WP-Safety

HT Easy GA4 – Google Analytics WordPress Plugin Security & Risk Analysis

wordpress.org/plugins/ht-easy-google-analytics

HT Easy GA4 - Google Analytics WordPress Plugin enables tracking user behavior and viewing Google Analytics dashboard reports from your website.

5K active installs v1.9.3 PHP + WP 5.0+ Updated Mar 3, 2026
analyticsga4googlegoogle-analyticsgoogle-analytics-plugin
99
A · Safe
CVEs total3
Unpatched0
Last CVEMar 15, 2024
Download
Safety Verdict

Is HT Easy GA4 – Google Analytics WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

HT Easy GA4 – Google Analytics WordPress Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 15, 2024Updated 1mo ago
Risk Assessment

The plugin "ht-easy-google-analytics" v1.9.3 exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of properly escaped output and a significant number of capability checks, there are notable concerns. The presence of unprotected entry points, particularly AJAX handlers and REST API routes, presents a direct attack surface that could be exploited without proper authorization. The taint analysis, while not revealing critical or high severity flows, shows a substantial number of flows with unsanitized paths, which could lead to vulnerabilities if not handled carefully. The vulnerability history is a significant concern; although no vulnerabilities are currently unpatched, the plugin has a history of three medium severity CVEs, specifically related to Cross-site Scripting, Missing Authorization, and Cross-Site Request Forgery. This pattern suggests recurring issues in input validation, authorization logic, and protection against unintended actions, even if they have been addressed in previous versions. The most recent vulnerability dates to March 2024, indicating ongoing security challenges. Overall, the plugin has strengths in output escaping and capability checks but is weakened by its exposed attack surface and a history of authorization and sanitization issues.

Key Concerns

  • Unprotected AJAX handlers
  • REST API routes without permission callbacks
  • Flows with unsanitized paths in taint analysis
  • SQL queries not using prepared statements
  • History of medium severity CVEs
Vulnerabilities
3

HT Easy GA4 – Google Analytics WordPress Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2024-29094medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

HT Easy GA4 ( Google Analytics 4 ) <= 1.1.7 - Reflected Cross-Site Scripting

Mar 15, 2024 Patched in 1.1.8 (6d)
CVE-2024-1176medium · 5.3Missing Authorization

HT Easy GA4 – Google Analytics WordPress Plugin <= 1.1.5 - Missing Authorization to Unauthenticated GA4 Email Update

Mar 8, 2024 Patched in 1.2.0 (15d)
CVE-2023-23802medium · 5.4Cross-Site Request Forgery (CSRF)

HT Easy GA4 ( Google Analytics 4 ) <= 1.0.6 - Cross-Site Request Forgery via plugin_activation

Mar 8, 2023 Patched in 1.0.7 (321d)
Code Analysis
Analyzed Mar 16, 2026

HT Easy GA4 – Google Analytics WordPress Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
2 prepared
Unescaped Output
32
251 escaped
Nonce Checks
9
Capability Checks
15
File Operations
2
External Requests
19
Bundled Libraries
0

SQL Query Safety

40% prepared5 total queries

Output Escaping

89% escaped283 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

13 flows7 with unsanitized paths
render_data_layer_script (includes\events-tracking\class-event-tracker.php:52)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

HT Easy GA4 – Google Analytics WordPress Plugin Attack Surface

Entry Points19
Unprotected7

AJAX Handlers 5

authwp_ajax_htga4_noticesadmin\class-notice-handler.php:39
authwp_ajax_htga4_clear_pending_conversionsincludes\google-ads\class-conversion-tracker.php:66
authwp_ajax_htga4_dismiss_upgrade_noticeincludes\google-ads\class-upgrade-notice.php:37
authwp_ajax_htga4_custom_event_ajax_actionincludes\server-side\class-ajax-handler.php:51
noprivwp_ajax_htga4_custom_event_ajax_actionincludes\server-side\class-ajax-handler.php:52

