WP-Safety

App for Cloudflare® Security & Risk Analysis

wordpress.org/plugins/app-for-cf

All things Cloudflare (caching, flexible SSL, Turnstile, settings, rules, analytics, media in R2, image transforms [AVIF, WebP], secure admin area).

1K active installs v1.9.9 PHP 5.4.0+ WP 5.2+ Updated Feb 18, 2026
cachingcloudflareperformancesecurityseo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is App for Cloudflare® Safe to Use in 2026?

Generally Safe

Score 100/100

App for Cloudflare® has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The plugin 'app-for-cf' v1.9.9 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, suggesting a generally well-maintained codebase. However, a significant concern arises from the static analysis, which reveals a substantial attack surface composed entirely of AJAX handlers that lack authentication checks. While no critical taint flows were identified and most output is properly escaped, these unprotected AJAX entry points represent a direct avenue for potential unauthorized actions or information disclosure if an attacker can trigger them. The absence of known CVEs is a strength, but the unprotected AJAX handlers are a critical weakness that overshadows the otherwise positive code signals.

Key Concerns

  • 4 AJAX handlers without auth checks
  • 79% output escaping
Vulnerabilities
None known

App for Cloudflare® Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

App for Cloudflare® Release Timeline

v1.9.9Current
v1.9.8
v1.9.7
v1.9.6.2
v1.9.6.1
v1.9.6
v1.9.5
v1.9.4.3
v1.9.4.2
v1.9.4.1
v1.9.4
v1.9.3.1
v1.9.3
v1.9.2
v1.9.1
Code Analysis
Analyzed Mar 16, 2026

App for Cloudflare® Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
90
342 escaped
Nonce Checks
2
Capability Checks
6
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

79% escaped432 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
displayPage (src\DigitalPoint\Cloudflare\Base\Admin.php:321)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

App for Cloudflare® Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_app-for-cf_settingssrc\DigitalPoint\Cloudflare\Base\Admin.php:40
authwp_ajax_app-for-cf_statssrc\DigitalPoint\Cloudflare\Base\Admin.php:41
authwp_ajax_app-for-cf_stats-dmarcsrc\DigitalPoint\Cloudflare\Base\Admin.php:42
authwp_ajax_app-for-cf_notice_dismisssrc\DigitalPoint\Cloudflare\Base\Admin.php:43
WordPress Hooks 61
actionadmin_initsrc\DigitalPoint\Cloudflare\Base\Admin.php:37
actionadmin_menusrc\DigitalPoint\Cloudflare\Base\Admin.php:38
filterplugin_action_links_app-for-cf/app-for-cf.phpsrc\DigitalPoint\Cloudflare\Base\Admin.php:45
filterall_pluginssrc\DigitalPoint\Cloudflare\Base\Admin.php:46
filterinstall_plugin_complete_actionssrc\DigitalPoint\Cloudflare\Base\Admin.php:47
filterplugin_row_metasrc\DigitalPoint\Cloudflare\Base\Admin.php:48
filterdebug_informationsrc\DigitalPoint\Cloudflare\Base\Admin.php:50
filteradmin_footer_textsrc\DigitalPoint\Cloudflare\Base\Admin.php:52
filterremovable_query_argssrc\DigitalPoint\Cloudflare\Base\Admin.php:53
actionadmin_noticessrc\DigitalPoint\Cloudflare\Base\Admin.php:59
actionwp_dashboard_setupsrc\DigitalPoint\Cloudflare\Base\Admin.php:63
actionadmin_noticessrc\DigitalPoint\Cloudflare\Base\Admin.php:68
filtersite_status_test_resultsrc\DigitalPoint\Cloudflare\Base\Admin.php:71
actionnetwork_admin_menusrc\DigitalPoint\Cloudflare\Base\Admin.php:73
filternetwork_admin_plugin_action_links_app-for-cf/app-for-cf.phpsrc\DigitalPoint\Cloudflare\Base\Admin.php:74
filteroption_page_capability_app-for-cf-groupsrc\DigitalPoint\Cloudflare\Base\Admin.php:80
actionadmin_noticessrc\DigitalPoint\Cloudflare\Base\Admin.php:126
actionadmin_noticessrc\DigitalPoint\Cloudflare\Base\Admin.php:130
actionnetwork_admin_edit_app-for-cf-settingssrc\DigitalPoint\Cloudflare\Base\Admin.php:144
filterscript_loader_tagsrc\DigitalPoint\Cloudflare\Base\Pub.php:101
filterstyle_loader_tagsrc\DigitalPoint\Cloudflare\Base\Pub.php:102
actionwp_print_footer_scriptssrc\DigitalPoint\Cloudflare\Base\Pub.php:104
filterwp_preload_resourcessrc\DigitalPoint\Cloudflare\Base\Pub.php:106
filterwp_headerssrc\DigitalPoint\Cloudflare\Base\Pub.php:109
filterrest_post_dispatchsrc\DigitalPoint\Cloudflare\Base\Pub.php:110
actionpost_updatedsrc\DigitalPoint\Cloudflare\Base\Pub.php:137
actiontransition_post_statussrc\DigitalPoint\Cloudflare\Base\Pub.php:140
actiontransition_comment_statussrc\DigitalPoint\Cloudflare\Base\Pub.php:143
actioncomment_postsrc\DigitalPoint\Cloudflare\Base\Pub.php:144
actionadmin_bar_menusrc\DigitalPoint\Cloudflare\Base\Pub.php:146
actioncfPurgeCachesrc\DigitalPoint\Cloudflare\Base\Pub.php:148
filterwp_get_attachment_urlsrc\DigitalPoint\Cloudflare\Base\Pub.php:150
filterwp_calculate_image_srcsetsrc\DigitalPoint\Cloudflare\Base\Pub.php:151
actionshutdownsrc\DigitalPoint\Cloudflare\Base\Pub.php:153
filterwpcf7_form_elementssrc\DigitalPoint\Cloudflare\Turnstile\ContactForm7.php:9
filterwpcf7_spamsrc\DigitalPoint\Cloudflare\Turnstile\ContactForm7.php:10
filterhf_form_markupsrc\DigitalPoint\Cloudflare\Turnstile\HtmlForms.php:9
filterhf_ignored_field_namessrc\DigitalPoint\Cloudflare\Turnstile\HtmlForms.php:10
filterhf_validate_formsrc\DigitalPoint\Cloudflare\Turnstile\HtmlForms.php:11
filterelementor/widget/render_contentsrc\DigitalPoint\Cloudflare\Turnstile\MetForm.php:9
filtermf_after_validation_checksrc\DigitalPoint\Cloudflare\Turnstile\MetForm.php:10
actionwoocommerce_register_formsrc\DigitalPoint\Cloudflare\Turnstile\WooCommerce.php:9
actionwoocommerce_register_postsrc\DigitalPoint\Cloudflare\Turnstile\WooCommerce.php:10
actionwoocommerce_login_formsrc\DigitalPoint\Cloudflare\Turnstile\WooCommerce.php:15
actionauthenticatesrc\DigitalPoint\Cloudflare\Turnstile\WooCommerce.php:18
actionwoocommerce_lostpassword_formsrc\DigitalPoint\Cloudflare\Turnstile\WooCommerce.php:23
actionlostpassword_postsrc\DigitalPoint\Cloudflare\Turnstile\WooCommerce.php:26
actionlogin_enqueue_scriptssrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:11
actionregister_formsrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:16
actionregistration_errorssrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:17
actionsignup_extra_fieldssrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:20
filterwpmu_validate_user_signupsrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:21
actionlogin_formsrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:26
filterauthenticatesrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:27
actionlostpassword_formsrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:32
actionlostpassword_postsrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:33
filtercomment_form_submit_buttonsrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:38
actionpre_comment_on_postsrc\DigitalPoint\Cloudflare\Turnstile\WordPress.php:39
actionwpforms_display_submit_beforesrc\DigitalPoint\Cloudflare\Turnstile\WPForms.php:9
actionwpforms_process_beforesrc\DigitalPoint\Cloudflare\Turnstile\WPForms.php:10
actionplugins_loadedsrc\DigitalPoint\Cloudflare\Util\Ip.php:51

