Does LoL Tracker have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is LoL Tracker compatible with WordPress 4.1.42?

According to WordPress.org data, LoL Tracker 1.0.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is LoL Tracker updated?

LoL Tracker was last updated on Mar 27, 2015. Frequent updates are generally a positive security signal.

What is LoL Tracker's security score?

LoL Tracker has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LoL Tracker Security & Risk Analysis

wordpress.org/plugins/loltracker

LoL Tracker is a set of tools relating your league of Legends account.

10 active installs v1.0.0 PHP + WP 3.7.0+ Updated Mar 27, 2015

free-week-championsleague-of-legendslolriotrotation

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is LoL Tracker Safe to Use in 2026?

Generally Safe

Score 85/100

LoL Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "loltracker" plugin v1.0.0 exhibits a concerning security posture due to its unprotected entry points and lack of robust security checks. The analysis reveals two AJAX handlers, both lacking authentication checks, which represent significant attack vectors. Furthermore, the presence of the dangerous `create_function` call is a critical red flag, often associated with remote code execution vulnerabilities if user input is involved. The low percentage of properly escaped output (7%) indicates a high risk of cross-site scripting (XSS) vulnerabilities. While the plugin avoids raw SQL queries and has no recorded vulnerability history, these positive points are heavily overshadowed by the critical flaws in its handling of user input and entry points. The absence of nonce and capability checks on its AJAX endpoints makes it highly susceptible to unauthorized actions and further exploitation.

Key Concerns

AJAX handlers without auth checks
Dangerous function create_function used
Low output escaping percentage
No nonce checks on AJAX
No capability checks on AJAX

Vulnerabilities

None known

LoL Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

LoL Tracker Release Timeline

v1.0.2

Code Analysis

Analyzed Mar 17, 2026

LoL Tracker Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("lol_tracker_fwc_widget");'))includes\class-lol-tracker.php:334

Output Escaping

7% escaped14 total outputs

Attack Surface

2 unprotected

LoL Tracker Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_showFreeChampionsincludes\class-lol-tracker.php:189

noprivwp_ajax_showFreeChampionsincludes\class-lol-tracker.php:193

WordPress Hooks 9

actionadmin_menuadmin\class-lol-tracker-admin.php:122

actionadmin_initadmin\class-lol-tracker-admin.php:123

actionplugins_loadedincludes\class-lol-tracker.php:153

actionadmin_enqueue_scriptsincludes\class-lol-tracker.php:169

actionadmin_enqueue_scriptsincludes\class-lol-tracker.php:170

actionwp_enqueue_scriptsincludes\class-lol-tracker.php:186

actionwp_enqueue_scriptsincludes\class-lol-tracker.php:187

actionwidgets_initincludes\class-lol-tracker.php:334

actionwp_enqueue_scriptspublic\class-lol-tracker-public.php:76

Maintenance & Trust

LoL Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedMar 27, 2015

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

LoL Tracker Alternatives

Ad Inserter – Ad Manager & AdSense Ads

ad-inserter

Manage Google AdSense ads, banners, ad rotation, sticky widgets, AMP ads, ads.txt, tracking, header and footer code, PHP code, global custom fields

300K 12 CVEs

FlatPM – Ad Manager, AdSense and Custom Code

flatpm-wp

Flat PM is an ad management plugin. You might be thinking, "why do I need it?". It's simple: this is the best plugin for organizing ads …

10K 3 CVEs

Image Rotation Repair

image-rotation-repair

The Image Rotation Repair plugin simply fixes image orientation based on EXIF data. This is primarily a patch for mis-oriented images delivered from …

7K No CVEs

Fix Image Rotation

fix-image-rotation

100

Fixes the rotation of the images based on EXIF data

4K No CVEs

Random Content

random-content

100

Display random content anywhere on your WordPress site. Rotate testimonials, banners, CTAs, and more with a simple shortcode or widget.

3K No CVEs

Developer Profile

LoL Tracker Developer Profile

vvasiloud

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LoL Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/loltracker/admin/css/lol-tracker-admin.css/wp-content/plugins/loltracker/admin/js/lol-tracker-admin.js

Script Paths

/wp-content/plugins/loltracker/admin/js/lol-tracker-admin.js

Version Parameters

lol-tracker-admin.css?ver=lol-tracker-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

name='lol_tracker_settings[lol_tracker_riot_api_key]'name='lol_tracker_settings[lol_tracker_region_name]'

FAQ