WP-Safety

BotMate – Automate or Sync Your Sites With No Code Security & Risk Analysis

wordpress.org/plugins/botmate

Automate your multiple sites or sync your sites with no code approach, BotMate provides a unique experience to automate your multiple sites together b …

10 active installs v1.0.0 PHP 7.2+ WP 5.8+ Updated Oct 29, 2022
automationautomatorsyncwebhookzapier
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BotMate – Automate or Sync Your Sites With No Code Safe to Use in 2026?

Generally Safe

Score 85/100

BotMate – Automate or Sync Your Sites With No Code has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "botmate" plugin v1.0.0 exhibits a generally good security posture based on the provided static analysis. A significant strength is the complete absence of unprotected entry points, with all 5 AJAX handlers including capability checks. Furthermore, 100% of outputs are properly escaped, and the plugin demonstrates robust use of prepared statements for SQL queries (86%). The lack of any recorded vulnerabilities, including critical or high severity ones, and no unpatched CVEs, is a strong positive indicator of its development practices. The plugin also correctly utilizes nonces for its AJAX endpoints. However, a single instance of the `unserialize` function presents a potential concern. While no direct unsanitized flows were identified in the taint analysis, `unserialize` can be a vector for deserialization vulnerabilities if the input data is not strictly validated before being passed to it. The presence of bundled libraries like Select2 and Freemius also warrants attention for potential out-of-date versions, though no specific issues were flagged in this analysis.

Key Concerns

  • Use of unserialize function
Vulnerabilities
None known

BotMate – Automate or Sync Your Sites With No Code Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

BotMate – Automate or Sync Your Sites With No Code Code Analysis

Dangerous Functions
1
Raw SQL Queries
1
6 prepared
Unescaped Output
0
72 escaped
Nonce Checks
6
Capability Checks
1
File Operations
0
External Requests
1
Bundled Libraries
2

Dangerous Functions Found

unserialize$row = ( !empty( $row ) ) ? unserialize( $row->meta_value ) : '';includes\rest-api\Middleware\v1\class-middleware.php:51

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

86% prepared7 total queries

Output Escaping

100% escaped72 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<html-logs> (includes\admin\views\html-logs.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BotMate – Automate or Sync Your Sites With No Code Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 5

authwp_ajax_bm-generate-api-keyincludes\admin\menu-actions.php:19
authwp_ajax_bm-save-sitesincludes\admin\menu-connections.php:31
authwp_ajax_bm-test-connectionincludes\admin\menu-connections.php:32
authwp_ajax_bm-get-actionsincludes\admin\menu-triggers.php:22
authwp_ajax_bm-get-action-fieldsincludes\admin\menu-triggers.php:23
WordPress Hooks 19
actioninitincludes\admin\menu-actions.php:16
actionadd_meta_boxesincludes\admin\menu-actions.php:17
actionbotmate_admin_register_scriptsincludes\admin\menu-actions.php:18
actionbotmate_add_menuincludes\admin\menu-connections.php:30
actionbotmate_admin_register_scriptsincludes\admin\menu-connections.php:36
actionbotmate_admin_register_scriptsincludes\admin\menu-logs.php:27
actioninitincludes\admin\menu-triggers.php:19
actionadd_meta_boxesincludes\admin\menu-triggers.php:20
actionbotmate_admin_register_scriptsincludes\admin\menu-triggers.php:21
actionbotmate_admin_register_scriptsincludes\class-bm-admin-menu.php:41
actionadmin_menuincludes\class-bm-admin-menu.php:45
actionadmin_enqueue_scriptsincludes\class-scripts.php:16
actionrest_api_initincludes\rest-api\Controllers\v1\class-rest-routes.php:34
actionbotmate_initincludes\rest-api\Middleware\v1\class-middleware.php:25
actionbotmate_do_actionincludes\rest-api\Middleware\v1\class-middleware.php:26
filterbotmate_register_triggerintegrations\class-bm-integrations.php:59
filterbotmate_register_actionintegrations\class-bm-integrations.php:60
actionuser_registerintegrations\wordpress\triggers\user-register.php:51
actionwp_insert_postintegrations\wordpress\triggers\wp-insert-post.php:51
Maintenance & Trust

BotMate – Automate or Sync Your Sites With No Code Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedOct 29, 2022
PHP min version7.2
Downloads947

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

BotMate – Automate or Sync Your Sites With No Code Alternatives

WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress

WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress

wp-webhooks

A
87

Automate everything & connect your website, plugins and services together with no-code automations. Browse 100+ integrations...

20K 3 CVEs
AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress

AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in WordPress

automatorwp

A
86

Connect your WordPress plugins, sites & apps together to create automated workflows with the most powerful no-code automator plugin!

8K 9 CVEs
Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

A
98

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE
Post Webhook – Send Post & Page data to any API or external service

Post Webhook – Send Post & Page data to any API or external service

post-webhook

A
85

Automate your content workflow by automatically sending post and page data to external services.

70 No CVEs
Hookly – Webhook Automator

Hookly – Webhook Automator

hookly-webhook-automator

A
100

Connect WordPress events to external services via webhooks. A lightweight, developer-friendly automation tool.

0 No CVEs
Developer Profile

BotMate – Automate or Sync Your Sites With No Code Developer Profile

BotMate

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BotMate – Automate or Sync Your Sites With No Code

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/botmate/assets/css/select2.min.css/wp-content/plugins/botmate/assets/css/botmate-admin.css/wp-content/plugins/botmate/assets/js/select2.min.js/wp-content/plugins/botmate/assets/js/botmate-admin.js/wp-content/plugins/botmate/assets/js/botmate-connections.js/wp-content/plugins/botmate/assets/js/botmate-global.js
Script Paths
/wp-content/plugins/botmate/assets/js/select2.min.js/wp-content/plugins/botmate/assets/js/botmate-admin.js/wp-content/plugins/botmate/assets/js/botmate-connections.js/wp-content/plugins/botmate/assets/js/botmate-global.js
Version Parameters
botmate-adminbotmate-select2botmate-connectionsbotmate-global

HTML / DOM Fingerprints

CSS Classes
botmate-connections-wrapperbotmate-connections-fieldbotmate-connections-inputbotmate-connections-button
HTML Comments
<!-- Action Configuration -->
Data Attributes
data-bm-field='url'data-bm-field='token'
JS Globals
botmate_ajax_urlbotmate_admin_params
REST Endpoints
/wp-json/botmate/v1/connections
FAQ

Frequently Asked Questions about BotMate – Automate or Sync Your Sites With No Code