Does QA Assistants – Driven by data have any unpatched vulnerabilities?

No. All known vulnerabilities in QA Assistants – Driven by data have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is QA Assistants – Driven by data compatible with WordPress 6.9.4?

According to WordPress.org data, QA Assistants – Driven by data 5.1.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is QA Assistants – Driven by data compatible with PHP 7.0+?

QA Assistants – Driven by data requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is QA Assistants – Driven by data updated?

QA Assistants – Driven by data was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is QA Assistants – Driven by data's security score?

QA Assistants – Driven by data has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

QA Assistants – Driven by data Security & Risk Analysis

wordpress.org/plugins/qa-heatmap-analytics

Let your data speak — assistants with different perspectives help you understand your site, alongside heatmaps and replays.

2K active installs v5.1.3.0 PHP 7.0+ WP 5.9+ Updated Jan 19, 2026

analyticsassistantsheatmapinsightsprivacy-friendly

A · Safe

CVEs total1

Unpatched0

Last CVEOct 9, 2024

Plugin page Download

Safety Verdict

Is QA Assistants – Driven by data Safe to Use in 2026?

Generally Safe

Score 99/100

QA Assistants – Driven by data has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 9, 2024Updated 2mo ago

Risk Assessment

The "qa-heatmap-analytics" v5.1.3.0 plugin demonstrates a generally good security posture, with a strong emphasis on prepared statements for SQL queries and proper output escaping. The plugin also incorporates a significant number of nonce and capability checks, indicating an awareness of common WordPress security practices. The static analysis shows no unprotected entry points, which is a positive indicator.

However, there are areas of concern. The presence of dangerous functions like "unserialize" and "exec" warrants careful scrutiny, especially in conjunction with the taint analysis results. Three flows with unsanitized paths, two of which are deemed high severity, represent the most significant risk. These flows could potentially lead to code execution or other serious vulnerabilities if not handled with extreme care within the plugin's logic.

The plugin's vulnerability history, while showing only one medium severity CVE, is notable for the "Missing Authorization" common vulnerability type. This, combined with the taint analysis findings, suggests a potential weakness in how the plugin validates user permissions before processing potentially sensitive data or executing functions. While currently unpatched vulnerabilities are zero, this historical pattern should be addressed proactively.

Key Concerns

High severity unsanitized taint flows
Flows with unsanitized paths
Dangerous functions found (unserialize, exec)
Past medium CVE with Missing Authorization
Bundled library (Guzzle) - potential for outdated versions

Vulnerabilities

QA Assistants – Driven by data Security Vulnerabilities

CVEs by Year

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-8513medium · 5.3Missing Authorization

QA Analytics <= 4.1.1.1 - Missing Authorization to Unauthenticated Settings Update

Oct 9, 2024 Patched in 4.1.1.2 (115d)

Code Analysis

Analyzed Mar 16, 2026

QA Assistants – Driven by data Code Analysis

Dangerous Functions

Raw SQL Queries

314 prepared

Unescaped Output

111

800 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$arr = @unserialize( $data ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouragedclass-qahm-core-base.php:572

unserialize$arr = @unserialize( $str_fixed ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouragedclass-qahm-core-base.php:601

unserialize$arr = @unserialize( $str_fixed ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouragedclass-qahm-core-base.php:613

unserialize$arr = @unserialize( $str_fixed ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouragedclass-qahm-core-base.php:634

unserialize$arr = @unserialize( $str_fixed ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouragedclass-qahm-core-base.php:646

unserialize$arr = @unserialize( $str_fixed ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouragedclass-qahm-core-base.php:658

unserialize$arr = @unserialize( $str_fixed ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouragedclass-qahm-core-base.php:670

execexec("ls -l --time-style=full-iso ".$dir.$wildcard, $files);class-qahm-file-base.php:114

Bundled Libraries

Guzzle

SQL Query Safety

90% prepared348 total queries

Output Escaping

88% escaped911 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

<qahm-ajax> (qahm-ajax.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

QA Assistants – Driven by data Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_qahm_dismiss_advanced_noticeclass-qahm-admin-init.php:61

authwp_ajax_qahm_ajax_save_plugin_configclass-qahm-admin-page-config.php:33

authwp_ajax_qahm_page_analysis_assistantclass-qahm-page-analysis-assistant.php:34

