WP-Safety

FBS Activity Tracker Security & Risk Analysis

wordpress.org/plugins/fbs-activity-tracker

A modern, granular user activity and audit log WordPress plugin with a custom-designed dashboard interface for comprehensive site monitoring.

0 active installs v1.0.1 PHP 7.4+ WP 5.0+ Updated Dec 7, 2025
activity-logaudit-logmonitoringsecurityuser-tracking
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FBS Activity Tracker Safe to Use in 2026?

Generally Safe

Score 100/100

FBS Activity Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "fbs-activity-tracker" plugin v1.0.1 demonstrates a generally strong security posture, largely due to its adherence to good development practices. All identified AJAX and REST API entry points are protected by appropriate authentication and capability checks. The plugin exclusively uses prepared statements for its SQL queries, mitigating SQL injection risks, and shows a high percentage of properly escaped output. File operations and external HTTP requests are absent, further reducing the attack surface. The presence of nonce checks and capability checks on all entry points is commendable.

However, the static analysis reveals two critical severity taint flows with unsanitized paths. While the specific nature of these paths is not detailed, unsanitized paths represent a significant risk, potentially allowing attackers to inject malicious code or manipulate data. The absence of any recorded historical vulnerabilities is positive, suggesting a stable codebase. Despite the excellent use of prepared statements and output escaping, these two taint flows represent the most immediate and concerning security weakness in this version.

In conclusion, "fbs-activity-tracker" v1.0.1 is well-developed with robust defenses against common web vulnerabilities like SQL injection and XSS. The lack of historical CVEs and the secure handling of common entry points are significant strengths. The primary area requiring attention is the resolution of the two critical taint flows with unsanitized paths, which should be addressed promptly to maintain its otherwise strong security profile.

Key Concerns

  • Critical severity taint flow with unsanitized path (x2)
Vulnerabilities
None known

FBS Activity Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

FBS Activity Tracker Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
16 prepared
Unescaped Output
1
62 escaped
Nonce Checks
4
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared16 total queries

Output Escaping

98% escaped63 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
delete_logs (includes\class-fbs-activity-tracker-ajax.php:206)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

FBS Activity Tracker Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_fbsat_get_activity_logsincludes\class-fbs-activity-tracker-ajax.php:66
authwp_ajax_fbsat_get_statisticsincludes\class-fbs-activity-tracker-ajax.php:67
authwp_ajax_fbsat_delete_logsincludes\class-fbs-activity-tracker-ajax.php:68
authwp_ajax_fbsat_export_logsincludes\class-fbs-activity-tracker-ajax.php:69
WordPress Hooks 18
actionadmin_menuadmin\class-fbs-activity-tracker-admin.php:65
actionadmin_initadmin\class-fbs-activity-tracker-admin.php:66
actioninitfbs-activity-tracker.php:77
actionadmin_enqueue_scriptsincludes\class-fbs-activity-tracker-assets.php:47
actionwp_enqueue_scriptsincludes\class-fbs-activity-tracker-assets.php:48
actionfbsat_cleanup_logsincludes\class-fbs-activity-tracker-database.php:68
actionwp_loginincludes\class-fbs-activity-tracker-logger.php:66
actionwp_logoutincludes\class-fbs-activity-tracker-logger.php:67
actionwp_login_failedincludes\class-fbs-activity-tracker-logger.php:68
actiontransition_post_statusincludes\class-fbs-activity-tracker-logger.php:71
actiondelete_postincludes\class-fbs-activity-tracker-logger.php:72
actionuntrash_postincludes\class-fbs-activity-tracker-logger.php:73
actionactivated_pluginincludes\class-fbs-activity-tracker-logger.php:76
actiondeactivated_pluginincludes\class-fbs-activity-tracker-logger.php:77
actionswitch_themeincludes\class-fbs-activity-tracker-logger.php:80
actionprofile_updateincludes\class-fbs-activity-tracker-logger.php:83
actionuser_registerincludes\class-fbs-activity-tracker-logger.php:84
actionupdated_optionincludes\class-fbs-activity-tracker-logger.php:87

Scheduled Events 1

fbsat_cleanup_logs
Maintenance & Trust

FBS Activity Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 7, 2025
PHP min version7.4
Downloads192

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

FBS Activity Tracker Alternatives

Logify WP – Activity Log & User Audit Log

Logify WP – Activity Log & User Audit Log

logify-wp

A
100

Logify WP - Activity Log & User Audit Log tracks critical changes, logins, and updates with searchable logs for site security.

200 No CVEs
Logify – Event Logger, Activity Monitor, Activity Log & Audit Log

Logify – Event Logger, Activity Monitor, Activity Log & Audit Log

logify

A
100

Monitor, track, and review everything happening on your WordPress site. Logify helps you stay secure, stay compliant, and stay in control.

10 No CVEs
Activity Monitor Pro

Activity Monitor Pro

activity-monitor-pro

A
100

Comprehensive activity monitoring, undo system, and AI-powered anomaly detection for WordPress.

0 No CVEs
Liaison Site Prober

Liaison Site Prober

liaison-site-prober

A
100

Liaison Site Prober helps you log and track key changes and user actions on your WordPress website — giving you better visibility and security.

0 No CVEs
TeleLog

TeleLog

telelog

A
85

Keep track of everything happening on your WordPress in Telegram

0 No CVEs
Developer Profile

FBS Activity Tracker Developer Profile

Fazle Bari

5 plugins · 50 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FBS Activity Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fbs-activity-tracker/admin/css/fbs-activity-tracker-admin.css/wp-content/plugins/fbs-activity-tracker/admin/css/fbs-activity-tracker-notifications.css/wp-content/plugins/fbs-activity-tracker/admin/js/fbs-activity-tracker-admin.js
Script Paths
/wp-content/plugins/fbs-activity-tracker/admin/js/fbs-activity-tracker-admin.js
Version Parameters
fbs-activity-tracker/admin/css/fbs-activity-tracker-admin.css?ver=fbs-activity-tracker/admin/css/fbs-activity-tracker-notifications.css?ver=fbs-activity-tracker/admin/js/fbs-activity-tracker-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
fbsActivityTracker
FAQ

Frequently Asked Questions about FBS Activity Tracker