WP-Safety

Personyze WordPress Plugin Security & Risk Analysis

wordpress.org/plugins/personyze-web-analytics

Personyze is an advanced Web analytics and personalization tool.

10 active installs v0.20 PHP 7.0+ WP 2.0.2+ Updated Jul 23, 2022
ab-testinganalyticsstatisticsstatsweb-analytics
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Personyze WordPress Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Personyze WordPress Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The 'personyze-web-analytics' plugin version 0.20 exhibits a concerning security posture due to a significant lack of authentication and authorization checks across its entry points. All seven identified entry points, including AJAX handlers and REST API routes, are exposed without proper permission callbacks or nonce checks. This wide-open attack surface presents a substantial risk, as any unauthenticated user could potentially interact with these endpoints and trigger unintended actions or expose sensitive data. While the code analysis shows a positive trend in using prepared statements for SQL queries and no critical taint flows, these strengths are heavily outweighed by the critical lack of access control.

Key Concerns

  • All AJAX handlers lack authentication checks
  • All REST API routes lack permission callbacks
  • Significant attack surface without proper authorization
  • Low percentage of properly escaped output
  • Only one nonce check present
  • Only one capability check present
Vulnerabilities
None known

Personyze WordPress Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Personyze WordPress Plugin Release Timeline

v0.20Current
v0.19
v0.18
v0.17
v0.16
v0.15
v0.14
v0.13
v0.12
v0.11
v0.10
v0.9
v0.8
v0.7
v0.6
v0.5
v0.4
v0.3
Code Analysis
Analyzed Mar 17, 2026

Personyze WordPress Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
7
2 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

22% escaped9 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<personyze-web-analytics> (personyze-web-analytics.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Personyze WordPress Plugin Attack Surface

Entry Points7
Unprotected7

AJAX Handlers 2

authwp_ajax_personyze_add_to_cartpersonyze-web-analytics.php:377
noprivwp_ajax_personyze_add_to_cartpersonyze-web-analytics.php:378

REST API Routes 5

GET/wp-json/personyze/v1/configpersonyze-web-analytics.php:57
POST/wp-json/personyze/v1/contentpersonyze-web-analytics.php:106
GET/wp-json/personyze/v1/sitemappersonyze-web-analytics.php:219
GET/wp-json/personyze/v1/productspersonyze-web-analytics.php:229
GET/wp-json/personyze/v1/statspersonyze-web-analytics.php:239
WordPress Hooks 7
actionrest_api_initpersonyze-web-analytics.php:42
actioninitpersonyze-web-analytics.php:273
filterwoocommerce_cart_contents_changedpersonyze-web-analytics.php:282
actionwp_print_scriptspersonyze-web-analytics.php:295
actioninitpersonyze-web-analytics.php:382
actionadmin_noticespersonyze-web-analytics.php:389
actionadmin_menupersonyze-web-analytics.php:403
Maintenance & Trust

Personyze WordPress Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 23, 2022
PHP min version7.0
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Personyze WordPress Plugin Alternatives

WP VisitorFlow

WP VisitorFlow

wp-visitorflow

A
85

Detailed web analytics and visualization of your website's visitor flow.

100 No CVEs
Omniture – SiteCatalyst

Omniture – SiteCatalyst

omniture-sitecatalyst

A
85

This plugin will add tracking features to your wordpress blog without have to know any PHP, edit code, or cut and paste tracking code to footers.

10 No CVEs
YWA – Yahoo Web Analytics

YWA – Yahoo Web Analytics

ywa-yahoo-web-analytics

A
85

This plugin will add tracking features to your wordpress blog without have to know any PHP, edit code, or cut and paste tracking code to footers.

10 No CVEs
Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)

burst-statistics

A
89

Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.

200K 4 CVEs
Statify

Statify

statify

A
100

Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.

100K No CVEs
Developer Profile

Personyze WordPress Plugin Developer Profile

Personyze

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Personyze WordPress Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints
/wp-json/personyze/v1/config/wp-json/personyze/v1/content/wp-json/personyze/v1/sitemap/wp-json/personyze/v1/products/wp-json/personyze/v1/stats
FAQ

Frequently Asked Questions about Personyze WordPress Plugin