Does Stape Conversion Tracking have any unpatched vulnerabilities?

No. All known vulnerabilities in Stape Conversion Tracking have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Stape Conversion Tracking compatible with WordPress 6.9.0?

According to WordPress.org data, Stape Conversion Tracking 2.1.43 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

How often is Stape Conversion Tracking updated?

Stape Conversion Tracking was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Stape Conversion Tracking's security score?

Stape Conversion Tracking has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Stape Conversion Tracking Security & Risk Analysis

wordpress.org/plugins/gtm-server-side

Google Tag Manager Server Side Integration Made Easy

10K active installs v2.1.43 PHP + WP 5.2.0+ Updated Mar 5, 2026

google-tag-managergoogle-tag-manager-server-sidegtmgtm-server-sidetag-manager

A · Safe

CVEs total2

Unpatched0

Last CVESep 27, 2024

Plugin page Download

Safety Verdict

Is Stape Conversion Tracking Safe to Use in 2026?

Generally Safe

Score 99/100

Stape Conversion Tracking has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 27, 2024Updated 29d ago

Risk Assessment

The 'gtm-server-side' v2.1.44 plugin exhibits a generally good security posture, with a strong emphasis on prepared statements for SQL queries and a high percentage of properly escaped output. The static analysis reveals no critical or high severity taint flows and a relatively small attack surface, with all identified AJAX handlers appearing to have authentication checks. However, the plugin's vulnerability history is a significant concern. Two medium severity vulnerabilities have been recorded, both related to Cross-Site Scripting (XSS), with the most recent occurring on September 27, 2024. While currently unpatched CVEs are zero, the recurring nature of XSS vulnerabilities suggests potential weaknesses in input sanitization or output encoding that may not have been fully addressed in previous fixes or could reappear in future versions. The lack of capability checks on AJAX handlers is also a potential area for improvement, although the static analysis indicates these handlers are protected by some form of authentication.

Key Concerns

Two medium severity CVEs recorded
No capability checks on AJAX handlers
83% output escaping (potential for XSS)

Vulnerabilities

Stape Conversion Tracking Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-8712medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GTM Server Side <= 2.1.19 - Reflected Cross-Site Scripting

Sep 27, 2024 Patched in 2.1.20 (1d)

WF-35b46587-1c6e-4d3f-a8d0-e7797cee882d-gtm-server-sidemedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GTM Server Side <= 1.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Jun 22, 2022 Patched in 1.1.2 (580d)

Code Analysis

Analyzed Mar 16, 2026

Stape Conversion Tracking Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

157 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped189 total outputs

Attack Surface

Stape Conversion Tracking Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_gtm_server_side_webhook_testincludes\class-gtm-server-side-admin-ajax.php:35

authwp_ajax_gtm_server_side_state_cart_dataincludes\class-gtm-server-side-frontend-ajax.php:25

noprivwp_ajax_gtm_server_side_state_cart_dataincludes\class-gtm-server-side-frontend-ajax.php:26

WordPress Hooks 68

actionplugins_loadedbootstrap.php:92

actioninitgtm-server-side.php:32

actiongtm_server_sidegtm-server-side.php:33

actiongtm_server_sidegtm-server-side.php:34

actiongtm_server_sidegtm-server-side.php:35

actiongtm_server_sidegtm-server-side.php:36

actiongtm_server_sidegtm-server-side.php:37

actiongtm_server_sidegtm-server-side.php:38

actiongtm_server_sidegtm-server-side.php:39

actiongtm_server_sidegtm-server-side.php:40

actiongtm_server_sidegtm-server-side.php:41

actiongtm_server_sidegtm-server-side.php:42

actiongtm_server_side_admingtm-server-side.php:43

actiongtm_server_side_admingtm-server-side.php:44

actiongtm_server_side_admingtm-server-side.php:45

actiongtm_server_side_admingtm-server-side.php:46

actiongtm_server_side_frontendgtm-server-side.php:47

actiongtm_server_side_frontendgtm-server-side.php:48

actiongtm_server_side_frontendgtm-server-side.php:49

actiongtm_server_side_frontendgtm-server-side.php:50

actiongtm_server_side_frontendgtm-server-side.php:53

actiongtm_server_side_frontendgtm-server-side.php:54

actiongtm_server_side_frontendgtm-server-side.php:55

actiongtm_server_side_frontendgtm-server-side.php:56

actiongtm_server_side_frontendgtm-server-side.php:57

actiongtm_server_side_frontendgtm-server-side.php:58

actiongtm_server_side_frontendgtm-server-side.php:59

actionadmin_enqueue_scriptsincludes\class-gtm-server-side-admin-assets.php:24

actionadmin_initincludes\class-gtm-server-side-admin-settings.php:24

actionadmin_menuincludes\class-gtm-server-side-admin-settings.php:25

filterplugin_action_linksincludes\class-gtm-server-side-admin-settings.php:26

actionwoocommerce_new_orderincludes\class-gtm-server-side-api-data-manager-ingest.php:28

actioninitincludes\class-gtm-server-side-customer-loader-cron.php:35

filtercron_schedulesincludes\class-gtm-server-side-customer-loader-cron.php:36

actionshutdownincludes\class-gtm-server-side-customer-loader-options-watcher.php:87

