Does Heatmap Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Heatmap Plugin compatible with WordPress 2.7.1?

According to WordPress.org data, Heatmap Plugin 1.3 has been tested up to WordPress 2.7.1. Check the plugin's changelog for the latest compatibility information.

How often is Heatmap Plugin updated?

Heatmap Plugin was last updated on Mar 11, 2009. Frequent updates are generally a positive security signal.

What is Heatmap Plugin's security score?

Heatmap Plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Heatmap Plugin Security & Risk Analysis

wordpress.org/plugins/heatmap

This plugin will help you to analyze where people click on your site. As the result you will discover where better to place banners, how to organize n …

30 active installs v1.3 PHP + WP + Updated Mar 11, 2009

clickmapclicks-analyzerheatmap

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Heatmap Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Heatmap Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago

Risk Assessment

The "heatmap" plugin v1.3 exhibits a mixed security posture. While it presents a very small attack surface with zero identified entry points and no recorded vulnerability history, the static analysis reveals significant coding concerns. Specifically, the plugin fails to utilize prepared statements for all its SQL queries and none of its output is properly escaped, indicating a high risk of SQL injection and cross-site scripting (XSS) vulnerabilities. The taint analysis further highlights a critical issue with a high-severity flow that involves unsanitized paths, which could be a pathway for attacks if it interacts with sensitive operations. The absence of nonce and capability checks also means that even the limited entry points could potentially be exploited without proper authorization or integrity validation.

Key Concerns

Raw SQL without prepared statements
No output escaping
High severity taint flow
No nonce checks
No capability checks

Vulnerabilities

None known

Heatmap Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Heatmap Plugin Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Heatmap Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

0% escaped3 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<view> (view.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Heatmap Plugin Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionwp_headheatmap.php:80

actioninitheatmap.php:81

Maintenance & Trust

Heatmap Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested2.7.1

Last updatedMar 11, 2009

PHP min version

Downloads11K

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

Heatmap Plugin Alternatives

WP Super Heatmap

wp-super-heatmap

This plugin tracks user clicks and creates a heatmap for your website. All data is stored locally and no third-party service is used. Completely free!

10 No CVEs

WP Light Heatmap

wp-light-heatmap

This plugin allows you to create a heatmap based on mouse clicks and cursor movements.

0 No CVEs

Hotjar

hotjar

The fast & visual way to understand your users.

70K 1 CVE

Aurora Heatmap

aurora-heatmap

Beautiful like an aurora! A simple WordPress heatmap that can be completed with just a plugin.

20K No CVEs

Mouseflow for WordPress

mouseflow-for-wordpress

Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess …

7K No CVEs

Developer Profile

Heatmap Plugin Developer Profile

DimitryKislichenko

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Heatmap Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/heatmap/view.css/wp-content/plugins/heatmap/js/jcalendar.js/wp-content/plugins/heatmap/js/view.js/wp-content/plugins/heatmap/js/loger.js

Script Paths

/wp-content/plugins/heatmap/js/jcalendar.js/wp-content/plugins/heatmap/js/view.js/wp-content/plugins/heatmap/js/loger.js

HTML / DOM Fingerprints

JS Globals

WPURL

FAQ