WP-Safety

Tracking and Consent Manager – WP Full Picture Security & Risk Analysis

wordpress.org/plugins/full-picture-analytics-cookie-notice

All-in-one tracking and consent management. Use Google Analytics, Google Ads, Meta Pixel, and more - without breaking privacy laws.

3K active installs v10.1.0 PHP 7.4+ WP 5.4+ Updated Mar 11, 2026
analyticsconsent-modegdprgoogle-adsgtm
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Tracking and Consent Manager – WP Full Picture Safe to Use in 2026?

Generally Safe

Score 100/100

Tracking and Consent Manager – WP Full Picture has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The full-picture-analytics-cookie-notice plugin v10.1.0 demonstrates a mixed security posture. On the positive side, it has no known past vulnerabilities and utilizes prepared statements for the majority of its SQL queries, along with a high percentage of properly escaped output. The plugin also implements a reasonable number of capability checks and nonces. However, there are notable areas of concern, particularly regarding the attack surface. A significant portion of its AJAX handlers (6 out of 11) and one REST API route lack authentication checks, creating potential entry points for attackers. The taint analysis reveals two high-severity flows with unsanitized paths, which could lead to unintended behavior or vulnerabilities if exploited. While the plugin has no recorded CVEs, the presence of unsanitized paths in taint analysis, even without critical severity, suggests areas that require immediate attention. The absence of past vulnerabilities is a positive indicator of developer diligence, but the current findings highlight that improvements are needed in input validation and access control for its API endpoints and AJAX actions.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity taint flows
  • SQL queries not using prepared statements
  • Bundled outdated Freemius library
Vulnerabilities
None known

Tracking and Consent Manager – WP Full Picture Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Tracking and Consent Manager – WP Full Picture Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
6 prepared
Unescaped Output
77
454 escaped
Nonce Checks
8
Capability Checks
23
File Operations
12
External Requests
2
Bundled Libraries
2

Bundled Libraries

Freemius1.0Select2

SQL Query Safety

67% prepared9 total queries

Output Escaping

85% escaped531 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths
<fupi-admin-page-display> (admin\common\pages\fupi-admin-page-display.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Tracking and Consent Manager – WP Full Picture Attack Surface

Entry Points15
Unprotected7

AJAX Handlers 11

authwp_ajax_fupi_ajax_make_new_backupadmin\modules\main\main-admin.php:26
authwp_ajax_fupi_ajax_upload_settings_from_fileadmin\modules\main\main-admin.php:27
authwp_ajax_fupi_ajax_restore_settings_backupadmin\modules\main\main-admin.php:28
authwp_ajax_fupi_ajax_remove_settings_backupadmin\modules\main\main-admin.php:29
authwp_ajax_wptrt_dismiss_noticeincludes\class-fupi-notices.php:65
authwp_ajax_fupi_search_usersincludes\class-fupi.php:101
authwp_ajax_fupi_search_pagesincludes\class-fupi.php:102
authwp_ajax_fupi_update_modesincludes\class-fupi.php:104
authwp_ajax_fupi_check_conflictsincludes\class-fupi.php:106
noprivwp_ajax_fupi_ajaxincludes\class-fupi.php:173
authwp_ajax_fupi_ajaxincludes\class-fupi.php:175

