Does Plain Tracker have any unpatched vulnerabilities?

No. All known vulnerabilities in Plain Tracker have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Plain Tracker compatible with WordPress 6.8.5?

According to WordPress.org data, Plain Tracker 3.1.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Plain Tracker compatible with PHP 7.0+?

Plain Tracker requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Plain Tracker updated?

Plain Tracker was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is Plain Tracker's security score?

Plain Tracker has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plain Tracker Security & Risk Analysis

wordpress.org/plugins/plaintracker

A time clock plugin to track and analyze time of employees, workers or volunteers.

10 active installs v3.1.1 PHP 7.0+ WP 4.8+ Updated Dec 1, 2025

attendanceclockemployeetimeclockvolunteer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Plain Tracker Safe to Use in 2026?

Generally Safe

Score 100/100

Plain Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The plaintracker v3.1.1 plugin exhibits a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of known vulnerabilities (CVEs) and the use of prepared statements for all SQL queries. The code also demonstrates a good practice of performing capability checks on its entry points. However, there are areas for improvement. The low percentage of properly escaped output (62%) suggests a potential for cross-site scripting (XSS) vulnerabilities, especially if the unsanitized outputs involve user-controlled data. The lack of nonce checks on its single entry point (the shortcode) is also a concern, as it could potentially lead to unauthorized actions if the shortcode's functionality is sensitive. The absence of taint analysis results is noted but doesn't necessarily indicate a weakness without further context.

While the plugin has no recorded vulnerability history, which is a positive indicator, the static analysis reveals specific areas that require attention. The primary concerns are the insufficient output escaping and the missing nonce checks. These could be exploited to inject malicious scripts or trigger unintended actions. Overall, plaintracker v3.1.1 is not inherently insecure, but it does present some manageable risks that could be addressed through more rigorous input validation and output sanitization, as well as the implementation of nonce checks.

Key Concerns

Low percentage of properly escaped output
Missing nonce checks on shortcode

Vulnerabilities

None known

Plain Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Plain Tracker Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

62% escaped26 total outputs

Attack Surface

Plain Tracker Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[plaintracker] plaintracker.php:39

WordPress Hooks 5

actionplugins_loadedplaintracker.php:14

actionadmin_menuplaintracker.php:35

actionadmin_initplaintracker.php:36

actioninitplaintracker.php:40

actionrest_api_initplaintracker.php:42

Maintenance & Trust

Plain Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 1, 2025

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Plain Tracker Alternatives

Time Clock – A WordPress Employee & Volunteer Time Clock Plugin

time-clock

An employee / volunteer time clock for WordPress

600 3 CVEs

All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier

aio-time-clock-lite

Employees can easily clock in and out. Managers can run reports, keep track of employees/volunteers/contractors and their time.

700 5 CVEs

Attendance Manager

attendance-manager

Each user can do attendance management by themselves. 管理者のほか、ユーザー自身も編集可能な出勤管理プラグイン。

900 1 unpatched

ShiftController Employee Shift Scheduling

shiftcontroller

Schedule staff and shifts anywhere at anytime online from your WordPress powered website.

700 6 CVEs

Clock In Portal- Staff & Attendance Management

clock-in-portal

Track the attendance of all registered employees with clock in or out system

300 3 unpatched

Developer Profile

Plain Tracker Developer Profile

plainware

5 plugins · 2K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

136 days

View full developer profile

Detection Fingerprints

How We Detect Plain Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/plaintracker/assets/css/plaintracker.css/wp-content/plugins/plaintracker/assets/js/plaintracker.js

Script Paths

/wp-content/plugins/plaintracker/assets/js/plaintracker.js

Version Parameters

plaintracker/assets/css/plaintracker.css?ver=plaintracker/assets/js/plaintracker.js?ver=

HTML / DOM Fingerprints

CSS Classes

plaintracker-wrapplaintracker-login

HTML Comments

Data Attributes

data-plaintracker-login-urldata-plaintracker-login-noncedata-plaintracker-login-ajax-url

JS Globals

PlainwarePlaintracker31

REST Endpoints

/wp-json/plaintracker/v3

Shortcode Output

<div class="plaintracker-wrap">

FAQ