WP-Safety

UpdatePulse Server Security & Risk Analysis

wordpress.org/plugins/updatepulse-server

Run your own update server for plugins, themes or any other software: manage packages & licenses, and provide updates to your users.

20 active installs v1.0.10 PHP 8.0+ WP 6.7+ Updated Jun 7, 2025
licenseplugin-updatestheme-updateswordpress-updates
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is UpdatePulse Server Safe to Use in 2026?

Generally Safe

Score 100/100

UpdatePulse Server has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago
Risk Assessment

The updatepulse-server plugin v1.0.10 demonstrates a generally strong security posture based on the static analysis. It boasts a complete absence of unauthenticated AJAX handlers and REST API routes, indicating good practice in restricting access to sensitive functionalities. Furthermore, the vast majority of SQL queries utilize prepared statements and output is properly escaped, significantly mitigating common vulnerabilities like SQL injection and cross-site scripting. The presence of nonce and capability checks also contributes to a more secure design. The plugin also has a clean vulnerability history with no recorded CVEs, suggesting a commitment to security or simply a lack of discovered vulnerabilities to date.

Key Concerns

  • Use of unserialize function
  • Unsanitized paths in taint flows
  • SQL queries not using prepared statements
Vulnerabilities
None known

UpdatePulse Server Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

UpdatePulse Server Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
32 prepared
Unescaped Output
9
331 escaped
Nonce Checks
15
Capability Checks
5
File Operations
19
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$cache = unserialize( // phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.serialize_unserializeinc\server\update\class-cache.php:57

SQL Query Safety

89% prepared36 total queries

Output Escaping

97% escaped340 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths
upserv_webhook_invalid_request (inc\api\class-webhook-api.php:148)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

