Does SEO Metrics have any unpatched vulnerabilities?

No. All known vulnerabilities in SEO Metrics have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SEO Metrics compatible with WordPress 6.8.5?

According to WordPress.org data, SEO Metrics 1.0.18 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SEO Metrics compatible with PHP 7.0+?

SEO Metrics requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SEO Metrics updated?

SEO Metrics was last updated on Sep 16, 2025. Frequent updates are generally a positive security signal.

What is SEO Metrics's security score?

SEO Metrics has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SEO Metrics Security & Risk Analysis

wordpress.org/plugins/seo-metrics-helper

Connect your WordPress website to the SEO Metrics Dashboard and efficiently manage all SEO Metrics products and services.

400 active installs v1.0.18 PHP 7.0+ WP 4.7+ Updated Sep 16, 2025

analytics-seometricshostingperformanceseoservice

A · Safe

CVEs total1

Unpatched0

Last CVEAug 1, 2025

Plugin page Download

Safety Verdict

Is SEO Metrics Safe to Use in 2026?

Generally Safe

Score 98/100

SEO Metrics has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 1, 2025Updated 6mo ago

Risk Assessment

The "seo-metrics-helper" plugin v1.0.18 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output. It also has no file operations, dangerous functions, or bundled libraries, which are excellent security indicators. However, the plugin has a concerning attack surface, particularly with one unprotected REST API route, which presents a direct entry point for potential unauthorized access or manipulation. The taint analysis reveals two flows with unsanitized paths, classified as high severity, indicating potential for command injection or similar vulnerabilities if these flows are triggered with malicious input.

The vulnerability history shows one known high-severity CVE, although it is currently patched. The common vulnerability type being 'Missing Authorization' is a red flag that aligns with the static analysis findings of an unprotected REST API route. While the absence of unpatched vulnerabilities and the use of secure coding practices for SQL and output are strengths, the identified high-severity taint flows and the historically recurring authorization issues in previous vulnerabilities warrant careful consideration. Overall, the plugin has some strong security foundations but requires immediate attention to the unprotected REST API endpoint and a thorough review of the high-severity taint flows to mitigate potential risks.

Key Concerns

REST API route without permission callbacks
High severity taint flow
High severity taint flow
Total known CVEs (1 High, patched)

Vulnerabilities

SEO Metrics Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-6754high · 8.8Missing Authorization

SEO Metrics <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

Aug 1, 2025 Patched in 1.0.16 (35d)

Code Analysis

Analyzed Mar 16, 2026

SEO Metrics Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

18 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared10 total queries

Output Escaping

100% escaped18 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

seo_metrics_handle_custom_endpoint (endpoint.php:10)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

SEO Metrics Attack Surface

Entry Points8

Unprotected1

AJAX Handlers 3

authwp_ajax_seo_metrics_create_click_entrycommon-functions.php:68

noprivwp_ajax_seo_metrics_create_click_entrycommon-functions.php:69

authwp_ajax_seo_metrics_handle_connect_button_clickwelcome-page.php:162

REST API Routes 5

GET/wp-json/seo-metrics/clicks-insightsclicks-rest-api.php:9

GET/wp-json/seo-metrics/page-detailspage-details-rest-api.php:9

GET/wp-json/seo-metrics/plugin-infoplugin-info-rest-api.php:9

GET/wp-json/seo-metrics/post-detailspost-details-rest-api.php:9

POST/wp-json/seo-metrics/get-auth-token/token-rest-api.php:11

WordPress Hooks 10

actionrest_api_initclicks-rest-api.php:8

actioninitendpoint.php:8

actionrest_api_initpage-details-rest-api.php:8

actionrest_api_initplugin-info-rest-api.php:8

actionrest_api_initpost-details-rest-api.php:8

actionactivated_pluginseo-metrics.php:51

actionwp_enqueue_scriptsseo-metrics.php:63

actionadmin_enqueue_scriptsseo-metrics.php:80

actionrest_api_inittoken-rest-api.php:8

actionadmin_menuwelcome-page.php:19

Maintenance & Trust

SEO Metrics Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 16, 2025

PHP min version7.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs400

Alternatives

SEO Metrics Alternatives

LiteSpeed Cache

litespeed-cache

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs

A2 Optimized WP – Turbocharge and secure your WordPress site

a2-optimized-wp

Make your site faster and more secure with the click of a few buttons

70K 1 CVE

Insights from Google PageSpeed

google-pagespeed-insights

Use Insights from Google PageSpeed to increase your sites performance, your search engine ranking, and your visitors browsing experience.

20K 2 CVEs

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

quickwebp

100

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API …

7K No CVEs

JCH Optimize

jch-optimize

This plugin automatically performs several front end optimizations to your site to boost performance and increase PageSpeed scores.

4K 3 CVEs

Developer Profile

SEO Metrics Developer Profile

seometricsplugin

1 plugin · 400 total installs

trust score

Avg Security Score

98/100

Avg Patch Time

35 days

View full developer profile

Detection Fingerprints

How We Detect SEO Metrics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/seo-metrics-helper/js/track-anchor-clicks.js/wp-content/plugins/seo-metrics-helper/css/welcome-page-style.css/wp-content/plugins/seo-metrics-helper/js/enable-disable-connect-button.js/wp-content/plugins/seo-metrics-helper/js/connect-plugin.js

Script Paths

/wp-content/plugins/seo-metrics-helper/js/track-anchor-clicks.js/wp-content/plugins/seo-metrics-helper/js/enable-disable-connect-button.js/wp-content/plugins/seo-metrics-helper/js/connect-plugin.js

Version Parameters

seo-metrics-helper/js/track-anchor-clicks.js?ver=1.0seo-metrics-helper/css/welcome-page-style.css?ver=1.0.0seo-metrics-helper/js/enable-disable-connect-button.js?ver=1.0seo-metrics-helper/js/connect-plugin.js?ver=1.0

HTML / DOM Fingerprints

JS Globals

seo_metrics_ajax_object

REST Endpoints

/wp-json/seo-metrics/clicks-insights/wp-json/seo-metrics/page-details/wp-json/seo-metrics/post-details/wp-json/seo-metrics/plugin-info

FAQ