WP-Safety

"Safe WP Updates" by WP Boom Security & Risk Analysis

wordpress.org/plugins/safe-wp-updates-by-wp-boom

A site cloning and visual testing tool that allows creation of development sites for WordPress update testing.

0 active installs v1.3.61 PHP 7.4+ WP 6.2+ Updated Jan 21, 2025
developmenttestingutility
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is "Safe WP Updates" by WP Boom Safe to Use in 2026?

Generally Safe

Score 92/100

"Safe WP Updates" by WP Boom has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The safe-wp-updates-by-wp-boom plugin exhibits a concerning security posture due to a significant number of unprotected entry points. All identified AJAX handlers and REST API routes lack proper authentication and permission checks. While the static analysis indicates good practices in SQL query sanitization (100% prepared statements) and output escaping (98%), the absence of authorization on such a large portion of the attack surface presents a substantial risk. Taint analysis revealed no critical or high-severity vulnerabilities, and the plugin's vulnerability history is clean, suggesting a lack of publicly known exploits. However, the inherent risk from the unprotected entry points cannot be overlooked. The plugin's strengths lie in its robust handling of SQL and output, but these are overshadowed by the critical security gap of unauthenticated access points.

Key Concerns

  • AJAX handlers without auth checks
  • REST API routes without permission callbacks
  • Dangerous function exec
  • Nonce checks missing
  • Capability checks missing
Vulnerabilities
None known

"Safe WP Updates" by WP Boom Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

"Safe WP Updates" by WP Boom Code Analysis

Dangerous Functions
26
Raw SQL Queries
0
28 prepared
Unescaped Output
4
226 escaped
Nonce Checks
3
Capability Checks
2
File Operations
6
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

exec@exec( $cmd,$wpcli_response);dashboard.php:19
exec@exec($cmd,$wpcli_response);dashboard.php:21
exec$line_count = @exec($copy_line_count_cmd);includes\classes\base-lib.php:231
exec@exec($cmd);includes\classes\base-lib.php:237
exec$path = @exec("which " .$options['path_to_wpcli']);includes\classes\base-lib.php:254
exec$path = @exec("which wp");includes\classes\base-lib.php:256
exec$path = @exec("which convert");includes\classes\base-lib.php:298
exec@exec($cmd,$result);includes\classes\base-lib.php:325
exec@exec($cmd,$result);includes\classes\base-lib.php:347
exec@exec($cmd);includes\classes\base-lib.php:432
exec@exec($cmd);includes\classes\base-lib.php:435
exec@exec($cmd,$result);includes\classes\base-lib.php:621
exec@exec("cd {$path};{$wp_cli_command} plugin list --fields=name,status,update,version,update_version,uincludes\classes\wpboom.php:251
exec@exec("cd {$path};{$wp_cli_command} plugin update {$plugin_name} --format=json",$message);includes\classes\wpboom.php:264
exec@exec($cmd1);includes\classes\wpboom.php:297
exec@exec($cmd2);includes\classes\wpboom.php:298
exec@exec($cmd,$result);includes\classes\wpboom.php:378
exec$error_log = @exec("tail -n 50 " . ABSPATH . $prefix . "/error_log",$result);includes\classes\wpboom.php:392
exec@exec($cmd,$result);includes\classes\wpboom.php:567
exec$message = @exec($cmd . ' | wc -l');includes\classes\wpboom.php:568
exec@exec($cmd);includes\classes\wpboom.php:581
exec@exec($cmd);includes\classes\wpboom.php:587
exec@exec($cmd,$result);includes\classes\wpboom.php:598
exec@exec($cmd1);includes\classes\wpboom.php:635
exec@exec($cmd2);includes\classes\wpboom.php:636
exec@exec($cmd);includes\classes\wpboom.php:687

SQL Query Safety

100% prepared28 total queries

Output Escaping

98% escaped230 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
safeupdates_ajax (includes\classes\wpboom.php:166)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

"Safe WP Updates" by WP Boom Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 2

authwp_ajax_safeupdates_ajaxsafe-wp-updates-by-wp-boom.php:56
authwp_ajax_safeupdates_newssafe-wp-updates-by-wp-boom.php:63

REST API Routes 3

GET/wp-json/wpboom/v2/statussafe-wp-updates-by-wp-boom.php:508
GET/wp-json/wpboom/v2/snapshot_completed/(?P<token>[a-zA-Z0-9-=.]+)/(?P<api>[a-zA-Z0-9-=.]+)/(?P<registered>(true|false))safe-wp-updates-by-wp-boom.php:515
GET/wp-json/wpboom/v2/sync/(?P<token>[a-zA-Z0-9-=]+)safe-wp-updates-by-wp-boom.php:525
WordPress Hooks 12
actionadmin_enqueue_scriptssafe-wp-updates-by-wp-boom.php:55
actioninitsafe-wp-updates-by-wp-boom.php:106
actionadmin_noticessafe-wp-updates-by-wp-boom.php:126
filterthe_contentsafe-wp-updates-by-wp-boom.php:135
actionwp_enqueue_scriptssafe-wp-updates-by-wp-boom.php:147
actionsave_postsafe-wp-updates-by-wp-boom.php:158
filtersafeupdates_cron_ajaxsafe-wp-updates-by-wp-boom.php:172
actionadmin_menusafe-wp-updates-by-wp-boom.php:193
actionrest_api_initsafe-wp-updates-by-wp-boom.php:538
actionadmin_bar_menusafe-wp-updates-by-wp-boom.php:557
filterheartbeat_receivedsafe-wp-updates-by-wp-boom.php:571
filterheartbeat_settingssafe-wp-updates-by-wp-boom.php:577

Scheduled Events 1

safeupdates_cron_ajax
Maintenance & Trust

"Safe WP Updates" by WP Boom Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJan 21, 2025
PHP min version7.4
Downloads696

Community Trust

Rating100/100
Number of ratings2
Active installs0
Alternatives

"Safe WP Updates" by WP Boom Alternatives

Admin Bar Tools

Admin Bar Tools

sf-adminbar-tools

A
85

Adds some small development tools to the admin bar.

400 No CVEs
Eli's PHP Compatibility Scanner

Eli's PHP Compatibility Scanner

eli-php-compatibility-scanner

A
100

A comprehensive WordPress plugin that scans your plugins and themes for PHP version compatibility issues using the PHPCompatibility ruleset.

100 No CVEs
Test Email Redirector

Test Email Redirector

test-email-redirector

A
100

Redirects all outgoing WordPress emails to a specified test address for development and testing purposes.

60 No CVEs
Wowholic CORE

Wowholic CORE

wowholic-core

A
100

CORE makes you faster and more efficient when developing custom WordPress sites.

40 No CVEs
Back To The Theme

Back To The Theme

back-to-the-theme

A
85

See a page with different themes all at once, just like that!

10 No CVEs
Developer Profile

"Safe WP Updates" by WP Boom Developer Profile

wpboom

1 plugin · 0 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect "Safe WP Updates" by WP Boom

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/safe-wp-updates-by-wp-boom/js/wpboom-front.js
Version Parameters
wpboom-main-front-jsjs/wpboom-front.js?version=

HTML / DOM Fingerprints

Data Attributes
data-bs-toggledata-bs-targetaria-controlsaria-expandeddata-bs-parentrole+1 more
JS Globals
boomvars
FAQ

Frequently Asked Questions about "Safe WP Updates" by WP Boom