WP-Safety

SFR Analytics Hub Security & Risk Analysis

wordpress.org/plugins/sfr-analytics-hub

Aggregate analytics from multiple WordPress sites into one central dashboard. Free for up to 3 sites — no third-party services required.

0 active installs v1.8.2 PHP 7.4+ WP 6.0+ Updated Mar 23, 2026
aggregationanalyticsdashboardmulti-sitestatistics
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SFR Analytics Hub Safe to Use in 2026?

Generally Safe

Score 100/100

SFR Analytics Hub has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "sfr-analytics-hub" plugin v1.8.2 demonstrates a generally good security posture with several strengths. Notably, it exclusively uses prepared statements for all SQL queries and demonstrates a high rate of output escaping (95%), significantly mitigating common injection vulnerabilities. The presence of a substantial number of nonce and capability checks across its AJAX endpoints further indicates a commitment to securing its entry points. The plugin also has no recorded vulnerability history, which is a positive indicator of past security diligence.

However, the taint analysis reveals two high-severity flows with unsanitized paths. While the exact nature of these paths is not detailed, unsanitized paths are a significant concern as they can potentially lead to arbitrary file access or manipulation if user input is not properly validated before being used in file operations or other sensitive functions. The single file operation detected in the static analysis, combined with these tainted flows, warrants further investigation to ensure it's handled securely.

Overall, "sfr-analytics-hub" is built on a foundation of secure coding practices. The primary area of concern lies in the identified high-severity taint flows, which, despite the overall positive analysis, present a potential risk that needs to be addressed. The absence of past vulnerabilities is encouraging, but the current taint analysis highlights a specific area for improvement to maintain its strong security standing.

Key Concerns

  • High severity taint flows with unsanitized paths
  • Taint flows with unsanitized paths
Vulnerabilities
None known

SFR Analytics Hub Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

SFR Analytics Hub Release Timeline

v1.8.2Current
v1.8.0
v1.7.0
Code Analysis
Analyzed Apr 16, 2026

SFR Analytics Hub Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
65 prepared
Unescaped Output
36
716 escaped
Nonce Checks
18
Capability Checks
19
File Operations
1
External Requests
4
Bundled Libraries
0

SQL Query Safety

100% prepared65 total queries

Output Escaping

95% escaped752 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

7 flows2 with unsanitized paths
<dashboard> (admin/views/dashboard.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SFR Analytics Hub Attack Surface

Entry Points10
Unprotected0

AJAX Handlers 10

authwp_ajax_sfranh_test_connectionincludes/class-sfranh-admin.php:26
authwp_ajax_sfranh_fetch_dataincludes/class-sfranh-admin.php:27
authwp_ajax_sfranh_delete_siteincludes/class-sfranh-admin.php:28
authwp_ajax_sfranh_background_refreshincludes/class-sfranh-admin.php:29
authwp_ajax_sfranh_load_dashboardincludes/class-sfranh-admin.php:30
authwp_ajax_sfranh_check_online_nowincludes/class-sfranh-admin.php:31
authwp_ajax_sfranh_save_report_groupsincludes/class-sfranh-email-reports.php:24
authwp_ajax_sfranh_send_test_reportincludes/class-sfranh-email-reports.php:25
authwp_ajax_sfranh_delete_report_groupincludes/class-sfranh-email-reports.php:26
authwp_ajax_sfranh_export_csvincludes/class-sfranh-exporter.php:21
WordPress Hooks 18
actionadmin_menuincludes/class-sfranh-admin.php:23
actionadmin_initincludes/class-sfranh-admin.php:24
actionload-toplevel_page_sfranh-dashboardincludes/class-sfranh-admin.php:25
actionadmin_noticesincludes/class-sfranh-admin.php:34
actionadmin_post_sfr_review_noticeincludes/class-sfranh-admin.php:35
actionadmin_noticesincludes/class-sfranh-admin.php:100
actionadmin_noticesincludes/class-sfranh-admin.php:112
actionadmin_noticesincludes/class-sfranh-admin.php:153
actionadmin_noticesincludes/class-sfranh-admin.php:165
actionadmin_noticesincludes/class-sfranh-admin.php:192
actionadmin_noticesincludes/class-sfranh-admin.php:229
actionadmin_noticesincludes/class-sfranh-admin.php:233
actionadmin_enqueue_scriptsincludes/class-sfranh-assets.php:19
actionadmin_initincludes/class-sfranh-database.php:21
filtercron_schedulesincludes/class-sfranh-email-reports.php:22
actionadmin_initincludes/class-sfranh-email-reports.php:27
actionadmin_noticessfr-analytics-hub.php:58
actionplugins_loadedsfr-analytics-hub.php:98
Maintenance & Trust

SFR Analytics Hub Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 23, 2026
PHP min version7.4
Downloads326

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SFR Analytics Hub Alternatives

Independent Analytics

Independent Analytics

independent-analytics

A
100

A simple WordPress analytics plugin that is privacy-friendly, fast, and an alternative to Google Analytics.

100K No CVEs
NewStatPress

NewStatPress

newstatpress

B
76

NewStatPress (Statpress plugin fork) is a real-time plugin to manage the visits' statistics about your blog (without external web analytics).

9K 10 CVEs
Post Word Counter – Content Insights Dashboard

Post Word Counter – Content Insights Dashboard

doubledome-wordcount-details-dashboard

A
100

The Word Counter plugin offers a dedicated dashboard view that tracks the word count, post count, pages wordcount, and custom post types across your e &hellip;

200 No CVEs
Access Watch: Security and Traffic Insights

Access Watch: Security and Traffic Insights

access-watch

A
85

Understand precisely the robot traffic on your website and take actions to improve performance and security.

30 No CVEs
Kin Visitantes

Kin Visitantes

kin-visitantes

A
85

Track visitors to your website easily and effectively.

10 No CVEs
Developer Profile

SFR Analytics Hub Developer Profile

SupportFromRichard

7 plugins · 70 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SFR Analytics Hub

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sfr-analytics-hub/admin/css/sfranh-admin.css/wp-content/plugins/sfr-analytics-hub/admin/js/sfranh-admin.js/wp-content/plugins/sfr-analytics-hub/assets/css/sfranh-common.css/wp-content/plugins/sfr-analytics-hub/assets/js/sfranh-common.js
Script Paths
/wp-content/plugins/sfr-analytics-hub/admin/js/sfranh-admin.js/wp-content/plugins/sfr-analytics-hub/assets/js/sfranh-common.js
Version Parameters
sfr-analytics-hub/admin/css/sfranh-admin.css?ver=sfr-analytics-hub/admin/js/sfranh-admin.js?ver=sfr-analytics-hub/assets/css/sfranh-common.css?ver=sfr-analytics-hub/assets/js/sfranh-common.js?ver=

HTML / DOM Fingerprints

CSS Classes
sfranh-dashboardsfranh-settings-pagesfranh-sites-pagesfranh-audit-log-page
HTML Comments
SFR Analytics Hub Admin SettingsSFR Analytics Hub DashboardSFR Analytics Hub Sites ListSFR Analytics Hub Audit Log
Data Attributes
data-sfranh-site-iddata-sfranh-site-urldata-sfranh-site-status
JS Globals
sfranh_admin_paramssfranh_common_params
REST Endpoints
/wp-json/sfr-analytics-hub/v1/settings/wp-json/sfr-analytics-hub/v1/sites
FAQ

Frequently Asked Questions about SFR Analytics Hub