Does Vatomi have any unpatched vulnerabilities?

No. All known vulnerabilities in Vatomi have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Vatomi compatible with WordPress 5.3.21?

According to WordPress.org data, Vatomi 1.0.3 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

Is Vatomi compatible with PHP 5.4+?

Vatomi requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Vatomi updated?

Vatomi was last updated on Nov 2, 2019. Frequent updates are generally a positive security signal.

What is Vatomi's security score?

Vatomi has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vatomi Security & Risk Analysis

wordpress.org/plugins/vatomi

Envato oAuth registration. Support Envato customers users with AwesomeSupport plugin.

10 active installs v1.0.3 PHP 5.4+ WP 4.8.0+ Updated Nov 2, 2019

activationenvatolicenseoauthsupport

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Vatomi Safe to Use in 2026?

Generally Safe

Score 85/100

Vatomi has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "vatomi" plugin v1.0.3 demonstrates a mixed security posture. On the positive side, it exhibits good practices such as using prepared statements for all SQL queries and implementing nonce and capability checks on its entry points. The lack of known vulnerabilities in its history also suggests a potentially stable codebase.

However, the static analysis reveals significant concerns. The presence of dangerous functions like `unserialize` and `create_function` is a major red flag, as these can be exploited if user-supplied input is passed to them without proper sanitization. While the taint analysis indicates no critical or high severity flows with unsanitized paths, the identified "flows with unsanitized paths" still warrant careful investigation. Furthermore, only 77% of output is properly escaped, leaving potential for cross-site scripting (XSS) vulnerabilities. The inclusion of TinyMCE, a library that can be a vector for vulnerabilities if not properly maintained and used, also adds to the risk profile.

Overall, while "vatomi" v1.0.3 shows strengths in areas like SQL handling and authentication checks, the critical risks associated with dangerous functions and partially unsanitized data flows, combined with a less-than-perfect output escaping rate, indicate a need for thorough security review and potential remediation.

Key Concerns

Dangerous function: unserialize detected
Dangerous function: create_function detected
2 flows with unsanitized paths
23% of outputs not properly escaped
Bundled library TinyMCE detected

Vulnerabilities

None known

Vatomi Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Vatomi Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

147 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$vatomi_exist_products = unserialize( get_transient( 'vatomi_exist_products' ) );admin\class-awesome-support.php:51

create_function$callback = create_function( '', 'echo "' . str_replace( '"', '\"', $section['desc'] ) . '";' );vendors\wedevs-settings-api.php:114

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared2 total queries

Output Escaping

77% escaped190 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

envato_sign_action (vatomi.php:227)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Vatomi Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 2

