Security Vulnerability Report v1.7.1

Dominik Kozmáli
(@dominokozmali)

5 months, 2 weeks ago
Hello,

I am using the Health Check & Troubleshooting plugin (current version 1.7.1) and my security plugin (Wordfence) has reported a security vulnerability associated with this plugin.

Here are the details provided by the report:
- Plugin: Health Check & Troubleshooting
- Version: 1.7.1
- Severity: Low (2.7 / 10.0)
- Issue type: Plugin Vulnerable
- Date detected: December 22, 2025
- Repository: https://wordpress.org/plugins/health-check
- Vulnerability reference:
  https://www.wordfence.com/threat-intel/vulnerabilities/id/941aef7f-435b-4e59-8d55-f95800233c80
According to the recommendation, the safest option is to deactivate and remove the plugin until a patched version is available.

I would like to ask:
- Are you already aware of this reported vulnerability?
- Is there an update or fix planned for an upcoming release?
Thank you very much for maintaining this plugin and for any clarification you can provide.

Best regards,
Dominik

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Marius L. J.
(@clorith)

5 months, 1 week ago

Hi,

Although we had not been informed of this disclosure ahead of it happening, there is no apparent immediate risk.

Without giving too much information, as we are reviewing the report that was submitted to us at a later date; An administrator (which would in most cases be the site owner) would be able to view the content of files outside the WordPress directory, but only if the user also had access to your server and could write or modify very specific files on the server it self first.

The security advisory agrees that these requirements are so specific that it has a low severity impact and is unlikely to be exploited, but we are still waiting for more information from the reporter to more accurately address the report before we make any changes, if needed.
Thread Starter Dominik Kozmáli
(@dominokozmali)

4 months ago
Hi @clorith , any news or are you preparing an update?

Because Wordfence still marks it as a critical vulnerability for me:
- The Plugin “Health Check & Troubleshooting” has a security vulnerability.Type: Plugin Vulnerable
- Issue Found 03. 02. 2026 02:16 Critical
- Plugin Name: Health Check & Troubleshooting
- Current Plugin Version: 1.7.1
- Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Health Check & Troubleshooting” until a patched version is available. Get more information.(opens in new tab)
- Repository URL: https://wordpress.org/plugins/health-check(opens in new tab)
- Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/941aef7f-435b-4e59-8d55-f95800233c80?source=plugin(opens in new tab)
Thank you for your answer
Dominik

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.