actioninitincludes\class-gtm-server-side-data-manager-ingest-cron.php:45

filtercron_schedulesincludes\class-gtm-server-side-data-manager-ingest-cron.php:46

filterwoocommerce_order_data_store_cpt_get_orders_queryincludes\class-gtm-server-side-data-manager-ingest-cron.php:49

filterwoocommerce_cart_item_remove_linkincludes\class-gtm-server-side-event-addtocart.php:33

filterwoocommerce_loop_add_to_cart_argsincludes\class-gtm-server-side-event-addtocart.php:34

filterwoocommerce_blocks_product_grid_item_htmlincludes\class-gtm-server-side-event-addtocart.php:35

actionwoocommerce_after_add_to_cart_buttonincludes\class-gtm-server-side-event-addtocart.php:36

filterwoocommerce_grouped_product_list_column_quantityincludes\class-gtm-server-side-event-addtocart.php:37

filtergtm_server_side_before_html_data_attributesincludes\class-gtm-server-side-event-addtocart.php:39

filtergtm_server_side_after_html_data_attributesincludes\class-gtm-server-side-event-addtocart.php:40

actionwp_footerincludes\class-gtm-server-side-event-begincheckout.php:28

actionwp_footerincludes\class-gtm-server-side-event-home.php:28

actionwp_loginincludes\class-gtm-server-side-event-login.php:35

actionwp_footerincludes\class-gtm-server-side-event-login.php:36

actionwoocommerce_new_orderincludes\class-gtm-server-side-event-purchase.php:42

actionwoocommerce_thankyouincludes\class-gtm-server-side-event-purchase.php:43

actionwp_footerincludes\class-gtm-server-side-event-purchase.php:44

actionuser_registerincludes\class-gtm-server-side-event-register.php:35

actionwp_footerincludes\class-gtm-server-side-event-register.php:36

actionlogin_footerincludes\class-gtm-server-side-event-register.php:37

actionwp_footerincludes\class-gtm-server-side-event-viewcart.php:28

actionwp_footerincludes\class-gtm-server-side-event-viewitem.php:28

actionwp_footerincludes\class-gtm-server-side-event-viewitemlist.php:28

actionwp_enqueue_scriptsincludes\class-gtm-server-side-frontend-assets.php:28

actionwp_headincludes\class-gtm-server-side-tracking-code.php:35

actioninitincludes\class-gtm-server-side-tracking-gtm4wp.php:32

filtergtm4wp_get_the_gtm_tagincludes\class-gtm-server-side-tracking-gtm4wp.php:33

actionwp_headincludes\class-gtm-server-side-tracking-gtm4wp.php:39

actionwoocommerce_checkout_create_orderincludes\class-gtm-server-side-wc-order.php:28

actionwoocommerce_order_status_completedincludes\class-gtm-server-side-webhook-completed.php:28

actionwoocommerce_order_status_processingincludes\class-gtm-server-side-webhook-processing.php:28

actionwoocommerce_new_orderincludes\class-gtm-server-side-webhook-purchase.php:28

actionwoocommerce_order_refundedincludes\class-gtm-server-side-webhook-refund.php:28

Maintenance & Trust

Stape Conversion Tracking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedMar 5, 2026

PHP min version

Downloads136K

Community Trust

Rating100/100

Number of ratings4

Active installs10K

Alternatives

Stape Conversion Tracking Alternatives

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

GTM Kit – Google Tag Manager & GA4 integration

gtm-kit

Google Tag Manager and GA4 integration. Including WooCommerce data for Google Analytics 4 and support for server side GTM.

30K 1 CVE

Google Analytics and Google Tag Manager

wk-google-analytics

Google Analytics or Google Tag Manager for WordPress without tracking your own visits.

10K No CVEs

WP Global Site Tag

wp-global-site-tag

100

Global Site Tag (gtag.js) is a new Google Analytics replacement – giving you better control while making implementation easier. Using gtag.

8K No CVEs

Tagging

tagging

100

AdPage Tagging is a simple to use solution for setting up Google Tag Manager Server Side.

500 No CVEs

Developer Profile

Stape Conversion Tracking Developer Profile

Stape

1 plugin · 10K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

291 days

View full developer profile

Detection Fingerprints

How We Detect Stape Conversion Tracking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gtm-server-side/assets/css/frontend.css/wp-content/plugins/gtm-server-side/assets/js/frontend.js/wp-content/plugins/gtm-server-side/assets/js/gtm4wp-frontend.js/wp-content/plugins/gtm-server-side/assets/js/gtm4wp-compatibility.js

Script Paths

/wp-content/plugins/gtm-server-side/assets/js/frontend.js/wp-content/plugins/gtm-server-side/assets/js/gtm4wp-frontend.js/wp-content/plugins/gtm-server-side/assets/js/gtm4wp-compatibility.js

Version Parameters

gtm-server-side/assets/css/frontend.css?ver=gtm-server-side/assets/js/frontend.js?ver=gtm-server-side/assets/js/gtm4wp-frontend.js?ver=gtm-server-side/assets/js/gtm4wp-compatibility.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-gtm_server_side_id

JS Globals

gtm_server_side

FAQ