Does Atlas Content Modeler have any unpatched vulnerabilities?

No. All known vulnerabilities in Atlas Content Modeler have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Atlas Content Modeler compatible with WordPress 6.5.8?

According to WordPress.org data, Atlas Content Modeler 0.26.2 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Atlas Content Modeler compatible with PHP 7.2+?

Atlas Content Modeler requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Atlas Content Modeler updated?

Atlas Content Modeler was last updated on Apr 2, 2024. Frequent updates are generally a positive security signal.

What is Atlas Content Modeler's security score?

Atlas Content Modeler has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Atlas Content Modeler Security & Risk Analysis

wordpress.org/plugins/atlas-content-modeler

A WordPress plugin to create custom post types, custom fields, and custom taxonomies for headless WordPress sites.

100 active installs v0.26.2 PHP 7.2+ WP 5.7+ Updated Apr 2, 2024

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Atlas Content Modeler Safe to Use in 2026?

Generally Safe

Score 85/100

Atlas Content Modeler has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "atlas-content-modeler" v0.26.2 plugin exhibits a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of vulnerabilities in its historical record, indicating a potentially well-maintained and secure codebase over time. Furthermore, the plugin demonstrates excellent practices regarding output escaping, with 100% of outputs properly escaped, and a high percentage (92%) of SQL queries utilizing prepared statements, which is crucial for preventing SQL injection. The attack surface is well-secured, with all entry points having appropriate authentication and permission checks in place.

However, a notable concern is the presence of the `shell_exec` function. While it is only one instance, the use of such a function can introduce significant security risks if not handled with extreme care, potentially allowing for remote code execution if user input is not rigorously sanitized. The taint analysis did not reveal any unsanitized paths, which is a positive sign that this specific function might be used in a controlled manner. The limited number of file operations and external HTTP requests also suggest a contained functionality, reducing potential attack vectors.

In conclusion, the plugin is largely secure with robust defenses against common web vulnerabilities. The only significant flag is the `shell_exec` function. Given the lack of historical vulnerabilities and the secure handling of other potential entry points, the risk associated with `shell_exec` might be mitigated by internal coding practices. Nevertheless, its presence warrants vigilance and thorough code review.

Key Concerns

Presence of dangerous function 'shell_exec'

Vulnerabilities

None known

Atlas Content Modeler Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Atlas Content Modeler Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

35 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

shell_execshell_exec( "open {$temp_dir}" ); // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.system_callsincludes\wp-cli\class-blueprint.php:354

SQL Query Safety

92% prepared24 total queries

Output Escaping

100% escaped35 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

display_save_post_errors (includes\publisher\class-publisher-form-editing-experience.php:619)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Atlas Content Modeler Attack Surface

Entry Points14

Unprotected0

REST API Routes 14

POST/wp-json/atlascontent-connect/searchincludes\content-connect\includes\API\Search.php:28

GET/wp-json/wpe/atlas/content-model-fieldincludes\rest-api\routes\content-model-field.php:30

DELETE/wp-json/wpe/atlas/content-model-field/([A-Za-z0-9])\w+/includes\rest-api\routes\content-model-field.php:43

PATCH/wp-json/wpe/atlas/content-model-fields/([a-z0-9_\-]+)includes\rest-api\routes\content-model-fields.php:23

GET/wp-json/wpe/atlas/content-model/([a-z0-9_\-]+)includes\rest-api\routes\content-model.php:27

POST/wp-json/wpe/atlas/content-modelincludes\rest-api\routes\content-model.php:40

PATCH/wp-json/wpe/atlas/content-model/([a-z0-9_\-]+)includes\rest-api\routes\content-model.php:53

DELETE/wp-json/wpe/atlas/content-model/([a-z0-9_\-]+)includes\rest-api\routes\content-model.php:66

GET/wp-json/wpe/atlas/content-models/includes\rest-api\routes\content-models.php:23

PUT/wp-json/wpe/atlas/content-models/includes\rest-api\routes\content-models.php:38

POST/wp-json/wpe/atlas/dismiss-feedback-bannerincludes\rest-api\routes\dismiss-feedback-banner.php:21

GET/wp-json/wpe/atlas/taxonomyincludes\rest-api\routes\taxonomy.php:22

DELETE/wp-json/wpe/atlas/taxonomy/(?P<taxonomy>[\w-]+)includes\rest-api\routes\taxonomy.php:35

GET/wp-json/wpe/atlas/validate-unique-emailincludes\rest-api\routes\validate-field.php:22

