ReplayBird Security & Risk Analysis
wordpress.org/plugins/replaybirdReplayBird lets you watch user behavior to understand the digital user experience on your WordPress website with precise analytics.
Is ReplayBird Safe to Use in 2026?
Generally Safe
Score 85/100ReplayBird has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The static analysis of the replaybird v2.0.1 plugin reveals an exceptionally clean code base with no identified entry points for attack vectors such as AJAX handlers, REST API routes, shortcodes, or cron events. The code also demonstrates strong secure coding practices by avoiding dangerous functions, external HTTP requests, and file operations. All SQL queries utilize prepared statements, and there are no recorded vulnerabilities in its history.
However, the analysis does highlight a potential area of concern. With 20 total outputs, only 70% are properly escaped. This means that 30% of the plugin's outputs might be susceptible to cross-site scripting (XSS) vulnerabilities, which could allow attackers to inject malicious scripts into web pages viewed by users.
While the lack of historical vulnerabilities and a clean code surface are significant strengths, the incomplete output escaping represents a tangible risk. The absence of capability checks and nonce checks, while not explicitly flagged as issues in this static analysis due to the lack of entry points, could become relevant if new entry points are introduced in future versions without proper security considerations. Overall, the plugin exhibits a good security posture, but the XSS risk from unescaped output warrants attention.
Key Concerns
- Unescaped output detected
ReplayBird Security Vulnerabilities
ReplayBird Release Timeline
ReplayBird Code Analysis
Output Escaping
ReplayBird Attack Surface
WordPress Hooks 10
Maintenance & Trust
ReplayBird Maintenance & Trust
Maintenance Signals
Community Trust
ReplayBird Alternatives
Hotjar
hotjar
The fast & visual way to understand your users.
LiveSession – Visitor Recording for WordPress
livesession
LiveSession is a session replay tool that will help you learn more about your users. You can watch how they interact with your website.
Nelio Session Recordings
nelio-session-recordings
Record everything visitors do on your website and learn more about your users
Session Rewind
session-rewind
Optimize your web experience with video recordings of user behavior.
Advanced Hotjar
advanced-hotjar
Load Hotjar and prevent it from tracking admins, logged-in users, and IP addresses.
ReplayBird Developer Profile
1 plugin · 0 total installs
How We Detect ReplayBird
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/replaybird/styles/index.css/wp-content/plugins/replaybird/src/includes/index.phpHTML / DOM Fingerprints
<!-- ReplayBird Wordpress Tracking Code -->window.replaybirdreplaybird<script>
!function(t,e){var o,n,p,r;e.__SV||(window.replaybird=e,e._i=[],e.init=function(i,s,a){function g(t,e){var o=e.split('.');2==o.length&&(t=t[o[0]],e=o[1]),t[e]=function(){t.push([e].concat(Array.prototype.slice.call(arguments,0)))}}(p=t.createElement('script')).type='text/javascript',p.async=!0,p.src='https://cdn.replaybird.com/agent/latest/replaybird.js',(r=t.getElementsByTagName('script')[0]).parentNode.insertBefore(p,r);var u=e;for(void 0!==a?u=e[a]=[]:a='replaybird',u.people=u.people||[],u.toString=function(t){var e='replaybird';return'replaybird'!==a&&(e+='.'+a),t||(e+=' (stub)'),e},u.people.toString=function(){return u.toString(1)+'.people (stub)'},o='identify capture alias people.set people.set_once set_config register register_once unregister opt_out_capturing has_opted_out_capturing opt_in_capturing reset'.split(' '),n=0;n<o.length;n++)g(u,o[n]);e._i.push([i,s,a])},e.__SV=1)}(document,window.replaybird||[]);replaybird.init('