REST API Routes 1

POST/wp-json/fupi/v1/senderpublic\class-fupi-public.php:413

Shortcodes 3

[fp_block] public\modules\cook\cook-public.php:245
[fp_block_iframe] public\modules\cook\cook-public.php:246
[fp_info] public\modules\main\main-public.php:26
WordPress Hooks 187
filterfupi_updating_many_optionsadmin\common\fupi_updater.php:49
filterfupi_updating_many_optionsadmin\common\fupi_updater.php:57
actionfupi_register_setting_ceggadmin\modules\cegg\cegg-admin.php:21
filterfupi_cegg_add_fields_settingsadmin\modules\cegg\cegg-admin.php:22
filterfupi_cegg_get_page_descradmin\modules\cegg\cegg-admin.php:24
actionfupi_register_setting_claradmin\modules\clar\clar-admin.php:21
filterfupi_clar_add_fields_settingsadmin\modules\clar\clar-admin.php:22
filterfupi_clar_get_page_descradmin\modules\clar\clar-admin.php:23
actionfupi_register_setting_cookadmin\modules\cook\cook-admin.php:19
filterfupi_cook_add_fields_settingsadmin\modules\cook\cook-admin.php:20
filterfupi_cook_get_page_descradmin\modules\cook\cook-admin.php:21
filterfupi_cook_get_faq_dataadmin\modules\cook\cook-admin.php:22
actioncustomize_registeradmin\modules\cook\cook-admin.php:30
actioncustomize_save_afteradmin\modules\cook\cook-admin.php:31
actioncustomize_preview_initadmin\modules\cook\cook-admin.php:32
actioncustomize_controls_enqueue_scriptsadmin\modules\cook\cook-admin.php:33
actionfupi_register_setting_cscradmin\modules\cscr\cscr-admin.php:23
filterfupi_cscr_add_fields_settingsadmin\modules\cscr\cscr-admin.php:24
filterfupi_cscr_get_faq_dataadmin\modules\cscr\cscr-admin.php:25
filterfupi_cscr_get_page_descradmin\modules\cscr\cscr-admin.php:26
actionfupi_register_setting_fbp1admin\modules\fbp1\fbp1-admin.php:20
filterfupi_fbp1_add_fields_settingsadmin\modules\fbp1\fbp1-admin.php:21
filterfupi_fbp1_get_faq_dataadmin\modules\fbp1\fbp1-admin.php:22
filterfupi_fbp1_get_page_descradmin\modules\fbp1\fbp1-admin.php:23
actionfupi_register_setting_ga41admin\modules\ga41\ga41-admin.php:21
filterfupi_ga41_add_fields_settingsadmin\modules\ga41\ga41-admin.php:22
filterfupi_ga41_get_faq_dataadmin\modules\ga41\ga41-admin.php:23
filterfupi_ga41_get_page_descradmin\modules\ga41\ga41-admin.php:24
actionfupi_register_setting_gadsadmin\modules\gads\gads-admin.php:19
filterfupi_gads_add_fields_settingsadmin\modules\gads\gads-admin.php:20
filterfupi_gads_get_faq_dataadmin\modules\gads\gads-admin.php:21
filterfupi_gads_get_page_descradmin\modules\gads\gads-admin.php:22
actionfupi_register_setting_gtagadmin\modules\gtag\gtag-admin.php:19
filterfupi_gtag_add_fields_settingsadmin\modules\gtag\gtag-admin.php:20
filterfupi_gtag_get_page_descradmin\modules\gtag\gtag-admin.php:21
actionfupi_register_setting_gtmadmin\modules\gtm\gtm-admin.php:19
filterfupi_gtm_add_fields_settingsadmin\modules\gtm\gtm-admin.php:20
filterfupi_gtm_get_faq_dataadmin\modules\gtm\gtm-admin.php:21
filterfupi_gtm_get_page_descradmin\modules\gtm\gtm-admin.php:22
actionfupi_register_setting_hotjadmin\modules\hotj\hotj-admin.php:20
filterfupi_hotj_add_fields_settingsadmin\modules\hotj\hotj-admin.php:21
filterfupi_hotj_get_faq_dataadmin\modules\hotj\hotj-admin.php:22
filterfupi_hotj_get_page_descradmin\modules\hotj\hotj-admin.php:23
actionfupi_register_setting_inspadmin\modules\insp\insp-admin.php:19
filterfupi_insp_add_fields_settingsadmin\modules\insp\insp-admin.php:20
filterfupi_insp_get_faq_dataadmin\modules\insp\insp-admin.php:21
filterfupi_insp_get_page_descradmin\modules\insp\insp-admin.php:22
actionfupi_register_setting_linkdadmin\modules\linkd\linkd-admin.php:19
filterfupi_linkd_add_fields_settingsadmin\modules\linkd\linkd-admin.php:20
filterfupi_linkd_get_faq_dataadmin\modules\linkd\linkd-admin.php:21
filterfupi_linkd_get_page_descradmin\modules\linkd\linkd-admin.php:22
actionfupi_register_setting_madsadmin\modules\mads\mads-admin.php:19
filterfupi_mads_add_fields_settingsadmin\modules\mads\mads-admin.php:20
filterfupi_mads_get_faq_dataadmin\modules\mads\mads-admin.php:21
filterfupi_mads_get_page_descradmin\modules\mads\mads-admin.php:22
filterfupi_main_add_fields_settingsadmin\modules\main\main-admin.php:21
actionfupi_register_setting_mainadmin\modules\main\main-admin.php:22
