Does BaseCloud UTM Tracker have any unpatched vulnerabilities?

No. All known vulnerabilities in BaseCloud UTM Tracker have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BaseCloud UTM Tracker compatible with WordPress 6.8.5?

According to WordPress.org data, BaseCloud UTM Tracker 3.0.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is BaseCloud UTM Tracker compatible with PHP 7.4+?

BaseCloud UTM Tracker requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BaseCloud UTM Tracker updated?

BaseCloud UTM Tracker was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is BaseCloud UTM Tracker's security score?

BaseCloud UTM Tracker has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BaseCloud UTM Tracker Security & Risk Analysis

wordpress.org/plugins/basecloud-utm-tracker

Advanced UTM tracking with automated webhook injection for Gravity Forms, Elementor, WPForms, and Contact Form 7.

40 active installs v3.0.3 PHP 7.4+ WP 5.0+ Updated Feb 12, 2026

analyticsformsmarketingtrackingutm

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is BaseCloud UTM Tracker Safe to Use in 2026?

Generally Safe

Score 100/100

BaseCloud UTM Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The basecloud-utm-tracker v3.0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query handling, exclusively using prepared statements. The absence of known historical vulnerabilities also suggests a generally stable development history. However, there are significant concerns related to its attack surface. The plugin has 5 AJAX handlers, with one that lacks any authentication checks. This unprotected entry point is a critical security weakness that could allow unauthorized users to trigger actions within the plugin. Additionally, the static analysis shows a concerning rate of improperly escaped output (42%), which, while not directly linked to critical taint flows in this analysis, could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled correctly before being displayed.

Key Concerns

Unprotected AJAX handler
Significant amount of unescaped output
Use of dangerous function (system)

Vulnerabilities

None known

BaseCloud UTM Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

BaseCloud UTM Tracker Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

systemsystem('git add .');update-release.php:41

systemsystem('git commit -m "Release: v' . $new_version . ' - ' . addslashes($changelog_title) . '"');update-release.php:42

systemsystem('git push');update-release.php:43

Output Escaping

58% escaped26 total outputs

Attack Surface

1 unprotected

BaseCloud UTM Tracker Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 5

authwp_ajax_basecloud_save_webhookbasecloud-utm-tracker.php:51

authwp_ajax_basecloud_delete_webhookbasecloud-utm-tracker.php:52

authwp_ajax_basecloud_get_webhooksbasecloud-utm-tracker.php:53

authwp_ajax_basecloud_get_gf_fieldsbasecloud-utm-tracker.php:54

authwp_ajax_basecloud_utm_diagnosticsbasecloud-utm-tracker.php:60

WordPress Hooks 12

actionadmin_menubasecloud-utm-tracker.php:36

actionadmin_initbasecloud-utm-tracker.php:37

actionadmin_enqueue_scriptsbasecloud-utm-tracker.php:38

actionwp_enqueue_scriptsbasecloud-utm-tracker.php:39

filtergform_entry_metabasecloud-utm-tracker.php:42

actiongform_after_submissionbasecloud-utm-tracker.php:43

actiongform_after_submissionbasecloud-utm-tracker.php:44

filtergform_webhooks_request_databasecloud-utm-tracker.php:45

filterelementor_pro/forms/webhook/request_argsbasecloud-utm-tracker.php:46

filterwpforms_webhooks_request_argsbasecloud-utm-tracker.php:47

filterwpcf7_posted_databasecloud-utm-tracker.php:48

actiongform_after_emailbasecloud-utm-tracker.php:57

Maintenance & Trust

BaseCloud UTM Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 12, 2026

PHP min version7.4

Downloads761

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

BaseCloud UTM Tracker Alternatives

MZ UTM Tracker for Gravity Form

mondoloz-utm-tracker-for-gravity-forms

100

Automatically captures UTM parameters from URLs and populates corresponding Gravity Forms fields for advanced lead tracking.

0 No CVEs

UTM Tracker for Gravity Forms

utm-tracker-for-gravity-forms

100

A lightweight UTM tracking enhancer for Gravity Forms. Stores UTM parameters for 90 days and auto-fills form fields automatically.

10 No CVEs

MDI Persist Query String

mdi-persist-query-string

100

Persist query string parameters across page visits for tracking and analytics purposes.

0 No CVEs

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 2 CVEs

CallTrackingMetrics

call-tracking-metrics

100

CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.

3K No CVEs

Developer Profile

BaseCloud UTM Tracker Developer Profile

BaseCloud

2 plugins · 50 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BaseCloud UTM Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/basecloud-utm-tracker/admin/css/settings.css/wp-content/plugins/basecloud-utm-tracker/admin/js/settings.js

HTML / DOM Fingerprints

CSS Classes

basecloud-utm-tracker-settings

JS Globals

basecloud_utm_params

REST Endpoints

/wp-json/basecloud-utm-tracker/v1/settings

FAQ