Does Website Optimization – Plerdy have any unpatched vulnerabilities?

No. All known vulnerabilities in Website Optimization – Plerdy have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Website Optimization – Plerdy compatible with WordPress 6.6.5?

According to WordPress.org data, Website Optimization – Plerdy 1.4.5 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Website Optimization – Plerdy updated?

Website Optimization – Plerdy was last updated on Jul 15, 2025. Frequent updates are generally a positive security signal.

What is Website Optimization – Plerdy's security score?

Website Optimization – Plerdy has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Website Optimization – Plerdy Security & Risk Analysis

wordpress.org/plugins/plerdy-heatmap

Optimize your website with Plerdy by analyzing traffic sources, scroll depth, user clicks, and usability to enhance conversion and strategy.

1K active installs v1.4.5 PHP + WP 1.0+ Updated Jul 15, 2025

analyticsheatmapsplerdypopup-formseo

A · Safe

CVEs total1

Unpatched0

Last CVENov 14, 2023

Plugin page Download

Safety Verdict

Is Website Optimization – Plerdy Safe to Use in 2026?

Generally Safe

Score 100/100

Website Optimization – Plerdy has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Nov 14, 2023Updated 8mo ago

Risk Assessment

The plerd-heatmap v1.4.5 plugin presents a generally positive security posture based on the provided static analysis. The absence of critical findings in the attack surface, code signals like dangerous functions, and taint analysis is encouraging. Furthermore, all SQL queries are properly prepared, indicating good practice in database interaction. However, the 50% rate of improperly escaped output is a significant concern, as it exposes the plugin to potential Cross-Site Scripting (XSS) vulnerabilities where user-supplied data is displayed without proper sanitization. The vulnerability history reveals one past medium-severity XSS vulnerability, which, while currently patched, highlights a recurring risk area. The lack of recent unpatched CVEs is a strength, but the past incident combined with the current unescaped output necessitates vigilance.

Key Concerns

Improper output escaping
Past medium severity XSS vulnerability

Vulnerabilities

Website Optimization – Plerdy Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-5715medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Website Optimization – Plerdy <= 1.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 14, 2023 Patched in 1.3.3 (70d)

Code Analysis

Analyzed Mar 16, 2026

Website Optimization – Plerdy Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

50% escaped12 total outputs

Attack Surface

Website Optimization – Plerdy Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionwp_headplerdy_heatmap_tracking.php:37

actionwp_footerplerdy_heatmap_tracking.php:38

actionwoocommerce_thankyouplerdy_heatmap_tracking.php:39

actionadmin_footerplerdy_heatmap_tracking.php:40

actionadmin_menuplerdy_heatmap_tracking.php:42

actionadmin_initplerdy_heatmap_tracking.php:43

actioninitplerdy_heatmap_tracking.php:187

Maintenance & Trust

Website Optimization – Plerdy Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 15, 2025

PHP min version

Downloads19K

Community Trust

Rating100/100

Number of ratings6

Active installs1K

Alternatives

Website Optimization – Plerdy Alternatives

ShinyStat Analytics

shinystat-analytics

100

Plugin to activate the ShinyStat Analytics services on your website.

1K No CVEs

SEO SIMPLE PACK

seo-simple-pack

This is a very simple SEO plugin. You can easily set and customize meta tags and OGP tags for each page.

100K 1 CVE

CallRail Phone Call Tracking

callrail-phone-call-tracking

Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.

10K 2 CVEs

Mouseflow for WordPress

mouseflow-for-wordpress

Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess …

7K No CVEs

Lucky Orange

lucky-orange

100

Less time crunching numbers, more time growing your business.

2K No CVEs

Developer Profile

Website Optimization – Plerdy Developer Profile

Plerdy

1 plugin · 1K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

70 days

View full developer profile

Detection Fingerprints

How We Detect Website Optimization – Plerdy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/plerdy-heatmap/js/click/main.js/wp-content/plugins/plerdy-heatmap/js/ab/plerdy_ab-min.js

Version Parameters

plerdy_heatmap/js/click/main.js?v=plerdy_heatmap/js/ab/plerdy_ab-min.js?v=

HTML / DOM Fingerprints

CSS Classes

imgplerdynonewaperform-plerdy

HTML Comments

BEGIN PLERDY CODEEND PLERDY CODEBEGIN PLERDY A/B TESTING CODEEND PLERDY A/B TESTING CODE

Data Attributes

data-plerdy_code='1'data-plerdymainscript='plerdymainscript'

JS Globals

plerdyScriptplerdaScriptplerdymainscriptplerda_ab-min.jsplerdy_ab-min.jsplerdaSend

FAQ