UpdatePulse Server Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_upserv_cloud_storage_testinc\manager\class-cloud-storage-manager.php:95
authwp_ajax_upserv_force_cleaninc\manager\class-package-manager.php:100
authwp_ajax_upserv_register_package_from_vcsinc\manager\class-package-manager.php:101
authwp_ajax_upserv_manual_package_uploadinc\manager\class-package-manager.php:102
authwp_ajax_upserv_force_cleaninc\manager\class-remote-sources-manager.php:37
authwp_ajax_upserv_vcs_testinc\manager\class-remote-sources-manager.php:38
WordPress Hooks 115
actioninitinc\api\class-license-api.php:88
actionparse_requestinc\api\class-license-api.php:89
actionupserv_pre_activate_licenseinc\api\class-license-api.php:90
actionupserv_did_activate_licenseinc\api\class-license-api.php:91
actionupserv_pre_deactivate_licenseinc\api\class-license-api.php:92
actionupserv_did_deactivate_licenseinc\api\class-license-api.php:93
actionupserv_did_add_licenseinc\api\class-license-api.php:94
actionupserv_did_edit_licenseinc\api\class-license-api.php:95
actionupserv_did_delete_licenseinc\api\class-license-api.php:96
filterquery_varsinc\api\class-license-api.php:98
filterupserv_handle_update_request_paramsinc\api\class-license-api.php:99
filterupserv_api_license_actionsinc\api\class-license-api.php:100
filterupserv_api_webhook_eventsinc\api\class-license-api.php:101
filterupserv_nonce_api_payloadinc\api\class-license-api.php:102
filterupserv_webhook_fireinc\api\class-license-api.php:780
filterupserv_fetch_nonceinc\api\class-license-api.php:1470
actioninitinc\api\class-package-api.php:77
actionparse_requestinc\api\class-package-api.php:78
actionupserv_saved_remote_package_to_localinc\api\class-package-api.php:79
actionupserv_pre_delete_packageinc\api\class-package-api.php:80
actionupserv_did_delete_packageinc\api\class-package-api.php:81
actionupserv_did_download_packageinc\api\class-package-api.php:82
filterquery_varsinc\api\class-package-api.php:84
filterupserv_api_package_actionsinc\api\class-package-api.php:85
filterupserv_api_webhook_eventsinc\api\class-package-api.php:86
filterupserv_nonce_api_payloadinc\api\class-package-api.php:87
filterupserv_package_info_includeinc\api\class-package-api.php:88
filterupserv_fetch_nonceinc\api\class-package-api.php:1112
filterupserv_fetch_nonceinc\api\class-package-api.php:1148
actioninitinc\api\class-update-api.php:52
actionparse_requestinc\api\class-update-api.php:53
actionupserv_checked_remote_package_updateinc\api\class-update-api.php:54
actionupserv_removed_packageinc\api\class-update-api.php:55
actionupserv_registered_package_from_vcsinc\api\class-update-api.php:56
filterquery_varsinc\api\class-update-api.php:58
filterpuc_request_info_pre_filterinc\api\class-update-api.php:59
filterpuc_request_info_resultinc\api\class-update-api.php:60
actioninitinc\api\class-webhook-api.php:76
actionparse_requestinc\api\class-webhook-api.php:77
actionupserv_webhook_invalid_requestinc\api\class-webhook-api.php:78
filterquery_varsinc\api\class-webhook-api.php:80
filterupserv_webhook_process_requestinc\api\class-webhook-api.php:81
actionupserv_webhookinc\api\class-webhook-api.php:84
actioninitinc\class-upserv.php:87
actionadmin_enqueue_scriptsinc\class-upserv.php:88
actionadmin_menuinc\class-upserv.php:89
actionadmin_menuinc\class-upserv.php:90
actionaction_scheduler_failed_executioninc\class-upserv.php:91
filterupserv_admin_scriptsinc\class-upserv.php:93
filterupserv_admin_stylesinc\class-upserv.php:94
filterupserv_admin_tab_linksinc\class-upserv.php:96
filterupserv_admin_tab_statesinc\class-upserv.php:97
filteraction_scheduler_retention_periodinc\class-upserv.php:98
filterupserv_get_admin_template_argsinc\class-upserv.php:99
filterupserv_scripts_l10ninc\class-upserv.php:100
actioninitinc\class-upserv.php:103
actionadmin_noticesinc\class-upserv.php:337
actionadmin_noticesinc\class-upserv.php:342
actionadmin_menuinc\manager\class-api-manager.php:27
filterupserv_admin_scriptsinc\manager\class-api-manager.php:29
filterupserv_admin_stylesinc\manager\class-api-manager.php:30
filterupserv_admin_tab_linksinc\manager\class-api-manager.php:31
filterupserv_admin_tab_statesinc\manager\class-api-manager.php:32
actionupserv_package_options_updatedinc\manager\class-cloud-storage-manager.php:96
actionupserv_template_package_manager_option_before_miscellaneousinc\manager\class-cloud-storage-manager.php:97
filterupserv_admin_scriptsinc\manager\class-cloud-storage-manager.php:99
filterupserv_submitted_package_configinc\manager\class-cloud-storage-manager.php:100
filterupserv_package_option_updateinc\manager\class-cloud-storage-manager.php:101
actionupserv_scheduler_initinc\manager\class-data-manager.php:60
actionupserv_cleanupinc\manager\class-data-manager.php:500
actionupserv_scheduler_initinc\manager\class-license-manager.php:66
actionupserv_packages_table_cellinc\manager\class-license-manager.php:67
filterupserv_packages_table_columnsinc\manager\class-license-manager.php:69
filterupserv_packages_table_sortable_columnsinc\manager\class-license-manager.php:70
filterupserv_admin_scriptsinc\manager\class-license-manager.php:73
filterupserv_admin_stylesinc\manager\class-license-manager.php:74
actionadmin_initinc\manager\class-license-manager.php:75
actionadmin_menuinc\manager\class-license-manager.php:76
filterupserv_admin_tab_linksinc\manager\class-license-manager.php:77
filterupserv_admin_tab_statesinc\manager\class-license-manager.php:78
actionload-updatepulse_page_upserv-page-licensesinc\manager\class-license-manager.php:79
filterset-screen-optioninc\manager\class-license-manager.php:81
actionupserv_expire_licensesinc\manager\class-license-manager.php:497
actionadmin_initinc\manager\class-package-manager.php:98
actionadmin_menuinc\manager\class-package-manager.php:99
actionload-toplevel_page_upserv-pageinc\manager\class-package-manager.php:103
actionupserv_package_manager_pre_delete_packageinc\manager\class-package-manager.php:104
actionupserv_package_manager_deleted_packageinc\manager\class-package-manager.php:105
actionupserv_download_remote_package_abortedinc\manager\class-package-manager.php:106
filterupserv_admin_scriptsinc\manager\class-package-manager.php:108
filterupserv_admin_stylesinc\manager\class-package-manager.php:109
filterupserv_admin_tab_linksinc\manager\class-package-manager.php:110
filterupserv_admin_tab_statesinc\manager\class-package-manager.php:111
filterset-screen-optioninc\manager\class-package-manager.php:112
actionupserv_scheduler_initinc\manager\class-remote-sources-manager.php:32
actioninitinc\manager\class-remote-sources-manager.php:34
actionadmin_menuinc\manager\class-remote-sources-manager.php:39
filterupserv_admin_scriptsinc\manager\class-remote-sources-manager.php:41
filterupserv_admin_stylesinc\manager\class-remote-sources-manager.php:42
filterupserv_admin_tab_linksinc\manager\class-remote-sources-manager.php:43
filterupserv_admin_tab_statesinc\manager\class-remote-sources-manager.php:44
actionupserv_scheduler_initinc\nonce\class-nonce.php:340
actionupserv_nonce_cleanupinc\nonce\class-nonce.php:341
actioninitinc\nonce\class-nonce.php:344
actionparse_requestinc\nonce\class-nonce.php:345
filterquery_varsinc\nonce\class-nonce.php:347
actionaction_scheduler_initinc\scheduler\class-scheduler.php:34
actioninitinc\scheduler\class-scheduler.php:35
filtertemplate_directoryoptimisation\upserv-default-optimizer.php:112
filterstylesheet_directoryoptimisation\upserv-default-optimizer.php:113
filterenable_loading_advanced_cache_dropinoptimisation\upserv-default-optimizer.php:115
actionmuplugins_loadedoptimisation\upserv-default-optimizer.php:138
actionshutdowntests.php:171
actionplugins_loadedupdatepulse-server.php:253
actionplugins_loadedupdatepulse-server.php:272
Maintenance & Trust

