WP-Safety

Somatic Framework Security & Risk Analysis

wordpress.org/plugins/somatic-framework

Adds useful classes for getting the most out of Wordpress' advanced CMS features

10 active installs v1.8.14 PHP + WP 4.0+ Updated Dec 17, 2020
cmscustom-post-typecustom-taxonomymetabox
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Somatic Framework Safe to Use in 2026?

Generally Safe

Score 85/100

Somatic Framework has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "somatic-framework" v1.8.14 plugin exhibits a mixed security posture. On the positive side, it demonstrates a commendable approach to database security with 100% of its SQL queries utilizing prepared statements, and it has no recorded vulnerabilities in its history. The absence of external HTTP requests and bundled libraries further reduces potential attack vectors. However, significant concerns arise from its attack surface and output sanitization practices. With 4 AJAX handlers, 2 of which lack authentication checks, there is a clear and present risk of unauthorized actions being performed. Furthermore, only 16% of output is properly escaped, indicating a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of the `unserialize` function, a known dangerous function, also warrants caution, although its specific usage and sanitization were not detailed in the provided data. The taint analysis, while showing no critical or high severity flows, did identify 3 flows with unsanitized paths, which, combined with the unescaped output, reinforces the XSS risk.

Key Concerns

  • Unprotected AJAX handlers found
  • Low percentage of properly escaped output
  • Presence of 'unserialize' function
  • Flows with unsanitized paths detected
Vulnerabilities
None known

Somatic Framework Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Somatic Framework Release Timeline

v1.8.14Current
v1.8.13
v1.8.12
v1.8.11
v1.8.10
v1.8.9
v1.8.8
v1.8.7
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8
v1.7.10
v1.7.9.1
v1.7.9
v1.7.8.1
v1.7.7
Code Analysis
Analyzed Mar 17, 2026

Somatic Framework Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
11 prepared
Unescaped Output
225
44 escaped
Nonce Checks
9
Capability Checks
9
File Operations
21
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$meta = array_shift(unserialize(file_get_contents("https://vimeo.com/api/v2/video/{$oembed['video_idinc\somaFunctions.php:1313
unserialize$meta = array_shift(unserialize($meta)); // get more metadata (note: we'rinc\somaFunctions.php:1402
unserialize$new_options = unserialize( $raw_options );inc\somaOptions.php:323