filterfupi_main_get_page_descradmin\modules\main\main-admin.php:23
actionadmin_post_wpfp_download_backupadmin\modules\main\main-admin.php:32
actionfupi_register_setting_matoadmin\modules\mato\mato-admin.php:19
filterfupi_mato_add_fields_settingsadmin\modules\mato\mato-admin.php:20
filterfupi_mato_get_faq_dataadmin\modules\mato\mato-admin.php:21
filterfupi_mato_get_page_descradmin\modules\mato\mato-admin.php:22
actionfupi_register_setting_pinadmin\modules\pin\pin-admin.php:19
filterfupi_pin_add_fields_settingsadmin\modules\pin\pin-admin.php:20
filterfupi_pin_get_page_descradmin\modules\pin\pin-admin.php:21
actionfupi_register_setting_plaadmin\modules\pla\pla-admin.php:19
filterfupi_pla_add_fields_settingsadmin\modules\pla\pla-admin.php:20
filterfupi_pla_get_faq_dataadmin\modules\pla\pla-admin.php:21
filterfupi_pla_get_page_descradmin\modules\pla\pla-admin.php:22
actionfupi_register_setting_posthogadmin\modules\posthog\posthog-admin.php:19
filterfupi_posthog_add_fields_settingsadmin\modules\posthog\posthog-admin.php:20
filterfupi_posthog_get_page_descradmin\modules\posthog\posthog-admin.php:21
actionfupi_register_setting_proofrecadmin\modules\proofrec\proofrec-admin.php:28
filterfupi_proofrec_add_fields_settingsadmin\modules\proofrec\proofrec-admin.php:29
filterfupi_proofrec_get_page_descradmin\modules\proofrec\proofrec-admin.php:35
actionpublish_pageadmin\modules\proofrec\proofrec-admin.php:42
actionfupi_register_setting_reportsadmin\modules\reports\reports-admin.php:17
filterfupi_reports_add_fields_settingsadmin\modules\reports\reports-admin.php:18
filterfupi_reports_get_page_descradmin\modules\reports\reports-admin.php:19
actionfupi_register_setting_simpladmin\modules\simpl\simpl-admin.php:13
filterfupi_simpl_add_fields_settingsadmin\modules\simpl\simpl-admin.php:14
filterfupi_simpl_get_page_descradmin\modules\simpl\simpl-admin.php:15
actionfupi_register_setting_tikadmin\modules\tik\tik-admin.php:20
filterfupi_tik_add_fields_settingsadmin\modules\tik\tik-admin.php:21
filterfupi_tik_get_page_descradmin\modules\tik\tik-admin.php:22
actionfupi_register_setting_toolsadmin\modules\tools\tools-admin.php:22
filterfupi_tools_add_fields_settingsadmin\modules\tools\tools-admin.php:23
filterfupi_tools_get_page_descradmin\modules\tools\tools-admin.php:24
actionfupi_register_setting_trackadmin\modules\track\track-admin.php:19
filterfupi_track_add_fields_settingsadmin\modules\track\track-admin.php:20
filterfupi_track_get_page_descradmin\modules\track\track-admin.php:21
actionfupi_register_setting_twitadmin\modules\twit\twit-admin.php:20
filterfupi_twit_add_fields_settingsadmin\modules\twit\twit-admin.php:21
filterfupi_twit_get_faq_dataadmin\modules\twit\twit-admin.php:22
filterfupi_twit_get_page_descradmin\modules\twit\twit-admin.php:23
actionfupi_register_setting_wooadmin\modules\woo\woo-admin.php:26
filterfupi_woo_add_fields_settingsadmin\modules\woo\woo-admin.php:27
filterfupi_woo_get_faq_dataadmin\modules\woo\woo-admin.php:33
filterfupi_woo_get_page_descradmin\modules\woo\woo-admin.php:39
filterhide_billing_and_payments_infofull-picture.php:67
filterplugin_iconfull-picture.php:73
actionbefore_woocommerce_initfull-picture.php:100
actionadmin_noticesincludes\class-fupi-notices.php:502
actionadmin_footerincludes\class-fupi-notices.php:505
actioninitincludes\class-fupi.php:62
filterload_textdomain_mofileincludes\class-fupi.php:63
actioninitincludes\class-fupi.php:78
actionadmin_enqueue_scriptsincludes\class-fupi.php:93
actionadmin_headincludes\class-fupi.php:94
actionadmin_menuincludes\class-fupi.php:95
actionadmin_menuincludes\class-fupi.php:96
actionadmin_initincludes\class-fupi.php:97
actionadmin_initincludes\class-fupi.php:99
actionwp_headincludes\class-fupi.php:117
filterscript_loader_tagincludes\class-fupi.php:124
filterrocket_defer_inline_exclusionsincludes\class-fupi.php:131
filterrocket_exclude_jsincludes\class-fupi.php:132
filterrocket_delay_js_exclusionsincludes\class-fupi.php:133
filterrocket_exclude_defer_jsincludes\class-fupi.php:134
actionwp_enqueue_scriptsincludes\class-fupi.php:135
actionrest_api_initincludes\class-fupi.php:178
actiontemplate_redirectincludes\class-fupi.php:181
