Does Path Pilot have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Path Pilot compatible with WordPress 6.9.0?

According to WordPress.org data, Path Pilot 1.3.2 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

Is Path Pilot compatible with PHP 7.4+?

Path Pilot requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Path Pilot updated?

Path Pilot was last updated on Dec 15, 2025. Frequent updates are generally a positive security signal.

What is Path Pilot's security score?

Path Pilot has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Path Pilot Security & Risk Analysis

wordpress.org/plugins/path-pilot

Modern WordPress plugin for smart recommendations and analytics.

0 active installs v1.3.2 PHP 7.4+ WP 6.0+ Updated Dec 15, 2025

aianalyticsconversion-optimizationcrouser-engagement

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Path Pilot Safe to Use in 2026?

Generally Safe

Score 100/100

Path Pilot has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The 'path-pilot' plugin v1.3.2 exhibits a generally strong security posture, with a notable absence of known historical vulnerabilities. The code employs prepared statements for all SQL queries and a high percentage of output is properly escaped, indicating good defensive programming practices. Nonce and capability checks are present, and the attack surface, while containing an AJAX handler, is reported as having no unprotected entry points. However, the static analysis did reveal one flow with unsanitized paths, flagged with high severity. This is a significant concern as it could potentially lead to path traversal or other file system-related vulnerabilities if exploited, even with the overall limited attack surface. The plugin also makes an external HTTP request, which, while not inherently a vulnerability, should be monitored for potential exposure if the remote endpoint is compromised or behaves maliciously.

Key Concerns

High severity unsanitized path flow
External HTTP request

Vulnerabilities

None known

Path Pilot Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Path Pilot Release Timeline

v1.3.2Current

v1.3.1

v1.3.0

v1.1.0

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Path Pilot Code Analysis

Dangerous Functions

Raw SQL Queries

50 prepared

Unescaped Output

150 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared50 total queries

Output Escaping

95% escaped158 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

save_settings (includes/common/class-path-pilot-admin.php:459)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Path Pilot Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_path_pilot_dismiss_setup_noticeincludes/common/class-path-pilot-admin.php:32

WordPress Hooks 15

actionpath_pilot_render_settings_save_overlayincludes/common/class-path-pilot-admin.php:10

actionpath_pilot_render_common_settingsincludes/common/class-path-pilot-admin.php:11

actionadmin_enqueue_scriptsincludes/common/class-path-pilot-admin.php:13

actionadmin_enqueue_scriptsincludes/common/class-path-pilot-admin.php:14

actionadmin_enqueue_scriptsincludes/common/class-path-pilot-admin.php:15

actionadmin_menuincludes/common/class-path-pilot-admin.php:17

actionadmin_post_path_pilot_save_settingsincludes/common/class-path-pilot-admin.php:18

actioncurrent_screenincludes/common/class-path-pilot-admin.php:21

actionin_admin_headerincludes/common/class-path-pilot-admin.php:26

actionwp_enqueue_scriptsincludes/common/class-path-pilot-shared.php:9

filterpath_pilot_should_track_userincludes/common/class-path-pilot-shared.php:10

actionadmin_initpath-pilot.php:46

actionrest_api_initpath-pilot.php:64

actionwp_enqueue_scriptspath-pilot.php:69

actionpath_pilot_analyze_pathspath-pilot.php:72

Scheduled Events 1

path_pilot_analyze_paths

Maintenance & Trust

Path Pilot Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedDec 15, 2025

PHP min version7.4

Downloads333

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Path Pilot Alternatives

AI Flash Tune

ai-flash-tune

100

A WordPress plugin to turn WooCommerce drop-offs into conversions with AI-powered funnel analysis and optimization.

300 No CVEs

CMWP-Analytics

cmwp-analytics

Universal Analytics Integration mit anonymizeIp und Opt-Out

90 No CVEs

CroPilot.ai Tracking

cropilot-ai-tracking

100

Boost your website's conversions with AI-powered insights. Automatic WooCommerce revenue tracking included!

0 No CVEs

GiveWP – Donation Plugin and Fundraising Platform

give

Accept donations and begin fundraising with GiveWP, the highest rated WordPress donation plugin for online giving.

100K 72 CVEs

Klaviyo

klaviyo

Klaviyo for WooCommerce

100K 2 CVEs

Developer Profile

Path Pilot Developer Profile

soliddigital

6 plugins · 470 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Path Pilot

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/path-pilot/admin/css/path-pilot-admin-style.css/wp-content/plugins/path-pilot/admin/js/path-pilot-admin.js/wp-content/plugins/path-pilot/admin/css/path-pilot-icon-font.css/wp-content/plugins/path-pilot/assets/css/path-pilot-frontend.css/wp-content/plugins/path-pilot/assets/js/path-pilot-frontend.js

Script Paths

/wp-content/plugins/path-pilot/admin/js/path-pilot-admin.js/wp-content/plugins/path-pilot/assets/js/path-pilot-frontend.js

Version Parameters

path-pilot/admin/css/path-pilot-admin-style.css?ver=path-pilot/admin/js/path-pilot-admin.js?ver=path-pilot/admin/css/path-pilot-icon-font.css?ver=path-pilot/assets/css/path-pilot-frontend.css?ver=path-pilot/assets/js/path-pilot-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

pp-admin-wrappath-pilot-upgrade-link

HTML Comments

Path Pilot Admin: admin_menu called.

Data Attributes

data-path-pilot-admin-path

JS Globals

PathPilotFrontend

REST Endpoints

/wp-json/path-pilot/v1/admin/get-path-pilot-settings/wp-json/path-pilot/v1/admin/save-path-pilot-settings/wp-json/path-pilot/v1/admin/dismiss-setup-notice

FAQ