SQL Query Safety

100% prepared11 total queries

Output Escaping

16% escaped269 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

11 flows3 with unsanitized paths
completion_notice (inc\somaFunctions.php:60)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Somatic Framework Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_unlink_fileinc\somaFunctions.php:21
authwp_ajax_delete_attachmentinc\somaFunctions.php:22
authwp_ajax_custom_type_sortinc\somaSorter.php:6
authwp_ajax_plupload_actioninc\somaUploadField.php:162
WordPress Hooks 113
filtersoma_field_new_save_datadoc\hooks-example.php:10
actionsoma_metabox_data_initdoc\meta-config-example.php:6
actionadd_meta_boxes_productdoc\meta-config-example.php:7
actioninitdoc\type-config-example.php:6
actionsoma_column_datadoc\type-config-example.php:7
actionsoma_request_legacy-downloadinc\somaDownload.php:5
actioninitinc\somaFunctions.php:6
actionadmin_initinc\somaFunctions.php:7
filterquery_varsinc\somaFunctions.php:8
filterparse_queryinc\somaFunctions.php:9
filterpre_get_postsinc\somaFunctions.php:10
actionbefore_delete_postinc\somaFunctions.php:11
filteradd_menu_classesinc\somaFunctions.php:15
filtereditable_rolesinc\somaFunctions.php:17
filtermap_meta_capinc\somaFunctions.php:18
filteredit_posts_per_pageinc\somaFunctions.php:20
actionadmin_noticesinc\somaFunctions.php:23
actionadmin_noticesinc\somaFunctions.php:946
actionadmin_noticesinc\somaFunctions.php:984
actioninitinc\somaMetaboxes.php:5
actionpost_edit_form_taginc\somaMetaboxes.php:6
actionadd_meta_boxes_postinc\somaMetaboxes.php:7
actionadd_meta_boxes_pageinc\somaMetaboxes.php:8
filterredirect_post_locationinc\somaMetaboxes.php:9
actionadmin_noticesinc\somaMetaboxes.php:46
actionadmin_noticesinc\somaMetaboxes.php:83
actioninitinc\somaOptions.php:10
actioninitinc\somaOptions.php:11
actioninitinc\somaOptions.php:12
actiontemplate_redirectinc\somaOptions.php:13
filtersoma_go_redirect_codesinc\somaOptions.php:14
actionwpinc\somaOptions.php:16
actionsoma_daily_eventinc\somaOptions.php:17
actionuser_registerinc\somaOptions.php:19
filteruser_contactmethodsinc\somaOptions.php:20
actionadmin_menuinc\somaOptions.php:21
actionadmin_initinc\somaOptions.php:22
actionadmin_action_flushinc\somaOptions.php:23
actionadmin_action_exportinc\somaOptions.php:24
actionadmin_action_importinc\somaOptions.php:25
actionwp_dashboard_setupinc\somaOptions.php:26
actionadmin_bar_menuinc\somaOptions.php:27
actionadmin_menuinc\somaOptions.php:28
actionadmin_enqueue_scriptsinc\somaOptions.php:29
actioninitinc\somaOptions.php:30
filterparse_queryinc\somaOptions.php:31
actiondo_meta_boxesinc\somaOptions.php:32
filtersanitize_option_somatic_framework_optionsinc\somaOptions.php:33
actionwp_before_admin_bar_renderinc\somaOptions.php:34
actionget_headerinc\somaOptions.php:35
actionuser_registerinc\somaOptions.php:37
filterthe_contentinc\somaOptions.php:38
actiontemplate_redirectinc\somaOptions.php:39
actionrightnow_endinc\somaOptions.php:40
actionwp_headinc\somaOptions.php:41
actionwp_footerinc\somaOptions.php:42
actiondo_feedinc\somaOptions.php:44
actiondo_feed_rdfinc\somaOptions.php:45
actiondo_feed_rssinc\somaOptions.php:46
actiondo_feed_rss2inc\somaOptions.php:47
actiondo_feed_atominc\somaOptions.php:48
actiondo_feed_rss2_commentsinc\somaOptions.php:49
actiondo_feed_atom_commentsinc\somaOptions.php:50
actiontemplate_redirectinc\somaOptions.php:51
actionadd_attachmentinc\somaOptions.php:52
filtershow_admin_barinc\somaOptions.php:1040
filtershow_admin_barinc\somaOptions.php:1042
actionadmin_noticesinc\somaSave.php:5
actionsave_postinc\somaSave.php:6
filterredirect_post_locationinc\somaSave.php:46
filterredirect_post_locationinc\somaSave.php:58
filterredirect_post_locationinc\somaSave.php:60
filterredirect_post_locationinc\somaSave.php:63
filterredirect_post_locationinc\somaSave.php:74
filterredirect_post_locationinc\somaSave.php:76
filterredirect_post_locationinc\somaSave.php:80
actionsave_postinc\somaSave.php:607
actionsave_postinc\somaSave.php:688
actionsave_postinc\somaSave.php:727
actionadmin_menuinc\somaSorter.php:5
actioninitinc\somaTypes.php:6
actionadmin_headinc\somaTypes.php:7
filternav_menu_css_classinc\somaTypes.php:8
filterpost_updated_messagesinc\somaTypes.php:9
actioncontextual_helpinc\somaTypes.php:10
actionright_now_content_table_endinc\somaTypes.php:11
filterparse_queryinc\somaTypes.php:12
filterposts_orderbyinc\somaTypes.php:13
filterposts_joininc\somaTypes.php:14
actionadd_meta_boxesinc\somaTypes.php:15
actionadd_meta_boxesinc\somaTypes.php:288
actionadmin_menuinc\somaTypes.php:392
actionwpmu_new_blogsomaticFramework.php:85
actioninitsomaticFramework.php:88
actionadmin_initsomaticFramework.php:89
actionadmin_menusomaticFramework.php:90
actionadmin_headsomaticFramework.php:91
actionadmin_footersomaticFramework.php:92
filteradmin_footer_textsomaticFramework.php:93
filterplugin_action_linkssomaticFramework.php:94
actionwp_headsomaticFramework.php:96
actionwp_footersomaticFramework.php:97
actionwp_print_scriptssomaticFramework.php:100
actionwp_enqueue_scriptssomaticFramework.php:101
actionadmin_enqueue_scriptssomaticFramework.php:102
filterlogin_headerurlsomaticFramework.php:104
filterlogin_headertitlesomaticFramework.php:105
actionlogin_enqueue_scriptssomaticFramework.php:106
actionlogin_headsomaticFramework.php:107
actionlogin_footersomaticFramework.php:108
filterquery_varssomaticFramework.php:110
actionparse_requestsomaticFramework.php:111
filterdebug_bar_panelssomaticFramework.php:478