authwp_ajax_vatomi_refresh_user_datafront\class-awesome-support.php:26

authwp_ajax_vatomi_get_wpas_products_selectfront\class-awesome-support.php:27

Shortcodes 2

[vatomi_login_form] shortcodes\envato-login-shortcode.php:14

[vatomi_licenses] shortcodes\licenses.php:15

WordPress Hooks 48

filterwpas_plugin_settingsadmin\class-awesome-support.php:21

actionupdate_option_wpas_optionsadmin\class-awesome-support.php:22

actionadmin_enqueue_scriptsadmin\class-awesome-support.php:23

actionproduct_add_form_fieldsadmin\class-awesome-support.php:26

actionproduct_edit_form_fieldsadmin\class-awesome-support.php:27

actionedited_productadmin\class-awesome-support.php:28

actioncreate_productadmin\class-awesome-support.php:29

filterlogin_messageadmin\class-envato-api.php:519

actioninitadmin\class-licenses.php:37

filterdisplay_post_statesadmin\class-licenses.php:40

actiontemplate_redirectadmin\class-licenses.php:43

filterthe_contentadmin\class-licenses.php:46

filterpost_row_actionsadmin\class-licenses.php:49

filterbulk_actions-edit-vatomi_licenseadmin\class-licenses.php:52

filtermanage_edit-vatomi_license_columnsadmin\class-licenses.php:55

actionmanage_vatomi_license_posts_custom_columnadmin\class-licenses.php:56

actionposts_joinadmin\class-licenses.php:59

actionposts_whereadmin\class-licenses.php:60

actionposts_distinctadmin\class-licenses.php:61

actioninitadmin\class-logging.php:38

actioninitadmin\class-logging.php:41

actioninitadmin\class-logging.php:44

actionrestrict_manage_postsadmin\class-logging.php:51

filterparse_queryadmin\class-logging.php:52

actionrest_api_initadmin\class-rest-api.php:119

actionadmin_initadmin\class-settings.php:29

actionadmin_menuadmin\class-settings.php:30

filtermanage_users_columnsadmin\class-user-settings.php:21

filtermanage_users_custom_columnadmin\class-user-settings.php:22

actionshow_user_profileadmin\class-user-settings.php:25

actionedit_user_profileadmin\class-user-settings.php:26

actionpre_user_searchadmin\class-user-settings.php:29

filterwpas_cf_taxonomy_oredered_termsfront\class-awesome-support.php:21

actionwpas_submission_form_inside_before_subjectfront\class-awesome-support.php:22

filterwpas_before_submit_new_ticket_checksfront\class-awesome-support.php:24

actionlogin_messageshortcodes\envato-login-shortcode.php:122

actionwpas_before_login_formshortcodes\envato-login-shortcode.php:126

actionbp_before_register_pageshortcodes\envato-login-shortcode.php:130

actionadmin_menuvatomi.php:113

filterparent_filevatomi.php:114

actionafter_setup_themevatomi.php:116

actionafter_setup_themevatomi.php:117

actionadmin_enqueue_scriptsvatomi.php:118

actionadmin_enqueue_scriptsvatomi.php:120

actionwp_enqueue_scriptsvatomi.php:121

actionlogin_headvatomi.php:122

filtermce_cssvatomi.php:125

actionadmin_enqueue_scriptsvendors\wedevs-settings-api.php:36

Maintenance & Trust

Vatomi Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedNov 2, 2019

PHP min version5.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Vatomi Alternatives

License For Envato

license-envato

"License For Envato" is a Envato theme & plugin license management Software.

8K 2 CVEs

Envato Toolkit

toolkit-for-envato

Validate purchase code, check for item update & support expiration, download newest version, lookup for user details, search for Envato item id & more

6K No CVEs

DAP TO LICENSE KEY

generate-dap-license-key

To generate the license key once DAP user created

20 No CVEs

bbPress

bbpress

bbPress is forum software for WordPress.

100K 6 CVEs

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

themeisle-companion

Add modules like share buttons, header & footer scripts, disable comments, reading progress bar, custom fonts, custom login page & more in one plugin.

100K 20 CVEs

Developer Profile

Vatomi Developer Profile

Danny van Kooten

90 plugins · 2.1M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

522 days

View full developer profile

Detection Fingerprints

How We Detect Vatomi

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vatomi/assets/css/vatomi.css/wp-content/plugins/vatomi/assets/js/vatomi.js

Script Paths

/wp-content/plugins/vatomi/assets/js/vatomi.js

Version Parameters

vatomi/assets/css/vatomi.css?ver=vatomi/assets/js/vatomi.js?ver=

HTML / DOM Fingerprints

CSS Classes

vatomi-btnvatomi-login-buttonvatomi-licenses-tablevatomi-tab-contentvatomi-tab-navvatomi-log-listvatomi-license-itemvatomi-license-key-input

HTML Comments

Vatomi admin notices startVatomi admin notices endVatomi login form startVatomi login form end+4 more

Data Attributes

data-vatomi-login-urldata-vatomi-ajax-urldata-vatomi-noncedata-vatomi-license-iddata-vatomi-action

JS Globals

vatomiVatomiAJAX

REST Endpoints

/wp-json/vatomi/v1/licenses/wp-json/vatomi/v1/logs/wp-json/vatomi/v1/activate/wp-json/vatomi/v1/deactivate

Shortcode Output

[vatomi_login][vatomi_licenses][vatomi_support_form]

FAQ

Vatomi Security & Risk Analysis

Is Vatomi Safe to Use in 2026?

Generally Safe

Key Concerns

Vatomi Security Vulnerabilities

Vatomi Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Vatomi Attack Surface

AJAX Handlers 2

Shortcodes 2

Vatomi Maintenance & Trust

Maintenance Signals

Community Trust

Vatomi Alternatives

License For Envato

Envato Toolkit

DAP TO LICENSE KEY

bbPress

Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More

Vatomi Developer Profile

How We Detect Vatomi

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Vatomi