Does DataFast have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is DataFast compatible with WordPress 6.9.4?

According to WordPress.org data, DataFast 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is DataFast compatible with PHP 7.4+?

DataFast requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is DataFast updated?

DataFast was last updated on Feb 12, 2026. Frequent updates are generally a positive security signal.

What is DataFast's security score?

DataFast has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

DataFast Security & Risk Analysis

wordpress.org/plugins/datafast

Official DataFast plugin for WordPress and WooCommerce. Discover which marketing channels bring customers so you can grow your business, fast.

70 active installs v1.0.0 PHP 7.4+ WP 5.6+ Updated Feb 12, 2026

analyticsecommercemarketingtrackingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is DataFast Safe to Use in 2026?

Generally Safe

Score 100/100

DataFast has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "datafast" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping the vast majority of its outputs. The absence of known CVEs in its vulnerability history is also a strong indicator of past security diligence.

However, the plugin's attack surface presents significant concerns. A considerable portion of its AJAX handlers (4 out of 4) and REST API routes (1 out of 3) lack essential authentication and permission checks. This creates direct pathways for unauthenticated users to interact with potentially sensitive functionalities, even though the static analysis did not reveal any critical or high-severity taint flows. The presence of unprotected entry points is the primary driver of risk for this plugin.

While the vulnerability history is clean, it's crucial to remember that this is based on past data. The current lack of critical vulnerabilities does not negate the risks introduced by the exposed attack surface. Therefore, the "datafast" plugin, while well-coded in terms of SQL and output handling, requires immediate attention to secure its AJAX and REST API endpoints to mitigate potential unauthorized access and misuse.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks

Vulnerabilities

None known

DataFast Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

DataFast Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 16, 2026

DataFast Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

67 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared6 total queries

Output Escaping

99% escaped68 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

render_connect_page (admin\class-datafast-admin.php:328)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

DataFast Attack Surface

Entry Points7

Unprotected5

AJAX Handlers 4

authwp_ajax_datafast_track_add_to_cartincludes\class-datafast.php:258

noprivwp_ajax_datafast_track_add_to_cartincludes\class-datafast.php:259

authwp_ajax_datafast_track_remove_from_cartincludes\class-datafast.php:260

noprivwp_ajax_datafast_track_remove_from_cartincludes\class-datafast.php:261

REST API Routes 3

POST/wp-json/datafast/v1/connectincludes\class-datafast-rest-api.php:21

POST/wp-json/datafast/v1/disconnectincludes\class-datafast-rest-api.php:27

GET/wp-json/datafast/v1/statusincludes\class-datafast-rest-api.php:33

WordPress Hooks 24

actionplugins_loadedincludes\class-datafast.php:160

actionadmin_enqueue_scriptsincludes\class-datafast.php:175

actionadmin_enqueue_scriptsincludes\class-datafast.php:176

actionadmin_menuincludes\class-datafast.php:177

actionadmin_initincludes\class-datafast.php:180

actionadmin_noticesincludes\class-datafast.php:181

filterplugin_action_links_datafast/datafast.phpincludes\class-datafast.php:182

actionrest_api_initincludes\class-datafast.php:185

actionwp_enqueue_scriptsincludes\class-datafast.php:200

actionwp_enqueue_scriptsincludes\class-datafast.php:201

actionwp_enqueue_scriptsincludes\class-datafast.php:202

actioninitincludes\class-datafast.php:210

actionwoocommerce_checkout_create_orderincludes\class-datafast.php:231

actionwoocommerce_new_orderincludes\class-datafast.php:232

actionwoocommerce_checkout_order_createdincludes\class-datafast.php:233

actionwoocommerce_rest_insert_shop_order_objectincludes\class-datafast.php:234

actionwoocommerce_add_to_cartincludes\class-datafast.php:236

actionwoocommerce_cart_item_removedincludes\class-datafast.php:237

actionwoocommerce_before_checkout_formincludes\class-datafast.php:239

actiontemplate_redirectincludes\class-datafast.php:242

filterwoocommerce_rest_prepare_shop_order_objectincludes\class-datafast.php:253

filterwoocommerce_webhook_payloadincludes\class-datafast.php:254

actionshutdownincludes\class-datafast.php:255

filterscript_loader_tagpublic\class-datafast-public.php:138

Maintenance & Trust

DataFast Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 12, 2026

PHP min version7.4

Downloads314

Community Trust

Rating0/100

Number of ratings0

Active installs70

Alternatives

DataFast Alternatives

Growify

growify-ai

100

Integrate Growify.ai analytics into your WordPress site effortlessly. Track visits, WooCommerce conversions and form submissions automatically.

90 No CVEs

Analytics Integration for PostHog, WP, & WC

analytics-integration-for-posthog-wp-wc

100

Integrate PostHog with WordPress and WooCommerce for detailed user behavior tracking, product analytics, experimentation, and more.

20 No CVEs

Happy Ads

happy-ads

Connect your WooCommerce store to Happy Ads for efficient product tracking and cart behavior monitoring.

20 No CVEs

Affilibee for WooCommerce

affilibee-for-woocommerce

100

Launch your WooCommerce affiliate program in minutes. Track sales, manage affiliates, and pay commissions automatically.

0 No CVEs

Journify for WooCommerce

journify-for-woocommerce

100

Integrates Journify analytics with WooCommerce to track customer behavior and purchase events.

0 No CVEs

Developer Profile

DataFast Developer Profile

justshipit

1 plugin · 70 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect DataFast

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/datafast/admin/css/datafast-admin.css/wp-content/plugins/datafast/admin/js/datafast-admin.js

Script Paths

/wp-content/plugins/datafast/admin/js/datafast-admin.js

Version Parameters

datafast-admin.css?ver=datafast-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

datafast-settings

Data Attributes

data-setting-id="datafast_website_id"

FAQ