WP-Safety

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Security & Risk Analysis

wordpress.org/plugins/pixel-manager-for-woocommerce

Pixel Tag Manager for WooCommerce is a powerful plugin to monitor eCommerce events with seamless integration. Track Google Analytics 4, Google Ads, Bi …

3K active installs v2.1 PHP 7.4+ WP 3.5.0+ Updated Dec 26, 2025
dynamic-retargetingfacebook-conversion-apifacebook-pixelgoogle-ads-conversiongoogle-analytics-4
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Safe to Use in 2026?

Generally Safe

Score 100/100

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "pixel-manager-for-woocommerce" plugin version 2.1 exhibits a concerning security posture primarily due to its unprotected AJAX handlers. While the plugin demonstrates strengths in using prepared statements for SQL queries and a relatively high percentage of properly escaped output, the presence of six AJAX handlers without any authentication or capability checks presents a significant attack surface. This means any unauthenticated user could potentially interact with these handlers, leading to unintended actions or information disclosure depending on their functionality. The static analysis also flagged the use of dangerous functions like 'unserialize', which, when combined with unprotected entry points, can be a vector for deserialization vulnerabilities if user-supplied data is processed. Fortunately, the plugin has no recorded vulnerability history, suggesting it may not have been actively targeted or exploited in the past, or that previous versions were secure. However, the current findings, particularly the unprotected AJAX endpoints and the use of 'unserialize', warrant immediate attention to mitigate potential risks before they can be exploited.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous unserialize function used
  • Large attack surface without auth
  • Lack of capability checks on entry points
Vulnerabilities
None known

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Code Analysis

Dangerous Functions
6
Raw SQL Queries
0
0 prepared
Unescaped Output
148
438 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

unserialize$pixels_option = unserialize( get_option("pmw_pixels_option"));admin\helper\class-pmw-admin-api-helper.php:91
unserialize$pixels_option = unserialize( get_option("pmw_pixels_option"));admin\helper\class-pmw-admin-api-helper.php:107
unserializereturn unserialize( get_option("pmw_pixels_option"));admin\helper\class-pmw-admin-helper.php:61
unserializereturn unserialize( get_option("pmw_admin_notices"));admin\helper\class-pmw-admin-helper.php:76
unserializereturn unserialize( get_option("pmw_api_store"));admin\helper\class-pmw-admin-helper.php:90
unserializereturn unserialize(get_option('pmw_migration'));admin\helper\class-pmw-admin-migrate-helper.php:65

