Does Metrics Query have any unpatched vulnerabilities?

No. All known vulnerabilities in Metrics Query have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Metrics Query compatible with WordPress 5.7.15?

According to WordPress.org data, Metrics Query 1.0.3 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

Is Metrics Query compatible with PHP 5.6.0+?

Metrics Query requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Metrics Query updated?

Metrics Query was last updated on Apr 30, 2021. Frequent updates are generally a positive security signal.

What is Metrics Query's security score?

Metrics Query has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Metrics Query Security & Risk Analysis

wordpress.org/plugins/metrics-query

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

100 active installs v1.0.3 PHP 5.6.0+ WP 3.5+ Updated Apr 30, 2021

analyticsgadwpgoogle-analyticsgoogle-analytics-dashboardgoogle-analytics-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Metrics Query Safe to Use in 2026?

Generally Safe

Score 85/100

Metrics Query has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "metrics-query" v1.0.3 plugin exhibits a generally good security posture, with a promising absence of known vulnerabilities and a robust implementation of security checks like nonces and capability checks. The static analysis indicates a well-defined attack surface, with all identified entry points protected by authentication mechanisms. Taint analysis further supports this, showing no critical or high severity unsanitized flows, suggesting a reduced risk of common web vulnerabilities like XSS or SQL injection.

However, a significant concern arises from the presence of the `unserialize()` function, which is a known source of critical vulnerabilities if user-controlled data is passed to it without proper sanitization. While no specific unsanitized flows were detected in the taint analysis, the mere presence of this function warrants caution. Additionally, the SQL query implementation, with only 75% using prepared statements, leaves a small window for potential SQL injection vulnerabilities, especially if the remaining un-prepared queries handle user input.

Overall, the plugin's clean vulnerability history is a strong positive indicator. However, the potential risks associated with `unserialize()` and the less-than-perfect SQL preparation mean that while the current known risk is low, a proactive approach to code review and sanitization of any data passed to `unserialize()` would further enhance its security.

Key Concerns

Presence of unserialize() function
SQL queries not fully using prepared statements

Vulnerabilities

None known

Metrics Query Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Metrics Query Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

141

123 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize($data);tools\src\Deconf\Cache\File.php:75

SQL Query Safety

25% prepared4 total queries

Output Escaping

47% escaped264 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

frontend_settings (admin\settings.php:108)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Metrics Query Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 6

