionarchive_blogwp_actlog.php:509

actionunarchive_blogwp_actlog.php:510

actionactivate_blogwp_actlog.php:511

actiondeactivate_blogwp_actlog.php:512

actionwp_delete_sitewp_actlog.php:513

actionwp_loginwp_actlog.php:516

actionwp_logoutwp_actlog.php:517

actionpassword_resetwp_actlog.php:518

actionupgrader_process_completewp_actlog.php:521

action_core_updated_successfullywp_actlog.php:522

actionwoocommerce_attribute_addedwp_actlog.php:525

actionwoocommerce_attribute_updatedwp_actlog.php:526

actionwoocommerce_before_attribute_deletewp_actlog.php:527

actionwoocommerce_attribute_deletedwp_actlog.php:528

actionwoocommerce_tax_rate_addedwp_actlog.php:530

actionwoocommerce_tax_rate_deletedwp_actlog.php:531

actionwoocommerce_tax_rate_updatedwp_actlog.php:532

actionwoocommerce_grant_product_download_accesswp_actlog.php:534

actionwoocommerce_ajax_revoke_access_to_product_downloadwp_actlog.php:535

actionwoocommerce_shipping_zone_method_addedwp_actlog.php:537

actionwoocommerce_shipping_zone_method_status_toggledwp_actlog.php:538

actionwoocommerce_shipping_zone_method_deletedwp_actlog.php:539

actionwpr_clear_dynsync_configwp_dynsync.php:23

actiondelete_commentwp_dynsync.php:560

actionwp_set_comment_statuswp_dynsync.php:561

actiontrashed_commentwp_dynsync.php:562

actionuntrashed_commentwp_dynsync.php:563

actionwp_insert_commentwp_dynsync.php:564

actioncomment_postwp_dynsync.php:565

actionedit_commentwp_dynsync.php:566

actionadded_comment_metawp_dynsync.php:569

actionupdated_comment_metawp_dynsync.php:570

actiondeleted_comment_metawp_dynsync.php:571

actionadded_user_metawp_dynsync.php:574

actionupdated_user_metawp_dynsync.php:575

actiondeleted_user_metawp_dynsync.php:576

actionadded_usermetawp_dynsync.php:577

actionupdate_usermetawp_dynsync.php:578

actiondelete_usermetawp_dynsync.php:579

actionuser_registerwp_dynsync.php:582

actionpassword_resetwp_dynsync.php:583

actionprofile_updatewp_dynsync.php:584

actiondeleted_userwp_dynsync.php:585

actiondelete_postwp_dynsync.php:588

actiontrash_postwp_dynsync.php:589

actionuntrash_postwp_dynsync.php:590

actionedit_postwp_dynsync.php:591

actionsave_postwp_dynsync.php:592

actionwp_insert_postwp_dynsync.php:593

actionedit_attachmentwp_dynsync.php:594

actionadd_attachmentwp_dynsync.php:595

actiondelete_attachmentwp_dynsync.php:596

actionprivate_to_publishwp_dynsync.php:597

actionwp_restore_post_revisionwp_dynsync.php:598

actionadded_post_metawp_dynsync.php:602

actionupdate_post_metawp_dynsync.php:603

actionupdated_post_metawp_dynsync.php:604

actiondelete_post_metawp_dynsync.php:605

actiondeleted_post_metawp_dynsync.php:606

actionadded_postmetawp_dynsync.php:607

actionupdate_postmetawp_dynsync.php:608

actiondelete_postmetawp_dynsync.php:609

actionedit_linkwp_dynsync.php:612

actionadd_linkwp_dynsync.php:613

actiondelete_linkwp_dynsync.php:614

actioncreated_termwp_dynsync.php:617

actionedited_termwp_dynsync.php:618

actionedited_termswp_dynsync.php:619

actiondelete_termwp_dynsync.php:620

actionedit_term_taxonomywp_dynsync.php:621

actiondelete_term_taxonomywp_dynsync.php:622

actionedit_term_taxonomieswp_dynsync.php:623

actionadd_term_relationshipwp_dynsync.php:624

actiondelete_term_relationshipswp_dynsync.php:625

actionset_object_termswp_dynsync.php:626

actionswitch_themewp_dynsync.php:628

actionactivate_pluginwp_dynsync.php:629

actiondeactivate_pluginwp_dynsync.php:630

actiondeleted_optionwp_dynsync.php:633

actionupdated_optionwp_dynsync.php:634

actionadded_optionwp_dynsync.php:635

actionwp_handle_uploadwp_dynsync.php:638

actionwp_update_attachment_metadatawp_dynsync.php:639

actionwpmu_new_blogwp_dynsync.php:643

actiondelete_site_optionwp_dynsync.php:644

actionadd_site_optionwp_dynsync.php:645

actionupdate_site_optionwp_dynsync.php:646

actionwoocommerce_remove_order_itemswp_dynsync.php:649

actionwoocommerce_update_orderwp_dynsync.php:650

actionwoocommerce_delete_orderwp_dynsync.php:651

actionwoocommerce_trash_orderwp_dynsync.php:652

actionwoocommerce_resume_orderwp_dynsync.php:653

actionwoocommerce_new_order_itemwp_dynsync.php:654

actionwoocommerce_update_order_itemwp_dynsync.php:655

actionwoocommerce_delete_order_itemwp_dynsync.php:656

actionwoocommerce_delete_order_itemswp_dynsync.php:657

actionadded_order_item_metawp_dynsync.php:658

actionupdated_order_item_metawp_dynsync.php:659

actiondeleted_order_item_metawp_dynsync.php:660

actionwoocommerce_attribute_addedwp_dynsync.php:662

actionwoocommerce_attribute_updatedwp_dynsync.php:663

actionwoocommerce_attribute_deletedwp_dynsync.php:664

actionwoocommerce_tax_rate_addedwp_dynsync.php:666

actionwoocommerce_tax_rate_deletedwp_dynsync.php:667

actionwoocommerce_tax_rate_updatedwp_dynsync.php:668

actionwoocommerce_new_webhookwp_dynsync.php:670

actionwoocommerce_webhook_updatedwp_dynsync.php:671

actionwoocommerce_webhook_deletedwp_dynsync.php:672

actionwoocommerce_download_productwp_dynsync.php:674

actionwoocommerce_grant_product_download_accesswp_dynsync.php:675

actionwoocommerce_ajax_revoke_access_to_product_downloadwp_dynsync.php:676

actionwoocommerce_deleted_order_downloadable_permissionswp_dynsync.php:677

actionwoocommerce_new_payment_tokenwp_dynsync.php:679

actionwoocommerce_payment_token_createdwp_dynsync.php:680

actionwoocommerce_payment_token_updatedwp_dynsync.php:681

actionwoocommerce_payment_token_deletedwp_dynsync.php:682

actionadded_payment_token_metawp_dynsync.php:683

actionupdated_payment_token_metawp_dynsync.php:684

actiondeleted_payment_token_metawp_dynsync.php:685

actionwoocommerce_shipping_zone_method_addedwp_dynsync.php:687

actionwoocommerce_shipping_zone_method_status_toggledwp_dynsync.php:688

actionwoocommerce_shipping_zone_method_deletedwp_dynsync.php:689

actionwoocommerce_delete_shipping_zonewp_dynsync.php:691

actionwoocommerce_delete_shipping_zone_methodwp_dynsync.php:692

actionwoocommerce_api_create_product_attributewp_dynsync.php:694

actionwoocommerce_api_edit_product_attributewp_dynsync.php:695

actionwoocommerce_note_createdwp_dynsync.php:697

actionwoocommerce_note_updatedwp_dynsync.php:698

actionwoocommerce_note_deletedwp_dynsync.php:699

actionwoocommerce_analytics_update_order_statswp_dynsync.php:701

actionwoocommerce_analytics_delete_order_statswp_dynsync.php:702

actionwoocommerce_analytics_update_productwp_dynsync.php:704

actionwoocommerce_analytics_delete_productwp_dynsync.php:705

actionwoocommerce_analytics_new_customerwp_dynsync.php:707

actionwoocommerce_analytics_update_customerwp_dynsync.php:708

actionwoocommerce_analytics_delete_customerwp_dynsync.php:709

actionwoocommerce_analytics_update_couponwp_dynsync.php:711

actionwoocommerce_analytics_delete_couponwp_dynsync.php:712

actionwoocommerce_analytics_update_taxwp_dynsync.php:714

actionwoocommerce_analytics_delete_taxwp_dynsync.php:715

actionwoocommerce_updated_product_stockwp_dynsync.php:717

actionwoocommerce_updated_product_saleswp_dynsync.php:718

actionwoocommerce_updated_product_pricewp_dynsync.php:719

actionwp_trash_postwp_dynsync.php:721

actionuntrashed_postwp_dynsync.php:722

actionwoocommerce_after_single_product_orderingwp_dynsync.php:724

actionwoocommerce_update_productwp_dynsync.php:725

actionwoocommerce_update_product_variationwp_dynsync.php:726

actionwoocommerce_payment_token_set_defaultwp_dynsync.php:728

actionwoocommerce_grant_product_download_permissionswp_dynsync.php:729

actionlogin_headwp_login_whitelabel.php:24

filterlogin_messagewp_login_whitelabel.php:25

Maintenance & Trust

The WP Remote WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 29, 2026

PHP min version7.0

Downloads2.0M

Community Trust

Rating92/100

Number of ratings70

Active installs30K

Alternatives

The WP Remote WordPress Plugin Alternatives

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K 7 CVEs

WP Umbrella: Update Backup Restore & Monitoring

wp-health

Everything you need to sell WordPress maintenance and manage multiple sites effortlessly: backup, update, uptime monitoring, and security.

60K 1 CVE

Modular DS: Monitor, update, and backup multiple websites

modular-connector

Manage all your WordPress sites from one place. Automate updates, backups, uptime monitoring, security, maintenance reports, and more.

40K 3 CVEs

ManageWP Worker

worker

A better way to manage dozens of WordPress websites.

1.0M 1 CVE

InfiniteWP Client

iwp-client

Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your InfiniteWP Admin Panel.

200K 7 CVEs

Developer Profile

The WP Remote WordPress Plugin Developer Profile

akshatc

2 plugins · 110K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

1634 days

View full developer profile

Detection Fingerprints

How We Detect The WP Remote WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpremote/wp_2fa/css/wp_2fa.css/wp-content/plugins/wpremote/wp_2fa/js/wp_2fa.js/wp-content/plugins/wpremote/protect/css/protect.css/wp-content/plugins/wpremote/protect/js/protect.js

HTML / DOM Fingerprints

CSS Classes

wpr-login-formwpr-icon

HTML Comments

Data Attributes

data-wpr-noncedata-wpr-ajax-url

JS Globals

wpr_ajax_objectwpr_paramsWPR

REST Endpoints

/wp-json/wpremote/v1/data/wp-json/wpremote/v1/settings/wp-json/wpremote/v1/actions

Shortcode Output

[wpremote_dashboard][wpremote_login_form]

FAQ