Does TrueRanker have any unpatched vulnerabilities?

Yes — TrueRanker currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is TrueRanker compatible with WordPress 6.9.4?

According to WordPress.org data, TrueRanker 2.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is TrueRanker updated?

TrueRanker was last updated on Apr 10, 2026. Frequent updates are generally a positive security signal.

What is TrueRanker's security score?

TrueRanker has a WP-Safety security score of 73/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TrueRanker Security & Risk Analysis

wordpress.org/plugins/seo-local-rank

Track your Google keyword rankings daily by country or city. Accurate local rank tracking and SEO analysis to boost your local strategy.

400 active installs v2.3.0 PHP + WP 3.0.1+ Updated Apr 10, 2026

google-positiongoogle-rankingrank-trackerseoseo-tool

B · Generally Safe

CVEs total2

Unpatched1

Last CVEMar 6, 2026

Plugin page Download

Safety Verdict

Is TrueRanker Safe to Use in 2026?

Mostly Safe

Score 73/100

TrueRanker is generally safe to use. 2 past CVEs were resolved.

2 known CVEs 1 unpatched Last CVE: Mar 6, 2026Updated 1mo ago

Risk Assessment

The "seo-local-rank" plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL query handling and output escaping, with 100% of queries using prepared statements and all outputs being properly escaped. This significantly mitigates risks associated with SQL injection and Cross-Site Scripting (XSS) from output. The presence of nonces and capability checks, while not universally applied, also suggests an awareness of security principles.

However, a critical concern is the substantial attack surface exposed through AJAX handlers. All 14 identified AJAX handlers lack authentication checks, making them directly accessible to any user, including unauthenticated ones. This represents a significant vulnerability, as any function executed via these handlers could be triggered without proper authorization. The vulnerability history further amplifies this concern, with two known CVEs, one of which remains unpatched. The types of past vulnerabilities, including Path Traversal, indicate that previous security flaws have had the potential for serious impact. The fact that one vulnerability is still unpatched is a strong indicator of ongoing risk and potentially poor maintenance practices.

In conclusion, while the plugin has strengths in its internal code practices for SQL and output, the lack of authorization on its AJAX endpoints and the presence of an unpatched historical vulnerability are significant weaknesses that expose users to considerable risk. The plugin's security is heavily compromised by these directly exploitable entry points and lingering known vulnerabilities.

Key Concerns

14 AJAX handlers without auth checks
1 currently unpatched CVE (high severity)
1 additional known CVE (medium severity)
Bundled library: DataTables
Bundled library: Select2
Bundled library: Guzzle

Vulnerabilities

2 published

TrueRanker Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2026-1085medium · 4.3Cross-Site Request Forgery (CSRF)

True Ranker <= 2.2.9 - Cross-Site Request Forgery to Unauthorized True Ranker Disconnection

Mar 6, 2026Unpatched

CVE-2021-39312high · 7.5Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

True Ranker <= 2.2.2 - Directory Traversal/Arbitrary File Read

Dec 13, 2021 Patched in 2.2.4 (770d)

Version History

TrueRanker Release Timeline

v2.3.0Current1 CVE

v2.2.91 CVE

v2.2.81 CVE

v2.2.71 CVE

v2.2.61 CVE

v2.2.51 CVE

v2.2.41 CVE

v2.2.22 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.102 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.92 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.82 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.72 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.62 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.52 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.42 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.32 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.22 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.12 CVEs

CVE-2021-39312 CVE-2026-1085

v2.1.02 CVEs

CVE-2021-39312 CVE-2026-1085

v2.0.92 CVEs

CVE-2021-39312 CVE-2026-1085

Code Analysis

Analyzed Apr 16, 2026

TrueRanker Code Analysis

Dangerous Functions

Raw SQL Queries

6 prepared

Unescaped Output

343 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTablesSelect2Guzzle

SQL Query Safety

100% prepared6 total queries

Output Escaping

100% escaped343 total outputs

Attack Surface

14 unprotected

TrueRanker Attack Surface

Entry Points14

Unprotected14

AJAX Handlers 14

authwp_ajax_activate_keywordincludes/class-seolocalrank.php:169

authwp_ajax_pause_keywordincludes/class-seolocalrank.php:170

authwp_ajax_delete_keywordincludes/class-seolocalrank.php:171

authwp_ajax_update_keywordincludes/class-seolocalrank.php:172

authwp_ajax_keyword_historyincludes/class-seolocalrank.php:173

authwp_ajax_search_locationincludes/class-seolocalrank.php:174

authwp_ajax_send_keywordincludes/class-seolocalrank.php:175

authwp_ajax_send_domainincludes/class-seolocalrank.php:176

authwp_ajax_delete_domainincludes/class-seolocalrank.php:177

authwp_ajax_slr_contactincludes/class-seolocalrank.php:178

authwp_ajax_slr_get_sale_idincludes/class-seolocalrank.php:179

authwp_ajax_slr_startincludes/class-seolocalrank.php:181

authwp_ajax_slr_kw_historyincludes/class-seolocalrank.php:182

authwp_ajax_get_update_keyword_dataincludes/class-seolocalrank.php:183

WordPress Hooks 10

actionplugins_loadedincludes/class-seolocalrank.php:150

actioninitincludes/class-seolocalrank.php:162

actionadmin_enqueue_scriptsincludes/class-seolocalrank.php:164

actionadmin_enqueue_scriptsincludes/class-seolocalrank.php:165

actionadmin_menuincludes/class-seolocalrank.php:166

actionadmin_menuincludes/class-seolocalrank.php:167

actioncheck_api_keyincludes/class-seolocalrank.php:168

actionwp_loadedincludes/class-seolocalrank.php:180

actionwp_enqueue_scriptsincludes/class-seolocalrank.php:195

actionwp_enqueue_scriptsincludes/class-seolocalrank.php:196

Maintenance & Trust

TrueRanker Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 10, 2026

PHP min version

Downloads10K

Community Trust

Rating92/100

Number of ratings9

Active installs400

Alternatives

TrueRanker Alternatives

Wincher Rank Tracker

wincher-rank-tracker

Wincher is a Google search engine rank tracking plugin which enables you to keep an eye on your keywords.

