WP-Safety

Meta pixel for WordPress Security & Risk Analysis

wordpress.org/plugins/official-facebook-pixel

Grow your business with Meta for WordPress!

400K active installs v4.1.5 PHP 8.1+ WP 5.7+ Updated Aug 14, 2025
conversions-apifacebookmetameta-adspixel
98
A · Safe
CVEs total2
Unpatched0
Last CVEMar 25, 2021
Plugin page Download
Safety Verdict

Is Meta pixel for WordPress Safe to Use in 2026?

Generally Safe

Score 98/100

Meta pixel for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Mar 25, 2021Updated 7mo ago
Risk Assessment

The 'official-facebook-pixel' plugin version 4.1.5 exhibits a generally strong security posture, with all identified entry points (AJAX handlers) protected by authentication checks. The code analysis reveals excellent practices in several areas, including 100% of SQL queries utilizing prepared statements and a high rate of output escaping (91%). The presence of nonce checks (7) and capability checks (9) further reinforces its defenses. However, the plugin has a history of significant vulnerabilities, with two high-severity CVEs previously reported, specifically related to Deserialization of Untrusted Data and Cross-Site Request Forgery (CSRF). While these vulnerabilities are currently unpatched, their historical nature suggests that mitigation may have been implemented in later versions. The lack of taint analysis data is a minor concern, as it prevents a deeper understanding of potential data manipulation risks within the plugin's codebase.

Key Concerns

  • Known high-severity vulnerabilities
  • Potential for data manipulation (no taint analysis)
  • One file operation found
  • Two external HTTP requests found
Vulnerabilities
2

Meta pixel for WordPress Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
Patched Has unpatched

Severity Breakdown

High
2

2 total CVEs

CVE-2021-24217high · 8.1Deserialization of Untrusted Data

Meta pixel for WordPress <= 2.2.2 - PHP Object Injection

Mar 25, 2021 Patched in 3.0.0 (1034d)
CVE-2021-24218high · 8.8Cross-Site Request Forgery (CSRF)

Facebook for WordPress <= 3.0.3 - Cross-site Request Forgery to Stored Cross-site Scripting and Settings Deletion via wp_ajax_(save|delete)_fbe_settings

Mar 25, 2021 Patched in 3.0.4 (1034d)
Code Analysis
Analyzed Mar 16, 2026

Meta pixel for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
64 escaped
Nonce Checks
7
Capability Checks
9
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

91% escaped70 total outputs
Attack Surface

Meta pixel for WordPress Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_send_capi_eventcore\class-facebookcapievent.php:87
authwp_ajax_save_fbe_settingscore\class-facebookwordpresssettingsrecorder.php:29
authwp_ajax_delete_fbe_settingscore\class-facebookwordpresssettingsrecorder.php:33
authwp_ajax_save_capi_integration_statuscore\class-facebookwordpresssettingsrecorder.php:40
authwp_ajax_save_capi_integration_events_filtercore\class-facebookwordpresssettingsrecorder.php:47
authwp_ajax_save_capi_pii_caching_statuscore\class-facebookwordpresssettingsrecorder.php:54
authwp_ajax_edd_add_to_cartintegration\class-facebookwordpresseasydigitaldownloads.php:70
noprivwp_ajax_edd_add_to_cartintegration\class-facebookwordpresseasydigitaldownloads.php:76
WordPress Hooks 37
actioninitcore\class-facebookwordpressoptions.php:427
actionwp_headcore\class-facebookwordpresspixelinjection.php:62
actionwp_body_opencore\class-facebookwordpresspixelinjection.php:66
actionwp_footercore\class-facebookwordpresspixelinjection.php:76
actionadmin_menucore\class-facebookwordpresssettingspage.php:56
actionadmin_initcore\class-facebookwordpresssettingspage.php:57
actionadmin_enqueue_scriptscore\class-facebookwordpresssettingspage.php:59
actioncurrent_screencore\class-facebookwordpresssettingspage.php:63
actionadmin_noticescore\class-facebookwordpresssettingspage.php:684
actionadmin_noticescore\class-facebookwordpresssettingspage.php:694
actioninitfacebook-for-wordpress.php:64
actionparse_requestfacebook-for-wordpress.php:65
actioncaldera_forms_ajax_returnintegration\class-facebookwordpresscalderaform.php:56
actionwpcf7_submitintegration\class-facebookwordpresscontactform7.php:55
actionwp_footerintegration\class-facebookwordpresscontactform7.php:61
actionwpcf7_feedback_responseintegration\class-facebookwordpresscontactform7.php:122
actionedd_after_download_contentintegration\class-facebookwordpresseasydigitaldownloads.php:61
actionedd_downloads_list_afterintegration\class-facebookwordpresseasydigitaldownloads.php:65
actionedd_purchase_link_topintegration\class-facebookwordpresseasydigitaldownloads.php:82
actionedd_payment_receipt_afterintegration\class-facebookwordpresseasydigitaldownloads.php:95
actionedd_after_download_contentintegration\class-facebookwordpresseasydigitaldownloads.php:102
actionwp_footerintegration\class-facebookwordpresseasydigitaldownloads.php:276
actionfrm_after_create_entryintegration\class-facebookwordpressformidableform.php:59
actionwp_footerintegration\class-facebookwordpressformidableform.php:94
actionwp_footerintegration\class-facebookwordpressintegrationbase.php:104
actionninja_forms_submission_actionsintegration\class-facebookwordpressninjaforms.php:59
actionwoocommerce_after_checkout_formintegration\class-facebookwordpresswoocommerce.php:71
actionwoocommerce_add_to_cartintegration\class-facebookwordpresswoocommerce.php:77
actionwoocommerce_thankyouintegration\class-facebookwordpresswoocommerce.php:84
actionwoocommerce_payment_completeintegration\class-facebookwordpresswoocommerce.php:90
actionwoocommerce_after_single_productintegration\class-facebookwordpresswoocommerce.php:96
actionwp_footerintegration\class-facebookwordpresswoocommerce.php:102
filterwoocommerce_add_to_cart_fragmentsintegration\class-facebookwordpresswoocommerce.php:367
actionwpsc_add_to_cart_json_responseintegration\class-facebookwordpresswpecommerce.php:62
actionwpsc_transaction_results_shutdownintegration\class-facebookwordpresswpecommerce.php:76
actionwpforms_process_beforeintegration\class-facebookwordpresswpforms.php:56
actionwp_footerintegration\class-facebookwordpresswpforms.php:95
Maintenance & Trust

