WP-Safety

Automation for WPForms Security & Risk Analysis

wordpress.org/plugins/automation-for-wpforms

Create automatic actions using WPForms

0 active installs v1.24 PHP + WP 3.3+ Updated May 13, 2024
display-entriesentriesformswpformwpforms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Automation for WPForms Safe to Use in 2026?

Generally Safe

Score 85/100

Automation for WPForms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "automation-for-wpforms" plugin v1.24 exhibits a mixed security posture. On the positive side, it has no recorded vulnerability history, indicating a generally stable development process. The plugin also demonstrates good practices with a high percentage of SQL queries using prepared statements and a decent rate of output escaping.

However, there are notable concerns arising from the static analysis. The presence of two AJAX handlers without authentication checks represents a significant attack surface. Furthermore, the taint analysis reveals four flows with unsanitized paths, even though they are not classified as critical or high severity. This suggests potential for unintended behavior or data manipulation if user-supplied input is not handled rigorously, especially in conjunction with the unprotected AJAX endpoints.

While the lack of known CVEs is reassuring, the presence of unprotected entry points and unsanitized flows warrants caution. The plugin's strengths lie in its SQL preparation and output escaping, but the immediate risk stems from the unprotected AJAX handlers which could be exploited if they process user input in any way. A balanced conclusion is that the plugin is not inherently insecure, but requires immediate attention to secure its AJAX endpoints and to ensure all data flow paths are adequately sanitized.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • No capability checks
Vulnerabilities
None known

Automation for WPForms Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Automation for WPForms Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Automation for WPForms Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
17 prepared
Unescaped Output
11
30 escaped
Nonce Checks
2
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

89% prepared19 total queries

Output Escaping

73% escaped41 total outputs
Data Flows · Security
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
ProcessLink (Ajax\TriggerAjax.php:23)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Automation for WPForms Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 2

noprivwp_ajax_RNAUTO_process_linkAjax\TriggerAjax.php:17
authwp_ajax_RNAUTO_process_linkAjax\TriggerAjax.php:18

Shortcodes 2

[rnauto_process_link] Core\Loader.php:46
[rnauto_process_workflow] Core\Loader.php:47
WordPress Hooks 9
actionwpforms_process_completeAdapters\WPForms\WPFormsAutomationProcessor.php:15
actionwpforms_pro_admin_entries_edit_submit_completedAdapters\WPForms\WPFormsAutomationProcessor.php:16
actionwpforms_pre_delete_entriesAdapters\WPForms\WPFormsAutomationProcessor.php:17
actionallinoneforms_after_editing_entryCore\EntryMonitor.php:33
filterallinoneforms_get_additional_actionsCore\Loader.php:40
filterallinoneforms_get_additional_action_sectionsCore\Loader.php:41
actioninitCore\Loader.php:42
actionadmin_menuCore\PluginBase.php:92
actionadmin_initCore\PluginBase.php:93
Maintenance & Trust

Automation for WPForms Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 13, 2024
PHP min version
Downloads761

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Automation for WPForms Alternatives

Views for WPForms – Display & Edit WPForms Entries on your site frontend

Views for WPForms – Display & Edit WPForms Entries on your site frontend

views-for-wpforms-lite

A
99

Display and Edit WPForms Entries Directly on Your Website with No Coding Knowledge Needed.

1K 5 CVEs
Page Builder for WPForms – Display your WPForms entries in any page

Page Builder for WPForms – Display your WPForms entries in any page

page-builder-for-wpforms

A
100

In a few clicks create listings, calendars, tables, confirmation pages or everything you need using your WPForms entries. No coding required.

200 No CVEs
Database for Contact Form 7, WPforms, Elementor forms

Database for Contact Form 7, WPforms, Elementor forms

contact-form-entries

B
76

Saves Contact Form 7, WPforms,Elementor Forms, CRM Perks Forms and many other contact form submissions to database.

70K 14 CVEs
WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export

WPSyncSheets For WPForms – Google Sheets Connector for WPForms & Real‑Time Data Export

wpsyncsheets-wpforms

A
99

Connect WPForms to Google Sheets and automatically sync form entries in real-time. Eliminate manual data entry and simplify your workflow.

300 1 CVE
Views for Elementor Forms – Display & Edit Submissions on your site frontend

Views for Elementor Forms – Display & Edit Submissions on your site frontend

views-for-elementor-forms

A
100

Display and edit your Elementor Forms entries directly on the frontend of your website.

40 No CVEs
Developer Profile

Automation for WPForms Developer Profile

EDGARROJAS

19 plugins · 12K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
278 days
View full developer profile
Detection Fingerprints

How We Detect Automation for WPForms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Automation for WPForms