WP-Safety

VRTs – Visual Regression Tests Security & Risk Analysis

wordpress.org/plugins/visual-regression-tests

Keep your WordPress websites bug-free with automatic screenshots, daily comparisons, and instant tests after WordPress and plugin updates.

900 active installs v2.0.5 PHP 7.0+ WP 5.0+ Updated Jul 21, 2025
regressiontestsvisualvisual-regressionvrts
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is VRTs – Visual Regression Tests Safe to Use in 2026?

Generally Safe

Score 100/100

VRTs – Visual Regression Tests has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The 'visual-regression-tests' plugin v2.0.5 exhibits a generally strong security posture, with excellent practices observed in output escaping and the use of prepared statements for SQL queries. The plugin also has a clean vulnerability history, indicating a commitment to security over time. However, the presence of two AJAX handlers without authentication checks presents a significant concern. While the total attack surface is relatively small, these unprotected entry points could be exploited by unauthenticated users to trigger unintended actions within the plugin, potentially leading to unauthorized functionality or information disclosure if the specific actions performed by these handlers are sensitive.

The taint analysis shows no critical or high severity flows, which is highly positive. The plugin also avoids dangerous functions and external HTTP requests that are often associated with security risks. The limited number of file operations is also a good sign. Despite the generally good security indicators, the unprotected AJAX handlers are a specific area that requires attention and remediation to ensure a robust security profile.

Key Concerns

  • Unprotected AJAX handlers
Vulnerabilities
None known

VRTs – Visual Regression Tests Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

VRTs – Visual Regression Tests Code Analysis

Dangerous Functions
0
Raw SQL Queries
21
91 prepared
Unescaped Output
7
416 escaped
Nonce Checks
11
Capability Checks
13
File Operations
1
External Requests
5
Bundled Libraries
0

SQL Query Safety

81% prepared112 total queries

Output Escaping

98% escaped423 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
wp_ajax_save_dismiss_status_ajax (includes\features\class-admin-notices.php:19)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

VRTs – Visual Regression Tests Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_vrts_admin_notice_dismissincludes\features\class-admin-notices.php:13
authwp_ajax_vrts_test_quick_edit_saveincludes\features\class-tests-page.php:21
noprivwp_ajax_vrts_serviceincludes\rest-api\class-rest-service-controller.php:34
authwp_ajax_priv_vrts_serviceincludes\rest-api\class-rest-service-controller.php:35
WordPress Hooks 64
actionadmin_initincludes\core\settings\class-manager.php:24
filtercron_schedulesincludes\core\utilities\class-background-process.php:50
actionadmin_initincludes\features\class-admin-columns.php:13
actioncurrent_screenincludes\features\class-admin-header.php:10
actionin_admin_headerincludes\features\class-admin-header.php:13
actionadmin_menuincludes\features\class-admin.php:13
actionadmin_initincludes\features\class-admin.php:15
actionadmin_initincludes\features\class-bulk-actions.php:14
actionvrts_fetch_updates_cronincludes\features\class-cron-jobs.php:36
actionvrts_fetch_test_updatesincludes\features\class-cron-jobs.php:37
actionvrts_fetch_test_run_updatesincludes\features\class-cron-jobs.php:38
actionadmin_enqueue_scriptsincludes\features\class-enqueue-scripts.php:16
actionenqueue_block_editor_assetsincludes\features\class-enqueue-scripts.php:17
actionadmin_noticesincludes\features\class-install.php:20
actioninitincludes\features\class-install.php:22
actionupgrader_process_completeincludes\features\class-install.php:23
actionvrts_plugin_on_upgradeincludes\features\class-install.php:24
actionadd_meta_boxesincludes\features\class-metaboxes.php:40
actionrest_api_initincludes\features\class-metaboxes.php:41
actionsave_postincludes\features\class-metaboxes.php:42
actionrest_api_initincludes\features\class-onboarding.php:14
filtervrts_onboardingincludes\features\class-onboarding.php:15
actionwp_after_insert_postincludes\features\class-post-update-actions.php:15
actiontrashed_postincludes\features\class-post-update-actions.php:16
actiontransition_post_statusincludes\features\class-post-update-actions.php:17
actionupdate_option_vrts_remaining_testsincludes\features\class-post-update-actions.php:18
actionpost_updatedincludes\features\class-post-update-actions.php:19
filterhttp_headers_useragentincludes\features\class-service.php:124
actioninitincludes\features\class-settings-page.php:22
actionadmin_menuincludes\features\class-settings-page.php:23
actionadmin_initincludes\features\class-settings-page.php:24
actionadd_option_vrts_click_selectorsincludes\features\class-settings-page.php:25
actionupdate_option_vrts_click_selectorsincludes\features\class-settings-page.php:26
actionpre_update_option_vrts_license_keyincludes\features\class-settings-page.php:27
actionpre_update_option_vrts_email_update_notification_addressincludes\features\class-settings-page.php:28
actionpre_update_option_vrts_email_api_notification_addressincludes\features\class-settings-page.php:29
actionupdate_option_vrts_automatic_comparisonincludes\features\class-settings-page.php:30
actionadmin_noticesincludes\features\class-settings-page.php:403
actionadmin_noticesincludes\features\class-settings-page.php:406
actionadmin_noticesincludes\features\class-settings-page.php:410
actionadmin_initincludes\features\class-test-runs-page.php:19
actionadmin_menuincludes\features\class-test-runs-page.php:20
actionadmin_body_classincludes\features\class-test-runs-page.php:21
actionadmin_noticesincludes\features\class-test-runs-page.php:242
actionadmin_menuincludes\features\class-tests-page.php:18
filterset-screen-optionincludes\features\class-tests-page.php:19
actionwp_link_queryincludes\features\class-tests-page.php:20
actionadmin_initincludes\features\class-tests-page.php:22
actionadmin_noticesincludes\features\class-tests-page.php:363
actionadmin_noticesincludes\features\class-tests-page.php:366
actionadmin_noticesincludes\features\class-tests-page.php:373
actionadmin_noticesincludes\features\class-tests-page.php:379
actionadmin_noticesincludes\features\class-tests-page.php:385
actionadmin_noticesincludes\features\class-tests-page.php:390
actionadmin_noticesincludes\features\class-tests-page.php:396
actionvrts_run_testsincludes\features\class-tests.php:14
actionupgrader_process_completeincludes\features\class-tests.php:15
actioninitincludes\features\class-translations.php:10
actioninitincludes\features\class-translations.php:11
actionadmin_menuincludes\features\class-upgrade-page.php:19
actionrest_api_initincludes\rest-api\class-rest-alerts-controller.php:33
actionrest_api_initincludes\rest-api\class-rest-service-controller.php:33
actionrest_api_initincludes\rest-api\class-rest-test-runs-controller.php:33
actionrest_api_initincludes\rest-api\class-rest-tests-controller.php:33