Meta pixel for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 14, 2025
PHP min version8.1
Downloads10.0M

Community Trust

Rating54/100
Number of ratings164
Active installs400K
Alternatives

Meta pixel for WordPress Alternatives

Pixel Cat – Conversion Pixel Manager

Pixel Cat – Conversion Pixel Manager

facebook-conversion-pixel

A
96

Add Meta & Facebook Pixel, Google Analytics (GA4) and any header script to your site. Everything you need to track users, ads, events & conversions.

40K 4 CVEs
PixelFlow

PixelFlow

pixelflow

A
100

Facebook Conversions API for WooCommerce. One-click setup. Auto track WooCommerce events to Meta with 100% accuracy. Bypass iOS restrictions & ad &hellip;

0 No CVEs
Meta for WooCommerce

Meta for WooCommerce

facebook-for-woocommerce

A
93

Get the Official Meta for WooCommerce plugin for powerful ways to help grow your business.

500K 3 CVEs
Kliken: Ads + Pixel for Meta

Kliken: Ads + Pixel for Meta

kliken-ads-pixel-for-meta

A
100

Drive Sales on Facebook and Instagram in 5 minutes—upload your catalog, implement the Meta Pixel & Conversions API, and grow via Meta Advantage+ now.

50K No CVEs
Pixelavo – Server Side Tracking & Pixel + AI Ads Tools

Pixelavo – Server Side Tracking & Pixel + AI Ads Tools

pixelavo

A
100

Add pixel tracking to your WordPress site with Conversions API, server-side tracking, AI ad copy generation, and AI marketing consultant.

800 No CVEs
Developer Profile

Meta pixel for WordPress Developer Profile

Facebook

3 plugins · 990K total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1236 days
View full developer profile
Detection Fingerprints

How We Detect Meta pixel for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/official-facebook-pixel/build/fbe-allinone-script.js/wp-content/plugins/official-facebook-pixel/build/meta-settings-page-script.js/wp-content/plugins/official-facebook-pixel/build/meta-settings-page-style.css
Script Paths
/wp-content/plugins/official-facebook-pixel/build/fbe-allinone-script.js/wp-content/plugins/official-facebook-pixel/build/meta-settings-page-script.js
Version Parameters
official-facebook-pixel/build/fbe-allinone-script.js?ver=official-facebook-pixel/build/meta-settings-page-script.js?ver=official-facebook-pixel/build/meta-settings-page-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
fbe_settings_page_wrapperfbe_settings_page_containerfbe_settings_page_tabsfbe_settings_page_tabfbe_settings_page_content
HTML Comments
<!-- Facebook Pixel Settings Page --><!-- Meta Settings Page -->
Data Attributes
data-fbe-pixel-iddata-fbe-event-id
JS Globals
fbe_allinone_script_params
FAQ

Frequently Asked Questions about Meta pixel for WordPress