WP-Safety

CroPilot.ai Tracking Security & Risk Analysis

wordpress.org/plugins/cropilot-ai-tracking

Boost your website's conversions with AI-powered insights. Automatic WooCommerce revenue tracking included!

0 active installs v2.6.5 PHP 7.4+ WP 5.8+ Updated Mar 7, 2026
a-b-testingaianalyticscrowoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is CroPilot.ai Tracking Safe to Use in 2026?

Generally Safe

Score 100/100

CroPilot.ai Tracking has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The cropilot-ai-tracking v2.6.5 plugin exhibits a strong security posture based on the provided static analysis and vulnerability history. All identified entry points (AJAX handlers) are protected with nonce and capability checks, indicating good development practices in preventing unauthorized access. The absence of raw SQL queries, the exclusive use of prepared statements, and the 100% output escaping further reinforce this positive assessment, minimizing risks of SQL injection and cross-site scripting vulnerabilities. Furthermore, the plugin has no recorded vulnerabilities, which is a significant strength.

While the plugin demonstrates excellent security hygiene in its code, the presence of 19 external HTTP requests warrants attention. Although not inherently a vulnerability, these requests can introduce potential risks if the target endpoints are compromised or if data is transmitted insecurely. The lack of taint analysis results is also noted; while this could mean no vulnerabilities were found, it might also indicate that the analysis was incomplete or that certain types of data flows were not thoroughly examined.

In conclusion, cropilot-ai-tracking v2.6.5 appears to be a secure plugin with robust implementation of WordPress security best practices. The primary area for consideration is the management and security of its external HTTP requests. The clean vulnerability history and strong code signals suggest a well-maintained and secure plugin.

Vulnerabilities
None known

CroPilot.ai Tracking Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

CroPilot.ai Tracking Release Timeline

v2.6.5Current
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.2
v2.5.1
v2.5.0
v2.2.1
v1.0.3
Code Analysis
Analyzed Mar 17, 2026

CroPilot.ai Tracking Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
81 escaped
Nonce Checks
11
Capability Checks
11
File Operations
0
External Requests
19
Bundled Libraries
0

Output Escaping

100% escaped81 total outputs
Attack Surface

CroPilot.ai Tracking Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 11

authwp_ajax_cropilot_test_connectionincludes\class-ajax.php:40
authwp_ajax_cropilot_get_statusincludes\class-ajax.php:41
authwp_ajax_cropilot_run_health_checkincludes\class-ajax.php:42
authwp_ajax_cropilot_toggle_safe_modeincludes\class-ajax.php:43
authwp_ajax_cropilot_support_exportincludes\class-ajax.php:44
authwp_ajax_cropilot_run_live_testincludes\class-ajax.php:45
authwp_ajax_cropilot_create_accountincludes\class-ajax.php:46
authwp_ajax_cropilot_trigger_scanincludes\class-ajax.php:47
authwp_ajax_cropilot_check_scan_statusincludes\class-ajax.php:48
authwp_ajax_cropilot_fetch_health_dataincludes\class-health-dashboard.php:73
authwp_ajax_cropilot_refresh_health_dataincludes\class-health-dashboard.php:74
WordPress Hooks 34
actionbefore_woocommerce_initcropilot-tracking.php:47
actionplugins_loadedcropilot-tracking.php:243
actionadmin_menuincludes\class-admin.php:33
actionadmin_initincludes\class-admin.php:34
actionadmin_enqueue_scriptsincludes\class-admin.php:35
actionwp_enqueue_scriptsincludes\class-admin.php:36
actionwp_headincludes\class-admin.php:37
filterscript_loader_tagincludes\class-admin.php:38
actioncropilot_retry_failed_conversionsincludes\class-api.php:62
filtercron_schedulesincludes\class-api.php:63
filterrocket_exclude_jsincludes\class-conflict-detector.php:74
filterrocket_exclude_defer_jsincludes\class-conflict-detector.php:75
filterrocket_delay_js_exclusionsincludes\class-conflict-detector.php:76
filterrocket_cache_reject_cookiesincludes\class-conflict-detector.php:77
filterautoptimize_filter_js_excludeincludes\class-conflict-detector.php:83
filterlitespeed_optimize_js_excludesincludes\class-conflict-detector.php:89
filterlitespeed_cache_vary_cookiesincludes\class-conflict-detector.php:90
filtersgo_javascript_combine_exclude_listincludes\class-conflict-detector.php:96
filterw3tc_minify_js_do_tag_minificationincludes\class-conflict-detector.php:102
actionadmin_menuincludes\class-health-dashboard.php:71
actionadmin_enqueue_scriptsincludes\class-health-dashboard.php:72
actionadmin_initincludes\class-safe-mode.php:124
filtercropilot_allowed_experiment_typesincludes\class-safe-mode.php:127
filtercropilot_tracking_payloadincludes\class-safe-mode.php:130
actioncropilot_run_health_checkincludes\class-safe-mode.php:133
actionwoocommerce_thankyouincludes\class-woocommerce.php:42
actioninitincludes\class-woocommerce.php:43
actionwoocommerce_checkout_create_orderincludes\class-woocommerce.php:45
actionwoocommerce_order_refundedincludes\class-woocommerce.php:47
actionwoocommerce_order_status_cancelledincludes\class-woocommerce.php:48
actionwoocommerce_add_to_cartincludes\class-woocommerce.php:50
actionwoocommerce_before_checkout_formincludes\class-woocommerce.php:51
actionwoocommerce_after_single_productincludes\class-woocommerce.php:52
actionadmin_initincludes\class-woocommerce.php:56

