WP-Safety

ONTRApages Security & Risk Analysis

wordpress.org/plugins/ontrapages

ONTRApages for WordPress allows Ontraport Premium users to connect to their accounts and easily publish their landing pages on their own WordPress sit …

1K active installs v1.2.25 PHP + WP 4.0+ Updated Mar 30, 2023
coming-soon-pagescontent-deliverylanding-page-builderlanding-pagessales-pages
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ONTRApages Safe to Use in 2026?

Generally Safe

Score 85/100

ONTRApages has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The plugin 'ontrapages' v1.2.25 exhibits a strong security posture based on the provided static analysis. The absence of any identified critical or high-severity taint flows, dangerous functions, raw SQL queries, or unprotected entry points like AJAX handlers, REST API routes, and shortcodes indicates a commitment to secure coding practices. The plugin also appears to handle nonces and capability checks, which are essential for WordPress security.

However, the analysis does reveal some areas for improvement. Specifically, the output escaping is only properly handled in 54% of cases, presenting a potential risk for cross-site scripting (XSS) vulnerabilities if user-supplied data is not consistently sanitized before being displayed. The presence of an external HTTP request, while not inherently a vulnerability, warrants careful review to ensure it's not exploitable for malicious purposes. The lack of historical vulnerability data is a positive sign, suggesting consistent security over time, but it doesn't negate the need to address the identified code signals.

Overall, 'ontrapages' v1.2.25 is well-developed from a security perspective with a very small attack surface and no known CVEs. The primary concern lies with the output escaping. Addressing this, along with careful monitoring of the external HTTP request, would further solidify its security.

Key Concerns

  • Output escaping only 54% proper
  • 1 external HTTP request found
Vulnerabilities
None known

ONTRApages Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

ONTRApages Release Timeline

v1.2.12
v1.2.11
v1.2.10
v1.2
v1.1.8
v1.1.7
Code Analysis
Analyzed Mar 16, 2026

ONTRApages Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
7 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

54% escaped13 total outputs
Attack Surface

ONTRApages Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 19
actiontemplate_redirectONTRApage.php:20
actionwp_loadedONTRApage.php:23
filterpost_type_linkONTRApage.php:24
actionpre_get_postsONTRApage.php:25
actionadd_meta_boxesONTRApage.php:70
actioninitontrapages.php:54
actionadmin_menuontrapages.php:63
actionadmin_enqueue_scriptsontrapages.php:64
actioninitontrapages.php:67
actioninitontrapages.php:70
actionplugins_loadedontrapages.php:78
actionsave_postONTRApagesAdmin.php:19
filterpre_update_option_opAppIDOPAdminSettings.php:9
filterpre_update_option_opAPIKeyOPAdminSettings.php:10
actionadmin_noticesOPAdminSettings.php:16
actionadmin_initOPAdminSettings.php:39
actionadmin_noticesOPAdminSettings.php:40
filterwp_dropdown_pagesOPAdminSettings.php:42
filterpilotpress_get_routeable_pagesOPAdminSettings.php:279
Maintenance & Trust

ONTRApages Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.10
Last updatedMar 30, 2023
PHP min version
Downloads52K

Community Trust

Rating100/100
Number of ratings1
Active installs1K
Alternatives

ONTRApages Alternatives

Templates For PluginOps Landing Page Builder

Templates For PluginOps Landing Page Builder

post-list-wp

A
85

Templates for Landing Page Builder By PluginOps.

200 No CVEs
EngageBay Landing Pages – Responsive landing pages for lead generation and conversions

EngageBay Landing Pages – Responsive landing pages for lead generation and conversions

engagebay-landing-page-builder

A
100

The simplest way to create beautiful, responsive and high converting landing pages in minutes without writing any code. Improve conversion rates, run …

90 No CVEs
WP XPRS – Page Builder

WP XPRS – Page Builder

wp-xprs-page-builder

A
85

XPRS is a visual page builder that allows you to easily create pages and layouts without any code.

10 No CVEs
LandingRabbit

LandingRabbit

landingrabbit

A
100

Bring your LandingRabbit pages into WordPress and publish them with Elementor and Gutenberg.

0 No CVEs
Visual Composer Website Builder

Visual Composer Website Builder

visualcomposer

A
96

Drag and drop page builder that gives the freedom to design WordPress websites, landing pages, custom themes, maintenance mode & coming soon pages.

40K 9 CVEs
Developer Profile

ONTRApages Developer Profile

william.deangelis

2 plugins · 1K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ONTRApages

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ontrapages/_inc/css/op-admin-style.css/wp-content/plugins/ontrapages/_inc/js/angular.min.js/wp-content/plugins/ontrapages/_inc/js/op-app.js/wp-content/plugins/ontrapages/_inc/js/op-controller.js
Script Paths
/wp-content/plugins/ontrapages/_inc/js/angular.min.js/wp-content/plugins/ontrapages/_inc/js/op-app.js/wp-content/plugins/ontrapages/_inc/js/op-controller.js

HTML / DOM Fingerprints

CSS Classes
ontrapages
HTML Comments
<!-- ONTRApages for WordPress allows Ontraport users to connect to their accounts and easily publish their landing pages on their own WordPress sites. -->
Data Attributes
data-ontrapages-id
JS Globals
ONTRApagesopAppIDopAPIKey
FAQ

Frequently Asked Questions about ONTRApages