3K No CVEs

Hub5050 Ranking and Competitor Tracking

ranking-and-competitor-tracking

Website ranking and competitor rank tracking

20 No CVEs

RankMetric – SERP Rank Tracker

rankmetric-serp-rank-tracker

100

A powerful and easy-to-use rank tracker and checker that uses the SerpApi to monitor your keyword rankings on Google.

20 No CVEs

Opace Essential SEO Toolkit

opace-essential-seo-toolkit

The Opace Essential SEO Toolkit is an invaluable WordPress plugin to aid all SEO professionals, developers and businesses in auditing their website.

70 No CVEs

Best Local SEO Tools, WordPress SEO Plugin

best-local-seo-tools

Want to rank well for every city you serve and double your local search traffic? BestLocalSEOTools.com has examples & the stronger free version.

40 No CVEs

Developer Profile

TrueRanker Developer Profile

TrueRanker Team

1 plugin · 400 total installs

trust score

Avg Security Score

73/100

Avg Patch Time

770 days

View full developer profile

Detection Fingerprints

How We Detect TrueRanker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/seo-local-rank/admin/css/seolocalrank-admin.css/wp-content/plugins/seo-local-rank/admin/vendor/select2/css/core.css/wp-content/plugins/seo-local-rank/admin/vendor/datatables/media/css/dataTables.bootstrap.css/wp-content/plugins/seo-local-rank/admin/vendor/fontawesome/css/all.min.css/wp-content/plugins/seo-local-rank/admin/vendor/jquery-confirm/dist/jquery-confirm.min.css/wp-content/plugins/seo-local-rank/admin/vendor/bootstrap/css/bootstrap.min.css/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-admin.js/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-general-options.js+17 more

Script Paths

/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-admin.js/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-general-options.js/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-list.js/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-modal.js/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-new-entry.js/wp-content/plugins/seo-local-rank/admin/js/seolocalrank-rank-checker.js+13 more

Version Parameters

seo-local-rank/admin/css/seolocalrank-admin.css?ver=seo-local-rank/admin/vendor/select2/css/core.css?ver=seo-local-rank/admin/vendor/datatables/media/css/dataTables.bootstrap.css?ver=seo-local-rank/admin/vendor/fontawesome/css/all.min.css?ver=seo-local-rank/admin/vendor/jquery-confirm/dist/jquery-confirm.min.css?ver=seo-local-rank/admin/vendor/bootstrap/css/bootstrap.min.css?ver=seo-local-rank/admin/js/seolocalrank-admin.js?ver=seo-local-rank/admin/js/seolocalrank-general-options.js?ver=seo-local-rank/admin/js/seolocalrank-list.js?ver=seo-local-rank/admin/js/seolocalrank-modal.js?ver=seo-local-rank/admin/js/seolocalrank-new-entry.js?ver=seo-local-rank/admin/js/seolocalrank-rank-checker.js?ver=seo-local-rank/admin/js/seolocalrank-upgrade.js?ver=seo-local-rank/admin/vendor/bootstrap/js/bootstrap.min.js?ver=seo-local-rank/admin/vendor/jquery-confirm/dist/jquery-confirm.min.js?ver=seo-local-rank/admin/vendor/datatables/media/js/jquery.dataTables.js?ver=seo-local-rank/admin/vendor/datatables/media/js/dataTables.bootstrap.js?ver=seo-local-rank/admin/vendor/jquery-validation/dist/jquery.validate.min.js?ver=seo-local-rank/admin/vendor/jquery-validation/dist/additional-methods.min.js?ver=seo-local-rank/admin/vendor/select2/js/select2.full.js?ver=seo-local-rank/admin/js/seolocalrank-new-entry-search.js?ver=seo-local-rank/admin/js/seolocalrank-ranking-history.js?ver=seo-local-rank/admin/js/seolocalrank-general-options-search.js?ver=seo-local-rank/admin/js/seolocalrank-general-options-domain.js?ver=seo-local-rank/admin/js/seolocalrank-ranking-history-search.js?ver=

HTML / DOM Fingerprints

CSS Classes

slr-select2-container

HTML Comments

+1 more

Data Attributes

data-slr-modal-iddata-slr-modal-titledata-slr-modal-bodydata-slr-modal-footer

JS Globals

seolocalrank_select2_paramsseolocalrank_admin_varsseolocalrank_new_entry_varsseolocalrank_ranking_history_varsseolocalrank_upgrade_varsseolocalrank_general_options_vars+1 more

FAQ

TrueRanker Security & Risk Analysis

Is TrueRanker Safe to Use in 2026?

Mostly Safe

Key Concerns

TrueRanker Security Vulnerabilities

CVEs by Year

Severity Breakdown

TrueRanker Release Timeline

TrueRanker Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

TrueRanker Attack Surface

AJAX Handlers 14

TrueRanker Maintenance & Trust

Maintenance Signals

Community Trust

TrueRanker Alternatives

Wincher Rank Tracker

Hub5050 Ranking and Competitor Tracking

RankMetric – SERP Rank Tracker

Opace Essential SEO Toolkit

Best Local SEO Tools, WordPress SEO Plugin

TrueRanker Developer Profile

How We Detect TrueRanker

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about TrueRanker