WordPress Hooks 47

actionactivated_pluginclass-qahm-activate.php:26

actiondeactivated_pluginclass-qahm-activate.php:27

filtercron_schedulesclass-qahm-activate.php:28

actionwp_loadedclass-qahm-activate.php:31

actioninitclass-qahm-activate.php:34

actioninitclass-qahm-admin-init.php:16

actionadmin_menuclass-qahm-admin-init.php:24

actionadmin_enqueue_scriptsclass-qahm-admin-init.php:25

actionadmin_menuclass-qahm-admin-init.php:26

filterwp_feed_cache_transient_lifetimeclass-qahm-admin-init.php:27

actionuser_registerclass-qahm-admin-init.php:37

actionadmin_initclass-qahm-admin-init.php:38

actionadmin_initclass-qahm-admin-init.php:39

actionadmin_menuclass-qahm-admin-init.php:40

actionwp_before_admin_bar_renderclass-qahm-admin-init.php:41

filterauto_update_coreclass-qahm-admin-init.php:44

filterauto_update_pluginclass-qahm-admin-init.php:45

filterauto_update_themeclass-qahm-admin-init.php:46

filterauto_update_translationclass-qahm-admin-init.php:47

actionlogin_enqueue_scriptsclass-qahm-admin-init.php:50

filterlogin_headerurlclass-qahm-admin-init.php:51

filterlogin_headertextclass-qahm-admin-init.php:52

actionadmin_noticesclass-qahm-admin-init.php:55

actionadmin_footerclass-qahm-admin-init.php:57

actionadmin_noticesclass-qahm-admin-init.php:59

actionadmin_footerclass-qahm-admin-init.php:60

actionadmin_enqueue_scriptsclass-qahm-admin-init.php:340

actionadmin_enqueue_scriptsclass-qahm-admin-init.php:352

actionadmin_enqueue_scriptsclass-qahm-admin-init.php:364

actionadmin_enqueue_scriptsclass-qahm-admin-init.php:416

actionadmin_enqueue_scriptsclass-qahm-admin-init.php:433

actioninitclass-qahm-admin-page-config.php:29

actionload-toplevel_page_qahm-configclass-qahm-admin-page-config.php:30

actioninitclass-qahm-admin-page-entire.php:26

actionadmin_initclass-qahm-admin-page-license.php:26

actioninitclass-qahm-assistant-manager.php:7

actioninitclass-qahm-behavioral-data.php:19

actionadmin_noticesclass-qahm-license.php:52

actioninitclass-qahm-license.php:53

actionwp_enqueue_scriptsclass-qahm-page-analysis-assistant.php:30

actionwp_footerclass-qahm-page-analysis-assistant.php:31

actionwp_enqueue_scriptsclass-qahm-tracking-tag.php:19

actionwp_headclass-qahm-tracking-tag.php:22

actioninitclass-qahm-view-heatmap.php:25

actioninitclass-qahm-view-replay.php:17

actionadmin_noticesqahm-loader.php:35

actionrest_api_initqahm-loader.php:188

Maintenance & Trust

QA Assistants – Driven by data Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 19, 2026

PHP min version7.0

Downloads50K

Community Trust

Rating90/100

Number of ratings8

Active installs2K

Alternatives

QA Assistants – Driven by data Alternatives

LiveSession – Visitor Recording for WordPress

livesession

LiveSession is a session replay tool that will help you learn more about your users. You can watch how they interact with your website.

100 No CVEs

Advanced Hotjar

advanced-hotjar

Load Hotjar and prevent it from tracking admins, logged-in users, and IP addresses.

40 No CVEs

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

600K 35 CVEs

Matomo Analytics – Ethical Stats. Powerful Insights.

matomo

Privacy friendly, GDPR compliant and self-hosted. Matomo is the #1 Google Analytics alternative that gives you control of your data. Free and secure.

100K 2 CVEs

Developer Profile

QA Assistants – Driven by data Developer Profile

QuarkA

1 plugin · 2K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

115 days

View full developer profile

Detection Fingerprints

How We Detect QA Assistants – Driven by data

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qa-heatmap-analytics/admin-page-announce.css/wp-content/plugins/qa-heatmap-analytics/admin-page-config.css/wp-content/plugins/qa-heatmap-analytics/admin-page-dashboard.css/wp-content/plugins/qa-heatmap-analytics/admin-page-license.css/wp-content/plugins/qa-heatmap-analytics/admin-page-menu.css/wp-content/plugins/qa-heatmap-analytics/admin-page-user.css/wp-content/plugins/qa-heatmap-analytics/admin-page-behavior-ap.css/wp-content/plugins/qa-heatmap-analytics/admin-page-behavior-gw.css+45 more

