WP-Safety

Konfirmi Plugin Security & Risk Analysis

wordpress.org/plugins/konfirmi

KONFIRMI allows you to easily and automatically verify your customer's age, ID, address, and other information.

10 active installs v2.1.3 PHP 7.0+ WP 4.9+ Updated Mar 12, 2023
age-verificationid-verificationidentity-verificationverify-ageverify-id
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Konfirmi Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Konfirmi Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The 'konfirmi' plugin version 2.1.3 exhibits a mixed security posture. While the code signals are largely positive, with no dangerous functions, a reasonable percentage of SQL queries using prepared statements, and good output escaping, there are significant concerns regarding its attack surface and the lack of essential security checks.

The primary risks stem from two unprotected entry points: one AJAX handler and one REST API route, both lacking proper authentication and permission checks. This opens the door to potential unauthorized actions if these endpoints can be accessed by unauthenticated users. The absence of any nonce checks or capability checks further exacerbates this risk, suggesting a disregard for fundamental WordPress security practices.

Despite the clean vulnerability history with zero known CVEs, this does not negate the immediate risks identified in the static analysis. A lack of historical vulnerabilities can sometimes indicate a smaller user base or less rigorous security auditing in the past, rather than inherent robustness. The plugin's strengths lie in its avoidance of dangerous functions and its general approach to SQL and output handling. However, the identified unprotected entry points and the complete lack of capability and nonce checks represent critical weaknesses that need immediate attention to improve its overall security.

Key Concerns

  • Unprotected AJAX handler
  • Unprotected REST API route
  • Missing nonce checks on AJAX
  • Missing capability checks
  • SQL queries not using prepared statements (3/8)
  • Output escaping not properly implemented (18% of outputs)
Vulnerabilities
None known

Konfirmi Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Konfirmi Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
4 prepared
Unescaped Output
7
31 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
1
Bundled Libraries
0

SQL Query Safety

50% prepared8 total queries

Output Escaping

82% escaped38 total outputs
Attack Surface
2 unprotected

Konfirmi Plugin Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 1

authwp_ajax_nf_verify_statusapp\Base\Forms\NinjaForm.php:38

REST API Routes 1

GET/wp-json//v1/widget/(?P<id>\d+)app\Base\Forms\AgileCRM.php:46

Shortcodes 1

[konfirmi] app\Base\Shortcode.php:20
WordPress Hooks 24
actionadmin_menuapp\Api\SettingsApi.php:43
actionadmin_enqueue_scriptsapp\Base\Enqueue.php:16
actionrest_api_initapp\Base\Forms\AgileCRM.php:45
filtercaldera_forms_render_get_fieldapp\Base\Forms\CalderaForm.php:26
filtercaldera_forms_get_field_typesapp\Base\Forms\CalderaForm.php:47
actionwpcf7_before_send_mailapp\Base\Forms\ContactForm.php:32
actionwpcf7_initapp\Base\Forms\ContactForm.php:54
actionwpcf7_admin_initapp\Base\Forms\ContactForm.php:64
actionwp_enqueue_scriptsapp\Base\Forms\ContactForm.php:74
filtergform_validationapp\Base\Forms\GravityForm.php:33
filtergform_add_field_buttonsapp\Base\Forms\GravityForm.php:44
actiongform_field_standard_settingsapp\Base\Forms\GravityForm.php:46
actiongform_editor_jsapp\Base\Forms\GravityForm.php:48
filtergform_field_contentapp\Base\Forms\GravityForm.php:50
actionninja_forms_submit_dataapp\Base\Forms\NinjaForm.php:25
actionninja_forms_output_templatesapp\Base\Forms\NinjaForm.php:53
filterninja_forms_register_fieldsapp\Base\Forms\NinjaForm.php:60
filterninja_forms_localize_field_konfirmiapp\Base\Forms\NinjaForm.php:66
filterninja_forms_field_settingsapp\Base\Forms\NinjaForm.php:79
actionwp_enqueue_scriptsapp\Base\Forms\NinjaForm.php:98
actionwoocommerce_after_order_notesapp\Base\Forms\WooCommerce.php:29
actionwp_enqueue_scriptsapp\Base\Forms\WooCommerce.php:71
actionwoocommerce_thankyouapp\Base\Forms\WooCommerceFrom.php:15
actionwp_footerapp\Init.php:62
Maintenance & Trust

Konfirmi Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedMar 12, 2023
PHP min version7.0
Downloads3K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Konfirmi Plugin Alternatives

Age Verification & Identity Verification by Token of Trust

Age Verification & Identity Verification by Token of Trust

token-of-trust

A
100

Verify age at checkout, protect pages from underage visitors, or set up advanced identity verification checks. Setup wizard gets you going in minutes.

50 No CVEs
Trust Swiftly — Identity Verification for WooCommerce

Trust Swiftly — Identity Verification for WooCommerce

trust-swiftly-verification

A
100

The trusted flexible, secure, and accurate identity verification platform for WooCommerce.

10 No CVEs
BlueCheck – Age Verification

BlueCheck – Age Verification

bluecheck-age-verification

A
92

Verify customer age at checkout. Cut fraud with photo ID verification. Check purchaser age info.

0 No CVEs
Identity Verification for WooCommerce

Identity Verification for WooCommerce

identity-verification-for-woocommerce

A
100

Eliminate fraud & verify customer age with real ID checks

100 No CVEs
Shuftipro KYC

Shuftipro KYC

shuftipro-kyc-identity-verification

A
92

Add Shuftipro identity verification process to WordPress websites.

40 No CVEs
Developer Profile

Konfirmi Plugin Developer Profile

konfirmillc

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Konfirmi Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/konfirmi/assets/css/konfirmi.min.css/wp-content/plugins/konfirmi/assets/js/Config.js/wp-content/plugins/konfirmi/assets/js/konfirmi.js/wp-content/plugins/konfirmi/assets/js/Base.js/wp-content/plugins/konfirmi/assets/js/agile-crm.js/wp-content/plugins/konfirmi/assets/js/caldera-form.js
Script Paths
/wp-content/plugins/konfirmi/assets/js/Config.js/wp-content/plugins/konfirmi/assets/js/konfirmi.js/wp-content/plugins/konfirmi/assets/js/Base.js/wp-content/plugins/konfirmi/assets/js/agile-crm.js/wp-content/plugins/konfirmi/assets/js/caldera-form.js

HTML / DOM Fingerprints

JS Globals
Konfirmi
REST Endpoints
/v1/widget/(?P<id>\d+)
Shortcode Output
Konfirmi Widget
FAQ

Frequently Asked Questions about Konfirmi Plugin