Anomify AI – Anomaly Detection and Alerting Security & Risk Analysis

wordpress.org/plugins/anomify

The Anomify plugin sends selected performance metrics about your WordPress site to the Anomify.ai service for anomaly detection and alerting.

10 active installs v0.3.6 PHP 7.0+ WP 5.0+ Updated Mar 19, 2024
analysisanomaliesanomalydetectionmetrics
41
D · High Risk
CVEs total2
Unpatched2
Last CVEMay 19, 2026
Safety Verdict

Is Anomify AI – Anomaly Detection and Alerting Safe to Use in 2026?

High Risk

Score 41/100

Anomify AI – Anomaly Detection and Alerting carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: May 19, 2026Updated 2yr ago
Risk Assessment

The Anomify plugin v0.3.6 exhibits a strong static security posture with no identified AJAX handlers, REST API routes, shortcodes, or cron events that pose an immediate attack surface. Furthermore, it demonstrates good practices by utilizing prepared statements for all its SQL queries and does not bundle external libraries, which can help avoid vulnerabilities from outdated components. The absence of any recorded vulnerabilities in its history is also a positive sign, suggesting a generally secure development approach.

However, the plugin has notable security concerns. The presence of the `unserialize` function is a significant risk, as it can be exploited to execute arbitrary code if it processes untrusted user input. While the static analysis did not reveal any taint flows originating from `unserialize`, this function remains a potential vector if input sanitization is not rigorously enforced elsewhere. The low percentage of properly escaped output (30%) also raises concerns about potential cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate escaping.

In conclusion, Anomify v0.3.6 has a solid foundation with minimal direct attack vectors and good SQL handling. The primary weaknesses lie in the use of `unserialize` and insufficient output escaping, which require careful attention to prevent potential security breaches. The lack of historical vulnerabilities is encouraging, but the identified code signals necessitate vigilance and further code review to ensure all user inputs are properly sanitized and escaped.

Key Concerns

  • Use of unserialize function
  • Low percentage of properly escaped output
  • No nonce checks
  • No capability checks
Vulnerabilities
2 published

Anomify AI – Anomaly Detection and Alerting Security Vulnerabilities

CVEs by Year

2 CVEs in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-6405medium · 4.3Cross-Site Request Forgery (CSRF)

Anomify AI <= 0.3.6 - Cross-Site Request Forgery

May 19, 2026Unpatched
CVE-2026-6404medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Anomify AI <= 0.3.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'anomify_api_key' Parameter

May 19, 2026Unpatched
Version History

Anomify AI – Anomaly Detection and Alerting Release Timeline

Code Analysis
Analyzed Apr 16, 2026

Anomify AI – Anomaly Detection and Alerting Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
7
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserializeif (false == ($oConfig = unserialize($sConfig))) {Anomify/Config.php:86

Output Escaping

30% escaped10 total outputs
Attack Surface

Anomify AI – Anomaly Detection and Alerting Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
filterplugin_action_linksAnomify/Wp/Admin.php:9
actionadmin_menuAnomify/Wp.php:16
actionshutdownAnomify/Wp.php:26
Maintenance & Trust

Anomify AI – Anomaly Detection and Alerting Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMar 19, 2024
PHP min version7.0
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Developer Profile

Anomify AI – Anomaly Detection and Alerting Developer Profile

simon.holliday

1 plugin · 10 total installs

53
trust score
Avg Security Score
41/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Anomify AI – Anomaly Detection and Alerting

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/anomify/assets/css/admin-style.css/wp-content/plugins/anomify/assets/js/admin-script.js
Script Paths
/wp-content/plugins/anomify/assets/js/admin-script.js
Version Parameters
anomify/assets/css/admin-style.css?ver=anomify/assets/js/admin-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
anomify-settings-page
FAQ

Frequently Asked Questions about Anomify AI – Anomaly Detection and Alerting