Script Paths

Version Parameters

qa-heatmap-analytics/admin-page-announce.css?ver=qa-heatmap-analytics/admin-page-config.css?ver=qa-heatmap-analytics/admin-page-dashboard.css?ver=qa-heatmap-analytics/admin-page-license.css?ver=qa-heatmap-analytics/admin-page-menu.css?ver=qa-heatmap-analytics/admin-page-user.css?ver=qa-heatmap-analytics/admin-page-behavior-ap.css?ver=qa-heatmap-analytics/admin-page-behavior-gw.css?ver=qa-heatmap-analytics/admin-page-behavior-lp.css?ver=qa-heatmap-analytics/admin-page-behavior.css?ver=qa-heatmap-analytics/admin-page-goals.css?ver=qa-heatmap-analytics/admin-page-acquisition.css?ver=qa-heatmap-analytics/admin-page-assistant.css?ver=qa-heatmap-analytics/admin-page-entire.css?ver=qa-heatmap-analytics/admin-page-realtime.css?ver=qa-heatmap-analytics/admin-page-ai-report.css?ver=qa-heatmap-analytics/admin-page-help.css?ver=qa-heatmap-analytics/common.css?ver=qa-heatmap-analytics/common.js?ver=qa-heatmap-analytics/admin-page-menu.js?ver=qa-heatmap-analytics/admin-page-config.js?ver=qa-heatmap-analytics/admin-page-dashboard.js?ver=qa-heatmap-analytics/admin-page-license.js?ver=qa-heatmap-analytics/admin-page-user.js?ver=qa-heatmap-analytics/admin-page-behavior-ap.js?ver=qa-heatmap-analytics/admin-page-behavior-gw.js?ver=qa-heatmap-analytics/admin-page-behavior-lp.js?ver=qa-heatmap-analytics/admin-page-behavior.js?ver=qa-heatmap-analytics/admin-page-goals.js?ver=qa-heatmap-analytics/admin-page-acquisition.js?ver=qa-heatmap-analytics/admin-page-assistant.js?ver=qa-heatmap-analytics/admin-page-entire.js?ver=qa-heatmap-analytics/admin-page-realtime.js?ver=qa-heatmap-analytics/admin-page-ai-report.js?ver=qa-heatmap-analytics/admin-page-help.js?ver=qa-heatmap-analytics/zero/admin-page-dashboard.js?ver=qa-heatmap-analytics/zero/admin-page-user.js?ver=qa-heatmap-analytics/zero/admin-page-config.js?ver=qa-heatmap-analytics/zero/admin-page-license.js?ver=qa-heatmap-analytics/zero/admin-page-menu.js?ver=qa-heatmap-analytics/zero/admin-page-behavior-ap.js?ver=qa-heatmap-analytics/zero/admin-page-behavior-gw.js?ver=qa-heatmap-analytics/zero/admin-page-behavior-lp.js?ver=qa-heatmap-analytics/zero/admin-page-behavior.js?ver=qa-heatmap-analytics/zero/admin-page-goals.js?ver=qa-heatmap-analytics/zero/admin-page-acquisition.js?ver=qa-heatmap-analytics/zero/admin-page-assistant.js?ver=qa-heatmap-analytics/zero/admin-page-entire.js?ver=qa-heatmap-analytics/zero/admin-page-realtime.js?ver=qa-heatmap-analytics/zero/admin-page-ai-report.js?ver=qa-heatmap-analytics/zero/admin-page-help.js?ver=qa-heatmap-analytics/js/build/production.js?ver=qa-heatmap-analytics/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

qa-heatmap-analytics

HTML Comments

+3 more

Data Attributes

data-qa-dismiss-advanced-notice

JS Globals

QAHM_TYPE_ZEROQAHM_TYPE_WPQAHM_TYPEQAHM_PLUGIN_NAMEQAHM_PLUGIN_VERSIONQAHM_TEXT_DOMAIN+3 more

REST Endpoints

/wp-json/qahm/v1/settings/wp-json/qahm/v1/dismiss_advanced_notice

FAQ

QA Assistants – Driven by data Security & Risk Analysis

Is QA Assistants – Driven by data Safe to Use in 2026?

Generally Safe

Key Concerns

QA Assistants – Driven by data Security Vulnerabilities

CVEs by Year

Severity Breakdown

QA Assistants – Driven by data Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

QA Assistants – Driven by data Attack Surface

AJAX Handlers 3

QA Assistants – Driven by data Maintenance & Trust

Maintenance Signals

Community Trust

QA Assistants – Driven by data Alternatives

LiveSession – Visitor Recording for WordPress

Advanced Hotjar

Site Kit by Google – Analytics, Search Console, AdSense, Speed

WP Statistics – Simple, privacy-friendly Google Analytics alternative

Matomo Analytics – Ethical Stats. Powerful Insights.

QA Assistants – Driven by data Developer Profile

How We Detect QA Assistants – Driven by data

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about QA Assistants – Driven by data