NMR Strava activities Security & Risk Analysis
wordpress.org/plugins/nmr-strava-activitiesSync Strava to WordPress in real time via webhooks. Local storage and developer hooks. Requires a Strava API app.
Is NMR Strava activities Safe to Use in 2026?
Generally Safe
Score 98/100NMR Strava activities has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The nmr-strava-activities plugin v1.0.11 exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling, with 91% utilizing prepared statements, and strong output escaping, with 94% of outputs properly escaped. The plugin also includes some nonce checks and avoids dangerous functions. However, significant concerns arise from its attack surface and taint analysis. The presence of an unprotected AJAX handler, which is a direct entry point, is a critical weakness. Furthermore, the taint analysis revealed two flows with unsanitized paths classified as high severity, indicating potential for input manipulation to lead to vulnerabilities. The plugin's vulnerability history, while currently showing no unpatched CVEs, includes a past medium-severity cross-site scripting vulnerability, suggesting a propensity for certain types of input validation issues. The overall picture is one of a plugin with some solid security foundations but with critical vulnerabilities in its input handling and exposed entry points that require immediate attention.
Key Concerns
- Unprotected AJAX handler
- High severity taint flows (unsanitized paths)
- No capability checks found
- Past medium CVE (XSS)
NMR Strava activities Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
NMR Strava activities <= 1.0.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
NMR Strava activities <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
NMR Strava activities Release Timeline
NMR Strava activities Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
NMR Strava activities Attack Surface
AJAX Handlers 2
Shortcodes 4
WordPress Hooks 5
Maintenance & Trust
NMR Strava activities Maintenance & Trust
Maintenance Signals
Community Trust
NMR Strava activities Alternatives
All-in-One WP Migration and Backup
all-in-one-wp-migration
Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.
WordPress Importer
wordpress-importer
Import posts, pages, comments, custom fields, categories, tags and more from a WordPress export file.
One Click Demo Import
one-click-demo-import
Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.
Widget Importer & Exporter
widget-importer-exporter
Import and export your widgets.
WP Migrate Lite – Migration Made Easy
wp-migrate-db
Migrate your database. Export full sites including media, themes, and plugins. Find and replace content with support for serialized data.
NMR Strava activities Developer Profile
4 plugins · 2K total installs
How We Detect NMR Strava activities
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/nmr-strava-activities/css/nmr-strava-activities.css/wp-content/plugins/nmr-strava-activities/js/nmr-strava-activities.js/wp-content/plugins/nmr-strava-activities/js/nmr-strava-activities.jsnmr-strava-activities/css/nmr-strava-activities.css?ver=nmr-strava-activities/js/nmr-strava-activities.js?ver=HTML / DOM Fingerprints
strava_nmr_connectstrava_nmr_disconnectstrava_nmrstrava_nmr_tablenmr_strava_activities<table><tr><th>Type</th><th>Name</th><th>Distance</th><th>Minutes</th></tr></table>