WordPress Hooks 57

actionplugins_loadedatlas-content-modeler.php:29

actionadmin_noticesatlas-content-modeler.php:95

actionrest_api_initincludes\content-connect\includes\API\Search.php:20

filteracm_content_connect_localize_dataincludes\content-connect\includes\API\Search.php:21

actioninitincludes\content-connect\includes\Plugin.php:137

filterposts_whereincludes\content-connect\includes\QueryIntegration\WPQueryIntegration.php:22

filterposts_joinincludes\content-connect\includes\QueryIntegration\WPQueryIntegration.php:23

filterposts_groupbyincludes\content-connect\includes\QueryIntegration\WPQueryIntegration.php:24

filterposts_orderbyincludes\content-connect\includes\QueryIntegration\WPQueryIntegration.php:25

actiondeleted_postincludes\content-connect\includes\Relationships\DeletedItems.php:21

actioninitincludes\content-connect\includes\Tables\BaseTable.php:82

actioninitincludes\content-registration\custom-post-types-registration.php:19

actionacm_content_connect_initincludes\content-registration\custom-post-types-registration.php:114

actiongraphql_register_typesincludes\content-registration\custom-post-types-registration.php:516

filtergraphql_data_is_privateincludes\content-registration\custom-post-types-registration.php:643

filteris_protected_metaincludes\content-registration\custom-post-types-registration.php:833

actiongraphql_register_typesincludes\content-registration\graphql-mutations.php:19

actiongraphql_post_object_mutation_update_additional_dataincludes\content-registration\graphql-mutations.php:87

actioninitincludes\content-registration\register-taxonomies.php:15

filtergraphql_data_is_privateincludes\content-registration\register-taxonomies.php:162

actioninitincludes\publisher\class-publisher-form-editing-experience.php:67

actionrest_api_initincludes\publisher\class-publisher-form-editing-experience.php:68

actioninit_graphql_requestincludes\publisher\class-publisher-form-editing-experience.php:69

actionrest_api_initincludes\publisher\class-publisher-form-editing-experience.php:70

filteruse_block_editor_for_post_typeincludes\publisher\class-publisher-form-editing-experience.php:71

actioncurrent_screenincludes\publisher\class-publisher-form-editing-experience.php:72

actionadmin_enqueue_scriptsincludes\publisher\class-publisher-form-editing-experience.php:73

actionedit_form_after_titleincludes\publisher\class-publisher-form-editing-experience.php:74

actionsave_postincludes\publisher\class-publisher-form-editing-experience.php:75

actionwp_insert_postincludes\publisher\class-publisher-form-editing-experience.php:76

filterredirect_post_locationincludes\publisher\class-publisher-form-editing-experience.php:77

actionadmin_noticesincludes\publisher\class-publisher-form-editing-experience.php:78

filterthe_titleincludes\publisher\class-publisher-form-editing-experience.php:79

actionload-post.phpincludes\publisher\class-publisher-form-editing-experience.php:80

actionload-post-new.phpincludes\publisher\class-publisher-form-editing-experience.php:81

actiondo_meta_boxesincludes\publisher\class-publisher-form-editing-experience.php:82

actiondo_meta_boxesincludes\publisher\class-publisher-form-editing-experience.php:83

actiontransition_post_statusincludes\publisher\class-publisher-form-editing-experience.php:84

actionupdated_postmetaincludes\publisher\class-publisher-form-editing-experience.php:85

actionadded_post_metaincludes\publisher\class-publisher-form-editing-experience.php:86

actionadmin_noticesincludes\publisher\class-publisher-form-editing-experience.php:638

filterredirect_post_locationincludes\publisher\class-publisher-form-editing-experience.php:786

actionwp_insert_postincludes\publisher\class-publisher-form-editing-experience.php:863

actioninitincludes\rest-api\init-rest-api.php:12

actionrest_api_initincludes\rest-api\routes\content-model-field.php:24

actionrest_api_initincludes\rest-api\routes\content-model-fields.php:17

actionrest_api_initincludes\rest-api\routes\content-model.php:21

actionrest_api_initincludes\rest-api\routes\content-models.php:17

actionrest_api_initincludes\rest-api\routes\dismiss-feedback-banner.php:15

actionrest_api_initincludes\rest-api\routes\taxonomy.php:16

actionrest_api_initincludes\rest-api\routes\validate-field.php:16

actionadmin_menuincludes\settings\settings-callbacks.php:15

filterparent_fileincludes\settings\settings-callbacks.php:67

actionadmin_enqueue_scriptsincludes\settings\settings-callbacks.php:119

actioninitincludes\settings\settings-callbacks.php:181

actionadmin_initincludes\settings\settings-callbacks.php:201

actionadmin_enqueue_scriptsincludes\shared-assets\wp_scripts\shared_assets.php:12

Maintenance & Trust

Atlas Content Modeler Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 2, 2024

PHP min version7.2

Downloads23K

Community Trust

Rating96/100

Number of ratings4

Active installs100

Alternatives

Atlas Content Modeler Alternatives

No alternatives data available yet.

Developer Profile

Atlas Content Modeler Developer Profile

StudioPress

8 plugins · 65K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

126 days

View full developer profile

Detection Fingerprints

How We Detect Atlas Content Modeler

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/atlas-content-modeler/includes/settings/settings.css/wp-content/plugins/atlas-content-modeler/includes/shared-assets/dist/js/shared_assets.js/wp-content/plugins/atlas-content-modeler/includes/publisher/dist/js/app.js

Script Paths

shared_assetsacm-app

Version Parameters

atlas-content-modeler/includes/settings/settings.css?ver=atlas-content-modeler/includes/shared-assets/dist/js/shared_assets.js?ver=atlas-content-modeler/includes/publisher/dist/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

acm-admin-noticeacm-app-container

HTML Comments

Data Attributes

data-acm-model-slugdata-acm-post-id

JS Globals

ACMACMRelationshipACMPostType

REST Endpoints

/wp-json/wp/v2/atlas-content-modeler/

FAQ