WP-Safety

BaseCloud UTM Tracker Security & Risk Analysis

wordpress.org/plugins/basecloud-utm-tracker

Advanced UTM tracking with automated webhook injection for Gravity Forms, Elementor, WPForms, and Contact Form 7.

40 active installs v3.0.3 PHP 7.4+ WP 5.0+ Updated Feb 12, 2026
analyticsformsmarketingtrackingutm
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is BaseCloud UTM Tracker Safe to Use in 2026?

Generally Safe

Score 100/100

BaseCloud UTM Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The basecloud-utm-tracker v3.0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query handling, exclusively using prepared statements. The absence of known historical vulnerabilities also suggests a generally stable development history. However, there are significant concerns related to its attack surface. The plugin has 5 AJAX handlers, with one that lacks any authentication checks. This unprotected entry point is a critical security weakness that could allow unauthorized users to trigger actions within the plugin. Additionally, the static analysis shows a concerning rate of improperly escaped output (42%), which, while not directly linked to critical taint flows in this analysis, could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled correctly before being displayed.

Key Concerns

  • Unprotected AJAX handler
  • Significant amount of unescaped output
  • Use of dangerous function (system)
Vulnerabilities
None known

BaseCloud UTM Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

BaseCloud UTM Tracker Release Timeline

v3.0.3Current
v3.0.2
v3.0.1
v3.0.0
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.0
v2.0.0
v1.2.2
v1.2.1
v1.2.0
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

BaseCloud UTM Tracker Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
11
15 escaped
Nonce Checks
4
Capability Checks
4
File Operations
9
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

systemsystem('git add .');update-release.php:41
systemsystem('git commit -m "Release: v' . $new_version . ' - ' . addslashes($changelog_title) . '"');update-release.php:42
systemsystem('git push');update-release.php:43

Output Escaping

58% escaped26 total outputs
Attack Surface
1 unprotected

BaseCloud UTM Tracker Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 5

authwp_ajax_basecloud_save_webhookbasecloud-utm-tracker.php:51
authwp_ajax_basecloud_delete_webhookbasecloud-utm-tracker.php:52
authwp_ajax_basecloud_get_webhooksbasecloud-utm-tracker.php:53
authwp_ajax_basecloud_get_gf_fieldsbasecloud-utm-tracker.php:54
authwp_ajax_basecloud_utm_diagnosticsbasecloud-utm-tracker.php:60
WordPress Hooks 12
actionadmin_menubasecloud-utm-tracker.php:36
actionadmin_initbasecloud-utm-tracker.php:37
actionadmin_enqueue_scriptsbasecloud-utm-tracker.php:38
actionwp_enqueue_scriptsbasecloud-utm-tracker.php:39
filtergform_entry_metabasecloud-utm-tracker.php:42
actiongform_after_submissionbasecloud-utm-tracker.php:43
actiongform_after_submissionbasecloud-utm-tracker.php:44
filtergform_webhooks_request_databasecloud-utm-tracker.php:45
filterelementor_pro/forms/webhook/request_argsbasecloud-utm-tracker.php:46
filterwpforms_webhooks_request_argsbasecloud-utm-tracker.php:47
filterwpcf7_posted_databasecloud-utm-tracker.php:48
actiongform_after_emailbasecloud-utm-tracker.php:57
Maintenance & Trust

BaseCloud UTM Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 12, 2026
PHP min version7.4
Downloads882

Community Trust

Rating0/100
Number of ratings0
Active installs40
Alternatives

BaseCloud UTM Tracker Alternatives

MZ UTM Tracker for Gravity Form

MZ UTM Tracker for Gravity Form

mondoloz-utm-tracker-for-gravity-forms

A
100

Automatically captures UTM parameters from URLs and populates corresponding Gravity Forms fields for advanced lead tracking.

0 No CVEs
UTM Tracker for Gravity Forms

UTM Tracker for Gravity Forms

utm-tracker-for-gravity-forms

A
100

A lightweight UTM tracking enhancer for Gravity Forms. Stores UTM parameters for 90 days and auto-fills form fields automatically.

10 No CVEs
Multi-Page Campaign Tracking

Multi-Page Campaign Tracking

mdi-persist-query-string

A
100

Persist query string parameters across page visits for tracking and analytics purposes.

0 No CVEs
HubSpot All-In-One Marketing – Forms, Popups, Live Chat

HubSpot All-In-One Marketing – Forms, Popups, Live Chat

leadin

A
95

The CRM, Sales, and Marketing WordPress plugin to grow your business better. Capture and engage web visitors with free live chat, forms, CRM, email ma …

200K 3 CVEs
CallTrackingMetrics

CallTrackingMetrics

call-tracking-metrics

A
100

CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.

3K No CVEs
Developer Profile

BaseCloud UTM Tracker Developer Profile

BaseCloud

3 plugins · 80 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect BaseCloud UTM Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/basecloud-utm-tracker/admin/css/settings.css/wp-content/plugins/basecloud-utm-tracker/admin/js/settings.js

HTML / DOM Fingerprints

CSS Classes
basecloud-utm-tracker-settings
JS Globals
basecloud_utm_params
REST Endpoints
/wp-json/basecloud-utm-tracker/v1/settings
FAQ

Frequently Asked Questions about BaseCloud UTM Tracker