Does Friendly Automate have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Friendly Automate compatible with WordPress 5.9.13?

According to WordPress.org data, Friendly Automate 1.1.0 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is Friendly Automate compatible with PHP 7.0+?

Friendly Automate requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Friendly Automate updated?

Friendly Automate was last updated on Feb 3, 2022. Frequent updates are generally a positive security signal.

What is Friendly Automate's security score?

Friendly Automate has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Friendly Automate Security & Risk Analysis

wordpress.org/plugins/friendly-automate

The Friendly Automate WordPress Plugin injects the Friendly Automate tracking script and images into your WordPress website.

0 active installs v1.1.0 PHP 7.0+ WP 4.7+ Updated Feb 3, 2022

analyticscrmdynamic-contentformmarketing-automation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Friendly Automate Safe to Use in 2026?

Generally Safe

Score 85/100

Friendly Automate has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The 'friendly-automate' plugin v1.1.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, properly escaped output for the vast majority of cases, and the use of prepared statements for all SQL queries are excellent security practices. Furthermore, the plugin has no recorded vulnerabilities, which suggests a history of responsible development and maintenance.

However, several areas warrant attention. The lack of nonce checks and capability checks on all entry points, particularly the single shortcode, represents a potential weakness. While the static analysis indicates no direct attack surface without authentication, the absence of these fundamental WordPress security mechanisms could expose the plugin to vulnerabilities if its functionality is ever extended or if an attacker can manipulate the shortcode's execution context. The single external HTTP request, while not inherently problematic, should be monitored for any potential issues related to untrusted data or communication.

In conclusion, 'friendly-automate' v1.1.0 is a well-developed plugin with a good track record and strong adherence to secure coding principles. The primary concern lies in the missing authentication and authorization checks on its entry points. Addressing this would significantly enhance its overall security and resilience against potential future threats.

Key Concerns

Missing nonce checks on entry points
Missing capability checks on entry points
External HTTP requests present

Vulnerabilities

None known

Friendly Automate Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Friendly Automate Release Timeline

v1.1.0Current

v1.0.1

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Friendly Automate Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

50 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped51 total outputs

Attack Surface

Friendly Automate Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[friendlyautomate] shortcodes.php:15

WordPress Hooks 8

actionadmin_menufriendlyautomate.php:32

actionplugins_loadedfriendlyautomate.php:33

actionwp_headfriendlyautomate.php:116

actionwp_footerfriendlyautomate.php:118

actionwp_footerfriendlyautomate.php:122

filterfriendlyautomate_tracking_attributesfriendlyautomate.php:331

actionelementor_pro/initfriendlyautomate.php:336

actionadmin_initoptions.php:103

Maintenance & Trust

Friendly Automate Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedFeb 3, 2022

PHP min version7.0

Downloads980

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Friendly Automate Alternatives

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 3 CVEs

Account Engagement

pardot

Integrate Account Engagement with WordPress: easily track visitors, embed forms and dynamic content in pages and posts, or use the forms or dynamic co …

2K 1 CVE

Apricotrocket CRM Plugin

apricot-rocket-crm

Make your website interactive by adding an integrated CRM database, custom forms, email newsletters, marketing automation and drip marketing tool.

10 No CVEs

FORTVISION

fortvision-platform

ABOUT

10 No CVEs

Himuon Integration for Klaviyo and Gravity Forms

himuon-integration-for-klaviyo-and-gravity-forms

100

An independent integration for Gravity Forms that securely creates or updates Klaviyo profiles and subscribes form entries to selected lists.

0 No CVEs

Developer Profile

Friendly Automate Developer Profile

Friendly

2 plugins · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Friendly Automate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/friendly-automate/js/friendly-automate.js

Version Parameters

friendly-automate/js/friendly-automate.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-friendly-id

JS Globals

mtfriendlyautomate_send

Shortcode Output

[friendly_automate_tracking_form]

FAQ