
Bonaire Security & Risk Analysis
wordpress.org/plugins/bonaireSend replies to messages you received trough a default Contact Form 7 contact form and you store with Flamingo.
Is Bonaire Safe to Use in 2026?
Generally Safe
Score 85/100Bonaire has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "bonaire" plugin v0.1.1 exhibits a generally good security posture with several strong practices in place. The absence of any known CVEs or past vulnerabilities is a significant positive, suggesting a history of secure development or a very new, untested plugin. The plugin also demonstrates a strong commitment to input validation and data integrity by utilizing prepared statements for all SQL queries and implementing nonce checks for all identified AJAX handlers. The lack of external HTTP requests and file operations further reduces the potential attack surface.
However, the static analysis does reveal areas for improvement. A notable concern is the 56% rate of properly escaped output. This indicates that a significant portion of the plugin's output is not being properly escaped, creating a potential for Cross-Site Scripting (XSS) vulnerabilities. While no critical or high severity taint flows were found, the presence of two unsanitized path flows, even at lower severities, warrants attention as they could be exploited in specific scenarios to manipulate file paths.
In conclusion, "bonaire" v0.1.1 is a plugin with a promising security foundation, particularly in its handling of SQL and AJAX requests. The primary risk lies in the unescaped output, which requires immediate attention to prevent XSS attacks. The unsanitized path flows, while not currently critical, should also be reviewed and remediated. The plugin's clean vulnerability history is a positive indicator, but ongoing vigilance and addressing the identified output escaping issues are crucial for maintaining a secure application.
Key Concerns
- Insufficient output escaping
- Unsanitized paths in taint flows
Bonaire Security Vulnerabilities
Bonaire Release Timeline
Bonaire Code Analysis
Output Escaping
Data Flow Analysis
Bonaire Attack Surface
AJAX Handlers 11
WordPress Hooks 24
Maintenance & Trust
Bonaire Maintenance & Trust
Maintenance Signals
Community Trust
Bonaire Alternatives
Contact Form 7 – email body TinyMCE editor
cf7-email-body-tinymce-editor
TinyMCE WYSIWYG editor when "Use HTML content type" is checked in Contact Form 7 Mail and Mail (2)
Contact Form 7 Response Message Popup
contact-form-7-response-message-popup
Contact Form 7 Response Message in Fancybox Popup
Bilbok Bulk Mailer for Flamingo
bilbok-bulk-mailer-for-flamingo
Send bulk email campaigns to your Flamingo contacts (Contact Form 7) with a safe queue, Gmail‑friendly rate limiting, and campaign management.
Customize WordPress Emails and Alerts – Better Notifications for WP
bnfw
Supercharge your WordPress email notifications using a WYSIWYG editor and shortcodes. Default and new notifications available. Add-ons available.
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent
tablesome
Powerful Table, Form & Mail Automations. Form Entry Management (+ frontend table ), integrate with MailChimp, G Sheets, CF7, WPForms, Elementor, etc.
Bonaire Developer Profile
4 plugins · 150 total installs
How We Detect Bonaire
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/bonaire/admin/css/bonaire-admin.css/wp-content/plugins/bonaire/admin/js/bonaire-admin.js/wp-content/plugins/bonaire/admin/js/bonaire-admin.jsbonaire/admin/css/bonaire-admin.css?ver=bonaire/admin/js/bonaire-admin.js?ver=HTML / DOM Fingerprints
bonaire-settings-pagebonaire-admin-settingsbonaire-main-wrapbonaire-containerbonaire-dashboard-widgetbonaire-dashboard-widget-contentbonaire-post-views-columnbonaire-contextual-help+8 moreIf this file is called directly, abort.The plugin bootstrap fileInclude dependencies.The class that launches the plugin.+2 moredata-bonairedata-bonaire-account-iddata-bonaire-account-typebonaire_ajaxbonaire_admin_options