Action Runner by The Rite Sites Security & Risk Analysis
wordpress.org/plugins/action-runnerNew Blocks can often ignore action and filter hooks in php or theme templates. This plugin hopes to solve that using shortcodes!
Is Action Runner by The Rite Sites Safe to Use in 2026?
Generally Safe
Score 85/100Action Runner by The Rite Sites has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The action-runner v1.0.0 plugin exhibits a very strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, SQL queries without prepared statements, file operations, external HTTP requests, and a complete lack of taint flows with unsanitized paths are excellent indicators of secure coding practices. Furthermore, the 100% output escaping and the lack of known vulnerabilities in its history further bolster this positive assessment.
However, a key area for concern is the complete absence of nonce checks and capability checks. While the static analysis shows no direct entry points that are unprotected, relying solely on the absence of identified vulnerabilities in the past for security is a weak strategy. The lack of these fundamental WordPress security checks means that if a new vulnerability were introduced or if an attacker could trigger the shortcodes in an unintended context, a Cross-Site Request Forgery (CSRF) or privilege escalation could still be possible. The plugin's small attack surface is a strength, but it needs to be paired with robust authorization mechanisms to maintain this high level of security.
Key Concerns
- Missing nonce checks
- Missing capability checks
Action Runner by The Rite Sites Security Vulnerabilities
Action Runner by The Rite Sites Code Analysis
Output Escaping
Action Runner by The Rite Sites Attack Surface
Shortcodes 2
WordPress Hooks 1
Maintenance & Trust
Action Runner by The Rite Sites Maintenance & Trust
Maintenance Signals
Community Trust
Action Runner by The Rite Sites Alternatives
FacetWP Manipulator
facetwp-manipulator
FacetWP Manipulator allows you to add code to specific FacetWP filters and Actions to manipulate functionality without hard coding it to the theme.
Captain Hooks
captain-hooks
Captain Hooks is a WordPress plugin that provides developers with a comprehensive view of all actions, filters, and shortcodes of their environment.
Prioritize Hooks
prioritize-hooks
Prioritize Hooks allows the overriding of the priority of various filters and actions hooked by plugins and themes.
rtPanel Hooks Editor
rtpanel-hooks-editor
This plugin is add-on for [rtPanel Theme Framework](https://wordpress.org/themes/rtpanel "rtPanel Theme Framework") and should be used along …
Sectors – Conditional Templates & Hooks
sectors
What if you could add templates, actions, and filters depending on the context?
Action Runner by The Rite Sites Developer Profile
5 plugins · 900 total installs
How We Detect Action Runner by The Rite Sites
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/action-runner-by-the-rite-sites/includes/class-ar-trs-activator.php/wp-content/plugins/action-runner-by-the-rite-sites/includes/class-ar-trs-deactivator.php/wp-content/plugins/action-runner-by-the-rite-sites/includes/class-ar-trs-i18n.php/wp-content/plugins/action-runner-by-the-rite-sites/includes/class-action-runner.php/wp-content/plugins/action-runner-by-the-rite-sites/includes/class-filter-runner.phpHTML / DOM Fingerprints
[action_runner_trs][filter_runner_trs]