Backtracks Security & Risk Analysis

wordpress.org/plugins/backtracks

WordPress plugin for the Backtracks player. Backtracks is industrial strength podcast analytics and hosting for serious podcasters.

0 active installs v1.0.1 PHP 5.3+ WP 4.7+ Updated Mar 30, 2018
audiobacktracksembedplayerstats
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Backtracks Safe to Use in 2026?

Generally Safe

Score 85/100

Backtracks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "backtracks" v1.0.1 plugin exhibits a generally good security posture due to the absence of known vulnerabilities and a focus on secure coding practices. The static analysis reveals no critical or high severity issues in taint analysis, no dangerous function usage, and all SQL queries are prepared. The plugin also demonstrates a commitment to security with the presence of nonce and capability checks on its entry points.

However, a notable area for concern is the output escaping, where only 61% of outputs are properly escaped. This indicates a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed. The presence of 5 external HTTP requests also warrants review to ensure they are made securely and do not introduce supply chain risks. While the attack surface is small and currently shows no unprotected entry points, the potential for future vulnerabilities exists if output escaping is not consistently applied across all dynamic content.

Overall, the plugin's security is strengthened by its clean vulnerability history and adherence to secure SQL practices. The primary weakness lies in the inconsistent output escaping, which, if exploited, could lead to significant security breaches. Continued vigilance in code reviews, particularly around output handling, and monitoring for new vulnerabilities will be crucial for maintaining a strong security profile.

Key Concerns

  • Insufficient output escaping
  • External HTTP requests without context
Vulnerabilities
None known

Backtracks Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Backtracks Release Timeline

No version history available.
Code Analysis
Analyzed Mar 17, 2026

Backtracks Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
34
53 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
5
Bundled Libraries
0

Output Escaping

61% escaped87 total outputs
Attack Surface

Backtracks Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 2

authwp_ajax_update_episode_listincludes\ajax.php:13
authwp_ajax_dismiss_admin_noticeincludes\ajax.php:14

Shortcodes 1

[backtracks_player] includes\shortcodes\backtracks-player.php:55
WordPress Hooks 10
actionmedia_buttonsincludes\admin\editor-button.php:28
actionadmin_menuincludes\admin\menu.php:26
actionadmin_enqueue_scriptsincludes\admin\modal.php:9
actionadmin_footerincludes\admin\modal.php:11
actionadmin_noticesincludes\admin\notices.php:15
filterpre_update_option_bt_settings_apiincludes\admin\pages\api.php:28
actionadmin_initincludes\backtracks.php:52
actionadmin_enqueue_scriptsincludes\backtracks.php:54
actionplugins_loadedincludes\backtracks.php:57
actionwp_footerincludes\shortcodes\backtracks-player.php:57
Maintenance & Trust

Backtracks Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedMar 30, 2018
PHP min version5.3
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Backtracks Developer Profile

backtracks

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Backtracks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/backtracks/assets/js/admin-modal.js/wp-content/plugins/backtracks/assets/js/selectize.min.js/wp-content/plugins/backtracks/assets/js/jquery-dateFormat.min.js/wp-content/plugins/backtracks/assets/js/admin-main.js/wp-content/plugins/backtracks/assets/admin.css/wp-content/plugins/backtracks/assets/selectize.default.css
Script Paths
/wp-content/plugins/backtracks/assets/js/admin-modal.js/wp-content/plugins/backtracks/assets/js/selectize.min.js/wp-content/plugins/backtracks/assets/js/jquery-dateFormat.min.js/wp-content/plugins/backtracks/assets/js/admin-main.js
Version Parameters
backtracks/assets/js/admin-modal.js?ver=backtracks/assets/js/selectize.min.js?ver=backtracks/assets/js/jquery-dateFormat.min.js?ver=backtracks/assets/js/admin-main.js?ver=backtracks/assets/admin.css?ver=backtracks/assets/selectize.default.css?ver=

HTML / DOM Fingerprints

CSS Classes
bt-admin-modalbt-buttonbt-button-primarybt-button-secondary
Data Attributes
data-bt-usernamedata-bt-series-slugdata-bt-themedata-bt-artistdata-bt-show-art-coverdata-bt-bg-img+4 more
JS Globals
bt_admin
Shortcode Output
[backtracks_player
FAQ

Frequently Asked Questions about Backtracks