Scheduled Events 5

vrts_fetch_updates_cron
vrts_fetch_test_updates
vrts_fetch_test_run_updates
vrts_fetch_test_updates
vrts_fetch_test_run_updates
Maintenance & Trust

VRTs – Visual Regression Tests Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJul 21, 2025
PHP min version7.0
Downloads15K

Community Trust

Rating92/100
Number of ratings9
Active installs900
Alternatives

VRTs – Visual Regression Tests Alternatives

Diffy Visual Regression Testing

Diffy Visual Regression Testing

diffy

A
85

Diffy helps to verify plugin updates by taking screenshots of your site before and after update and comparing them. Ideally you expect zero changes a …

10 No CVEs
Page Builder by SiteOrigin

Page Builder by SiteOrigin

siteorigin-panels

A
88

Build responsive page layouts using the widgets you know and love using this simple drag and drop page builder.

500K 8 CVEs
Black Studio TinyMCE Widget

Black Studio TinyMCE Widget

black-studio-tinymce-widget

A
100

The visual editor widget for WordPress.

200K No CVEs
SiteOrigin CSS

SiteOrigin CSS

so-css

A
100

Powerful, simple CSS editing for WordPress. Visual controls & real-time previews for effortless site customization.

100K No CVEs
Hotjar

Hotjar

hotjar

A
85

The fast & visual way to understand your users.

80K 1 CVE
Developer Profile

VRTs – Visual Regression Tests Developer Profile

Bleech

2 plugins · 3K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect VRTs – Visual Regression Tests

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/visual-regression-tests/build/admin.css/wp-content/plugins/visual-regression-tests/build/admin.js/wp-content/plugins/visual-regression-tests/build/editor.css/wp-content/plugins/visual-regression-tests/build/editor.js
Version Parameters
visual-regression-tests/build/admin.asset.phpvisual-regression-tests/build/editor.asset.php

HTML / DOM Fingerprints

CSS Classes
vrts-admin-notice
HTML Comments
You need to run `npm start` or `npm run build`.
Data Attributes
data-vrts-test-iddata-vrts-test-statusdata-vrts-hide-css-selectors
JS Globals
vrts_admin_varsvrts_editor_vars
REST Endpoints
/wp-json/vrts/v1
FAQ

Frequently Asked Questions about VRTs – Visual Regression Tests