Does POD Marketing Analytics have any unpatched vulnerabilities?

No. All known vulnerabilities in POD Marketing Analytics have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is POD Marketing Analytics compatible with WordPress 5.7.15?

According to WordPress.org data, POD Marketing Analytics 0.2.17 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is POD Marketing Analytics updated?

POD Marketing Analytics was last updated on Jun 9, 2021. Frequent updates are generally a positive security signal.

What is POD Marketing Analytics's security score?

POD Marketing Analytics has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

POD Marketing Analytics Security & Risk Analysis

wordpress.org/plugins/pod-marketing-analytics

The easy way to integrate the Pod Marketing Analytics Portal to your website.

0 active installs v0.2.17 PHP + WP 2.8+ Updated Jun 9, 2021

tracking-script

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is POD Marketing Analytics Safe to Use in 2026?

Generally Safe

Score 85/100

POD Marketing Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The pod-marketing-analytics plugin, in version 0.2.17, exhibits significant security concerns primarily due to a lack of proper authentication and authorization checks across its exposed entry points. A substantial attack surface is presented with all 6 identified entry points (3 AJAX handlers and 3 REST API routes) lacking any authentication or permission checks. This means any unauthenticated user could potentially trigger these functions, leading to unintended actions or information disclosure.

The static analysis further reveals critical issues in taint analysis, with 3 flows identified as having unsanitized paths and classified as high severity. This indicates a strong potential for injection-type vulnerabilities, such as cross-site scripting (XSS) or path traversal, if user-supplied input is not adequately sanitized before being used in sensitive operations like file operations or SQL queries. The low percentage of properly escaped output (15%) exacerbates this risk, making it more likely for malicious data to be rendered directly in the browser or used insecurely.

Despite the concerning code analysis, the vulnerability history is clean, with no recorded CVEs. This suggests that either the plugin has not been extensively targeted or previous versions may not have contained exploitable flaws of a publicly known nature. However, the absence of past vulnerabilities should not be a cause for complacency, especially given the current security posture indicated by the static analysis. The plugin's strengths lie in the absence of dangerous functions and the presence of nonce checks, which are good security practices, though their effectiveness is undermined by the lack of overarching authorization. Overall, the plugin requires immediate attention to address the unauthenticated entry points and unsanitized data flows to mitigate severe security risks.

Key Concerns

All AJAX handlers without auth checks
All REST API routes without permission callbacks
High severity unsanitized taint flows
Low percentage of properly escaped output
SQL queries with low prepared statement usage
File operations present
External HTTP requests present

Vulnerabilities

None known

POD Marketing Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

POD Marketing Analytics Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

25% prepared8 total queries

Output Escaping

15% escaped33 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths

activedemand_ajax_get_landing_html (landing-pages.php:107)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

POD Marketing Analytics Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 3

authwp_ajax_reset_ad_form_linkagelinked-forms.php:498

authwp_ajax_update_ad_form_linkagelinked-forms.php:499

authwp_ajax_show_form_mapperlinked-forms.php:500

REST API Routes 3

POST/wp-json/activedemand/v1/create-post/PodMarketingAnalytics.php:865

POST/wp-json/activedemand/v1/update-post/PodMarketingAnalytics.php:871

POST/wp-json/activedemand/v1/delete-post/PodMarketingAnalytics.php:877

WordPress Hooks 32

actionwp_enqueue_scriptsclass-SCCollector.php:165

filterthe_contentclass-SCCollector.php:207

filterwidget_textclass-SCCollector.php:210

actionwp_footerclass-SCCollector.php:225

actionadmin_enqueue_scriptslanding-pages.php:13

actionwplanding-pages.php:48

actionadd_meta_boxeslanding-pages.php:124

actionsave_postlanding-pages.php:163

actioninitlinked-forms.php:495

actionplugins_loadedlinked-forms.php:496

actionadmin_enqueue_scriptslinked-forms.php:555

actioninitPodMarketingAnalytics.php:42

filterblock_categoriesPodMarketingAnalytics.php:204

actioninitPodMarketingAnalytics.php:208

actioninitPodMarketingAnalytics.php:364

actionadmin_initPodMarketingAnalytics.php:444

filtermce_external_pluginsPodMarketingAnalytics.php:533

filtermce_buttonsPodMarketingAnalytics.php:534

actionwoocommerce_cart_updatedPodMarketingAnalytics.php:591

actionwoocommerce_cart_emptiedPodMarketingAnalytics.php:602

filterclean_urlPodMarketingAnalytics.php:733

actionwp_enqueue_scriptsPodMarketingAnalytics.php:734

actionadmin_enqueue_scriptsPodMarketingAnalytics.php:736

actionadmin_menuPodMarketingAnalytics.php:738

filterplugin_action_linksPodMarketingAnalytics.php:739

actioninitPodMarketingAnalytics.php:746

actionin_admin_footerPodMarketingAnalytics.php:747

actionwoocommerce_after_checkout_formPodMarketingAnalytics.php:757

actionrest_api_initPodMarketingAnalytics.php:864

actioninitPodMarketingAnalytics.php:890

actionwoocommerce_add_to_cartPodMarketingAnalytics.php:945

actionwoocommerce_thankyouPodMarketingAnalytics.php:953

Maintenance & Trust

POD Marketing Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedJun 9, 2021

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

POD Marketing Analytics Alternatives

ActiveDEMAND

activedemand

ActiveDEMAND, the easy way to add Web Forms, Dynamic Content, and Popups to your WordPress site.

1K 4 CVEs

Walnut.Marketing Portal

walnutmarketing

Adds the Walnut.Marketing Portal tracking script to your website

10 No CVEs

Developer Profile

POD Marketing Analytics Developer Profile

jumpdemand

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect POD Marketing Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pod-marketing-analytics/gutenberg-blocks/dynamic-content-blocks/block.build.js/wp-content/plugins/pod-marketing-analytics/gutenberg-blocks/forms/block.build.js/wp-content/plugins/pod-marketing-analytics/gutenberg-blocks/storyboard/block.build.js

Script Paths

HTML / DOM Fingerprints

Data Attributes

data-block-iddata-form-iddata-storyboard-id

JS Globals

activedemand_blocksactivedemand_vendoractivedemand_formsactivedemand_storyboard

Shortcode Output

[pod_block id='[pod_form id='[pod_storyboard id='

FAQ