Does Serviceform Pixel have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Serviceform Pixel compatible with WordPress 6.7.5?

According to WordPress.org data, Serviceform Pixel 2.4.4 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Serviceform Pixel compatible with PHP 7.4+?

Serviceform Pixel requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Serviceform Pixel updated?

Serviceform Pixel was last updated on Feb 27, 2026. Frequent updates are generally a positive security signal.

What is Serviceform Pixel's security score?

Serviceform Pixel has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Serviceform Pixel Security & Risk Analysis

wordpress.org/plugins/serviceform-pixel

Add Serviceform pixel to your WordPress site quickly. Optional product data API available.

400 active installs v2.4.4 PHP 7.4+ WP 5.0+ Updated Feb 27, 2026

analyticspixelserviceformtrackingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Serviceform Pixel Safe to Use in 2026?

Generally Safe

Score 100/100

Serviceform Pixel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'serviceform-pixel' plugin v2.4.4 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries, which mitigates SQL injection risks. The absence of dangerous functions and a clean vulnerability history with no known CVEs are also strong indicators of a well-maintained and secure codebase. However, significant concerns arise from its attack surface. With 7 REST API routes, 5 of which lack proper permission callbacks, there is a substantial entry point that could be exploited by unauthenticated users. The complete absence of nonce checks and capability checks across the analyzed code further exacerbates this risk, allowing for potential unauthorized actions if these endpoints are invoked maliciously. While the taint analysis shows no immediate unsanitized paths, the lack of robust authentication and authorization mechanisms on key entry points is a critical weakness. The plugin's strengths lie in its secure database interaction and lack of historical vulnerabilities, but its current implementation leaves it vulnerable to unauthorized access and manipulation through its unprotected REST API endpoints.

Key Concerns

REST API routes without permission callbacks
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Serviceform Pixel Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Serviceform Pixel Release Timeline

v2.4.4Current

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.0

v2.2.2

v2.2.1

v2.2.0

v2.0.1

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Serviceform Pixel Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared5 total queries

Output Escaping

85% escaped40 total outputs

Attack Surface

5 unprotected

Serviceform Pixel Attack Surface

Entry Points7

Unprotected5

REST API Routes 7

GET/wp-json/serviceform/v1/productsclass-serviceform-pixel-settings.php:179

GET/wp-json/serviceform/v1/product/(?P<id>\d+)class-serviceform-pixel-settings.php:186

POST/wp-json/serviceform/v1/cart/addclass-serviceform-pixel-settings.php:201

GET/wp-json/serviceform/v1/cartclass-serviceform-pixel-settings.php:208

GET/wp-json/serviceform/v1/recommendationsclass-serviceform-pixel-settings.php:215

GET/wp-json/serviceform/v1/validate-stockclass-serviceform-pixel-settings.php:242

GET/wp-json/serviceform/v1/ordersclass-serviceform-pixel-settings.php:259

WordPress Hooks 8

actionbefore_woocommerce_initclass-serviceform-pixel-settings.php:41

actionadmin_initclass-serviceform-pixel-settings.php:137

actionrest_api_initclass-serviceform-pixel-settings.php:141

actionadmin_menuclass-serviceform-pixel-settings.php:1746

actionadmin_initclass-serviceform-pixel-settings.php:1747

actionwp_footerclass-serviceform-pixel-settings.php:1759

actionwoocommerce_thankyouclass-serviceform-pixel-settings.php:1763

actionplugins_loadedclass-serviceform-pixel-settings.php:1964

Maintenance & Trust

Serviceform Pixel Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 27, 2026

PHP min version7.4

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs400

Alternatives

Serviceform Pixel Alternatives

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

Track GA4 Analytics, Google Ads, Microsoft Ads, and Conversion with server-side tracking (CAPI), dynamic remarketing, & product feeds for WooCommerce.

10K 10 CVEs

Content Snippet Manager

content-snippet-manager

Content Snippet Manager plugin allows you to create and manage unlimited numbers of HTML and WordPress shortcodes in your WordPress content

200 1 CVE

TrackSure Cloud – Server Side Tracking, Meta Pixel CAPI, GA4, Conversion Tracking & Analytics for WordPress & WooCommerce

tracksure

100

Server-side tracking & Meta Pixel setup for WooCommerce. Meta CAPI, GA4, Google Ads — no GTM required. First-party analytics, funnels & attribution.

10 No CVEs

Pixel Pulse for WooCommerce

pixel-pulse-for-woocommerce

🚀 Boost Your WooCommerce Analytics with PixelPulse PixelPulse adds Google Analytics and Meta Pixel tracking to WooCommerce.

0 No CVEs

Developer Profile

Serviceform Pixel Developer Profile

kaveenm

1 plugin · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Serviceform Pixel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/serviceform-pixel/assets/css/serviceform-pixel-admin.css/wp-content/plugins/serviceform-pixel/assets/js/serviceform-pixel-admin.js/wp-content/plugins/serviceform-pixel/assets/js/serviceform-pixel-frontend.js

Script Paths

/wp-content/plugins/serviceform-pixel/assets/js/serviceform-pixel-admin.js/wp-content/plugins/serviceform-pixel/assets/js/serviceform-pixel-frontend.js

Version Parameters

serviceform-pixel/assets/css/serviceform-pixel-admin.css?ver=serviceform-pixel/assets/js/serviceform-pixel-admin.js?ver=serviceform-pixel/assets/js/serviceform-pixel-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

serviceform-pixel-settings-pageserviceform-pixel-settings-section

HTML Comments

Data Attributes

data-serviceform-pixel-product-iddata-serviceform-pixel-product-namedata-serviceform-pixel-product-pricedata-serviceform-pixel-product-url

JS Globals

window.serviceformPixelvar serviceformPixel

REST Endpoints

/serviceform/v1/products/serviceform/v1/product/(?P<id>\d+)/serviceform/v1/cart/add/serviceform/v1/cart/serviceform/v1/recommendations/serviceform/v1/validate-stock/serviceform/v1/orders

FAQ