WP-Safety

Advanced Automatic Updates Security & Risk Analysis

wordpress.org/plugins/automatic-updater

Adds extra options to WordPress' built-in Automatic Updates feature.

30K active installs v1.0.2 PHP + WP 3.7+ Updated Jun 4, 2021
corepluginsstablethemesupdates
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Advanced Automatic Updates Safe to Use in 2026?

Generally Safe

Score 85/100

Advanced Automatic Updates has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "automatic-updater" plugin v1.0.2 exhibits a generally good security posture. The absence of known vulnerabilities (CVEs) and the use of prepared statements for all SQL queries are strong indicators of robust security practices. The plugin also demonstrates a commitment to securing its entry points with nonce and capability checks. The limited attack surface, with no unprotected AJAX handlers, REST API routes, or shortcodes, further strengthens its security. However, the presence of the `exec` function, a potentially dangerous function that allows arbitrary command execution, raises a significant concern. While the taint analysis shows no current unsanitized flows, the latent risk associated with `exec` remains, especially if user-controlled input could ever reach it. The moderately high percentage of improperly escaped output also presents a potential cross-site scripting (XSS) vulnerability, though its severity depends on the nature of the unescaped data.

Key Concerns

  • Use of the dangerous 'exec' function
  • Significant percentage of unescaped output
Vulnerabilities
None known

Advanced Automatic Updates Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Advanced Automatic Updates Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
10
20 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

execexec( 'svn up ' . ABSPATH, $output, $return );automatic-updater.php:276
execexec( 'svn up ' . WP_PLUGIN_DIR . '/' . plugin_dir_path( $id ), $output, $return );automatic-updater.php:318
execexec( 'svn up ' . $theme->get_stylesheet_directory(), $output, $return );automatic-updater.php:360

Output Escaping

67% escaped30 total outputs
Attack Surface

Advanced Automatic Updates Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 21
actionnetwork_admin_menuadmin.php:24
actionadmin_menuadmin.php:29
actionshutdownautomatic-updater.php:55
actionadmin_initautomatic-updater.php:69
filterallow_major_auto_core_updatesautomatic-updater.php:73
filterallow_major_auto_core_updatesautomatic-updater.php:75
filterallow_minor_auto_core_updatesautomatic-updater.php:78
filterallow_minor_auto_core_updatesautomatic-updater.php:80
filterauto_update_pluginautomatic-updater.php:83
filterauto_update_pluginautomatic-updater.php:85
filterauto_update_themeautomatic-updater.php:88
filterauto_update_themeautomatic-updater.php:90
filterauto_core_update_send_emailautomatic-updater.php:93
filterauto_core_update_send_emailautomatic-updater.php:95
filterauto_core_update_emailautomatic-updater.php:98
filterautomatic_updates_debug_emailautomatic-updater.php:99
filterautomatic_updates_send_debug_emailautomatic-updater.php:104
filterautomatic_updates_send_debug_emailautomatic-updater.php:106
actionadmin_noticesautomatic-updater.php:152
filterwp_mail_content_typeautomatic-updater.php:444
actioninitautomatic-updater.php:521

Scheduled Events 1

auto_updater_svn_event
Maintenance & Trust

Advanced Automatic Updates Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedJun 4, 2021
PHP min version
Downloads255K

Community Trust

Rating94/100
Number of ratings61
Active installs30K
Alternatives

Advanced Automatic Updates Alternatives

Site Update Notification

Site Update Notification

site-update-notification

A
92

A plugin that sends email notifications when plugins, themes, or WordPress need updates.

50 No CVEs
L7 Automatic Updates

L7 Automatic Updates

l7-automatic-updates

A
85

Set individual plugins, major and minor WordPress releases, themes and all plugins to automatically update.

10 No CVEs
WPAlerts

WPAlerts

wpalerts

A
100

WPAlerts is a web-based software (http://wp-alerts.com/) that allows one person to update multiple WordPress web sites from one dashboard.

10 No CVEs
Time to Update

Time to Update

time-to-update

A
100

Sends email notifications when WordPress core, plugin, or theme updates are available. Simple, lightweight, and set-and-forget.

0 No CVEs
Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes

Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes

disable-email-notification-for-auto-updates

A
100

This plugin disables email notifications for auto-updates and blocks updates for specific plugins, hide plugins, WordPress core, and themes.

3K No CVEs
Developer Profile

Advanced Automatic Updates Developer Profile

Gary Pendergast

3 plugins · 31K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Automatic Updates

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output
<!-- Advanced Automatic Updates -->
FAQ

Frequently Asked Questions about Advanced Automatic Updates