WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Security & Risk Analysis

Automation plugin for WordPress with a visual no-code builder. Create automated workflows to connect WordPress, WooCommerce, WPForms, & more

30 active installs v1.2.0 PHP 7.4+ WP 5.8+ Updated Apr 8, 2026

ai-agentautomationautomatorgoogle-sheetsworkflow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Safe to Use in 2026?

Generally Safe

Score 100/100

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'wpbot' plugin v1.0.0 exhibits a generally good security posture with several strong practices. The code demonstrates a high level of output escaping (98%) and a significant portion of its SQL queries utilize prepared statements (44%), which helps mitigate common injection vulnerabilities. The absence of dangerous functions, file operations, and recorded historical vulnerabilities are also positive indicators. However, a notable concern is the presence of a REST API route lacking permission callbacks, creating a potential entry point that could be accessed without proper authorization. While taint analysis shows no critical or high severity unsanitized flows, this single unprotected REST API route warrants attention. The plugin's history of zero known CVEs is encouraging and suggests a history of secure development, but the single unprotected endpoint still represents a weakness in its otherwise robust security framework.

Key Concerns

REST API route without permission callbacks

Vulnerabilities

None known

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Release Timeline

v1.2.0Current

v1.0.0

v0.9.6

v0.9.5

v0.9.4

v0.9.3

Code Analysis

Analyzed Mar 16, 2026

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

46 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

44% prepared9 total queries

Output Escaping

98% escaped47 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ajax_callback (includes\core\deactivation-survey.php:302)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Attack Surface

Entry Points10

Unprotected1

AJAX Handlers 1

authwp_ajax_wpbot_automator_goodbye_formincludes\core\deactivation-survey.php:66

REST API Routes 9

GET/wp-json/wpbot-automator/v1/workflowsincludes\core\plugin.php:140

POST/wp-json/wpbot-automator/v1/workflowsincludes\core\plugin.php:150

PUT/wp-json/wpbot-automator/v1/workflows/(?P<id>\d+)includes\core\plugin.php:160

DELETE/wp-json/wpbot-automator/v1/workflows/(?P<id>\d+)includes\core\plugin.php:170

GET/wp-json/wpbot-automator/v1/productsincludes\core\plugin.php:181

POST/wp-json/wpbot-automator/v1/test-actionincludes\core\plugin.php:192

GET/wp-json/wpbot-automator/v1/logsincludes\core\plugin.php:203

POST/wp-json/wpbot-automator/v1/support/sendincludes\core\plugin.php:214

GET/wp-json/wpbot-automator/v1/webhook/(?P<token>[a-zA-Z0-9]+)includes\triggers\webhook.php:39

WordPress Hooks 19

filterplugin_action_linksincludes\core\deactivation-survey.php:63

filternetwork_admin_plugin_action_linksincludes\core\deactivation-survey.php:64

actionadmin_footerincludes\core\deactivation-survey.php:65

filterwp_mail_content_typeincludes\core\deactivation-survey.php:93

actioninitincludes\core\plugin.php:24

actionadmin_menuincludes\core\plugin.php:32

actionadmin_enqueue_scriptsincludes\core\plugin.php:33

actionrest_api_initincludes\core\plugin.php:34

actiondoing_it_wrong_runincludes\core\plugin.php:37

actionwpforms_process_completeincludes\triggers\form-triggers.php:57

actionwpcf7_mail_sentincludes\triggers\form-triggers.php:60

actionfluentform_submission_insertedincludes\triggers\form-triggers.php:63

actiongform_after_submissionincludes\triggers\form-triggers.php:66

actionrest_api_initincludes\triggers\webhook.php:32

actionwoocommerce_new_orderincludes\triggers\woocommerce-triggers.php:61

actionwoocommerce_order_status_changedincludes\triggers\woocommerce-triggers.php:62

actionwoocommerce_payment_completeincludes\triggers\woocommerce-triggers.php:63

actionwp_insert_postincludes\triggers\woocommerce-triggers.php:64

actionplugins_loadedwpbot-automator.php:102

Maintenance & Trust

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 8, 2026

PHP min version7.4

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Alternatives

Bit integrations – Easy Automator with no-code automation, integrate Webhook and automate 300+ Platform

bit-integrations

Perfect Automation and integration plugin: Connect 300+ platforms and automate CRM, Email marketing tools, Google Sheets, Contact forms, LMS and more

20K 1 CVE

Bit Flows: AI Agent Automation with ChatGPT, Gemini, Claude, Perplexity, Google Sheets and More

bit-pi

100

Intelligent automation handles your workflows, CRM, forms, WooCommerce, ChatGPT, and more tasks to maximize your marketing and business efficiency.

1K No CVEs

OttoKit: All-in-One Automation Platform

suretriggers

Experience the power of automation within WordPress: Connect 1,300+ apps, automate manual tasks, and unlock your full potential. Get started now!

100K 6 CVEs

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin

uncanny-automator

Uncanny Automator is the easiest and most powerful way to connect your WordPress plugins, sites and apps together with powerful automations.

50K 11 CVEs

Zapier for WordPress

zapier

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs

Developer Profile

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Developer Profile

QuantumCloud

29 plugins · 26K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

243 days

View full developer profile

Detection Fingerprints

How We Detect WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wpbot-automator/build/index.js/wp-content/plugins/wpbot-automator/build/index.css

Script Paths

/wp-content/plugins/wpbot-automator/build/index.js

Version Parameters

wpbot-automator/build/index.asset.php

HTML / DOM Fingerprints

CSS Classes

wpbot-automator-root

Data Attributes

data-enqueue-script="wpbot-automator-admin"

JS Globals

wpbotAutomator

REST Endpoints

/wpbot-automator/v1/workflows/wpbot-automator/v1/products/wpbot-automator/v1/test-action

FAQ