Does Tracking Pixel for Gravity Forms have any unpatched vulnerabilities?

No. All known vulnerabilities in Tracking Pixel for Gravity Forms have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tracking Pixel for Gravity Forms compatible with WordPress 4.9.29?

According to WordPress.org data, Tracking Pixel for Gravity Forms 1.0.4 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Tracking Pixel for Gravity Forms compatible with PHP 5.6+?

Tracking Pixel for Gravity Forms requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tracking Pixel for Gravity Forms updated?

Tracking Pixel for Gravity Forms was last updated on Jul 9, 2021. Frequent updates are generally a positive security signal.

What is Tracking Pixel for Gravity Forms's security score?

Tracking Pixel for Gravity Forms has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tracking Pixel for Gravity Forms Security & Risk Analysis

wordpress.org/plugins/gf-facebook-pixel-tracking

This plugin provides an easy way to add Facebook event tracking to your Gravity Forms using Facebook’s Tracking Pixel. This flexible plugin works for …

400 active installs v1.0.4 PHP 5.6+ WP 4.0+ Updated Jul 9, 2021

event-trackingfacebookfacebook-pixelgravity-forms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Tracking Pixel for Gravity Forms Safe to Use in 2026?

Generally Safe

Score 85/100

Tracking Pixel for Gravity Forms has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The plugin "gf-facebook-pixel-tracking" v1.0.4 demonstrates a generally strong security posture based on the provided static analysis. It exhibits no obvious weaknesses in its attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication. The code also adheres to good practices by not using dangerous functions, performing file operations, or making external HTTP requests (with one exception noted). Furthermore, SQL queries are exclusively handled with prepared statements, and output escaping is nearly perfect. The absence of any recorded vulnerabilities in its history is a significant positive indicator of its security.

However, a few minor concerns exist. While the plugin has only one external HTTP request, the lack of detail about its purpose and how it's handled leaves room for potential exposure if not managed carefully. The single nonce check, while present, might be insufficient if more complex interactions were implemented. Crucially, the complete absence of capability checks is a significant weakness. This means that any user, regardless of their role or permissions, could potentially interact with parts of the plugin if an entry point were discovered, even though the static analysis shows no obvious entry points. The lack of taint analysis data also means we cannot definitively rule out vulnerabilities that might arise from user-supplied data being processed without proper sanitization, though the strong output escaping suggests this is unlikely to be a major issue.

In conclusion, "gf-facebook-pixel-tracking" v1.0.4 is a relatively secure plugin, benefiting from a small attack surface and good coding practices like prepared statements and output escaping. Its clean vulnerability history further bolsters confidence. The primary weakness lies in the absence of capability checks, which could become a risk if any indirect or unintended entry points are ever found. Further investigation into the single external HTTP request and the scope of the nonce check would be beneficial.

Key Concerns

Missing capability checks
Single external HTTP request without details

Vulnerabilities

None known

Tracking Pixel for Gravity Forms Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Tracking Pixel for Gravity Forms Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

29 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

97% escaped30 total outputs

Attack Surface

Tracking Pixel for Gravity Forms Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actiongform_loadedgf-facebook-pixel-tracking.php:70

actiongform_post_paginggf-facebook-pixel-tracking.php:142

actiongform_paypal_post_ipnincludes\GFFBPT_Submission_Feeds.php:63

Maintenance & Trust

Tracking Pixel for Gravity Forms Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedJul 9, 2021

PHP min version5.6

Downloads9K

Community Trust

Rating20/100

Number of ratings1

Active installs400

Alternatives

Tracking Pixel for Gravity Forms Alternatives

Meta Pixel Event Tracker for WooCommerce

meta-pixel-event-tracker

100

Adds customizable Meta Pixel event tracking support to WooCommerce.

40 No CVEs

Insert Headers And Footers

wp-headers-and-footers

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K 1 CVE

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

Pixel Cat – Conversion Pixel Manager

facebook-conversion-pixel

Add Meta & Facebook Pixel, Google Analytics (GA4) and any header script to your site. Everything you need to track users, ads, events & conversions.

40K 4 CVEs

Tag Manager – Header, Body And Footer

tag-manager-header-body-footer

100

Simple plugin that allow you add head, body and footer codes for google tag manager, analytics & facebook pixel codes.

30K No CVEs

Developer Profile

Tracking Pixel for Gravity Forms Developer Profile

hiilite

2 plugins · 410 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tracking Pixel for Gravity Forms

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gf-facebook-pixel-tracking/includes/GFFBPT_FBP.php/wp-content/plugins/gf-facebook-pixel-tracking/includes/GFFBPT_Submission_Feeds.php/wp-content/plugins/gf-facebook-pixel-tracking/includes/GFFBPT_Pagination.php/wp-content/plugins/gf-facebook-pixel-tracking/assets/css/gf-facebook-pixel-tracking.css/wp-content/plugins/gf-facebook-pixel-tracking/assets/js/gf-facebook-pixel-tracking.js

Script Paths

/wp-content/plugins/gf-facebook-pixel-tracking/assets/js/gf-facebook-pixel-tracking.js

Version Parameters

gf-facebook-pixel-tracking.css?ver=gf-facebook-pixel-tracking.js?ver=

HTML / DOM Fingerprints

CSS Classes

gf_facebook_pixel_tracking_admin_page

Data Attributes

data-gfbpixelid

JS Globals

GFFBPT_ADMIN

FAQ