WP-Safety

NF Conditional Actions Security & Risk Analysis

wordpress.org/plugins/nf-conditional-actions

NF Conditional Actions adds a action type for conditional messages or emails.

10 active installs v2.0 PHP + WP 2.8.6+ Updated May 11, 2017
actionsconditionnf-conditional-actionsninja-forms
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is NF Conditional Actions Safe to Use in 2026?

Generally Safe

Score 85/100

NF Conditional Actions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The 'nf-conditional-actions' v2.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, suggesting a proactive approach to security or a lack of past exploitation. However, significant concerns arise from the static analysis. The presence of two unprotected AJAX handlers creates a substantial attack surface, making these entry points vulnerable to unauthorized execution of plugin functions. Furthermore, the use of the `unserialize` function, flagged as a dangerous function, introduces the potential for remote code execution if improperly handled or if attacker-controlled serialized data can be introduced. The low percentage of properly escaped output also indicates a risk of cross-site scripting (XSS) vulnerabilities.

While the lack of known CVEs and taint analysis issues is encouraging, the identified weaknesses in AJAX handler authentication and the use of `unserialize` are critical. The plugin needs immediate attention to secure its AJAX endpoints and review its usage of `unserialize` to mitigate potential security risks. The absence of nonce checks and capability checks further exacerbates the vulnerabilities presented by the unprotected AJAX handlers.

Key Concerns

  • Unprotected AJAX handlers present significant risk
  • Use of dangerous unserialize function
  • Low percentage of properly escaped output
  • Missing nonce checks on AJAX handlers
  • Missing capability checks on AJAX handlers
Vulnerabilities
None known

NF Conditional Actions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

NF Conditional Actions Release Timeline

v2.0Current
v1.1
Code Analysis
Analyzed Apr 16, 2026

NF Conditional Actions Code Analysis

Dangerous Functions
8
Raw SQL Queries
0
0 prepared
Unescaped Output
28
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$conditional_conditions = unserialize(Ninja_Forms()->notification( $id )->get_setting( 'conditional_classes/notification-conditional-action-email.php:54
unserialize$conditional_email_messages = unserialize(Ninja_Forms()->notification( $id )->get_setting( 'conditioclasses/notification-conditional-action-email.php:55
unserialize$conditional_conditions = unserialize(Ninja_Forms()->notification( $id )->get_setting( 'conditional_classes/notification-conditional-action-email.php:333
unserialize$message = unserialize(Ninja_Forms()->notification( $id )->get_setting('conditional_email_messages')classes/notification-conditional-action-email.php:339
unserialize$conditional_conditions = unserialize($notification->get_setting( 'conditional_conditions' ));classes/notification-conditional-action-message.php:36
unserialize$conditional_messages = unserialize($notification->get_setting( 'conditional_messages' ));classes/notification-conditional-action-message.php:37
unserialize$conditional_conditions = unserialize($notification->get_setting( 'conditional_conditions' ));classes/notification-conditional-action-message.php:127
unserialize$success_msg = unserialize($notification->get_setting('conditional_messages'))[$i];classes/notification-conditional-action-message.php:133

Output Escaping

7% escaped30 total outputs
Attack Surface
2 unprotected

NF Conditional Actions Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_add_conditional_action_messagenf-conditional-actions.php:61
authwp_ajax_add_conditional_action_email_messagenf-conditional-actions.php:62
WordPress Hooks 9
filtermedia_buttons_contextclasses/notification-conditional-action-email.php:245
filtermedia_buttons_contextclasses/notification-conditional-action-message.php:103
actionadmin_noticesnf-conditional-actions.php:17
actionadmin_initnf-conditional-actions.php:24
actionadmin_initnf-conditional-actions.php:31
actioninitnf-conditional-actions.php:41
actionwp_enqueue_scriptsnf-conditional-actions.php:51
actionadmin_enqueue_scriptsnf-conditional-actions.php:52
filternf_notification_typesnf-conditional-actions.php:59
Maintenance & Trust

NF Conditional Actions Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33
Last updatedMay 11, 2017
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

NF Conditional Actions Alternatives

Sectors – Conditional Templates & Hooks

Sectors – Conditional Templates & Hooks

sectors

A
92

What if you could add templates, actions, and filters depending on the context?

10 No CVEs
Complianz – Terms and Conditions

Complianz – Terms and Conditions

complianz-terms-conditions

A
100

Configure your own Terms and Conditions specific to your service or webshop.

300K No CVEs
iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda-cookie-law-solution

A
97

The solution for GDPR compliance + more. Get your cookie banner, privacy policy, terms and conditions and handle cookie consent in just one plugin.

200K 4 CVEs
Conditional Fields for Contact Form 7

Conditional Fields for Contact Form 7

cf7-conditional-fields

A
97

Adds conditional logic to Contact Form 7.

100K 4 CVEs
Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

Weight Based Shipping Table Rate for WooCommerce – Flexible Shipping

flexible-shipping

A
99

Weight based shipping methods for WooCommerce. Flexible shipping with table rate rules by cart weight and order value. Accurate rates at checkout.

100K 2 CVEs
Developer Profile

NF Conditional Actions Developer Profile

macnetic-labs

2 plugins · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NF Conditional Actions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nf-conditional-actions/css/nf-conditional-actions-no-js-style.css/wp-content/plugins/nf-conditional-actions/js/nf-conditional-actions-script.js
Script Paths
/wp-content/plugins/nf-conditional-actions/js/nf-conditional-actions-script.js
Version Parameters
nf-conditional-actions/js/nf-conditional-actions-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
nf-tokenize
Data Attributes
data-token-limitdata-keydata-type
JS Globals
nf_conditional_actions
FAQ

Frequently Asked Questions about NF Conditional Actions