WP-Safety

Nelio Session Recordings Security & Risk Analysis

wordpress.org/plugins/nelio-session-recordings

Record everything visitors do on your website and learn more about your users

100 active installs v1.6.0 PHP 7.4+ WP 6.6+ Updated Jan 29, 2026
analyticsinsightsmouseflowrecordingssessions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Nelio Session Recordings Safe to Use in 2026?

Generally Safe

Score 100/100

Nelio Session Recordings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The 'nelio-session-recordings' v1.6.0 plugin exhibits a generally strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events without proper authentication or permission checks significantly limits its attack surface. Furthermore, the use of prepared statements for all SQL queries and a high percentage of properly escaped output are commendable security practices. The plugin also demonstrates good use of nonce and capability checks, alongside a single file operation and a limited number of external HTTP requests, suggesting controlled interactions with the system and external services.

However, a few areas warrant attention. The presence of a file operation and a notable number of external HTTP requests, while not explicitly flagged as problematic, could represent potential points of compromise if not handled with extreme care. The taint analysis showing zero flows with unsanitized paths is a positive indicator, but the fact that no taint flows were analyzed at all might suggest either a very simple plugin or that the analysis was not exhaustive. The lack of any recorded vulnerabilities in its history is a significant strength, indicating a stable and well-maintained codebase over time. This plugin appears to be built with security in mind, but developers should remain vigilant about how file operations and external requests are managed to mitigate any latent risks.

Key Concerns

  • File operations present
  • External HTTP requests count
  • Taint analysis not performed
Vulnerabilities
None known

Nelio Session Recordings Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Nelio Session Recordings Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
6
37 escaped
Nonce Checks
1
Capability Checks
4
File Operations
1
External Requests
10
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

86% escaped43 total outputs
Attack Surface

Nelio Session Recordings Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 38
actionadmin_menuadmin\class-nelio-session-recordings-admin.php:31
actionadmin_enqueue_scriptsadmin\class-nelio-session-recordings-admin.php:32
filteroption_page_capability_nelio-session-recordings_groupadmin\class-nelio-session-recordings-admin.php:33
actionadmin_enqueue_scriptsadmin\pages\class-nelio-session-recordings-abstract-page.php:35
actionadmin_enqueue_scriptsadmin\pages\class-nelio-session-recordings-plugin-list-page.php:18
actionadmin_menuadmin\pages\class-nelio-session-recordings-recording-page.php:34
actioncurrent_screenadmin\pages\class-nelio-session-recordings-recording-page.php:35
actioncurrent_screenadmin\pages\class-nelio-session-recordings-recording-page.php:36
filterneliosr_script_dependenciesadmin\pages\class-nelio-session-recordings-recording-page.php:38
actionadmin_menuadmin\pages\class-nelio-session-recordings-recordings-list-page.php:34
actionadmin_menuadmin\pages\class-nelio-session-recordings-settings-page.php:34
actionnab_site_updatedincludes\nelio-ab-testing-integration.php:10
filternab_show_session_recordings_pageincludes\nelio-ab-testing-integration.php:19
filterneliosr_script_dependenciesincludes\nelio-ab-testing-integration.php:24
actionrest_api_initincludes\rest\class-nelio-session-recordings-account-rest-controller.php:46
actionrest_api_initincludes\rest\class-nelio-session-recordings-experiment-rest-controller.php:44
filterposts_whereincludes\rest\class-nelio-session-recordings-experiment-rest-controller.php:137
actionrest_api_initincludes\rest\class-nelio-session-recordings-init-rest-controller.php:46
actionrest_api_initincludes\rest\class-nelio-session-recordings-plugin-rest-controller.php:46
actionrest_api_initincludes\rest\class-nelio-session-recordings-post-rest-controller.php:42
filterposts_whereincludes\rest\class-nelio-session-recordings-post-rest-controller.php:273
actionrest_api_initincludes\rest\class-nelio-session-recordings-recording-rest-controller.php:47
actionrest_api_initincludes\rest\class-nelio-session-recordings-settings-rest-controller.php:47
filterure_capabilities_groups_treeincludes\utils\class-nelio-session-recordings-capability-manager.php:48
filterure_custom_capability_groupsincludes\utils\class-nelio-session-recordings-capability-manager.php:49
filternab_tab_settingsincludes\utils\class-nelio-session-recordings-settings-renderer.php:39
actionadmin_enqueue_scriptsincludes\utils\class-nelio-session-recordings-settings-renderer.php:40
actionnab_settings_screen_afterincludes\utils\class-nelio-session-recordings-settings-renderer.php:41
actioninitnelio-session-recordings.php:81
actionplugins_loadednelio-session-recordings.php:82
actionadmin_initnelio-session-recordings.php:103
actionwp_enqueue_scriptspublic\class-nelio-session-recordings-main-script.php:27
filterscript_loader_tagpublic\class-nelio-session-recordings-main-script.php:28
actionplugins_loadedpublic\class-nelio-session-recordings-public.php:28
actioninitpublic\class-nelio-session-recordings-public.php:30
actionset_logged_in_cookiepublic\class-nelio-session-recordings-public.php:31
actionclear_auth_cookiepublic\class-nelio-session-recordings-public.php:32
actionplugins_loadedpublic\class-nelio-session-recordings-public.php:34
Maintenance & Trust

Nelio Session Recordings Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version7.4
Downloads3K

Community Trust

Rating20/100
Number of ratings1
Active installs100
Alternatives

Nelio Session Recordings Alternatives

LiveSession – Visitor Recording for WordPress

LiveSession – Visitor Recording for WordPress

livesession

A
85

LiveSession is a session replay tool that will help you learn more about your users. You can watch how they interact with your website.

100 No CVEs
Advanced Hotjar

Advanced Hotjar

advanced-hotjar

A
85

Load Hotjar and prevent it from tracking admins, logged-in users, and IP addresses.

40 No CVEs
Site Kit by Google – Analytics, Search Console, AdSense, Speed

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

A
100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE
WP Statistics – Simple, privacy-friendly Google Analytics alternative

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

B
81

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

600K 35 CVEs
Hotjar

Hotjar

hotjar

A
85

The fast & visual way to understand your users.

80K 1 CVE
Developer Profile

Nelio Session Recordings Developer Profile

Nelio Software

12 plugins · 11K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
957 days
View full developer profile
Detection Fingerprints

How We Detect Nelio Session Recordings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nelio-session-recordings/assets/dist/css/plugin-list-page.css/wp-content/plugins/nelio-session-recordings/assets/dist/js/plugin-list-page.js
Script Paths
/wp-content/plugins/nelio-session-recordings/assets/dist/js/plugin-list-page.js
Version Parameters
nelio-session-recordings/assets/dist/css/plugin-list-page.css?ver=nelio-session-recordings/assets/dist/js/plugin-list-page.js?ver=

HTML / DOM Fingerprints

CSS Classes
neliosr-deactivate-link
JS Globals
neliosr.initPage
REST Endpoints
/wp-json/neliosr/v1/account/wp-json/neliosr/v1/recording/wp-json/neliosr/v1/settings/wp-json/neliosr/v1/post/wp-json/neliosr/v1/experiment/wp-json/neliosr/v1/plugin
FAQ

Frequently Asked Questions about Nelio Session Recordings