WP-Safety

Beetle Tracking – Cloudflare Zaraz for WooCommerce Security & Risk Analysis

wordpress.org/plugins/beetle-tracking

Track Key Events and Parameters on WordPress Effortlessly with Cloudflare Zaraz's Real Edge Server-Side Tracking Technology.

200 active installs v1.6.27 PHP 7.4+ WP 5.8+ Updated Feb 19, 2026
cloudflaregdprserver-side-trackingwoocommercezaraz
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Beetle Tracking – Cloudflare Zaraz for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Beetle Tracking – Cloudflare Zaraz for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The beetle-tracking plugin version 1.6.27 exhibits a generally good security posture with several strengths. The absence of dangerous functions, file operations, and vulnerabilities in its history are positive indicators. The plugin also demonstrates strong practices with 100% of SQL queries using prepared statements and a high rate of output escaping (93%).

However, there are notable concerns that detract from its overall security. The presence of one unprotected REST API route represents a significant entry point that could be exploited without proper authentication, potentially leading to unauthorized actions or data exposure. Furthermore, the complete lack of nonce checks is a considerable weakness. While capability checks are present for some entry points, relying solely on them without nonces makes the plugin susceptible to Cross-Site Request Forgery (CSRF) attacks.

The plugin's vulnerability history, being entirely clear, is a positive sign, suggesting either a well-developed codebase or a lack of past targeted attacks. However, this does not negate the risks identified in the static analysis. The combination of an unprotected API route and a complete absence of nonce checks presents a clear and actionable risk that should be addressed.

Key Concerns

  • Unprotected REST API route
  • No nonce checks implemented
Vulnerabilities
None known

Beetle Tracking – Cloudflare Zaraz for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Beetle Tracking – Cloudflare Zaraz for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
25 escaped
Nonce Checks
0
Capability Checks
4
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

93% escaped27 total outputs
Attack Surface
1 unprotected

Beetle Tracking – Cloudflare Zaraz for WooCommerce Attack Surface

Entry Points4
Unprotected1

REST API Routes 4

POST/wp-json/beetle-tracking/v1/feature-requestincludes\Controller\FeatureRequestController.php:14
POST/wp-json/beetle-tracking/v1/newsletterincludes\Controller\NewsletterController.php:14
POST/wp-json/beetle-tracking/v1/push-to-cloudflareincludes\Controller\SettingsPushController.php:16
GET/wp-json/beetle-tracking/v1/variations/(?P<product_id>\d+)includes\Controller\VariationDataController.php:27
WordPress Hooks 27
actioninitincludes\Controller\DashboardController.php:14
actionadmin_menuincludes\Controller\DashboardController.php:15
filteradmin_body_classincludes\Controller\DashboardController.php:16
actionadmin_enqueue_scriptsincludes\Controller\DashboardController.php:17
filterdefault_option_beetle_tracking_settingsincludes\Controller\DashboardController.php:19
filteroption_beetle_tracking_settingsincludes\Controller\DashboardController.php:20
filterrest_pre_dispatchincludes\Controller\DashboardController.php:21
actionrest_api_initincludes\Controller\FeatureRequestController.php:9
actionwp_enqueue_scriptsincludes\Controller\FrontendController.php:17
actionrest_api_initincludes\Controller\NewsletterController.php:9
actionrest_api_initincludes\Controller\SettingsPushController.php:11
actioninitincludes\Controller\UpgradeController.php:14
actionrest_api_initincludes\Controller\VariationDataController.php:19
actionwp_loginincludes\Controller\WebsiteEventsController.php:29
actionuser_registerincludes\Controller\WebsiteEventsController.php:32
actiontemplate_redirectincludes\Controller\WebsiteEventsController.php:35
actionadd_meta_boxesincludes\Controller\WooCommerce\Admin\OrderMetaBoxController.php:16
actionwoocommerce_before_shop_loop_itemincludes\Controller\WooCommerceController.php:33
actionwoocommerce_after_shop_loop_itemincludes\Controller\WooCommerceController.php:36
filterwoocommerce_product_loop_endincludes\Controller\WooCommerceController.php:39
actionwoocommerce_after_add_to_cart_buttonincludes\Controller\WooCommerceController.php:42
filterwoocommerce_blocks_product_grid_item_htmlincludes\Controller\WooCommerceController.php:43
actionwp_footerincludes\Controller\WooCommerceController.php:47
actiontemplate_redirectincludes\Controller\WooCommerceController.php:50
actionbefore_woocommerce_initincludes\TrackingPlugin.php:30
actionwoocommerce_initincludes\TrackingPlugin.php:31
filterbeetle_tracking_eventsincludes\Utils\AddEvent.php:14
Maintenance & Trust

Beetle Tracking – Cloudflare Zaraz for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.4
Downloads11K

Community Trust

Rating100/100
Number of ratings6
Active installs200
Alternatives

Beetle Tracking – Cloudflare Zaraz for WooCommerce Alternatives

etracker analytics

etracker analytics

etracker

A
100

Consent-free, despite ad blockers and tracking prevention: Web analytics, tag and consent manager for best data quality, ad returns and conversions.

1K No CVEs
Pixelavo – Server Side Tracking & Pixel + AI Ads Tools

Pixelavo – Server Side Tracking & Pixel + AI Ads Tools

pixelavo

A
100

Add pixel tracking to your WordPress site with Conversions API, server-side tracking, AI ad copy generation, and AI marketing consultant.

800 No CVEs
Kitgenix CAPTCHA for Cloudflare Turnstile

Kitgenix CAPTCHA for Cloudflare Turnstile

kitgenix-captcha-for-cloudflare-turnstile

A
100

Add Cloudflare Turnstile to WordPress, WooCommerce, Elementor, and popular form plugins. Privacy-first spam protection with server-side verification.

300 No CVEs
My Agile Pixel – The GDPR Analytics and Tracking Pixel Solution

My Agile Pixel – The GDPR Analytics and Tracking Pixel Solution

myagilepixel

A
92

Avoid legal issues with Google Analytics, Facebook Pixel, and TikTok Pixel. Boost marketing with custom user properties in Google Analytics 4.

300 No CVEs
GDPR Settings for WooCommerce

GDPR Settings for WooCommerce

gdpr-settings-for-wc

A
85

Adapt your e-commerce to the GDPR rules. This plugin allows you to easily add a check box to the woocommerce checkout to obtain the consent of the us &hellip;

200 No CVEs
Developer Profile

Beetle Tracking – Cloudflare Zaraz for WooCommerce Developer Profile

Rocket Beetle

1 plugin · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Beetle Tracking – Cloudflare Zaraz for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/beetle-tracking/assets/css/beetle-tracking-admin.css/wp-content/plugins/beetle-tracking/assets/js/beetle-tracking-admin.js
Script Paths
/wp-content/plugins/beetle-tracking/assets/js/beetle-tracking-admin.js
Version Parameters
beetle-tracking-admin.css?ver=beetle-tracking-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
beetle-tracking-admin-page
Data Attributes
data-beetle-tracking-settings
JS Globals
beetleTrackingAdmin
REST Endpoints
/wp-json/beetle-tracking/v1/settings
FAQ

Frequently Asked Questions about Beetle Tracking – Cloudflare Zaraz for WooCommerce