Does Analyticator have any unpatched vulnerabilities?

No. All known vulnerabilities in Analyticator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Analyticator compatible with WordPress 6.9.4?

According to WordPress.org data, Analyticator 3.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Analyticator compatible with PHP 5.6+?

Analyticator requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Analyticator updated?

Analyticator was last updated on Feb 20, 2026. Frequent updates are generally a positive security signal.

What is Analyticator's security score?

Analyticator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Analyticator Security & Risk Analysis

wordpress.org/plugins/analyticator

Simple GA4, GTM, and Hotjar integration. Securely inject tracking scripts into your WordPress site without editing any code.

80 active installs v3.0.0 PHP 5.6+ WP 4.6+ Updated Feb 20, 2026

google-analyticsgoogle-tag-managerhotjarscreen-recordervisit-statistics

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Analyticator Safe to Use in 2026?

Generally Safe

Score 100/100

Analyticator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the 'analyticator' plugin v3.0.0 exhibits a strong security posture. The absence of any identified attack surface points, dangerous functions, direct SQL queries, file operations, or external HTTP requests is highly commendable and suggests robust coding practices aimed at minimizing vulnerabilities. Furthermore, the near-perfect output escaping and the lack of any recorded vulnerabilities (CVEs) further bolster confidence in its security. The absence of taint analysis flows also indicates a lack of obvious data manipulation issues from an initial scan.

However, it's important to note a few areas that, while not indicating immediate critical risks based on this snapshot, warrant attention for absolute assurance. The complete lack of nonce checks and capability checks across all entry points (even though there are no identified entry points in this analysis) could become a concern if new, even minor, entry points are introduced in future updates without these essential security measures. While the current data suggests no exploitable paths, a proactive approach would be to ensure these fundamental WordPress security practices are integrated moving forward. The overall assessment is very positive, but the lack of any explicit authentication or authorization checks on the limited (or absent) attack surface is a minor point to consider for future development.

Key Concerns

No Nonce Checks detected
No Capability Checks detected

Vulnerabilities

None known

Analyticator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Analyticator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

95% escaped20 total outputs

Attack Surface

Analyticator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menuanalyticator.php:22

actionadmin_initanalyticator.php:23

actionwp_enqueue_scriptsinc\analyticator-filters-actions.php:58

actionwp_body_openinc\analyticator-filters-actions.php:70

actionadmin_initinc\analyticator-settings.php:42

Maintenance & Trust

Analyticator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 20, 2026

PHP min version5.6

Downloads7K

Community Trust

Rating100/100

Number of ratings4

Active installs80

Alternatives

Analyticator Alternatives

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

Beehive Analytics – Google Analytics Dashboard

beehive-analytics

100

View visitor stats and track user behavior from within WordPress. A Google Analytics plugin with dashboard reports and Google Tag Manager support.

30K No CVEs

Event Tracking for Gravity Forms

gravity-forms-google-analytics-event-tracking

Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …

20K No CVEs

Google Analytics and Google Tag Manager

wk-google-analytics

Google Analytics or Google Tag Manager for WordPress without tracking your own visits.

10K No CVEs

Developer Profile

Analyticator Developer Profile

Marcello Ruoppolo

2 plugins · 280 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Analyticator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/analyticator/inc/analyticator-filters-actions.php/wp-content/plugins/analyticator/inc/analyticator-pages.php/wp-content/plugins/analyticator/inc/analyticator-settings.php

Version Parameters

analyticator-gtm-jsanalyticator-google-taganalyticator-hotjar-js

HTML / DOM Fingerprints

JS Globals

gtagdataLayer

FAQ