WP-Safety

JAMstack Deployments Security & Risk Analysis

wordpress.org/plugins/wp-jamstack-deployments

A WordPress plugin for JAMstack deployments on Netlify (and other platforms).

1K active installs v1.1.1 PHP 5.6+ WP + Updated Nov 30, 2020
jamstacknetlifywebhook
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEJan 28, 2026
Plugin page Download
Safety Verdict

Is JAMstack Deployments Safe to Use in 2026?

Use With Caution

Score 63/100

JAMstack Deployments has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 28, 2026Updated 5yr ago
Risk Assessment

The wp-jamstack-deployments plugin v1.1.1 exhibits a mixed security posture. On the positive side, static analysis reveals a small attack surface with no directly exposed REST API routes or shortcodes. Crucially, all SQL queries are prepared, and file operations are absent, reducing common vulnerability vectors. The presence of nonce checks for its AJAX handler is also a good security practice.

However, several concerns warrant attention. The plugin has a history of known vulnerabilities, including a currently unpatched medium severity issue classified as Missing Authorization. This suggests a recurring pattern of authorization flaws, which is a significant risk. Furthermore, while the static analysis shows 100% of AJAX handlers have auth checks (likely tied to the nonce checks), the lack of explicit capability checks and the presence of external HTTP requests (though not analyzed for taint) introduce potential vectors that could be exploited if authorization is not perfectly implemented elsewhere.

In conclusion, while the plugin has made strides in secure coding practices like prepared statements, the persistent issue of missing authorization, highlighted by its vulnerability history, remains a critical concern. The absence of detailed taint analysis and the reliance on implied authorization for the AJAX handler leave room for potential exploitation, especially given the past CVE.

Key Concerns

  • Unpatched CVE
  • Missing Authorization vulnerability history
  • External HTTP requests
  • 80% output escaping (20% unescaped)
  • No capability checks
Vulnerabilities
1

JAMstack Deployments Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-25409medium · 4.3Missing Authorization

JAMstack Deployments <= 1.1.1 - Missing Authorization

Jan 28, 2026Unpatched
Code Analysis
Analyzed Mar 16, 2026

JAMstack Deployments Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
16 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

80% escaped20 total outputs
Attack Surface

JAMstack Deployments Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_wp_jamstack_deployments_manual_triggersrc\WebhookTrigger.php:23
WordPress Hooks 13
actiontransition_post_statussrc\functions.php:89
actioncreated_termsrc\functions.php:104
actiondelete_termsrc\functions.php:121
actionedit_termsrc\functions.php:136
actionacf/save_postsrc\functions.php:152
actionadmin_initsrc\Settings.php:14
actionadmin_menusrc\UI\SettingsScreen.php:14
actionadmin_initsrc\WebhookTrigger.php:14
actionadmin_bar_menusrc\WebhookTrigger.php:15
actionadmin_footersrc\WebhookTrigger.php:17
actionwp_footersrc\WebhookTrigger.php:18
actionwp_enqueue_scriptssrc\WebhookTrigger.php:20
actionadmin_enqueue_scriptssrc\WebhookTrigger.php:21
Maintenance & Trust

JAMstack Deployments Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedNov 30, 2020
PHP min version5.6
Downloads157K

Community Trust

Rating100/100
Number of ratings4
Active installs1K
Alternatives

JAMstack Deployments Alternatives

Deploy Webhook Button

Deploy Webhook Button

webhook-netlify-deploy

A
85

Easily deploy static sites using Wordpress and Netlify

100 No CVEs
OttoKit: All-in-One Automation Platform

OttoKit: All-in-One Automation Platform

suretriggers

A
91

Experience the power of automation within WordPress: Connect 1,300+ apps, automate manual tasks, and unlock your full potential. Get started now!

100K 4 CVEs
Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

uncanny-automator

B
83

Uncanny Automator is the easiest and most powerful way to connect your WordPress plugins, sites and apps together with powerful automations.

50K 11 CVEs
CF7 to Webhook

CF7 to Webhook

cf7-to-zapier

A
100

Use Contact Form 7 as a trigger to any webhook!

30K No CVEs
Simply Static – The Static Site Generator

Simply Static – The Static Site Generator

simply-static

A
99

Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.

30K 2 CVEs
Developer Profile

JAMstack Deployments Developer Profile

crgeary

2 plugins · 1K total installs

76
trust score
Avg Security Score
74/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect JAMstack Deployments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-jamstack-deployments/assets/admin.js
Script Paths
/wp-content/plugins/wp-jamstack-deployments/assets/admin.js
Version Parameters
wp-jamstack-deployments/assets/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-jamstack-deployments-buttonwp-jamstack-deployments-badgewp-jamstack-deployments-netlify-badge
Data Attributes
data-icon="upload"
JS Globals
wpjd
FAQ

Frequently Asked Questions about JAMstack Deployments