WP-Safety

Facilitated Routines Security & Risk Analysis

wordpress.org/plugins/facilitated-routines

Automate technical SEO, image optimization and webp creation, security, unused media cleanup, sitemaps, find broken links, and more.

70 active installs v2.6.47 PHP 8.0+ WP 6.8+ Updated Nov 3, 2025
automationbroken-linksimageperformanceseo
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Facilitated Routines Safe to Use in 2026?

Generally Safe

Score 100/100

Facilitated Routines has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago
Risk Assessment

The facilitated-routines plugin version 2.6.47 exhibits a mixed security posture. On the positive side, it demonstrates a strong adherence to secure coding practices by exclusively using prepared statements for all SQL queries and performing a significant number of nonce and capability checks. The absence of known vulnerabilities and past CVEs further suggests a generally stable and well-maintained codebase.

However, several concerns warrant attention. The plugin exposes a considerable attack surface with 30 AJAX handlers, 13 of which lack authentication checks. While no critical or high severity taint flows were identified, the presence of 3 flows with unsanitized paths, even if of lower severity, indicates a potential for injection vulnerabilities if these paths are user-controlled. Furthermore, only 51% of output is properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities in specific scenarios where user-provided data is not adequately sanitized before being displayed.

In conclusion, while the plugin benefits from good SQL hygiene and a clean vulnerability history, the large number of unprotected AJAX endpoints and partially unescaped output represent the most significant security risks. Addressing these areas should be prioritized to improve the overall security of the plugin.

Key Concerns

  • 13 unprotected AJAX handlers
  • 51% of outputs properly escaped
  • 3 flows with unsanitized paths
Vulnerabilities
None known

Facilitated Routines Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Facilitated Routines Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
29 prepared
Unescaped Output
153
160 escaped
Nonce Checks
32
Capability Checks
39
File Operations
11
External Requests
6
Bundled Libraries
0

SQL Query Safety

100% prepared29 total queries

Output Escaping

51% escaped313 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths
<broken-images> (includes\broken-images.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
13 unprotected