actionwp_enqueue_scriptspublic\modules\cegg\cegg-public.php:21
filterfupi_modify_fp_objectpublic\modules\cegg\cegg-public.php:22
actionwp_enqueue_scriptspublic\modules\clar\clar-public.php:21
filterfupi_modify_fp_objectpublic\modules\clar\clar-public.php:22
actionwp_enqueue_scriptspublic\modules\cook\cook-public.php:25
filterfupi_modify_fp_objectpublic\modules\cook\cook-public.php:26
actionwp_headpublic\modules\cook\cook-public.php:32
actionwp_body_openspublic\modules\cook\cook-public.php:40
actionwp_footerpublic\modules\cook\cook-public.php:43
actioninitpublic\modules\cook\cook-public.php:46
actionwp_headpublic\modules\cscr\cscr-public.php:17
actionwp_footerpublic\modules\cscr\cscr-public.php:18
filterfupi_modify_fp_objectpublic\modules\cscr\cscr-public.php:19
actionwp_enqueue_scriptspublic\modules\fbp1\fbp1-public.php:23
filterfupi_modify_fp_objectpublic\modules\fbp1\fbp1-public.php:24
actionwp_enqueue_scriptspublic\modules\gotm\gotm-public.php:21
filterfupi_modify_fp_objectpublic\modules\gotm\gotm-public.php:22
actionwp_body_openpublic\modules\gotm\gotm-public.php:23
actionwp_headpublic\modules\gtools\gtools-public.php:53
actionwp_enqueue_scriptspublic\modules\gtools\gtools-public.php:54
filterfupi_modify_fp_objectpublic\modules\gtools\gtools-public.php:55
filterfupi_order_server_trackingpublic\modules\gtools\gtools-public.php:62
actionwp_enqueue_scriptspublic\modules\hotj\hotj-public.php:21
filterfupi_modify_fp_objectpublic\modules\hotj\hotj-public.php:22
actionwp_enqueue_scriptspublic\modules\insp\insp-public.php:21
filterfupi_modify_fp_objectpublic\modules\insp\insp-public.php:22
actionwp_enqueue_scriptspublic\modules\linkd\linkd-public.php:21
filterfupi_modify_fp_objectpublic\modules\linkd\linkd-public.php:22
actionwp_enqueue_scriptspublic\modules\mads\mads-public.php:21
filterfupi_modify_fp_objectpublic\modules\mads\mads-public.php:22
actionwp_enqueue_scriptspublic\modules\main\main-public.php:15
actionwp_footerpublic\modules\main\main-public.php:16
actioninitpublic\modules\main\main-public.php:18
actionwp_headpublic\modules\main\main-public.php:22
actionwp_enqueue_scriptspublic\modules\mato\mato-public.php:21
filterfupi_modify_fp_objectpublic\modules\mato\mato-public.php:22
actionwp_enqueue_scriptspublic\modules\pin\pin-public.php:21
filterfupi_modify_fp_objectpublic\modules\pin\pin-public.php:22
actionwp_enqueue_scriptspublic\modules\pla\pla-public.php:19
filterfupi_modify_fp_objectpublic\modules\pla\pla-public.php:20
actionwp_enqueue_scriptspublic\modules\posthog\posthog-public.php:19
filterfupi_modify_fp_objectpublic\modules\posthog\posthog-public.php:20
filterfupi_modify_fp_objectpublic\modules\proofrec\proofrec-public.php:17
actionwp_enqueue_scriptspublic\modules\simpl\simpl-public.php:18
filterfupi_modify_fp_objectpublic\modules\simpl\simpl-public.php:19
actionwp_enqueue_scriptspublic\modules\tik\tik-public.php:21
filterfupi_modify_fp_objectpublic\modules\tik\tik-public.php:22
actionwp_enqueue_scriptspublic\modules\twit\twit-public.php:21
filterfupi_modify_fp_objectpublic\modules\twit\twit-public.php:22
actionwoocommerce_loadedpublic\modules\woo\woo-public.php:27
actionwp_enqueue_scriptspublic\modules\woo\woo-public.php:29
filterfupi_modify_fp_objectpublic\modules\woo\woo-public.php:30
filterfupi_modify_fpdata_objectpublic\modules\woo\woo-public.php:36
actionwoocommerce_before_shop_loop_itempublic\modules\woo\woo-public.php:48
actionwoocommerce_widget_product_item_endpublic\modules\woo\woo-public.php:50
actionwoocommerce_after_mini_cartpublic\modules\woo\woo-public.php:52
actionwoocommerce_before_cart_contentspublic\modules\woo\woo-public.php:59
filterwoocommerce_cart_item_namepublic\modules\woo\woo-public.php:66
filterwoocommerce_blocks_product_grid_item_htmlpublic\modules\woo\woo-public.php:80
filterrender_blockpublic\modules\woo\woo-public.php:91
actionwoocommerce_after_add_to_cart_buttonpublic\modules\woo\woo-public.php:101
filterwoocommerce_grouped_product_list_column_labelpublic\modules\woo\woo-public.php:103
actionwp_footerpublic\modules\woo\woo-public.php:110
actionwp_headpublic\modules\woo\woo-public.php:112
Maintenance & Trust

