WP-Safety

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Security & Risk Analysis

wordpress.org/plugins/wpbot

Automation plugin for WordPress with a visual no-code builder. Create automated workflows to connect WordPress, WooCommerce, WPForms, & more

40 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Feb 26, 2026
automationintegromatno-codeworkflow
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Safe to Use in 2026?

Generally Safe

Score 100/100

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'wpbot' plugin v1.0.0 exhibits a generally good security posture with several strong practices. The code demonstrates a high level of output escaping (98%) and a significant portion of its SQL queries utilize prepared statements (44%), which helps mitigate common injection vulnerabilities. The absence of dangerous functions, file operations, and recorded historical vulnerabilities are also positive indicators. However, a notable concern is the presence of a REST API route lacking permission callbacks, creating a potential entry point that could be accessed without proper authorization. While taint analysis shows no critical or high severity unsanitized flows, this single unprotected REST API route warrants attention. The plugin's history of zero known CVEs is encouraging and suggests a history of secure development, but the single unprotected endpoint still represents a weakness in its otherwise robust security framework.

Key Concerns

  • REST API route without permission callbacks
Vulnerabilities
None known

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
4 prepared
Unescaped Output
1
46 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
19
Bundled Libraries
0

SQL Query Safety

44% prepared9 total queries

Output Escaping

98% escaped47 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
ajax_callback (includes\core\deactivation-survey.php:302)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Attack Surface

Entry Points10
Unprotected1

AJAX Handlers 1

authwp_ajax_wpbot_automator_goodbye_formincludes\core\deactivation-survey.php:66

REST API Routes 9

GET/wp-json/wpbot-automator/v1/workflowsincludes\core\plugin.php:140
POST/wp-json/wpbot-automator/v1/workflowsincludes\core\plugin.php:150
PUT/wp-json/wpbot-automator/v1/workflows/(?P<id>\d+)includes\core\plugin.php:160
DELETE/wp-json/wpbot-automator/v1/workflows/(?P<id>\d+)includes\core\plugin.php:170
GET/wp-json/wpbot-automator/v1/productsincludes\core\plugin.php:181
POST/wp-json/wpbot-automator/v1/test-actionincludes\core\plugin.php:192
GET/wp-json/wpbot-automator/v1/logsincludes\core\plugin.php:203
POST/wp-json/wpbot-automator/v1/support/sendincludes\core\plugin.php:214
GET/wp-json/wpbot-automator/v1/webhook/(?P<token>[a-zA-Z0-9]+)includes\triggers\webhook.php:39
WordPress Hooks 19
filterplugin_action_linksincludes\core\deactivation-survey.php:63
filternetwork_admin_plugin_action_linksincludes\core\deactivation-survey.php:64
actionadmin_footerincludes\core\deactivation-survey.php:65
filterwp_mail_content_typeincludes\core\deactivation-survey.php:93
actioninitincludes\core\plugin.php:24
actionadmin_menuincludes\core\plugin.php:32
actionadmin_enqueue_scriptsincludes\core\plugin.php:33
actionrest_api_initincludes\core\plugin.php:34
actiondoing_it_wrong_runincludes\core\plugin.php:37
actionwpforms_process_completeincludes\triggers\form-triggers.php:57
actionwpcf7_mail_sentincludes\triggers\form-triggers.php:60
actionfluentform_submission_insertedincludes\triggers\form-triggers.php:63
actiongform_after_submissionincludes\triggers\form-triggers.php:66
actionrest_api_initincludes\triggers\webhook.php:32
actionwoocommerce_new_orderincludes\triggers\woocommerce-triggers.php:61
actionwoocommerce_order_status_changedincludes\triggers\woocommerce-triggers.php:62
actionwoocommerce_payment_completeincludes\triggers\woocommerce-triggers.php:63
actionwp_insert_postincludes\triggers\woocommerce-triggers.php:64
actionplugins_loadedwpbot-automator.php:102
Maintenance & Trust

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Alternatives

Zapier for WordPress

Zapier for WordPress

zapier

A
98

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs
Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation

Zoho Flow – Integrate 100+ plugins with 1000+ business apps, no-code workflow automation

zoho-flow

A
96

Integrate your WordPress plugins with your business applications and automate workflows between them. A single platform for all your integrations.

5K 4 CVEs
theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce

themarketer

A
99

Collect subscribers. Send newsletters. Create 1:1 personalised emails using dynamic blocks. Activate one of almost 30 predefined workflows.

600 1 CVE
Post Webhook – Send Post & Page data to any API or external service

Post Webhook – Send Post & Page data to any API or external service

post-webhook

A
85

Automate your content workflow by automatically sending post and page data to external services.

70 No CVEs
GoPublish: Publish from Google Docs to Any Site

GoPublish: Publish from Google Docs to Any Site

gopublish-publish-from-google-docs-to-any-site

A
100

Publish directly from Google Docs™ to any website with SEO meta titles, descriptions, images, and format intact. Stop copy-pasting today!

60 No CVEs
Developer Profile

WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder Developer Profile

QuantumCloud

29 plugins · 26K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
255 days
View full developer profile
Detection Fingerprints

How We Detect WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wpbot-automator/build/index.js/wp-content/plugins/wpbot-automator/build/index.css
Script Paths
/wp-content/plugins/wpbot-automator/build/index.js
Version Parameters
wpbot-automator/build/index.asset.php

HTML / DOM Fingerprints

CSS Classes
wpbot-automator-root
Data Attributes
data-enqueue-script="wpbot-automator-admin"
JS Globals
wpbotAutomator
REST Endpoints
/wpbot-automator/v1/workflows/wpbot-automator/v1/products/wpbot-automator/v1/test-action
FAQ

Frequently Asked Questions about WPBot Automator – Automation for WordPress Visual No-Code WorkFlow Builder