Does SFR Analytics have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SFR Analytics compatible with WordPress 6.9.4?

According to WordPress.org data, SFR Analytics 0.7.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SFR Analytics compatible with PHP 7.4+?

SFR Analytics requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SFR Analytics updated?

SFR Analytics was last updated on Mar 23, 2026. Frequent updates are generally a positive security signal.

What is SFR Analytics's security score?

SFR Analytics has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SFR Analytics Security & Risk Analysis

wordpress.org/plugins/sfr-analytics

Lightweight, privacy-focused WordPress analytics. Track pageviews, visitors, campaigns and more — all data stored locally in your own database.

20 active installs v0.7.1 PHP 7.4+ WP 6.0+ Updated Mar 23, 2026

analyticspageviewsprivacystatisticstracking

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SFR Analytics Safe to Use in 2026?

Generally Safe

Score 100/100

SFR Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The sfr-analytics plugin v0.7.0 demonstrates a generally good security posture with a notable absence of historical vulnerabilities and a strong emphasis on secure coding practices. The plugin correctly implements nonce and capability checks for its entry points and utilizes prepared statements for the vast majority of its SQL queries. Furthermore, output escaping is also handled well, indicating a proactive approach to preventing common web vulnerabilities. However, the static analysis did identify three high-severity taint flows with unsanitized paths. While these flows did not directly lead to critical vulnerabilities in this analysis, they represent a potential risk that warrants careful investigation. The lack of any recorded CVEs, even for older versions, is a positive indicator of consistent security efforts, but the presence of high-severity taint flows suggests that continued vigilance and code review are necessary.

Key Concerns

High severity taint flows with unsanitized paths

Vulnerabilities

None known

SFR Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SFR Analytics Release Timeline

v0.7.1Current

v0.7.0

v0.6.1

v0.6.0

v0.5.0

Code Analysis

Analyzed Mar 16, 2026

SFR Analytics Code Analysis

Dangerous Functions

Raw SQL Queries

105 prepared

Unescaped Output

380 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared118 total queries

Output Escaping

90% escaped420 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

9 flows3 with unsanitized paths

<settings> (admin\views\settings.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SFR Analytics Attack Surface

Entry Points23

Unprotected0

AJAX Handlers 9

authwp_ajax_sfran_test_apiincludes\class-sfran-admin.php:20

authwp_ajax_sfran_toggle_tableincludes\class-sfran-admin.php:21

authwp_ajax_sfran_delete_user_dataincludes\class-sfran-admin.php:22

authwp_ajax_sfran_export_user_dataincludes\class-sfran-admin.php:23

authwp_ajax_sfran_search_postsincludes\class-sfran-admin.php:24

authwp_ajax_sfran_get_taxonomiesincludes\class-sfran-admin.php:25

authwp_ajax_sfran_get_online_nowincludes\class-sfran-admin.php:26

authwp_ajax_sfran_verifyincludes\class-sfran-tracker.php:52

noprivwp_ajax_sfran_verifyincludes\class-sfran-tracker.php:53

REST API Routes 14

GET/wp-json/sfran/v1/summaryincludes\class-sfran-rest-api.php:27

GET/wp-json/sfran/v1/top-contentincludes\class-sfran-rest-api.php:35

GET/wp-json/sfran/v1/traffic-sourcesincludes\class-sfran-rest-api.php:43

GET/wp-json/sfran/v1/time-seriesincludes\class-sfran-rest-api.php:51

GET/wp-json/sfran/v1/campaignsincludes\class-sfran-rest-api.php:59

GET/wp-json/sfran/v1/entry-pagesincludes\class-sfran-rest-api.php:67

GET/wp-json/sfran/v1/exit-pagesincludes\class-sfran-rest-api.php:75

GET/wp-json/sfran/v1/referrersincludes\class-sfran-rest-api.php:83

GET/wp-json/sfran/v1/devicesincludes\class-sfran-rest-api.php:91

GET/wp-json/sfran/v1/browsersincludes\class-sfran-rest-api.php:99

GET/wp-json/sfran/v1/geographicincludes\class-sfran-rest-api.php:107

GET/wp-json/sfran/v1/bulkincludes\class-sfran-rest-api.php:115

GET/wp-json/sfran/v1/dailyincludes\class-sfran-rest-api.php:123

GET/wp-json/sfran/v1/online-nowincludes\class-sfran-rest-api.php:131

WordPress Hooks 16

actionadmin_menuincludes\class-sfran-admin.php:19

actionadmin_initincludes\class-sfran-admin.php:27

actionadmin_initincludes\class-sfran-admin.php:28

actionadmin_initincludes\class-sfran-admin.php:29

actionadmin_noticesincludes\class-sfran-admin.php:32

actioninitincludes\class-sfran-admin.php:35

actionsfran_cleanup_old_dataincludes\class-sfran-admin.php:36

actionadmin_enqueue_scriptsincludes\class-sfran-assets.php:19

actionrest_api_initincludes\class-sfran-rest-api.php:19

actiontemplate_redirectincludes\class-sfran-tracker.php:46

actionshutdownincludes\class-sfran-tracker.php:47

actionsfran_process_bufferincludes\class-sfran-tracker.php:48

actionwp_footerincludes\class-sfran-tracker.php:51

actionplugins_loadedsfr-analytics.php:74

actionadmin_noticessfr-analytics.php:149

filterplugin_row_metasfr-analytics.php:175

Scheduled Events 2

sfran_cleanup_old_data

sfran_process_buffer

Maintenance & Trust

SFR Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 23, 2026

PHP min version7.4

Downloads506

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

SFR Analytics Alternatives

Statify

statify

100

Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.

100K No CVEs

Simple Webstats

simple-webstats

100

Privacy-focused cookie-free web analytics for WordPress.

100 No CVEs

WEBFUL Analytics

webful

100

Ultra-lightweight and privacy-friendly traffic analytics system for your WordPress site.

50 No CVEs

Scoby Analytics

scoby-analytics

100

Privacy-focused analytics for WordPress — designed to minimize data protection risk under EU GDPR and ePrivacy.

40 No CVEs

Easy Media Statistics

easy-media-statistics

100

Get detailed insights into visitors behavior when they listen to audio or view videos on your site - privacy-friendly.

30 No CVEs

Developer Profile

SFR Analytics Developer Profile

SupportFromRichard

7 plugins · 70 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SFR Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sfr-analytics/assets/css/admin.css/wp-content/plugins/sfr-analytics/assets/vendor/chart-js/chart.min.js/wp-content/plugins/sfr-analytics/assets/js/admin.js

Script Paths

/wp-content/plugins/sfr-analytics/assets/js/admin.js

Version Parameters

sfr-analytics/assets/css/admin.css?ver=sfr-analytics/assets/js/admin.js?ver=

HTML / DOM Fingerprints

JS Globals

SFRAN_PLUGIN_URLSFRAN_VERSION

FAQ