Facilitated Routines Attack Surface

Entry Points30
Unprotected13

AJAX Handlers 30

authwp_ajax_faciro_get_404_logsincludes\404-monitor.php:40
authwp_ajax_faciro_clear_404_logsincludes\404-monitor.php:41
authwp_ajax_faciro_delete_404_logincludes\404-monitor.php:42
authwp_ajax_faciro_get_404_statsincludes\404-monitor.php:43
authwp_ajax_faciro_save_404_settingsincludes\404-monitor.php:44
authwp_ajax_faciro_includes\admin-ui.php:54
authwp_ajax_faciro_settings_prepare_brokenincludes\broken-images.php:373
authwp_ajax_faciro_settings_process_brokenincludes\broken-images.php:388
authwp_ajax_faciro_settings_fix_broken_postincludes\broken-images.php:435
authwp_ajax_faciro_settings_prepare_broken_fix_allincludes\broken-images.php:482
authwp_ajax_faciro_settings_process_broken_fix_allincludes\broken-images.php:497
authwp_ajax_faciro_settings_prepare_broken_linksincludes\broken-links.php:10
authwp_ajax_faciro_settings_process_broken_linksincludes\broken-links.php:11
authwp_ajax_faciro_settings_remove_broken_linkincludes\broken-links.php:12
authwp_ajax_faciro_settings_prepare_remove_all_broken_linksincludes\broken-links.php:13
authwp_ajax_faciro_settings_process_remove_all_broken_linksincludes\broken-links.php:14
authwp_ajax_faciro_settings_prepare_pages_without_internal_linksincludes\broken-links.php:15
authwp_ajax_faciro_settings_process_pages_without_internal_linksincludes\broken-links.php:16
authwp_ajax_faciro_settings_prepare_pages_without_external_linksincludes\broken-links.php:17
authwp_ajax_faciro_settings_process_pages_without_external_linksincludes\broken-links.php:18
authwp_ajax_faciro_settings_prepare_bulkincludes\bulk-rename.php:8
authwp_ajax_faciro_settings_process_bulkincludes\bulk-rename.php:45
authwp_ajax_faciro_settings_prepare_cleanincludes\clean-unused.php:4
authwp_ajax_faciro_settings_process_cleanincludes\clean-unused.php:79
authwp_ajax_faciro_settings_prepare_findincludes\find-missing-featured.php:9
authwp_ajax_faciro_settings_process_findincludes\find-missing-featured.php:41
authwp_ajax_faciro_ia_track_save_settingsincludes\ia-track.php:88
authwp_ajax_faciro_ia_track_get_statsincludes\ia-track.php:89
authwp_ajax_faciro_ia_track_get_recent_visitsincludes\ia-track.php:90
authwp_ajax_faciro_flush_rewrite_rulesincludes\sitemap.php:692
WordPress Hooks 64
actionupgrader_process_completefacilitated-routines.php:284
actionadmin_enqueue_scriptsfacilitated-routines.php:303
actionadmin_noticesfacilitated-routines.php:313
actionplugins_loadedfacilitated-routines.php:362
actioninitincludes\404-monitor.php:28
actiontemplate_redirectincludes\404-monitor.php:31
actionwpincludes\404-monitor.php:34
actionwp_footerincludes\404-monitor.php:37
actionadmin_menuincludes\404-monitor.php:47
actionadmin_enqueue_scriptsincludes\404-monitor.php:48
actionadmin_initincludes\admin-ui.php:40
actionadmin_menuincludes\admin-ui.php:58
actionadmin_initincludes\admin-ui.php:137
actionadmin_enqueue_scriptsincludes\admin-ui.php:182
filterposts_whereincludes\clean-unused.php:36
actionplugins_loadedincludes\i18n.php:32
actioninitincludes\i18n.php:33
actionplugins_loadedincludes\i18n.php:39
filterload_textdomain_mofileincludes\i18n.php:40
actioninitincludes\i18n.php:42
actioninitincludes\ia-track.php:85
actionsave_postincludes\rename-on-save.php:169
actionadd_attachmentincludes\rename-on-save.php:239
actionadmin_initincludes\security.php:41
actionadmin_initincludes\sitemap.php:15
filterquery_varsincludes\sitemap.php:62
actioninitincludes\sitemap.php:69
filterredirect_canonicalincludes\sitemap.php:88
actiontemplate_redirectincludes\sitemap.php:100
actionupdate_option_faciro_sitemap_enabledincludes\sitemap.php:650
actionactivated_pluginincludes\sitemap.php:662
actiondeactivated_pluginincludes\sitemap.php:663
actionupgrader_process_completeincludes\sitemap.php:666
actionupdate_optionincludes\sitemap.php:680
actionwp_loadedincludes\technical-seo.php:8
filterthe_contentincludes\technical-seo.php:18
filterwidget_textincludes\technical-seo.php:19
filterwidget_custom_html_contentincludes\technical-seo.php:20
filterwp_generate_attachment_metadataincludes\webp-generation.php:4
actioninitincludes\wp-hardening.php:4
filterthe_generatorincludes\wp-hardening.php:14
filterstyle_loader_srcincludes\wp-hardening.php:18
filterscript_loader_srcincludes\wp-hardening.php:18
filterlogin_errorsincludes\wp-hardening.php:20
actiondo_feedincludes\wp-hardening.php:26
actiondo_feed_rdfincludes\wp-hardening.php:26
actiondo_feed_rssincludes\wp-hardening.php:26
actiondo_feed_atomincludes\wp-hardening.php:26
actiondo_feed_rss2_commentsincludes\wp-hardening.php:26
actiondo_feed_atom_commentsincludes\wp-hardening.php:26
filtershow_admin_barincludes\wp-hardening.php:28
actionsignup_headerincludes\wp-hardening.php:29
filterwp_headersincludes\wp-hardening.php:30
filterrank_math/sitemap/enable_cachingincludes\wp-hardening.php:31
filterthe_generatorincludes\wp-tweaks.php:3
actioninitincludes\wp-tweaks.php:4
actionwp_enqueue_scriptsincludes\wp-tweaks.php:5
actioninitincludes\wp-tweaks.php:7
filterembed_oembed_discoverincludes\wp-tweaks.php:7
actionwp_footerincludes\wp-tweaks.php:7
filterxmlrpc_enabledincludes\wp-tweaks.php:8
filterwp_headersincludes\wp-tweaks.php:8
actioninitincludes\wp-tweaks.php:10
filtertiny_mce_pluginsincludes\wp-tweaks.php:11
Maintenance & Trust

Facilitated Routines Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 3, 2025
PHP min version8.0
Downloads1K

Community Trust

Rating100/100
Number of ratings6
Active installs70
Alternatives

Facilitated Routines Alternatives

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

quickwebp

A
100

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API &hellip;

7K No CVEs
Auto Image Title & Alt

Auto Image Title & Alt

auto-image-title-alt

A
100

Automatically adds title and alt tags to new images in the media library, improving SEO and accessibility with customizable fields and capitalization.

400 No CVEs
Soovex WebP Converter – Convert Images | Optimize & Compress | Unlimited Conversions

Soovex WebP Converter – Convert Images | Optimize & Compress | Unlimited Conversions

soovex-webp-converter

A
100

Automatically convert WordPress images to WebP format. Optimize images, boost page speed and SEO with unlimited conversions and smart backups.

80 No CVEs
WhereUsed

WhereUsed

where-used

A
100

Where used? This plugin helps you find usage of attachments, posts, links, blocks and more in all post types, taxonomy terms, post meta, user meta, an &hellip;

60 No CVEs
Image Squeeze – Optimize WebP, Compress Images, Boost Performance

Image Squeeze – Optimize WebP, Compress Images, Boost Performance

imagesqueeze

A
100

Smart image optimization for WordPress. Compress, convert to WebP, and speed up your site while improving Core Web Vitals and SEO.

50 No CVEs
Developer Profile

Facilitated Routines Developer Profile

Lucas Ferraz SEO

1 plugin · 70 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Facilitated Routines

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/facilitated-routines/includes/js/ui.js
Script Paths
/wp-content/plugins/facilitated-routines/includes/js/ui.js
Version Parameters
facilitated-routines/includes/js/ui.js?ver=

HTML / DOM Fingerprints

JS Globals
FacilitatedRoutines
FAQ

Frequently Asked Questions about Facilitated Routines