ACTUS Deep Schema Security & Risk Analysis

wordpress.org/plugins/actus-deep-schema

Schema Markup Creator for WordPress

0 active installs v1.3.2 PHP 5.6+ WP 5.8+ Updated Apr 22, 2024
rich-snippetsschemaseostructured-data
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is ACTUS Deep Schema Safe to Use in 2026?

Generally Safe

Score 85/100

ACTUS Deep Schema has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The 'actus-deep-schema' plugin v1.3.2 demonstrates some good security practices, such as using prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of any recorded vulnerabilities or CVEs in its history is a positive indicator. However, a significant security concern arises from the large attack surface presented by its AJAX handlers. A substantial number of these handlers (18 out of 22) lack authentication checks, creating a significant potential entry point for attackers. While taint analysis didn't reveal critical or high-severity unsanitized flows, the presence of six flows with unsanitized paths warrants attention, especially when combined with unprotected AJAX endpoints. The plugin also has several file operations and external HTTP requests, which, while not inherently insecure, increase the potential for exploitation if not properly secured against vulnerabilities that might arise from their usage. Overall, the plugin has strengths in its data handling but is weakened by a large number of unauthenticated entry points.

Key Concerns

  • Large attack surface without auth
  • Unsanitized paths in taint flows
  • Missing nonce checks on AJAX
Vulnerabilities
None known

ACTUS Deep Schema Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ACTUS Deep Schema Release Timeline

v1.3.2Current
Code Analysis
Analyzed Apr 16, 2026

ACTUS Deep Schema Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
8
107 escaped
Nonce Checks
6
Capability Checks
4
File Operations
5
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

93% escaped115 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

10 flows6 with unsanitized paths
<post-data> (includes/wp/post-data.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
18 unprotected

ACTUS Deep Schema Attack Surface

Entry Points22
Unprotected18

AJAX Handlers 22

authwp_ajax_acsc_save_schemaincludes/acsc-admin-ajax.php:47
authwp_ajax_acsc_save_optionsincludes/acsc-admin-ajax.php:84
authwp_ajax_acsc_get_optionincludes/acsc-admin-ajax.php:108
authwp_ajax_acsc_set_optionincludes/acsc-admin-ajax.php:132
authwp_ajax_acsc_del_optionincludes/acsc-admin-ajax.php:161
authwp_ajax_acsc_del_edit_lockincludes/acsc-admin-ajax.php:187
authwp_ajax_acsc_save_dataincludes/acsc-admin-ajax.php:228
authwp_ajax_acsc_delete_schemaincludes/acsc-admin-ajax.php:249
authwp_ajax_acsc_search_pageincludes/acsc-admin-ajax.php:272
authwp_ajax_acsc_search_postincludes/acsc-admin-ajax.php:315
authwp_ajax_acsc_search_userincludes/acsc-admin-ajax.php:368
authwp_ajax_acsc_get_userincludes/acsc-admin-ajax.php:404
authwp_ajax_acsc_save_jsonincludes/acsc-admin-ajax.php:445
authwp_ajax_acsc_get_page_contentincludes/acsc-admin-ajax.php:473
authwp_ajax_acsc_create_pageincludes/acsc-admin-ajax.php:497
authwp_ajax_acsc_get_target_idsincludes/acsc-admin-ajax.php:549
authwp_ajax_acsc_get_WP_globalincludes/wp/global-data.php:58
noprivwp_ajax_acsc_get_WP_globalincludes/wp/global-data.php:59
authwp_ajax_acsc_get_WP_metaincludes/wp/post-data.php:107
noprivwp_ajax_acsc_get_WP_metaincludes/wp/post-data.php:108
authwp_ajax_acsc_get_youtube_dataincludes/wp/post-data.php:2304
authwp_ajax_acsc_get_youtube_chaptersincludes/wp/post-data.php:2347
WordPress Hooks 47
actionplugins_loadedactus-deep-schema.php:57
actioninitactus-deep-schema.php:74
actioninitactus-deep-schema.php:75
actionadmin_headactus-deep-schema.php:76
actionadmin_initactus-deep-schema.php:360
actionwp_headincludes/acsc-FE.php:32
actionwp_enqueue_scriptsincludes/acsc-FE.php:39
actionwpincludes/acsc-FE.php:40
actionwp_headincludes/acsc-FE.php:41
actionadmin_initincludes/acsc-admin.php:22
actionwp_enqueue_scriptsincludes/acsc-admin.php:23
actionadmin_enqueue_scriptsincludes/acsc-admin.php:24
filterscript_loader_tagincludes/acsc-admin.php:122
actioncurrent_screenincludes/acsc-init-data.php:16
actionwpincludes/acsc-init-data.php:17
actioncurrent_screenincludes/acsc-options.php:4
actionwpincludes/acsc-options.php:5
filterpage_templateincludes/front-end/acsc-FE-helpers.php:8
filterthe_seo_framework_receive_json_dataincludes/front-end/acsc-FE-remove-other.php:8
filterwpseo_json_ld_outputincludes/front-end/acsc-FE-remove-other.php:10
filterrank_math/json_ldincludes/front-end/acsc-FE-remove-other.php:12
filtertribe_json_ld_event_objectincludes/front-end/acsc-FE-remove-other.php:15
filtertribe_json_ld_place_objectincludes/front-end/acsc-FE-remove-other.php:17
filtertribe_json_ld_person_objectincludes/front-end/acsc-FE-remove-other.php:19
filtercooked_schema_htmlincludes/front-end/acsc-FE-remove-other.php:22
actionadmin_menuincludes/interface/admin-menu.php:21
actionadmin_menuincludes/interface/admin-menu.php:38
filteracsc-WP-metaincludes/plugins/cooked.php:22
filteracsc-WP-labelsincludes/plugins/cooked.php:24
filteracsc-content-imagesincludes/plugins/cooked.php:30
filteracsc-content-imagesincludes/plugins/cooked.php:35
filteracsc-youtube-urlsincludes/plugins/cooked.php:41
filteracsc-FE-item-dynamicincludes/plugins/cooked.php:46
filteracsc-FE-proccessed-schemasincludes/plugins/cooked.php:150
filteracsc-WP-metaincludes/plugins/learnpress.php:66
filteracsc-WP-labelsincludes/plugins/learnpress.php:69
filteracsc-FE-proccessed-schemasincludes/plugins/learnpress.php:139
filteracsc-WP-global-labelsincludes/plugins/seo-plugins.php:72
filteracsc-WP-globalincludes/plugins/seo-plugins.php:82
filteracsc-WP-metaincludes/plugins/the-events-calendar.php:95
filteracsc-WP-labelsincludes/plugins/the-events-calendar.php:98
filteracsc-WP-global-labelsincludes/plugins/woocommerce.php:64
filteracsc-WP-global-labelsincludes/plugins/woocommerce.php:67
filteracsc-WP-globalincludes/plugins/woocommerce.php:77
filteracsc-WP-metaincludes/plugins/woocommerce.php:87
filteracsc-WP-image-urlsincludes/plugins/woocommerce.php:108
filteracsc-FE-proccessed-schemasincludes/plugins/woocommerce.php:169
Maintenance & Trust

ACTUS Deep Schema Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedApr 22, 2024
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

ACTUS Deep Schema Developer Profile

ACTUS anima

5 plugins · 30 total installs

86
trust score
Avg Security Score
88/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ACTUS Deep Schema

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about ACTUS Deep Schema