Scheduled Events 1

cfPurgeCache
Maintenance & Trust

App for Cloudflare® Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 18, 2026
PHP min version5.4.0
Downloads32K

Community Trust

Rating100/100
Number of ratings13
Active installs1K
Alternatives

App for Cloudflare® Alternatives

LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

A
86

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
Super Page Cache

Super Page Cache

wp-cloudflare-page-cache

A
96

Boost PageSpeed, SEO, and Core Web Vitals with full page caching, JS/CSS optimization, media optimization, and Cloudflare CDN.

60K 2 CVEs
Staatic – Static Site Generator

Staatic – Static Site Generator

staatic

A
100

Staatic lets you create and deploy a streamlined static version of your WordPress site.

2K No CVEs
WP Super Secure and Fast htaccess

WP Super Secure and Fast htaccess

wp-super-secure-and-fast-htaccess

A
85

This essential .htaccess rules plugin allow you to improve security and speed of your wordpress blog.

40 No CVEs
Static Snap

Static Snap

static-snap

A
100

Static Snap converts your WordPress site into a static website, boosting performance, security, scalability, and SEO.

30 No CVEs
Developer Profile

App for Cloudflare® Developer Profile

digitalpoint

4 plugins · 3K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect App for Cloudflare®

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/app-for-cf/assets/css/styles.css/wp-content/plugins/app-for-cf/assets/js/scripts.js
Script Paths
/wp-content/plugins/app-for-cf/assets/js/scripts.js
Version Parameters
app-for-cf/assets/css/styles.css?ver=app-for-cf/assets/js/scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
app-for-cf_settingsdp_tabsapp-for-cf_sidebar_wrapperapp-for-cf_sidebar
Data Attributes
data-click="overlay"
JS Globals
appForCfPublicClass
FAQ

Frequently Asked Questions about App for Cloudflare®