
Campaign Security & Risk Analysis
wordpress.org/plugins/rss-campaignThis Plugin adds Campaign Infos to the RSS URL and a option for a twitterable URL to tracking in Google Analytics or Piwik And now a Option to add a Q …
Is Campaign Safe to Use in 2026?
Generally Safe
Score 85/100Campaign has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The rss-campaign plugin version 1.4 exhibits a mixed security posture. On the positive side, it boasts zero known CVEs and a clean vulnerability history, suggesting a generally well-maintained codebase. The absence of direct SQL queries without prepared statements and file operations is also a strong indicator of good security practices in these areas. However, significant concerns arise from the static analysis of its code.
The most critical issue identified is the complete lack of output escaping across all 27 detected output instances. This represents a serious vulnerability, as it leaves the plugin susceptible to Cross-Site Scripting (XSS) attacks. Any data rendered to the user without proper escaping can be manipulated by an attacker to inject malicious scripts. Furthermore, the taint analysis revealed two flows with unsanitized paths, which, although not classified as critical or high severity in this report, indicate potential pathways for malicious input to be processed insecurely.
While the plugin has a good historical record, the current analysis highlights a glaring oversight in output sanitization. The absence of capability checks and nonce checks, coupled with zero protected entry points (AJAX, REST API, shortcodes, cron), further amplifies the risk associated with the unescaped output. These missing checks mean that even if an attacker cannot directly exploit a code vulnerability, they might be able to trigger unescaped output through crafted requests if the entry points were present.
Key Concerns
- 0% of 27 outputs properly escaped
- 2 taint flows with unsanitized paths
- 0 Nonce checks found
- 0 Capability checks found
Campaign Security Vulnerabilities
Campaign Release Timeline
Campaign Code Analysis
Output Escaping
Data Flow Analysis
Campaign Attack Surface
WordPress Hooks 5
Maintenance & Trust
Campaign Maintenance & Trust
Maintenance Signals
Community Trust
Campaign Alternatives
Event Tracking for Gravity Forms
gravity-forms-google-analytics-event-tracking
Easily add event tracking using Gravity Forms and your Google Analytics or Google Tag Manager account. Supports Google Analytics v3 and Gravity Forms …
utm.codes
utm-dot-codes
A WordPress plugin that makes building analytics friendly links quick and easy.
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)
google-analytics-for-wordpress
The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.
GTM4WP – A Google Tag Manager (GTM) plugin for WordPress
duracelltomi-google-tag-manager
Advanced tag management for WordPress with Google Tag Manager
WP Statistics – Simple, privacy-friendly Google Analytics alternative
wp-statistics
Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.
Campaign Developer Profile
3 plugins · 30 total installs
How We Detect Campaign
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
rssc-headrssc-optionenrssc-namerssc-value<!-- OpenGraph QR Image -->name="rssc-rss-piwik_campaign"name="rssc-rss-piwik_kwd"name="rssc-rss-utm_source"name="rssc-rss-utm_medium"name="rssc-rss-utm_campaign"name="rssc-twitter-piwik_campaign"+14 more