REST API Routes 14

GET/wp-json/htga4/v1/google-ads/settingsincludes\google-ads\class-manager.php:267
POST/wp-json/htga4/v1/google-ads/testincludes\google-ads\class-manager.php:289
GET/wp-json/htga4/v1/settingsincludes\vue-settings\class-settings-rest-api.php:31
GET/wp-json/htga4/v1/rolesincludes\vue-settings\class-settings-rest-api.php:49
GET/wp-json/htga4/v1/tools/clear-cacheincludes\vue-settings\class-settings-rest-api.php:60
GET/wp-json/htga4/v1/userinfoincludes\vue-settings\reports\class-ga4-api.php:162
GET/wp-json/htga4/v1/datastreamincludes\vue-settings\reports\class-ga4-api.php:175
GET/wp-json/htga4/v1/reports/standardincludes\vue-settings\reports\class-ga4-api.php:188
GET/wp-json/htga4/v1/reports/ecommerceincludes\vue-settings\reports\class-ga4-api.php:201
GET/wp-json/htga4/v1/reports/realtimeincludes\vue-settings\reports\class-ga4-api.php:214
GET/wp-json/htga4/v1/accountsincludes\vue-settings\reports\class-ga4-api.php:227
GET/wp-json/htga4/v1/properties/(?P<account_id>[\w-]+)includes\vue-settings\reports\class-ga4-api.php:237
GET/wp-json/htga4/v1/datastreams/(?P<property_id>[\w-]+)includes\vue-settings\reports\class-ga4-api.php:262
GET/wp-json/htga4/v1/measurement-protocol-secrets/(?P<property_id>[\w-]+)/(?P<stream_id>[\w-]+)includes\vue-settings\reports\class-ga4-api.php:287
WordPress Hooks 64
actionadmin_noticesadmin\class-diagnostic-data.php:102
actionadmin_menuadmin\class-menu.php:38
actionadmin_menuadmin\class-menu.php:41
actionadmin_footeradmin\class-menu.php:44
actionadmin_noticesadmin\class-notice-handler.php:37
actionadmin_footeradmin\class-notice-handler.php:38
filterhtga4_recommended_plugins_tab_listadmin\class-recommended-plugins-init.php:39
actionadmin_menuadmin\class-recommended-plugins.php:81
actionadmin_enqueue_scriptsadmin\class-recommended-plugins.php:82
actionadmin_enqueue_scriptsadmin\class-trial.php:70
actionadmin_initadmin\class-trial.php:71
actionadmin_print_scriptsadmin\class-trial.php:343
actionadmin_print_footer_scriptsadmin\class-trial.php:344
actionadmin_noticesadmin\class-trial.php:348
actionadmin_footeradmin\class-trial.php:352
actionadmin_footeradmin\class-trial.php:353
actionwoocommerce_add_to_cartfrontend\class-frontend.php:35
actiontemplate_redirectfrontend\class-frontend.php:38
actionwp_footerfrontend\class-frontend.php:80
actionwp_headfrontend\class-ga4-tracker.php:37
actionwp_footerfrontend\class-ga4-tracker.php:38
actionwp_footerfrontend\class-ga4-tracker.php:39
actioninitincludes\class-base.php:28
actionplugins_loadedincludes\class-base.php:31
actionplugins_loadedincludes\class-base.php:46
actionadmin_initincludes\class-base.php:67
actionadmin_initincludes\class-base.php:68
actionwp_headincludes\class-base.php:71
actionadmin_headincludes\class-base.php:74
actionwp_footerincludes\cookie-notice\class-cookie-notice.php:59
actionwp_enqueue_scriptsincludes\cookie-notice\class-cookie-notice.php:60
actionwp_footerincludes\events-tracking\class-event-tracker.php:46
actionwoocommerce_payment_completeincludes\google-ads\class-conversion-tracker.php:52
actionwoocommerce_thankyouincludes\google-ads\class-conversion-tracker.php:55
actionwoocommerce_order_status_completedincludes\google-ads\class-conversion-tracker.php:58
actionwoocommerce_order_status_processingincludes\google-ads\class-conversion-tracker.php:59
actionwp_footerincludes\google-ads\class-conversion-tracker.php:62
actioninitincludes\google-ads\class-manager.php:80
actionwp_enqueue_scriptsincludes\google-ads\class-manager.php:83
actionadmin_enqueue_scriptsincludes\google-ads\class-manager.php:86
actionadmin_headincludes\google-ads\class-manager.php:89
actionrest_api_initincludes\google-ads\class-manager.php:92
filterhtga4_settings_schemaincludes\google-ads\class-manager.php:95
filterhtga4_settings_defaultsincludes\google-ads\class-manager.php:98
actionwp_headincludes\google-ads\class-manager.php:128
filterhtga4_vue_settings_tabsincludes\google-ads\class-settings.php:41
actionadmin_footerincludes\google-ads\class-settings.php:44
actionadmin_noticesincludes\google-ads\class-upgrade-notice.php:34
actionadmin_footerincludes\google-ads\class-upgrade-notice.php:40
actionadmin_footerincludes\google-ads\class-upgrade-notice.php:43
actionadmin_initincludes\google-ads\class-upgrade-notice.php:46
actionadmin_headincludes\google-ads\helper-functions.php:504
actionwp_enqueue_scriptsincludes\inspector\class-inspector.php:44
actionwp_footerincludes\inspector\class-inspector.php:45
actioninitincludes\inspector\class-inspector.php:48
actionwp_headincludes\inspector\class-inspector.php:306
actionwoocommerce_order_status_changedincludes\server-side\class-server-side-tracking.php:89
actionadmin_enqueue_scriptsincludes\vue-settings\class-settings-page.php:40
actionadmin_headincludes\vue-settings\class-settings-page.php:43
actionadmin_footerincludes\vue-settings\class-settings-page.php:46
filterscript_loader_tagincludes\vue-settings\class-settings-page.php:91
filterscript_loader_tagincludes\vue-settings\class-settings-page.php:131
actionrest_api_initincludes\vue-settings\class-settings-rest-api.php:24
actionrest_api_initincludes\vue-settings\reports\class-ga4-api.php:36
Maintenance & Trust

