Does Aurora Heatmap have any unpatched vulnerabilities?

No. All known vulnerabilities in Aurora Heatmap have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Aurora Heatmap compatible with WordPress 6.8.0?

According to WordPress.org data, Aurora Heatmap 1.7.1 has been tested up to WordPress 6.8.0. Check the plugin's changelog for the latest compatibility information.

Is Aurora Heatmap compatible with PHP 7.0+?

Aurora Heatmap requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Aurora Heatmap updated?

Aurora Heatmap was last updated on Apr 14, 2025. Frequent updates are generally a positive security signal.

What is Aurora Heatmap's security score?

Aurora Heatmap has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Aurora Heatmap Security & Risk Analysis

wordpress.org/plugins/aurora-heatmap

Beautiful like an aurora! A simple WordPress heatmap that can be completed with just a plugin.

20K active installs v1.7.1 PHP 7.0+ WP 4.9+ Updated Apr 14, 2025

analyticsanalyzeclickheatmapjapanese

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Aurora Heatmap Safe to Use in 2026?

Generally Safe

Score 100/100

Aurora Heatmap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The aurora-heatmap plugin version 1.7.1 demonstrates a mixed security posture. On the positive side, it has no recorded vulnerabilities or known CVEs, and the code analysis shows no critical or high severity taint flows, indicating a generally clean codebase regarding direct code injection or path traversal. The plugin also avoids external HTTP requests and file operations, limiting potential attack vectors. However, there are significant concerns related to its attack surface, specifically two AJAX handlers that lack authentication checks. While the overall SQL query usage shows a good percentage of prepared statements, and a majority of outputs are properly escaped, the absence of nonce and capability checks on AJAX endpoints is a critical oversight. This leaves these entry points vulnerable to cross-site request forgery (CSRF) and unauthorized access, potentially allowing attackers to trigger unintended actions. The plugin's vulnerability history being empty is a positive sign, but it does not negate the present risks identified in the static analysis.

Key Concerns

AJAX handlers without authentication checks
AJAX handlers without nonce checks
Limited capability checks on entry points

Vulnerabilities

None known

Aurora Heatmap Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Aurora Heatmap Code Analysis

Dangerous Functions

Raw SQL Queries

34 prepared

Unescaped Output

102 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

63% prepared54 total queries

Output Escaping

80% escaped127 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<class-aurora-heatmap-basic> (class-aurora-heatmap-basic.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Aurora Heatmap Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_aurora_heatmapclass-aurora-heatmap-basic.php:106

noprivwp_ajax_aurora_heatmapclass-aurora-heatmap-basic.php:107

WordPress Hooks 9

actioninitaurora-heatmap.php:88

actioninitaurora-heatmap.php:136

actionadmin_initclass-aurora-heatmap-basic.php:101

actionadmin_menuclass-aurora-heatmap-basic.php:102

actionwp_enqueue_scriptsclass-aurora-heatmap-basic.php:103

actionaurora_heatmap_cron_dailyclass-aurora-heatmap-basic.php:104

actionwp_is_mobileclass-aurora-heatmap-basic.php:108

actionwpclass-aurora-heatmap-basic.php:119

actionshutdownclass-aurora-heatmap-basic.php:125

Scheduled Events 2

aurora_heatmap_cron_daily

Maintenance & Trust

Aurora Heatmap Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.0

Last updatedApr 14, 2025

PHP min version7.0

Downloads357K

Community Trust

Rating94/100

Number of ratings7

Active installs20K

Alternatives

Aurora Heatmap Alternatives

UserHeat Plugin

userheat

Free heatmaps plugin for web analytics, on both PC and smartphone.

6K 1 CVE

User Insight WordPress Plugin

user-insight

ヒートマップ対応アクセス解析ツールUser InsightのWordPressプラグインです。簡単な設定ですぐにUser Insightでデータを計測できるようになります。

200 No CVEs

ミエルカヒートマップタグマネージャー

mieruca-heatmap-tag-manager

100

無料で使えるヒートマップツール、ミエルカヒートマップのタグ設置が簡単にできるプラグインです。 This is the plugin to introduce the tag of the free heatmap service "Mieruca Heatmap" easily.

800 No CVEs

Heatmap Plugin

heatmap

This plugin will help you to analyze where people click on your site. As the result you will discover where better to place banners, how to organize n …

30 No CVEs

WP Super Heatmap

wp-super-heatmap

This plugin tracks user clicks and creates a heatmap for your website. All data is stored locally and no third-party service is used. Completely free!

10 No CVEs

Developer Profile

Aurora Heatmap Developer Profile

r3098

2 plugins · 20K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Aurora Heatmap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/aurora-heatmap/css/aurora-heatmap.css/wp-content/plugins/aurora-heatmap/js/aurora-heatmap.js

Script Paths

/wp-content/plugins/aurora-heatmap/js/aurora-heatmap.js

Version Parameters

aurora-heatmap/css/aurora-heatmap.css?ver=aurora-heatmap/js/aurora-heatmap.js?ver=

HTML / DOM Fingerprints

FAQ