Analytics Tracker Security & Risk Analysis
wordpress.org/plugins/analytics-trackerAnalytics Tracker makes it super easy to add Google Analytics tracking code on your site
Is Analytics Tracker Safe to Use in 2026?
Generally Safe
Score 100/100Analytics Tracker has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.
The static analysis of the 'analytics-tracker' plugin v3.0.0 reveals a generally strong security posture. There are no identified attack surface entry points, dangerous functions, raw SQL queries, or external HTTP requests. All output is properly escaped, and file operations are absent. This indicates a good practice in secure coding and avoiding common vulnerabilities.
However, the absence of nonce checks and capability checks across all entry points (which are zero) is a significant concern, even if the attack surface is currently nil. While taint analysis shows no issues, this is likely due to the lack of identified input vectors. The plugin's vulnerability history is a notable weakness. It has one known CVE, a medium severity Cross-Site Scripting vulnerability from 2017, which is currently unpatched. The fact that a past vulnerability existed, even if addressed by updates (implied by 'currently unpatched: 0'), suggests potential for future discoveries if coding practices are not consistently maintained.
In conclusion, the current code is remarkably clean regarding common static analysis findings. The primary risk lies in the historical presence of a medium-severity XSS vulnerability and the lack of explicit authorization checks, which could become a concern if the plugin's functionality or attack surface expands in future versions or if the existing code is not diligently maintained. The plugin benefits from a clean codebase but is somewhat undermined by its past vulnerability.
Key Concerns
- Past medium severity XSS vulnerability
- No nonce checks for entry points
- No capability checks for entry points
Analytics Tracker Security Vulnerabilities
CVEs by Year
Severity Breakdown
1 total CVE
Analytics Tracker <= 1.1.0 - Cross-Site Scripting
Analytics Tracker Release Timeline
Analytics Tracker Code Analysis
Output Escaping
Analytics Tracker Attack Surface
WordPress Hooks 6
Maintenance & Trust
Analytics Tracker Maintenance & Trust
Maintenance Signals
Community Trust
Analytics Tracker Alternatives
ACh Tag Manager
ach-tag-manager
Manage GA4 Measurement ID, Google Tag Manager, and Google Analytics. You can set up Google Analytics 4 property (GA4).
GA4 Inserter
ga-4-inserter
Easily insert the Google Analytics 4 tracking code into every page of your website by simply entering your GA4 Measurement ID.
Lean GA4 Tracker
lean-ga4-tracker
Lightweight Google Analytics 4 (GA4) plugin for WordPress with WooCommerce tracking, Consent Mode, and Google Tag Manager support.
ZDAnalytics Connector (GA4 + GTM)
zdanalytics-connector
Consent-friendly GA4 + GTM connector for WordPress (opt-in, cache-safe, no theme edits).
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress
duracelltomi-google-tag-manager
Advanced tag management for WordPress with Google Tag Manager
Analytics Tracker Developer Profile
3 plugins · 1K total installs
How We Detect Analytics Tracker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/analytics-tracker/assets/js/backend-script.js/wp-content/plugins/analytics-tracker/assets/css/backend-style.css/wp-content/plugins/analytics-tracker/assets/js/frontend-script.jshttps://kinsta.com/plans/?kaid=NDINHGAQXILShttps://i2.wp.com/valeriu.files.wordpress.com/2018/02/kinsta-dark.pnghttps://wordpress.org/support/plugin/analytics-trackerhttps://valeriu.tihai.ca/https://paypal.me/valeriu/25https://www.gnu.org/licenses/gpl-2.0.html+11 moreanalytics-tracker/assets/js/backend-script.js?ver=analytics-tracker/assets/css/backend-style.css?ver=analytics-tracker/assets/js/frontend-script.js?ver=