Output Escaping

75% escaped586 total outputs
Attack Surface
6 unprotected

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Attack Surface

Entry Points6
Unprotected6

AJAX Handlers 6

authwp_ajax_pmw_pixels_saveadmin\helper\ajax\class-pmw-ajax-helper.php:20
authwp_ajax_pmw_check_privecy_policyadmin\helper\ajax\class-pmw-ajax-helper.php:21
authwp_ajax_pmw_pixels_license_key_saveadmin\helper\ajax\class-pmw-ajax-helper.php:22
authwp_ajax_pmw_notice_dismissadmin\helper\ajax\class-pmw-ajax-helper.php:23
authwp_ajax_pmw_process_conversion_eventsadmin\pixels\class-pixel-manager.php:57
noprivwp_ajax_pmw_process_conversion_eventsadmin\pixels\class-pixel-manager.php:58
WordPress Hooks 22
actionadmin_menuadmin\class-pixel-manager-for-woocommerce-admin.php:42
actionadmin_enqueue_scriptsadmin\class-pixel-manager-for-woocommerce-admin.php:43
actionadmin_noticesadmin\class-pixel-manager-for-woocommerce-admin.php:46
actioninitadmin\helper\class-pmw-admin-helper.php:22
actionpmw_before_pixel_settingsadmin\helper\class-pmw-admin-helper.php:23
filtersanitize_option_pmw_pixels_optionadmin\helper\class-pmw-admin-helper.php:27
filtersanitize_option_pmw_api_storeadmin\helper\class-pmw-admin-helper.php:28
filtersanitize_option_pmw_migrationadmin\helper\class-pmw-admin-helper.php:29
filtersanitize_option_pmw_conversion_api_logsadmin\helper\class-pmw-admin-helper.php:30
actionpmw_footeradmin\partials\common\class-pmw-footer.php:9
actionpmw_headeradmin\partials\common\class-pmw-header.php:15
actionpmw_headeradmin\partials\common\class-pmw-header.php:17
actionwp_headadmin\pixels\class-pixel-manager.php:44
actionwp_footeradmin\pixels\class-pixel-manager.php:47
actionwp_footeradmin\pixels\class-pixel-manager.php:49
actionwp_enqueue_scriptsadmin\pixels\class-pixel-manager.php:56
actionplugins_loadedincludes\class-pixel-manager-for-woocommerce.php:82
actionadmin_enqueue_scriptsincludes\class-pixel-manager-for-woocommerce.php:94
actionadmin_enqueue_scriptsincludes\class-pixel-manager-for-woocommerce.php:95
actionbefore_woocommerce_initpixel-manager-for-woocommerce.php:51
actioninitpixel-manager-for-woocommerce.php:104
actionactivated_pluginpixel-manager-for-woocommerce.php:121
Maintenance & Trust

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 26, 2025
PHP min version7.4
Downloads46K

Community Trust

Rating100/100
Number of ratings18
Active installs3K
Alternatives

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Alternatives

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

A
88

Track GA4 Analytics, Google Ads, Microsoft Ads, & Conversion with server-side tracking (CAPI) & product feed to improve ROAS, reports for WooCommerce.

10K 10 CVEs
PixelYourSite – Your smart PIXEL (TAG) & API Manager

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

A
89

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs
Insert Headers And Footers

Insert Headers And Footers

wp-headers-and-footers

A
98

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K 1 CVE
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

A
95

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs
Pixel Cat – Conversion Pixel Manager

Pixel Cat – Conversion Pixel Manager

facebook-conversion-pixel

A
96

Add Meta & Facebook Pixel, Google Analytics (GA4) and any header script to your site. Everything you need to track users, ads, events & conversions.

40K 4 CVEs
Developer Profile

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels Developer Profile

GrowCommerce

1 plugin · 3K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pixel-manager-for-woocommerce/admin/css/pixel-manager-for-woocommerce-admin.css/wp-content/plugins/pixel-manager-for-woocommerce/admin/css/pixel-manager-for-woocommerce-custom.css/wp-content/plugins/pixel-manager-for-woocommerce/admin/js/pmw-admin-main.js/wp-content/plugins/pixel-manager-for-woocommerce/public/js/pmw-public.js
Script Paths
/wp-content/plugins/pixel-manager-for-woocommerce/admin/js/pmw-admin-main.js/wp-content/plugins/pixel-manager-for-woocommerce/public/js/pmw-public.js
Version Parameters
pixel-manager-for-woocommerce/admin/css/pixel-manager-for-woocommerce-admin.css?ver=pixel-manager-for-woocommerce/admin/css/pixel-manager-for-woocommerce-custom.css?ver=pixel-manager-for-woocommerce/admin/js/pmw-admin-main.js?ver=pixel-manager-for-woocommerce/public/js/pmw-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
pmw-admin-settingspmw-google-ads-formpmw-facebook-pixel-formpmw-tiktok-pixel-formpmw-pinterest-pixel-formpmw-snapchat-pixel-formpmw-bing-ads-formpmw-ga4-form+1 more
HTML Comments
<!-- For HPOS - WooCommerce --><!-- First check the PRO plugin and need to remove it --><!-- Currently plugin version. --><!-- Begins execution of the plugin. -->+10 more
Data Attributes
data-pmw-iddata-pmw-typedata-pmw-event
JS Globals
pmw_ajax_url
FAQ

Frequently Asked Questions about Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels