Prosper202 Tracking Plugin Security & Risk Analysis

wordpress.org/plugins/prosper202-tracking-plugin

Prosper202 Tracking202 WordPress Plugin. Allows you to track stats to any page easily.

10 active installs v1.0 PHP + WP 2.5+ Updated Jan 10, 2010
prosper202stats-trackingtrack-statstracking202
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Prosper202 Tracking Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

Prosper202 Tracking Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago
Risk Assessment

The prosper202-tracking-plugin v1.0 presents a mixed security posture. While there are no known CVEs or critical issues detected through taint analysis, significant concerns arise from the lack of output escaping. All 10 detected output operations are unescaped, meaning any data displayed to users could potentially be injected with malicious scripts, leading to Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the absence of nonce and capability checks for any potential entry points, though currently limited in number, is a weakness that could be exploited if entry points are added in future versions or if existing ones are discovered to be improperly handled by WordPress core. The plugin demonstrates good practices by using prepared statements for all SQL queries and avoiding dangerous functions or file operations.

Key Concerns

  • Unescaped output across all detected outputs
  • No nonce checks on any entry points
  • No capability checks on any entry points
  • High severity taint flows found
Vulnerabilities
None known

Prosper202 Tracking Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Prosper202 Tracking Plugin Release Timeline

v1.0Current
Code Analysis
Analyzed Apr 16, 2026

Prosper202 Tracking Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
10
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

0% escaped10 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
pros_manage_panel (prosper202-tracking.php:186)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Prosper202 Tracking Plugin Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 3
actioninitprosper202-tracking.php:41
actionadmin_menuprosper202-tracking.php:42
actionwp_headprosper202-tracking.php:66
Maintenance & Trust

Prosper202 Tracking Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2
Last updatedJan 10, 2010
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Prosper202 Tracking Plugin Alternatives

No alternatives data available yet.

Developer Profile

Prosper202 Tracking Plugin Developer Profile

qualityeye

2 plugins · 210 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Prosper202 Tracking Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
/wp-content/plugins/prosper202-tracking-plugin/tracking.js
Version Parameters
/wp-content/plugins/prosper202-tracking-plugin/tracking.js?ver=

HTML / DOM Fingerprints

Data Attributes
name="prosper-name"id="prosper-name"name="prosper-pages"id="prosper-pages"name="prosper-url"id="prosper-url"+3 more
FAQ

Frequently Asked Questions about Prosper202 Tracking Plugin