Does Service Tracker have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Service Tracker compatible with WordPress 5.8.13?

According to WordPress.org data, Service Tracker 1.0.0 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is Service Tracker compatible with PHP 7.0+?

Service Tracker requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Service Tracker updated?

Service Tracker was last updated on Aug 24, 2021. Frequent updates are generally a positive security signal.

What is Service Tracker's security score?

Service Tracker has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Service Tracker Security & Risk Analysis

wordpress.org/plugins/service-tracker

A simple plugin and mobile application designed for business or organisations to add service requests, link the work to a customer, assign a worker or …

10 active installs v1.0.0 PHP 7.0+ WP 4.7+ Updated Aug 24, 2021

jobsmanage-servicesmobile-applicationservicetechnician

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Service Tracker Safe to Use in 2026?

Generally Safe

Score 85/100

Service Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "service-tracker" plugin version 1.0.0 exhibits a concerning security posture due to a significant number of unprotected entry points, specifically all four identified REST API routes lack permission callbacks. While the plugin demonstrates good practices by using prepared statements for all SQL queries and generally performing output escaping (though with room for improvement at 58%), the absence of authentication and authorization checks on critical entry points presents a substantial risk. The lack of any recorded vulnerability history is positive, but it cannot negate the immediate risks posed by the exposed REST API endpoints. The plugin's limited attack surface in other areas (no AJAX handlers, shortcodes, or cron events) is commendable, but the four unprotected REST API routes are a critical weakness that could lead to unauthorized data manipulation or access if these endpoints perform sensitive operations. Therefore, immediate attention is required to secure these entry points.

Key Concerns

REST API routes without permission callbacks
Output escaping is not consistently applied

Vulnerabilities

None known

Service Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Service Tracker Release Timeline

v1.0.0Current

Code Analysis

Analyzed Mar 17, 2026

Service Tracker Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

26 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

58% escaped45 total outputs

Attack Surface

4 unprotected

Service Tracker Attack Surface

Entry Points4

Unprotected4

REST API Routes 4

POST/wp-json/service/v2updateservice-tracker.php:399

GET/wp-json/service/v2listservice-tracker.php:430

GET/wp-json/nonce/v2verifyservice-tracker.php:450

GET/wp-json/userd/v2listservice-tracker.php:463

WordPress Hooks 15

actioninitservice-tracker.php:58

actioninitservice-tracker.php:61

actionpre_get_postsservice-tracker.php:68

actioninitservice-tracker.php:89

actionadd_meta_boxes_servicesservice-tracker.php:92

filtermanage_services_posts_columnsservice-tracker.php:98

actionadmin_enqueue_scriptsservice-tracker.php:119

actionsave_post_servicesservice-tracker.php:253

actionmanage_services_posts_custom_columnservice-tracker.php:323

filterjwt_auth_token_before_dispatchservice-tracker.php:380

actionwp_loadedservice-tracker.php:384

actionrest_api_initservice-tracker.php:389

filterrest_post_queryservice-tracker.php:540

filterrest_page_queryservice-tracker.php:541

filterrest_services_queryservice-tracker.php:542

Maintenance & Trust

Service Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedAug 24, 2021

PHP min version7.0

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Service Tracker Alternatives

WP Job Manager

wp-job-manager

Create a careers page for your company website, or build a public job board for your community.

80K 1 unpatched

WP Ultimate Review

wp-ultimate-review

WP Ultimate Review is the perfect plugin to collect & display customers' feedback effortlessly on products, services, & content in WordPress.

70K 1 unpatched

WP Job Openings – Job Listing, Career Page and Recruitment Plugin

wp-job-openings

WP Job Openings plugin is the most simple yet powerful plugin for setting up a job listing page for your WordPress website.

40K 2 CVEs

PWA

pwa

WordPress feature plugin to bring Progressive Web App (PWA) capabilities to Core

20K No CVEs

AyeCode Connect

ayecode-connect

Use this service plugin to easily activate any of our products, open a support ticket and view documentation all from your wp-admin!

10K 1 CVE

Developer Profile

Service Tracker Developer Profile

BuckLIT

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Service Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/service-tracker/assets/jquery-ui.css

HTML / DOM Fingerprints

Data Attributes

name="service_is_work_complete"name="service_additional_notes"name="service_customer"name="customer_service_phone"name="customer_service_address"name="service_assigned_to"+2 more

JS Globals

jQuery

REST Endpoints

/wp-json/wp/v2/services

FAQ