HT Easy GA4 – Google Analytics WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 3, 2026
PHP min version
Downloads141K

Community Trust

Rating90/100
Number of ratings8
Active installs5K
Alternatives

HT Easy GA4 – Google Analytics WordPress Plugin Alternatives

Integrate GA4 Google Analytics

Integrate GA4 Google Analytics

integrate-ga4-google-analytics

A
92

A simple, lightweight plugin to easily integrate Google Analytics GA4 tracking into your WordPress site.

600 No CVEs
ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

google-analytics-dashboard-for-wp

A
90

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

300K 5 CVEs
GAinWP Google Analytics Integration for WordPress

GAinWP Google Analytics Integration for WordPress

ga-in

A
85

Enable Google Analytics tracking and reporting dashboards in your WordPress site in just seconds.

9K No CVEs
Lara's Google Analytics (GA4)

Lara's Google Analytics (GA4)

lara-google-analytics

A
100

Full width Google Analytics dashboard widget for Wordpress admin interface, which also inserts latest Google Analytics (GA4) tracking code to your pag &hellip;

9K 1 CVE
Analytics Cat – Google Analytics Made Easy

Analytics Cat – Google Analytics Made Easy

analytics-cat

A
89

Analytics Cat - Google Analytics Lets You Add Your Google Analytics / Universal Analytics Tracking Code To Your Site With Ease.

7K 3 CVEs
Developer Profile

HT Easy GA4 – Google Analytics WordPress Plugin Developer Profile

HT Plugins

23 plugins · 64K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
124 days
View full developer profile
Detection Fingerprints

How We Detect HT Easy GA4 – Google Analytics WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ht-easy-google-analytics/assets/css/settings.css/wp-content/plugins/ht-easy-google-analytics/assets/js/ht-easy-ga4-settings.js/wp-content/plugins/ht-easy-google-analytics/assets/js/ht-easy-ga4-frontend.js
Script Paths
/wp-content/plugins/ht-easy-google-analytics/assets/js/ht-easy-ga4-settings.js/wp-content/plugins/ht-easy-google-analytics/assets/js/ht-easy-ga4-frontend.js
Version Parameters
ht-easy-google-analytics/assets/css/settings.css?ver=ht-easy-google-analytics/assets/js/ht-easy-ga4-settings.js?ver=ht-easy-google-analytics/assets/js/ht-easy-ga4-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
ht-easy-ga4-tracking-codeht-easy-ga4-disable-backend
Data Attributes
data-tracking-iddata-gtag-id
JS Globals
ht_easy_ga4_settings
FAQ

Frequently Asked Questions about HT Easy GA4 – Google Analytics WordPress Plugin