Does Better OM API have any unpatched vulnerabilities?

No. All known vulnerabilities in Better OM API have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Better OM API compatible with WordPress 6.5.8?

According to WordPress.org data, Better OM API 0.6.3 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Better OM API updated?

Better OM API was last updated on Apr 4, 2024. Frequent updates are generally a positive security signal.

What is Better OM API's security score?

Better OM API has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Better OM API Security & Risk Analysis

wordpress.org/plugins/better-om-api

A better version of the OptimizeMember API, specially tailored for the Dutch service Autorespond.

10 active installs v0.6.3 PHP + WP 4.0+ Updated Apr 4, 2024

apiautorespondoptimizemember

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Better OM API Safe to Use in 2026?

Generally Safe

Score 92/100

Better OM API has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "better-om-api" plugin version 0.6.3 exhibits several significant security weaknesses, primarily stemming from its unprotected AJAX handler and lack of input validation and output escaping. The presence of an unprotected AJAX handler represents a direct entry point for potential attackers, which is exacerbated by the use of the `unserialize` function, a known vector for remote code execution if not handled with extreme care. The analysis also reveals a severe lack of proper output escaping, with only 9% of outputs being properly sanitized, indicating a high risk of cross-site scripting (XSS) vulnerabilities. The complete absence of nonce and capability checks on the entry point further amplifies these risks by allowing any authenticated user, or potentially even unauthenticated users depending on the WordPress setup, to trigger the plugin's functionality. While the plugin has no recorded vulnerability history, this should not be interpreted as a sign of robust security. Instead, it likely reflects a lack of prior in-depth security audits or a limited attack surface discovered thus far. The current state of the code suggests a poor security posture and a high likelihood of exploitable vulnerabilities.

Key Concerns

Unprotected AJAX handler
Dangerous function: unserialize
SQL queries without prepared statements
Poor output escaping (9% proper)
No nonce checks
No capability checks

Vulnerabilities

None known

Better OM API Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Better OM API Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeif (!empty ($result) && !preg_match ("/^Error\:/i", $result) && is_array ($user = @unserialize ($resbetter-om-api.php:765

unserializeif (!empty ($result) && !preg_match("/^Error\:/i", $result) && is_array($user = @unserialize($resultbetter-om-api.php:805

unserializeif (!empty ($result) && !preg_match("/^Error\:/i", $result) && is_array($user = @unserialize($resultbetter-om-api.php:850

unserializeif (!empty ($result) && !preg_match("/^Error\:/i", $result) && is_array($user = @unserialize($resultbetter-om-api.php:899

SQL Query Safety

0% prepared1 total queries

Output Escaping

9% escaped22 total outputs

Attack Surface

1 unprotected

Better OM API Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_boa_show_logbetter-om-api.php:88

WordPress Hooks 6

actionadmin_menubetter-om-api.php:72

actionadmin_initbetter-om-api.php:75

actionadmin_headbetter-om-api.php:78

actioninitbetter-om-api.php:81

actionplugins_loadedbetter-om-api.php:85

filterplugin_action_linksbetter-om-api.php:91

Maintenance & Trust

Better OM API Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 4, 2024

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Better OM API Alternatives

Better WishList API

better-wlm-api

A better version of the WishList Member API. Created to make the connection to external services like ActiveCampaign and Autorespond a lot easier.

200 2 CVEs

Meta for WooCommerce

facebook-for-woocommerce

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K 3 CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

Meta pixel for WordPress

official-facebook-pixel

Grow your business with Meta for WordPress!

400K 2 CVEs

WooCommerce Legacy REST API

woocommerce-legacy-rest-api

The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.

400K No CVEs

Developer Profile

Better OM API Developer Profile

rickonline_nl

2 plugins · 210 total installs

trust score

Avg Security Score

91/100

Avg Patch Time

23 days

View full developer profile

Detection Fingerprints

How We Detect Better OM API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/better-om-api/assets/css/style-admin.css

Version Parameters

better-om-api/assets/css/style-admin.css?ver=

HTML / DOM Fingerprints

HTML Comments

+16 more

Data Attributes

name="boa_yesno"id="boa_yesno"name="boa_option_om_api_key"value="boa_admin_page"

JS Globals

OPTIMIZEMEMBER_VERSION

FAQ