Does LiveVisi – Live Visitors Activity Tracker for WP Website have any unpatched vulnerabilities?

No. All known vulnerabilities in LiveVisi – Live Visitors Activity Tracker for WP Website have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LiveVisi – Live Visitors Activity Tracker for WP Website compatible with WordPress 6.9.4?

According to WordPress.org data, LiveVisi – Live Visitors Activity Tracker for WP Website 1.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LiveVisi – Live Visitors Activity Tracker for WP Website compatible with PHP 7.4+?

LiveVisi – Live Visitors Activity Tracker for WP Website requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

LiveVisi – Live Visitors Activity Tracker for WP Website Security & Risk Analysis

wordpress.org/plugins/livevisi

LiveVisi is a real-time WordPress analytics plugin that tracks website visitors, page views, how much time they are spending on the site.

50 active installs v1.0.1 PHP 7.4+ WP 6.3+ Updated Jan 13, 2026

live-visitor-trackertraffic-tracker-pluginvisitor-tracking-pluginwordpress-visitor-trackerwp-real-time-visitor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LiveVisi – Live Visitors Activity Tracker for WP Website Safe to Use in 2026?

Generally Safe

Score 100/100

LiveVisi – Live Visitors Activity Tracker for WP Website has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "livevisi" v1.0.1 plugin exhibits a mixed security posture. While it shows good practices in avoiding dangerous functions, performing file operations, and a relatively high percentage of prepared statements and output escaping, several areas raise concerns. The presence of REST API routes without permission callbacks represents a significant attack surface that could lead to unauthorized access or actions if exploited. The taint analysis also indicates a potential issue with unsanitized paths, even though it's not classified as critical. The plugin's clean vulnerability history is a positive sign, suggesting a history of secure development or diligent patching by developers. However, the identified entry points without proper authentication checks are a direct risk that needs immediate attention. Overall, the plugin has strengths in its core development practices, but the lack of robust access control on certain REST API endpoints is a notable weakness that warrants caution.

Key Concerns

REST API routes without permission callbacks
Taint flow with unsanitized paths (High severity)

Vulnerabilities

None known

LiveVisi – Live Visitors Activity Tracker for WP Website Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

LiveVisi – Live Visitors Activity Tracker for WP Website Code Analysis

Dangerous Functions

Raw SQL Queries

36 prepared

Unescaped Output

162 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

77% prepared47 total queries

Output Escaping

75% escaped215 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

track_visitor (includes\class-api.php:202)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

LiveVisi – Live Visitors Activity Tracker for WP Website Attack Surface

Entry Points4

Unprotected2

REST API Routes 4

GET/wp-json/livevisi/v1/trackincludes\class-api.php:23

GET/wp-json/livevisi/v1/heartbeatincludes\class-api.php:43

GET/wp-json/livevisi/v1/chart-dataincludes\class-api.php:59

GET/wp-json/livevisi/v1/save-settingsincludes\class-api.php:76

WordPress Hooks 8

actionadmin_enqueue_scriptsincludes\class-core.php:32

actionadmin_enqueue_scriptsincludes\class-core.php:33

actionadmin_menuincludes\class-core.php:34

actionwp_enqueue_scriptsincludes\class-core.php:40

actionrest_api_initincludes\class-core.php:44

filteradmin_body_classlivevisi.php:34

filteradmin_body_classtemplates\admin-live-visitor.php:248

actionadmin_noticestemplates\admin-settings.php:142

Maintenance & Trust

LiveVisi – Live Visitors Activity Tracker for WP Website Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 13, 2026

PHP min version7.4

Downloads307

Community Trust

Rating100/100

Number of ratings2

Active installs50

Alternatives

LiveVisi – Live Visitors Activity Tracker for WP Website Alternatives

No alternatives data available yet.

Developer Profile

LiveVisi – Live Visitors Activity Tracker for WP Website Developer Profile

SinodTech

1 plugin · 50 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LiveVisi – Live Visitors Activity Tracker for WP Website

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/livevisi/assets/css/admin.css/wp-content/plugins/livevisi/assets/js/admin.js/wp-content/plugins/livevisi/assets/js/chart.js

Script Paths

/wp-content/plugins/livevisi/assets/js/admin.js/wp-content/plugins/livevisi/assets/js/chart.js

Version Parameters

livevisi/assets/css/admin.css?ver=livevisi/assets/js/admin.js?ver=livevisi/assets/js/chart.js?ver=

HTML / DOM Fingerprints

CSS Classes

livevisi-dark-modelivevisi-pro-lock-icon

Data Attributes

data-livevisi-urldata-livevisi-nonce

JS Globals

livevisiApiSettingslivevisiChartData

REST Endpoints

/livevisi/v1/

FAQ