Andromeda Security & Risk Analysis

wordpress.org/plugins/andromeda

Log the wordpress activities without bloating the hosting server. This plugin will use our API to log the activities.

0 active installs v0.0.1 PHP 7.4+ WP 5.7+ Updated Oct 11, 2024
activity-logbackupmigrateredirectiontransfer
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Andromeda Safe to Use in 2026?

Generally Safe

Score 92/100

Andromeda has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "andromeda" plugin v0.0.1 exhibits a concerning security posture due to a significant number of unprotected entry points. While the static analysis indicates good practices in SQL handling, output escaping, and a lack of file operations or external HTTP requests, the presence of two AJAX handlers without authentication checks is a critical flaw. This means any unauthenticated user could potentially trigger these handlers, leading to an arbitrary code execution or information disclosure vulnerability if the handlers perform sensitive operations. The absence of nonce checks further exacerbates this risk, making the plugin vulnerable to Cross-Site Request Forgery (CSRF) attacks targeting these AJAX endpoints.

The vulnerability history is clean, with no known CVEs recorded. This might suggest that the plugin is either new, not widely used, or has not been subjected to extensive security audits. However, the lack of historical vulnerabilities should not be interpreted as a guarantee of future security, especially given the identified critical flaws in the current codebase. The plugin's strengths lie in its adherence to secure coding practices for SQL and output handling, but these are overshadowed by the severe risk posed by the unprotected AJAX endpoints. A balanced conclusion is that while the plugin demonstrates some good coding habits, the unprotected AJAX handlers represent a serious security deficiency that requires immediate attention.

Key Concerns

  • AJAX handlers without authentication checks
  • Missing nonce checks on AJAX handlers
Vulnerabilities
None known

Andromeda Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Andromeda Release Timeline

v0.0.1Current
Code Analysis
Analyzed Apr 16, 2026

Andromeda Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
16 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

100% escaped16 total outputs
Attack Surface
2 unprotected

Andromeda Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_plugin_file_change_logandromeda/includes/hooks/class-activity-log-hook-plugins.php:27
authwp_ajax_theme_file_change_logandromeda/includes/hooks/class-activity-log-hook-themes.php:17
WordPress Hooks 44
actionadmin_enqueue_scriptsandromeda/includes/general/cdn-activity-log-hooks.php:20
actionadd_attachmentandromeda/includes/hooks/class-activity-log-hook-attachments.php:17
actionedit_attachmentandromeda/includes/hooks/class-activity-log-hook-attachments.php:19
actiondelete_attachmentandromeda/includes/hooks/class-activity-log-hook-attachments.php:21
actionwp_insert_commentandromeda/includes/hooks/class-activity-log-hook-comments.php:16
actionedit_commentandromeda/includes/hooks/class-activity-log-hook-comments.php:17
actiontrash_commentandromeda/includes/hooks/class-activity-log-hook-comments.php:18
actionuntrash_commentandromeda/includes/hooks/class-activity-log-hook-comments.php:19
actionspam_commentandromeda/includes/hooks/class-activity-log-hook-comments.php:20
actionunspam_commentandromeda/includes/hooks/class-activity-log-hook-comments.php:21
actiondelete_commentandromeda/includes/hooks/class-activity-log-hook-comments.php:22
actiontransition_comment_statusandromeda/includes/hooks/class-activity-log-hook-comments.php:23
action_core_updated_successfullyandromeda/includes/hooks/class-activity-log-hook-core.php:16
actionexport_wpandromeda/includes/hooks/class-activity-log-hook-export.php:16
actionwp_update_nav_menuandromeda/includes/hooks/class-activity-log-hook-menus.php:17
actionwp_create_nav_menuandromeda/includes/hooks/class-activity-log-hook-menus.php:18
actiondelete_nav_menuandromeda/includes/hooks/class-activity-log-hook-menus.php:20
actionupdated_optionandromeda/includes/hooks/class-activity-log-hook-options.php:16
actionactivated_pluginandromeda/includes/hooks/class-activity-log-hook-plugins.php:17
actiondeactivated_pluginandromeda/includes/hooks/class-activity-log-hook-plugins.php:19
actionupgrader_process_completeandromeda/includes/hooks/class-activity-log-hook-plugins.php:21
actiondeleted_pluginandromeda/includes/hooks/class-activity-log-hook-plugins.php:23
filterwp_redirectandromeda/includes/hooks/class-activity-log-hook-plugins.php:25
actiontransition_post_statusandromeda/includes/hooks/class-activity-log-hook-posts.php:18
actiondelete_postandromeda/includes/hooks/class-activity-log-hook-posts.php:20
actioncreated_termandromeda/includes/hooks/class-activity-log-hook-taxonomies.php:16
actionedited_termandromeda/includes/hooks/class-activity-log-hook-taxonomies.php:17
actiondelete_termandromeda/includes/hooks/class-activity-log-hook-taxonomies.php:18
actionswitch_themeandromeda/includes/hooks/class-activity-log-hook-themes.php:18
actiondelete_site_transient_update_themesandromeda/includes/hooks/class-activity-log-hook-themes.php:19
actionupgrader_process_completeandromeda/includes/hooks/class-activity-log-hook-themes.php:20
actioncustomize_saveandromeda/includes/hooks/class-activity-log-hook-themes.php:23
actionuser_registerandromeda/includes/hooks/class-activity-log-hook-users.php:18
actionwp_loginandromeda/includes/hooks/class-activity-log-hook-users.php:20
actionclear_auth_cookieandromeda/includes/hooks/class-activity-log-hook-users.php:22
filterwp_login_failedandromeda/includes/hooks/class-activity-log-hook-users.php:24
actionprofile_updateandromeda/includes/hooks/class-activity-log-hook-users.php:26
actiondelete_userandromeda/includes/hooks/class-activity-log-hook-users.php:28
filterwidget_update_callbackandromeda/includes/hooks/class-activity-log-hook-widgets.php:16
filtersidebar_admin_setupandromeda/includes/hooks/class-activity-log-hook-widgets.php:19
filterrest_post_dispatchandromeda/includes/hooks/class-activity-log-hook-widgets.php:22
actioninitandromeda/includes/hooks/class-activity-log-integration-woocommerce.php:17
filterwoocommerce_get_settings_pagesandromeda/includes/hooks/class-activity-log-integration-woocommerce.php:25
filterwp_activity_log_optionsandromeda/includes/hooks/class-activity-log-integration-woocommerce.php:26
Maintenance & Trust

Andromeda Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedOct 11, 2024
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Andromeda Developer Profile

Naqi

3 plugins · 20 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Andromeda

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/andromeda/assets/js/theme-plugin-activity-log.js
Version Parameters
andromeda/assets/js/theme-plugin-activity-log.js?ver=

HTML / DOM Fingerprints

JS Globals
theme_login_activity_log
FAQ

Frequently Asked Questions about Andromeda