WP-Safety

Simple Click Tracker Lite Security & Risk Analysis

wordpress.org/plugins/simple-click-tracker-lite

Track Your Traffic Like A Seasoned Marketing Pro To Skyrocket Your Profit Simple Click Tracker is a self-hosted technology that tracks the most essent …

10 active installs v1.3 PHP + WP 4.0+ Updated Aug 15, 2023
namstoolkitsctsimple-click-tracker
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Simple Click Tracker Lite Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Click Tracker Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "simple-click-tracker-lite" v1.3 plugin exhibits a concerning security posture, primarily due to a large number of unprotected entry points. With 6 out of 7 total entry points lacking any authentication or capability checks, this plugin presents a significant risk of unauthorized access and manipulation. The presence of a `unserialize` function, coupled with 7 high-severity taint flows with unsanitized paths, strongly suggests a potential for remote code execution or other critical vulnerabilities. The static analysis also indicates that a considerable portion of SQL queries are not prepared, increasing the risk of SQL injection. While the plugin has no recorded vulnerability history, this is not a guarantee of future safety, especially given the current code analysis findings. The plugin's strength lies in its proper output escaping and lack of bundled libraries, but these are overshadowed by the critical security flaws identified in its entry points and data handling.

Key Concerns

  • Large attack surface without auth checks
  • High severity taint flows with unsanitized paths
  • Dangerous unserialize function detected
  • Significant percentage of raw SQL queries
  • Missing nonce checks on AJAX handlers
  • Missing capability checks on AJAX handlers
Vulnerabilities
None known

Simple Click Tracker Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Simple Click Tracker Lite Release Timeline

v1.3Current
v1.2
v1.1
v1.0
Code Analysis
Analyzed Mar 16, 2026

Simple Click Tracker Lite Code Analysis

Dangerous Functions
1
Raw SQL Queries
113
35 prepared
Unescaped Output
0
94 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$result = unserialize($result);app\Sct_Base.php:591

SQL Query Safety

24% prepared148 total queries

Output Escaping

100% escaped94 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

9 flows9 with unsanitized paths
<redirect> (app\sites\ajax\redirect.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Simple Click Tracker Lite Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_scts3_click_tracker_functions.php:148
noprivwp_ajax_scts3_click_tracker_functions.php:149
authwp_ajax_sctimguploads3_click_tracker_functions.php:150
noprivwp_ajax_sctimguploads3_click_tracker_functions.php:151
authwp_ajax_delete_multiple_linkss3_click_tracker_functions.php:153
noprivwp_ajax_delete_multiple_linkss3_click_tracker_functions.php:154

Shortcodes 1

[simple_click_tracker] s3_click_tracker_functions.php:90
WordPress Hooks 11
actionadmin_initapp\Sct_Admin.php:9
actionadmin_headapp\Sct_Admin.php:10
actionadmin_noticess3_click_tracker_functions.php:59
actionadmin_inits3_click_tracker_functions.php:60
actionwp_loadeds3_click_tracker_functions.php:61
actionadmin_menus3_click_tracker_functions.php:62
actionwps3_click_tracker_functions.php:70
actionwp_enqueue_scriptss3_click_tracker_functions.php:109
actionwp_heads3_click_tracker_functions.php:123
actionplugins_loadeds3_click_tracker_functions.php:131
actionadmin_enqueue_scriptss3_click_tracker_functions.php:136
Maintenance & Trust

Simple Click Tracker Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedAug 15, 2023
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Simple Click Tracker Lite Alternatives

SEPA Girocode

SEPA Girocode

sepa-girocode

C
63

Create EPC-Codes (in Germany known as Girocode) for money transfer | Girocode-Barcode für SEPA-Überweisungen erstellen

20 1 unpatched
Developer Profile

Simple Click Tracker Lite Developer Profile

maximize

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simple Click Tracker Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-click-tracker-lite/includes/style_admin.css/wp-content/plugins/simple-click-tracker-lite/includes/tree/css/easyTree.css/wp-content/plugins/simple-click-tracker-lite/includes/jquerysctipttop.css
Version Parameters
simple-click-tracker-lite/includes/style_admin.css?ver=simple-click-tracker-lite/includes/tree/css/easyTree.css?ver=simple-click-tracker-lite/includes/jquerysctipttop.css?ver=

HTML / DOM Fingerprints

CSS Classes
sct_tree_wrappersct_tree_view
HTML Comments
<!-- SCT_BASE_URL --><!-- SCT_AJAX_URL --><!-- SCT_UP_ARROW_URL --><!-- SCT_DN_ARROW_URL -->+3 more
Data Attributes
data-sct-id
JS Globals
SCT_BASE_URLSCT_AJAX_URLSCT_NO_ARROW_URLSCT_UP_ARROW_URLSCT_DN_ARROW_URLSCT_IMP_URL+12 more
FAQ

Frequently Asked Questions about Simple Click Tracker Lite