authwp_ajax_gadwp_backend_item_reportsadmin\ajax-actions.php:25

authwp_ajax_gadwp_dismiss_noticesadmin\ajax-actions.php:29

authwp_ajax_gadwp_set_errorcommon\ajax-actions.php:24

authwp_ajax_gadwp_frontend_item_reportsfront\ajax-actions.php:25

authwp_ajax_ajax_frontwidget_reportfront\ajax-actions.php:29

noprivwp_ajax_ajax_frontwidget_reportfront\ajax-actions.php:30

Shortcodes 1

[gadwp_useroptout] front\tracking.php:76

WordPress Hooks 34

filtermanage_posts_columnsadmin\item-reports.php:25

actionmanage_posts_custom_columnadmin\item-reports.php:28

filtermanage_pages_columnsadmin\item-reports.php:31

actionmanage_pages_custom_columnadmin\item-reports.php:34

actionadmin_enqueue_scriptsadmin\setup.php:24

actionadmin_menuadmin\setup.php:26

actionnetwork_admin_menuadmin\setup.php:28

actionadmin_noticesadmin\setup.php:32

actionwp_dashboard_setupadmin\widgets.php:23

filterauto_update_pluginconfig.php:26

filterplugins_update_check_localesconfig.php:29

actionadmin_bar_menufront\item-reports.php:23

actionwp_enqueue_scriptsfront\setup.php:24

actionwp_headfront\tracking-analytics.php:122

actionwp_footerfront\tracking-analytics.php:232

actionwp_headfront\tracking-analytics.php:234

actionwp_footerfront\tracking-analytics.php:402

actionwp_headfront\tracking-analytics.php:404

filteramp_post_template_datafront\tracking-analytics.php:539

actionamp_post_template_footerfront\tracking-analytics.php:540

filterthe_contentfront\tracking-analytics.php:541

actionamp_post_template_headfront\tracking-analytics.php:543

actionwp_footerfront\tracking-tagmanager.php:32

actionwp_headfront\tracking-tagmanager.php:34

filteramp_post_template_datafront\tracking-tagmanager.php:38

actionamp_post_template_footerfront\tracking-tagmanager.php:39

actionwp_enqueue_scriptsfront\widgets.php:24

actioninitgadwp.php:134

actioninitgadwp.php:139

actionwidgets_initgadwp.php:163

actionadmin_initgadwp.php:280

actionadmin_noticesgadwp.php:284

actionplugins_loadedgadwp.php:294

filtergadwp_endpoint_stream_optionstools\gapi.php:129

Maintenance & Trust

Metrics Query Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedApr 30, 2021

PHP min version5.6.0

Downloads5K

Community Trust

Rating100/100

Number of ratings11

Active installs100

Alternatives

Metrics Query Alternatives

ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin)

google-analytics-dashboard-for-wp

Connects Google Analytics with your WordPress site. Displays stats to help you understand your users and site content on a whole new level!

300K 5 CVEs

GAinWP Google Analytics Integration for WordPress

ga-in

Enable Google Analytics tracking and reporting dashboards in your WordPress site in just seconds.

9K No CVEs

Lara's Google Analytics (GA4)

lara-google-analytics

100

Full width Google Analytics dashboard widget for Wordpress admin interface, which also inserts latest Google Analytics (GA4) tracking code to your pag …

9K 1 CVE

Local Google Analytics for WordPress – caches external requests

simple-google-analytics

100

Plugs in Google Analytics code to your website pages and caches it, so the website loads faster.

4K No CVEs

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs

Developer Profile

Metrics Query Developer Profile

yehudah

6 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Metrics Query

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/metrics-query/admin/js/admin-setup.js/wp-content/plugins/metrics-query/admin/css/admin-setup.css/wp-content/plugins/metrics-query/frontend/js/frontend-setup.js/wp-content/plugins/metrics-query/frontend/css/frontend-setup.css/wp-content/plugins/metrics-query/common/js/common-setup.js/wp-content/plugins/metrics-query/common/css/common-setup.css/wp-content/plugins/metrics-query/tools/js/tools.js/wp-content/plugins/metrics-query/tools/css/tools.css+4 more

Script Paths

/wp-content/plugins/metrics-query/admin/js/admin-setup.js/wp-content/plugins/metrics-query/frontend/js/frontend-setup.js/wp-content/plugins/metrics-query/common/js/common-setup.js/wp-content/plugins/metrics-query/tools/js/tools.js/wp-content/plugins/metrics-query/install/js/install.js/wp-content/plugins/metrics-query/widgets/js/widgets.js

Version Parameters

metrics-query/admin/css/admin-setup.css?ver=metrics-query/frontend/css/frontend-setup.css?ver=metrics-query/common/css/common-setup.css?ver=metrics-query/tools/css/tools.css?ver=metrics-query/install/css/install.css?ver=metrics-query/widgets/css/widgets.css?ver=metrics-query/admin/js/admin-setup.js?ver=metrics-query/frontend/js/frontend-setup.js?ver=metrics-query/common/js/common-setup.js?ver=metrics-query/tools/js/tools.js?ver=metrics-query/install/js/install.js?ver=metrics-query/widgets/js/widgets.js?ver=

HTML / DOM Fingerprints

CSS Classes

gadwp

HTML Comments

Data Attributes

data-gadwp-settings

JS Globals

GADWP_ConfigGADWP_ToolsGADWP_TrackingGADWP_Frontend_AjaxGADWP_Frontend_SetupGADWP_Frontend_Item_Reports+6 more

FAQ