Scheduled Events 2

cropilot_retry_failed_conversions
cropilot_run_health_check
Maintenance & Trust

CroPilot.ai Tracking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads770

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

CroPilot.ai Tracking Alternatives

Klaviyo

Klaviyo

klaviyo

A
99

Klaviyo for WooCommerce

100K 2 CVEs
Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

Product Feed for Google Shopping, Microsoft Advertising and 40+ Channels for WooCommerce Merchant

shopping-feed-for-google

A
100

Automate real-time product syncing to Google, Microsoft & Facebook from WooCommerce. Launch campaigns and track interactions with Google Analytics 4.

2K No CVEs
Sales Report for WooCommerce

Sales Report for WooCommerce

sales-report-for-woocommerce

A
100

Sales Report for WooCommerce generates daily, weekly and monthly sales report

1K No CVEs
Square Thumbnails

Square Thumbnails

square-thumbnails

A
100

Creates square thumbnails from images without cropping. Works like CSS background-size: contain.

800 1 CVE
AI Flash Tune

AI Flash Tune

ai-flash-tune

A
100

A WordPress plugin to turn WooCommerce drop-offs into conversions with AI-powered funnel analysis and optimization.

300 No CVEs
Developer Profile

CroPilot.ai Tracking Developer Profile

CroPilot

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CroPilot.ai Tracking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cropilot-ai-tracking/assets/js/admin.js/wp-content/plugins/cropilot-ai-tracking/assets/css/admin.css/wp-content/plugins/cropilot-ai-tracking/assets/js/tracking.js/wp-content/plugins/cropilot-ai-tracking/assets/css/tracking.css
Script Paths
assets/js/admin.jsassets/js/tracking.js
Version Parameters
cropilot-ai-tracking/assets/css/admin.css?ver=cropilot-ai-tracking/assets/js/admin.js?ver=cropilot-ai-tracking/assets/css/tracking.css?ver=cropilot-ai-tracking/assets/js/tracking.js?ver=

HTML / DOM Fingerprints

CSS Classes
cropilot-tracking-script
Data Attributes
data-cropilot-client-iddata-cropilot-debug-modedata-cropilot-woocommerce-enableddata-cropilot-consent-modedata-cropilot-session-id
JS Globals
cropilot_localize_data
FAQ

Frequently Asked Questions about CroPilot.ai Tracking