WebPrime A/B Testing Security & Risk Analysis
wordpress.org/plugins/webprime-ab-testingConduct A/B tests of any content via shortcodes with analytics of shows and clicks.
Is WebPrime A/B Testing Safe to Use in 2026?
Generally Safe
Score 100/100WebPrime A/B Testing has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The webprime-ab-testing plugin exhibits a generally strong security posture with good development practices. The absence of known CVEs and a clean vulnerability history are positive indicators. The code analysis reveals a commendable focus on security, with a high percentage of SQL queries utilizing prepared statements and proper output escaping. Nonce and capability checks are present, though their number is relatively low given the attack surface.
However, the taint analysis reveals three flows with unsanitized paths, all flagged as high severity. This is a significant concern, suggesting that user-supplied data is not being adequately validated or sanitized before being used in potentially sensitive operations. While no critical severity taint flows were found, these three high-severity instances pose a tangible risk that could be exploited by attackers to manipulate plugin behavior or potentially execute unintended code if these paths lead to exploitable functions.
In conclusion, while the plugin benefits from a lack of historical vulnerabilities and good general coding hygiene like prepared statements and output escaping, the identified high-severity unsanitized taint flows represent a critical weakness. Addressing these specific taint paths should be the immediate priority to improve the plugin's overall security.
Key Concerns
- High severity unsanitized taint flows (3)
- Low number of nonce checks (3)
- Low number of capability checks (1)
WebPrime A/B Testing Security Vulnerabilities
WebPrime A/B Testing Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
WebPrime A/B Testing Attack Surface
AJAX Handlers 4
Shortcodes 1
WordPress Hooks 5
Scheduled Events 1
Maintenance & Trust
WebPrime A/B Testing Maintenance & Trust
Maintenance Signals
Community Trust
WebPrime A/B Testing Alternatives
Vectoron
vectoron
A WordPress REST API plugin for external content management with authenticated API endpoints, GA4 tracking shortcodes, and ACF integration.
Content Blocks (Custom Post Widget)
custom-post-widget
This plugin enables you to edit and display Content Blocks in a sidebar widget or using a shortcode.
Unbounce Landing Pages
unbounce
Unbounce is the most powerful standalone landing page builder available.
Dynamic Month & Year into Posts
dynamic-month-year-into-posts
Automate SEO and content with dynamic shortcodes for dates, years, months, age calculations, seasons and countdowns in content, titles and meta.
Search Insights – Privacy-Friendly Search Analytics
wp-search-insights
Uncover exactly what visitors search for on your site. Stop guessing what content to create, fix content gaps, and boost engagement.
WebPrime A/B Testing Developer Profile
2 plugins · 10 total installs
How We Detect WebPrime A/B Testing
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/webprime-ab-testing/public/css/main.css/wp-content/plugins/webprime-ab-testing/public/js/main.js/wp-content/plugins/webprime-ab-testing/public/js/analytics.js/wp-content/plugins/webprime-ab-testing/public/js/main.js/wp-content/plugins/webprime-ab-testing/public/js/analytics.jswebprime-ab-testing/public/css/main.css?ver=webprime-ab-testing/public/js/main.js?ver=webprime-ab-testing/public/js/analytics.js?ver=HTML / DOM Fingerprints
data-webprime-ab-test-iddata-webprime-ab-test-uidwebprime_ab_ajax_object<div class="webprime-ab-test-container" data-webprime-ab-test-id="" data-webprime-ab-test-uid="