Tracking and Consent Manager – WP Full Picture Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.4
Downloads53K

Community Trust

Rating100/100
Number of ratings21
Active installs3K
Alternatives

Tracking and Consent Manager – WP Full Picture Alternatives

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

A
98

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs
Lightweight Google Analytics

Lightweight Google Analytics

lightweight-google-analytics

A
100

Easily integrate Google Analytics with WordPress using just your tracking ID.

400 No CVEs
Sugoi Tag Inserter: GTM & gtag.js Made Easy

Sugoi Tag Inserter: GTM & gtag.js Made Easy

sugoi-tag-inserter

A
85

・2 step installation of GTM / gtag.js Plugin to make Google Tag Manager (GTM) & gtag.js(Google Ads / Google Analytics).

20 No CVEs
MaxtDesign Cookie Consent – Google Consent Mode v2

MaxtDesign Cookie Consent – Google Consent Mode v2

maxtdesign-cookie-consent

A
100

Free cookie consent that actually controls Google Analytics & Ads (not just a banner). 10x lighter than $50/month alternatives. GDPR/CCPA.

10 No CVEs
PixelYourSite – Your smart PIXEL (TAG) & API Manager

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

A
89

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs
Developer Profile

Tracking and Consent Manager – WP Full Picture Developer Profile

Krzysztof Planeta

1 plugin · 3K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tracking and Consent Manager – WP Full Picture

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/css/jquery.dataTables.min.css/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/css/style.css/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/js/admin.js/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/js/bootstrap.bundle.min.js/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/js/jquery.dataTables.min.js/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/js/jquery.min.js/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/js/moment.min.js/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/js/new-custom.js+7 more
Script Paths
/wp-content/plugins/full-picture-analytics-cookie-notice/freemius/start.php
Version Parameters
/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/css/style.css?ver=/wp-content/plugins/full-picture-analytics-cookie-notice/admin/assets/js/admin.js?ver=/wp-content/plugins/full-picture-analytics-cookie-notice/public/assets/css/fupi-public.css?ver=/wp-content/plugins/full-picture-analytics-cookie-notice/public/assets/js/fupi-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
fupi-admin-noticefupi-cookie-notice-bannerfupi-cookie-btnfupi-main-content
HTML Comments
<!-- DO NOT REMOVE THIS IF, IT IS ESSENTIAL FOR THE `function_exists` CALL ABOVE TO PROPERLY WORK. --><!-- Hide billing and payment info from account --><!-- Custom FP Icon --><!-- Disable deactivation form -->+1 more
Data Attributes
data-cookie-iddata-cookie-type
JS Globals
fupi_admin_paramsfupi_public_params
REST Endpoints
/wp-json/fupi/v1/settings
FAQ

Frequently Asked Questions about Tracking and Consent Manager – WP Full Picture