WP-Safety

Raygun Security & Risk Analysis

wordpress.org/plugins/raygun4wp

Official provider for the Raygun Crash Reporting and Real User Monitoring services. Notifying you of errors, crashes, performance issues and more.

10 active installs v2.1.1.0 PHP 7.4+ WP 6.5.4+ Updated Jun 26, 2024
core-web-vitalscrash-reportingerror-monitoringraygunuser-experience-monitoring
91
A · Safe
CVEs total2
Unpatched0
Last CVEOct 5, 2017
Plugin page Download
Safety Verdict

Is Raygun Safe to Use in 2026?

Generally Safe

Score 91/100

Raygun has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 5, 2017Updated 1yr ago
Risk Assessment

The raygun4wp plugin version 2.1.1.0 exhibits a mixed security posture. On one hand, the static analysis reveals a lack of direct attack vectors such as unprotected AJAX handlers, REST API routes, or shortcodes. Furthermore, all SQL queries are correctly prepared, and there are no detected file operations or external HTTP requests from within the plugin itself. However, a significant concern arises from the 100% of output escaping failures, indicating a high probability of Cross-Site Scripting (XSS) vulnerabilities where user-controlled data might be rendered directly on the page without proper sanitization.

The vulnerability history shows two previously disclosed medium-severity CVEs, both related to Cross-Site Scripting (XSS). While there are no currently unpatched vulnerabilities, the pattern of past XSS issues coupled with the static analysis finding of zero properly escaped outputs strongly suggests a persistent risk of XSS in this version. The bundled Guzzle library also represents a potential, albeit unquantified, risk if it's outdated and susceptible to known vulnerabilities.

In conclusion, while the plugin's architecture seems to limit direct attack surfaces, the complete lack of proper output escaping is a critical weakness that significantly elevates the risk of XSS vulnerabilities. The past CVEs further reinforce this concern. Users should be aware of the XSS potential and consider updating to a version with improved output sanitization if available.

Key Concerns

  • 0% of outputs properly escaped
  • Bundled library (Guzzle)
  • Past medium severity CVEs (2 total)
Vulnerabilities
2

Raygun Security Vulnerabilities

CVEs by Year

2 CVEs in 2017
2017
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2017-18531medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Raygun4WP <= 1.8.2 - Cross-Site Scripting

Oct 5, 2017 Patched in 1.8.3 (2301d)
CVE-2017-9288medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Raygun4WP <= 1.8.0 - Reflected Cross-Site Scripting

Feb 7, 2017 Patched in 1.8.1 (2541d)
Code Analysis
Analyzed Mar 17, 2026

Raygun Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

0% escaped6 total outputs
Attack Surface

Raygun Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 12
actionadmin_initmain.php:10
actionadmin_menumain.php:11
actionadmin_enqueue_scriptsmain.php:12
actiontemplate_redirectmain.php:13
actionwp_enqueue_scriptmain.php:14
actionplugins_loadedmain.php:15
actionwp_headmain.php:28
actionadmin_headmain.php:29
actionadmin_noticesmain.php:138
actionadmin_noticesmain.php:146
actionadmin_noticesraygun4wp.php:22
actionadmin_noticesraygun4wp.php:28
Maintenance & Trust

Raygun Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedJun 26, 2024
PHP min version7.4
Downloads14K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

Raygun Alternatives

WP Fastest Cache – WordPress Cache Plugin

WP Fastest Cache – WordPress Cache Plugin

wp-fastest-cache

B
76

The simplest and fastest WP Cache system

1.0M 35 CVEs
Autoptimize

Autoptimize

autoptimize

B
77

Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.

900K 12 CVEs
NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

nitropack

A
91

Boost site speed and performance with an all-in-one cache and speed optimization plugin. Pass Core Web Vitals with CDN, image optimization, lazy loadi &hellip;

100K 6 CVEs
Speed Booster Pack ⚡ PageSpeed Optimization Suite

Speed Booster Pack ⚡ PageSpeed Optimization Suite

speed-booster-pack

A
98

PageSpeed optimization is vital for SEO: A faster website equals better conversions. Optimize your Core Web Vitals metrics (CLS, LCP, TBT) today!

10K 2 CVEs
Sentry for WordPress

Sentry for WordPress

wp-sentry-integration

A
100

A (unofficial) WordPress plugin to report PHP errors and Browser (JavaScript) errors to Sentry.

10K No CVEs
Developer Profile

Raygun Developer Profile

Raygun

1 plugin · 10 total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
2421 days
View full developer profile
Detection Fingerprints

How We Detect Raygun

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths
/wp-content/plugins/raygun4wp/assets/css/raygun4wp-backend.css/wp-content/plugins/raygun4wp/assets/js/raygun4wp-backend.js
Version Parameters
raygun4wp/assets/css/raygun4wp-backend.css?ver=raygun4wp/assets/js/raygun4wp-backend.js?ver=

HTML / DOM Fingerprints

CSS Classes
rg4wp-settings-page
Data Attributes
data-raygun-settings
JS Globals
rg4js
FAQ

Frequently Asked Questions about Raygun