WP-Safety

Epic Tracking Security & Risk Analysis

wordpress.org/plugins/epic-tracking

Easy event tracking for WordPress. Point, click, and track — no code, no tag managers, no third-party scripts.

0 active installs v1.3.6 PHP 7.4+ WP 6.0+ Updated Unknown
analyticsclick-trackingevent-trackingpage-viewsstatistics
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Epic Tracking Safe to Use in 2026?

Generally Safe

Score 100/100

Epic Tracking has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The 'epic-tracking' plugin version 1.3.6 demonstrates a generally good security posture based on the provided static analysis. The absence of known vulnerabilities in its history, coupled with a strong adherence to security best practices like prepared statements for SQL queries and proper output escaping, is a significant strength. The plugin also implements nonce and capability checks on its AJAX handlers, contributing to a robust defense against common web attacks. There are no critical or high-severity taint flows identified, indicating that user-supplied input is likely being handled safely.

While the overall security seems strong, there are minor areas for improvement. The presence of 8 AJAX handlers without explicit authentication checks, even though they are accompanied by capability checks, could be perceived as a potential attack surface if those capability checks are not sufficiently granular or if future versions introduce vulnerabilities. The plugin also makes one external HTTP request, which, while not inherently a vulnerability, is an area that requires careful scrutiny to ensure it's not exploitable. However, considering the lack of known vulnerabilities and the positive indicators in the code analysis, the plugin appears to be developed with security in mind.

Key Concerns

  • AJAX handlers without explicit auth checks (though capability checks exist)
  • External HTTP request
Vulnerabilities
None known

Epic Tracking Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Epic Tracking Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
34 prepared
Unescaped Output
75
276 escaped
Nonce Checks
6
Capability Checks
6
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

89% prepared38 total queries

Output Escaping

79% escaped351 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
<admin-all-events> (templates\admin-all-events.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Epic Tracking Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_epictr_track_visitsrc\Tracker.php:17
noprivwp_ajax_epictr_track_visitsrc\Tracker.php:18
authwp_ajax_epictr_track_eventsrc\Tracker.php:19
noprivwp_ajax_epictr_track_eventsrc\Tracker.php:20
authwp_ajax_epictr_save_eventsrc\VisualMode.php:21
authwp_ajax_epictr_update_eventsrc\VisualMode.php:22
authwp_ajax_epictr_delete_eventsrc\VisualMode.php:23
authwp_ajax_epictr_get_page_eventssrc\VisualMode.php:24
WordPress Hooks 8
actionplugins_loadedepic-tracking.php:37
actionadmin_menusrc\Admin.php:13
actionadmin_initsrc\Admin.php:14
actionadmin_headsrc\Admin.php:15
actionadmin_initsrc\Database.php:16
actionwp_enqueue_scriptssrc\Tracker.php:14
actionadmin_bar_menusrc\VisualMode.php:14
actionwp_enqueue_scriptssrc\VisualMode.php:18
Maintenance & Trust

Epic Tracking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads117

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Epic Tracking Alternatives

Smart Click Tracker

Smart Click Tracker

smart-click-tracker

A
100

A smart plugin to track clicks on specific elements and display statistics.

100 No CVEs
Click Counter by Simple Tools

Click Counter by Simple Tools

click-counter

A
100

Advanced click tracking for any CSS selector. Analytics, charts, goals, CSV export, visual picker, and more.

80 No CVEs
Track a click on Google Analytics

Track a click on Google Analytics

track-a-click-on-google-analytics

A
85

A simple shortcode to insert Google Analytics event tracking code on your links

10 No CVEs
RW PostViewStats Lite

RW PostViewStats Lite

rw-postviewstats-lite

A
100

A lightweight plugin to track post views via AJAX with anti-duplicate mechanisms and privacy-friendly design.

0 No CVEs
Total Views

Total Views

total-views

A
100

Count total page views on your WordPress site and display them with a simple shortcode. Customizable label, styles, and editable page views.

0 No CVEs
Developer Profile

Epic Tracking Developer Profile

EPICWP

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Epic Tracking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/epic-tracking/assets/css/admin.css/wp-content/plugins/epic-tracking/assets/js/admin.js
Script Paths
/wp-content/plugins/epic-tracking/assets/js/admin.js
Version Parameters
epic-tracking/assets/css/admin.css?ver=epic-tracking/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
epictr-dashboardepictr-page-detailepictr-settingsepictr-all-visitsepictr-all-events
Data Attributes
data-epictr-chart
JS Globals
epictr
FAQ

Frequently Asked Questions about Epic Tracking