Does Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics compatible with WordPress 6.7.5?

According to WordPress.org data, Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics 3.0.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics compatible with PHP 7.2+?

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Security & Risk Analysis

wordpress.org/plugins/inspectlet-heatmaps-and-user-session-recording

Add Inspectlet to your WordPress site — AI-powered session replay, heatmaps, form analytics, A/B testing, and more.

700 active installs v3.0.1 PHP 7.2+ WP 5.0+ Updated Mar 26, 2026

aianalyticsform-analyticsheatmapssession-replay

A · Safe

CVEs total1

Unpatched0

Last CVEAug 14, 2025

Plugin page Download

Safety Verdict

Is Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Safe to Use in 2026?

Generally Safe

Score 99/100

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Aug 14, 2025Updated 1mo ago

Risk Assessment

The Inspectlet Heatmaps and User Session Recording plugin, version 2.0, presents a mixed security profile. On the positive side, the static analysis shows no identified dangerous functions, no raw SQL queries, no file operations, no external HTTP requests, and no taint flows indicating potential vulnerabilities in these areas. The absence of shortcodes and cron events further reduces the attack surface. However, a significant concern is the complete lack of output escaping, meaning that all output generated by the plugin is susceptible to Cross-Site Scripting (XSS) attacks. Additionally, the plugin has a history of known vulnerabilities, including a medium severity XSS vulnerability that was last patched on August 14, 2025. The fact that this vulnerability is currently unpatched is a critical issue. While the plugin appears to have a small attack surface and avoids common coding pitfalls, the unpatched XSS vulnerability and the complete lack of output escaping represent significant security risks that must be addressed.

Key Concerns

Unpatched medium severity CVE
0% output escaping
No capability checks
No nonce checks

Vulnerabilities

1 published

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49048medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Inspectlet - User Session Recording and Heatmaps <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 14, 2025 Patched in 3.0 (245d)

Version History

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Release Timeline

v3.0.1Current

v3.0

Code Analysis

Analyzed Mar 16, 2026

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuinspectlet-user-session-recording-and-heatmaps.php:13

actionadmin_initinspectlet-user-session-recording-and-heatmaps.php:17

actionwp_footerinspectlet-user-session-recording-and-heatmaps.php:53

Maintenance & Trust

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 26, 2026

PHP min version7.2

Downloads19K

Community Trust

Rating100/100

Number of ratings3

Active installs700

Alternatives

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Alternatives

Klaviyo

klaviyo

Klaviyo for WooCommerce

100K 2 CVEs

Website Pop-up Builder by BDOW! (formerly Sumo): Pop-ups + forms for email opt-ins and lead generation

sumome

100

Sumo is trusted by over 600,000 businesses — small and large — in growing their email lists, customer base, and revenue online.

20K 1 CVE

Machete

machete

100

Machete is a lean and simple suite of tools that solve common WordPress annoyances: cookie bar, tracking codes, header cleanup, social sharing

7K No CVEs

Mouseflow for WordPress

mouseflow-for-wordpress

Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess …

7K No CVEs

WP Client Reports

wp-client-reports

The best maintenance reporting tool for WordPress professionals. Display update statistics directly in the WordPress admin or send reports via email.

6K 2 CVEs

Developer Profile

Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics Developer Profile

inspectlet

1 plugin · 700 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

245 days

View full developer profile

Detection Fingerprints

How We Detect Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/inspectlet-for-wordpress/inspectlet_wp.css

HTML / DOM Fingerprints

CSS Classes

wrap

FAQ