Scheduled Events 1

soma_daily_event
Maintenance & Trust

Somatic Framework Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17
Last updatedDec 17, 2020
PHP min version
Downloads6K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Somatic Framework Alternatives

Gravity Forms + Custom Post Types

Gravity Forms + Custom Post Types

gravity-forms-custom-post-types

A
100

Map your Gravity-Forms-generated posts to a custom post type and/or custom taxonomies.

10K No CVEs
Real Custom Post Order: Create a custom order for your content

Real Custom Post Order: Create a custom order for your content

real-custom-post-order

A
100

Custom post order for posts, pages, WooCommerce products and custom post types using drag and drop. Simple and intuitive sorting of your content!

9K No CVEs
Simple Post Type Permalinks

Simple Post Type Permalinks

simple-post-type-permalinks

A
85

Easy to change Permalink of custom post type.

9K No CVEs
CubeWP Framework

CubeWP Framework

cubewp-framework

C
52

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched
WebMan Amplifier

WebMan Amplifier

webman-amplifier

A
99

Amplifies functionality of WP themes. Provides custom post types, shortcodes, metaboxes, icons. Theme developer's best friend!

2K 1 CVE
Developer Profile

Somatic Framework Developer Profile

Israel Curtis

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Somatic Framework

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/somatic-framework/css/soma-admin-styles.css/wp-content/plugins/somatic-framework/css/soma-metabox-styles.css/wp-content/plugins/somatic-framework/css/soma-sorter.css/wp-content/plugins/somatic-framework/css/soma-login-styles.css/wp-content/plugins/somatic-framework/js/soma-admin-jquery.js/wp-content/plugins/somatic-framework/js/soma-metabox-jquery.js/wp-content/plugins/somatic-framework/js/soma-plupload.js/wp-content/plugins/somatic-framework/js/soma-sorter.js+6 more
Script Paths
/wp-content/plugins/somatic-framework/js/soma-admin-jquery.js/wp-content/plugins/somatic-framework/js/soma-metabox-jquery.js/wp-content/plugins/somatic-framework/js/soma-plupload.js/wp-content/plugins/somatic-framework/js/soma-sorter.js/wp-content/plugins/somatic-framework/js/soma-public-jquery.js/wp-content/plugins/somatic-framework/js/colorbox/jquery.colorbox-min.js+1 more
Version Parameters
somatic-framework/css/soma-admin-styles.css?ver=somatic-framework/css/soma-metabox-styles.css?ver=somatic-framework/css/soma-sorter.css?ver=somatic-framework/css/soma-login-styles.css?ver=somatic-framework/js/soma-admin-jquery.js?ver=somatic-framework/js/soma-metabox-jquery.js?ver=somatic-framework/js/soma-plupload.js?ver=somatic-framework/js/soma-sorter.js?ver=somatic-framework/js/soma-public-jquery.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- don't load us directly! --><!-- current plugin version --><!-- the server path to the plugin's directory --><!-- the URL path to the plugin's directory - taking note of current scheme -->+13 more
JS Globals
SOMA_VERSIONSOMA_DIRSOMA_URLSOMA_IMGSOMA_INCSOMA_DEV+7 more
FAQ

Frequently Asked Questions about Somatic Framework