WP-Safety

Anura.io Security & Risk Analysis

wordpress.org/plugins/anura-io

Anura aims to help businesses ensure their advertising efforts are reaching genuine users, thereby maximizing the return on investment and maintaining …

10 active installs v3.0.2 PHP 7.4+ WP 5.3+ Updated Dec 3, 2025
ad-fraudadfraudaffiliate-fraud-detectionclick-fraudspam
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Anura.io Safe to Use in 2026?

Generally Safe

Score 100/100

Anura.io has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The Anura IO plugin (v3.0.2) exhibits a generally strong security posture due to its adherence to secure coding practices. Notably, it utilizes prepared statements for all SQL queries and properly escapes all output, mitigating common web application vulnerabilities. The absence of dangerous functions, file operations, and known vulnerabilities in its history further contributes to this positive assessment. However, there are significant concerns regarding the plugin's attack surface, particularly its unprotected REST API routes. Two REST API routes are exposed without any permission callbacks, meaning any unauthenticated user can potentially interact with these endpoints, which could lead to unintended actions or data exposure if these endpoints perform sensitive operations.

While the plugin has no recorded CVEs and uses capability checks for some operations, the lack of authorization checks on its REST API endpoints is a critical oversight. This creates a direct entry point for attackers that bypasses WordPress's built-in permission system. The plugin also has an unprotected cron event, which, while not as directly exploitable as REST API routes, could still be a vector for certain types of attacks if its execution context is not properly secured. The zero taint analysis flows suggest that currently, there are no identified paths where unsanitized data could lead to critical or high-severity issues, but this is based on the specific analysis performed and does not negate the risk of the exposed entry points.

In conclusion, Anura IO v3.0.2 demonstrates good secure coding practices in areas like SQL and output handling. However, the significant number of unprotected entry points, specifically its REST API routes, presents a substantial security risk that needs immediate attention. The absence of known vulnerabilities is positive but does not excuse the current lack of robust authorization on its API. Addressing these unprotected endpoints should be the highest priority to improve the plugin's overall security.

Key Concerns

  • REST API routes without permission callbacks
  • Cron events without clear authorization checks
Vulnerabilities
None known

Anura.io Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Anura.io Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
0
14 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

100% escaped14 total outputs
Attack Surface
2 unprotected

Anura.io Attack Surface

Entry Points2
Unprotected2

REST API Routes 2

GET/wp-json/anura/v1anura-settingssettings.php:96
GET/wp-json/anura/v1blocked-loginssettings.php:117
WordPress Hooks 10
actionanura_cleanup_blocked_loginsanura-plugin.php:54
actionwp_headanura-script.php:19
filterscript_loader_taganura-script.php:45
actionsend_headersanura-script.php:82
actionlogin_headlogin-protection.php:32
actionlogin_initlogin-protection.php:55
actionadmin_menusettings.php:25
actionadmin_enqueue_scriptssettings.php:40
actionrest_api_initsettings.php:85
actionplugins_loadedsettings.php:132

Scheduled Events 1

anura_cleanup_blocked_logins
Maintenance & Trust

Anura.io Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Anura.io Alternatives

CHEQ Essentials

CHEQ Essentials

cheq-essentials-go-to-market-security

A
100

Protect, analyze & block threats in real time your website from bots, click fraud, and invalid traffic with CHEQ Essentials.

700 No CVEs
ClickFraudFree

ClickFraudFree

click-fraud-free

A
100

Protects websites and ad campaigns from bots, competitors, and invalid traffic using a remote click fraud detection service.

40 No CVEs
Bunkr Solution

Bunkr Solution

bunkr-solution

A
100

Advanced bot protection for WordPress using real-time behavioral analysis. Blocks malicious traffic while allowing legitimate users seamless access.

0 No CVEs
Campaign AI

Campaign AI

campaign-ai

A
100

Campaign AI integration plugin that protects websites and ad campaigns from bots and invalid traffic using real-time click fraud detection.

0 No CVEs
Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Developer Profile

Anura.io Developer Profile

anurasupport

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Anura.io

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/anura-io/anura-script.js/wp-content/plugins/anura-io/anura-script.css
Script Paths
https://script.anura.io/request.js
Version Parameters
anura-script.js?ver=anura-script.css?ver=

HTML / DOM Fingerprints

Data Attributes
data-anura-iddata-anura-instance
JS Globals
anura_validate_visitor
FAQ

Frequently Asked Questions about Anura.io