WP-Safety

Workbench by Sovrn Security & Risk Analysis

wordpress.org/plugins/sovrn-workbench

Automatically publish to Google AMP, Facebook Instant Articles, and Apple News. Share to top social platforms. Understand engagement with your content …

10 active installs v1.3.3 PHP + WP 4.6+ Updated May 16, 2017
ampapple-newsfacebook-instant-articlesfbiagoogle-amp
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Workbench by Sovrn Safe to Use in 2026?

Generally Safe

Score 85/100

Workbench by Sovrn has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The sovrn-workbench plugin v1.3.3 demonstrates a generally positive security posture based on the provided static analysis. The absence of known CVEs and the lack of critical or high severity findings in taint analysis are strong indicators of good security practices. The plugin also appears to have a very limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, none of these lack authentication or permission checks. SQL queries are also exclusively using prepared statements, which is excellent for preventing SQL injection vulnerabilities. However, a notable concern arises from the output escaping. With only 23% of outputs properly escaped, there's a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Attackers could potentially inject malicious scripts through user-supplied data that is not adequately sanitized before being displayed to other users. The external HTTP request, while not inherently a vulnerability, warrants attention, especially if the target of the request is untrusted or if the data sent in the request is sensitive and not properly handled.

Key Concerns

  • Low percentage of properly escaped output
  • External HTTP request present
Vulnerabilities
None known

Workbench by Sovrn Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Workbench by Sovrn Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
121
37 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

23% escaped158 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
check_if_publishing_post (admin\class-sovrn_workbench-admin.php:576)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Workbench by Sovrn Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 33
filtertemplateamp\includes\class-sovrn_workbench-amp-builder.php:89
filtertheme_rootamp\includes\class-sovrn_workbench-amp-builder.php:99
filtertheme_root_uriamp\includes\class-sovrn_workbench-amp-builder.php:109
actionsovrn_amp_custom_styleamp\themes\default\functions.php:158
filterthe_contentamp\themes\default\functions.php:175
actionsovrn_amp_custom_elementsamp\themes\default\functions.php:204
filtersovrn_tools_post_template_dataamp\themes\default\functions.php:225
actionsovrn_tools_post_template_cssamp\themes\default\functions.php:273
actionmanage_posts_columnscontent\class-sovrn_workbench-contentInsight.php:60
actionmanage_posts_custom_columncontent\class-sovrn_workbench-contentInsight.php:61
actionmanage_pages_columnscontent\class-sovrn_workbench-contentInsight.php:62
actionmanage_pages_custom_columncontent\class-sovrn_workbench-contentInsight.php:63
actionmanage_posts_columnscontent\class-sovrn_workbench-contentStats.php:43
actionmanage_posts_custom_columncontent\class-sovrn_workbench-contentStats.php:44
actionmanage_pages_columnscontent\class-sovrn_workbench-contentStats.php:45
actionmanage_pages_custom_columncontent\class-sovrn_workbench-contentStats.php:46
actionplugins_loadedincludes\class-sovrn_workbench.php:319
actionadmin_initincludes\class-sovrn_workbench.php:346
actionadmin_enqueue_scriptsincludes\class-sovrn_workbench.php:356
actionadmin_enqueue_scriptsincludes\class-sovrn_workbench.php:366
actionadmin_headincludes\class-sovrn_workbench.php:375
actionadmin_menuincludes\class-sovrn_workbench.php:385
actionadmin_footerincludes\class-sovrn_workbench.php:395
actionadmin_footerincludes\class-sovrn_workbench.php:405
actionadmin_footerincludes\class-sovrn_workbench.php:415
actionadmin_noticesincludes\class-sovrn_workbench.php:424
actionadmin_initincludes\class-sovrn_workbench.php:434
actionwp_headincludes\class-sovrn_workbench.php:469
actionplugins_loadedincludes\class-sovrn_workbench.php:479
actionwp_headincludes\class-sovrn_workbench.php:510
actionpublish_postincludes\class-sovrn_workbench.php:520
actionwp_enqueue_scriptsincludes\class-sovrn_workbench.php:548
actionwp_enqueue_scriptsincludes\class-sovrn_workbench.php:558
Maintenance & Trust

Workbench by Sovrn Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedMay 16, 2017
PHP min version
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Workbench by Sovrn Alternatives

AMP for WP – Accelerated Mobile Pages

AMP for WP – Accelerated Mobile Pages

accelerated-mobile-pages

A
92

AMP for WP is the most recommended AMP plugin by the community. Automatically add Accelerated Mobile Pages (Google AMP Project) functionality on your …

90K 14 CVEs
easy AMP

easy AMP

wp-amp-it-up

A
92

Enable AMP (Accelerated Mobile Pages) on your site. Just install, activate and it´s done! The official AMP Plugin for WordPress by amp-cloud.

700 No CVEs
PROJECT AMP

PROJECT AMP

project-amp

A
100

Enable Accelerated Mobile Pages (AMP) on your WordPress site.

10 No CVEs
Templatic-Google-AMP

Templatic-Google-AMP

templatic-google-amp

A
85

To work with Templatic AMP plugin just type 'amp' keyword after any archive, category, details or any page URL it will display AMP version o …

10 No CVEs
Ultimate AMP – WordPress AMP Plugin

Ultimate AMP – WordPress AMP Plugin

ultimate-amp

A
85

Ultimate AMP is a WordPress AMP Plugin to Enable AMP on Website. Feature rich and easy Customizable Plugin.

10 No CVEs
Developer Profile

Workbench by Sovrn Developer Profile

Sovrn

2 plugins · 10K total installs

67
trust score
Avg Security Score
83/100
Avg Patch Time
3116 days
View full developer profile
Detection Fingerprints

How We Detect Workbench by Sovrn

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sovrn-workbench/admin/css/sovrn_workbench-admin.css/wp-content/plugins/sovrn-workbench/admin/css/font-awesome.min.css/wp-content/plugins/sovrn-workbench/admin/css/material.indigo-pink.min.css/wp-content/plugins/sovrn-workbench/admin/css/dialog-polyfill.css/wp-content/plugins/sovrn-workbench/admin/css/material-icons.css/wp-content/plugins/sovrn-workbench/admin/css/countrySelect.min.css/wp-content/plugins/sovrn-workbench/admin/css/parsley.css
Version Parameters
sovrn_workbench-admin.css?ver=font-awesome.min.css?ver=material.indigo-pink.min.css?ver=dialog-polyfill.css?ver=material-icons.css?ver=countrySelect.min.css?ver=parsley.css?ver=

HTML / DOM Fingerprints

CSS Classes
sovrn-workbench-adminsovrn_workbench_errorsovrn_workbench_successsovrn_workbench_noticesovrn-workbench-container
HTML Comments
<!-- Sovrn Workbench plugin --><!-- Sovrn Workbench Admin --><!-- Sovrn Workbench Settings --><!-- Sovrn Workbench Notices -->+4 more
Data Attributes
data-sovrn-workbench-settingsdata-sovrn-workbench-fielddata-sovrn-workbench-actiondata-sovrn-workbench-modaldata-sovrn-workbench-tab
JS Globals
SovrnWorkbenchsovrnWorkbenchAdmin
REST Endpoints
/wp-json/sovrn-workbench/v1/settings/wp-json/sovrn-workbench/v1/status/wp-json/sovrn-workbench/v1/activate/wp-json/sovrn-workbench/v1/deactivate
Shortcode Output
[sovrn_workbench_display_ads][sovrn_workbench_related_posts][sovrn_workbench_social_share]
FAQ

Frequently Asked Questions about Workbench by Sovrn