UpdatePulse Server Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJun 7, 2025
PHP min version8.0
Downloads985

Community Trust

Rating100/100
Number of ratings1
Active installs20
Alternatives

UpdatePulse Server Alternatives

WP Disable Automatic Updates

WP Disable Automatic Updates

wp-disable-automatic-updates

A
85

This plugin allows you to disable all types of automatic Wordpress Updates very simply with some special features.

2K No CVEs
Auto Update

Auto Update

auto-update

A
100

Keeps WordPress core, plugins, and themes updated automatically to reduce manual maintenance and improve security.

100 No CVEs
Website Update Viewer

Website Update Viewer

website-update-viewer

A
100

Easily monitor and copy update details for WordPress core, plugins, and themes — streamline your website maintenance workflow.

70 No CVEs
Simba Plugin Updates Manager

Simba Plugin Updates Manager

simba-plugin-updates-manager

A
100

Provides a facility for distributing updates and handling licences and renewal reminders for your own WordPress plugins

40 No CVEs
WP Auto Updates

WP Auto Updates

wp-auto-updates

A
85

Easily Enable WP Auto Updates for WordPress Core Plugins and Themes.

10 No CVEs
Developer Profile

UpdatePulse Server Developer Profile

Alexandre Froger

11 plugins · 8K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
110 days
View full developer profile
Detection Fingerprints

How We Detect UpdatePulse Server

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/updatepulse-server/build/admin-settings.css/wp-content/plugins/updatepulse-server/build/admin-settings.js/wp-content/plugins/updatepulse-server/build/editor.css/wp-content/plugins/updatepulse-server/build/editor.js/wp-content/plugins/updatepulse-server/build/frontend.css/wp-content/plugins/updatepulse-server/build/frontend.js/wp-content/plugins/updatepulse-server/build/frontend-styles.css
Version Parameters
/wp-content/plugins/updatepulse-server/build/admin-settings.css?ver=/wp-content/plugins/updatepulse-server/build/admin-settings.js?ver=/wp-content/plugins/updatepulse-server/build/editor.css?ver=/wp-content/plugins/updatepulse-server/build/editor.js?ver=/wp-content/plugins/updatepulse-server/build/frontend.css?ver=/wp-content/plugins/updatepulse-server/build/frontend.js?ver=/wp-content/plugins/updatepulse-server/build/frontend-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
updatepulse-server-dashboard-settingsupdatepulse-server-dashboard-settings-wrapperupdatepulse-server-plugin-row-actionsupdatepulse-server-settings-tabsupdatepulse-server-tabupdatepulse-server-tab-contentupdatepulse-server-admin-noticeupdatepulse-server-editor+9 more
HTML Comments
<!-- UpdatePulse Server: Admin Settings Footer --><!-- UpdatePulse Server: Plugin Row Actions --><!-- UpdatePulse Server: Settings Tabs --><!-- UpdatePulse Server: Editor Initialization -->+2 more
Data Attributes
data-updatepulse-noncedata-updatepulse-ajax-urldata-package-iddata-package-version
JS Globals
updatepulse_server_params
REST Endpoints
/wp-json/updatepulse-server/v1/packages/wp-json/updatepulse-server/v1/licenses/wp-json/updatepulse-server/v1/webhooks/wp-json/updatepulse-server/v1/settings
Shortcode Output
[updatepulse_server_download_link][updatepulse_server_license_form]
FAQ

Frequently Asked Questions about UpdatePulse Server