WP-Safety

Simple Tracking Security & Risk Analysis

wordpress.org/plugins/simple-theme-options

Add site-wide tracking codes and conversion pixels. Additionally manage all your social media links, and display them on your site using shortcodes.

300 active installs v2.0.1 PHP 8.1+ WP 6.0+ Updated Dec 27, 2025
analyticsgoogle-analyticsmeta-pixelsocial-mediatracking
100
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 21, 2022
Plugin page Download
Safety Verdict

Is Simple Tracking Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Tracking has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 21, 2022Updated 3mo ago
Risk Assessment

The "simple-theme-options" plugin v2.0.1 exhibits a generally strong security posture, particularly in its handling of SQL queries and output escaping, with 100% of SQL queries using prepared statements and 95% of outputs being properly escaped. The static analysis indicates a very small attack surface with no unprotected entry points and a single capability check. Taint analysis also reveals no critical or high severity vulnerabilities, suggesting a good level of input sanitization and validation within the analyzed flows. However, the absence of nonce checks across all entry points is a notable weakness, leaving the plugin potentially susceptible to CSRF attacks if certain actions were to be exposed through its shortcodes. The vulnerability history, while showing only one past medium severity CVE related to XSS, and no currently unpatched issues, indicates a past instance of improper input neutralization. This, combined with the missing nonce checks, warrants attention for potential future vulnerabilities if new functionalities are added without robust CSRF protection.

Key Concerns

  • Missing Nonce Checks
  • Past Medium Severity CVE (XSS)
Vulnerabilities
1

Simple Tracking Security Vulnerabilities

CVEs by Year

1 CVE in 2022
2022
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2022-0700medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Simple Tracking <= 1.6 - Stored Cross-Site Scripting

Feb 21, 2022 Patched in 1.7 (701d)
Code Analysis
Analyzed Mar 16, 2026

Simple Tracking Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
106 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped111 total outputs
Attack Surface

Simple Tracking Attack Surface

Entry Points2
Unprotected0

Shortcodes 2

[social-link] shortcodes.php:49
[social-icons] shortcodes.php:245
WordPress Hooks 11
actionadmin_initchrs-simple-options.php:48
actionadmin_enqueue_scriptschrs-simple-options.php:298
actionadmin_initchrs-simple-options.php:299
actionadmin_menuchrs-simple-options.php:300
actionwp_headchrs-simple-options.php:321
actionwp_headchrs-simple-options.php:322
actionwp_body_openchrs-simple-options.php:323
actionwp_body_openchrs-simple-options.php:324
actionwp_footerchrs-simple-options.php:325
actionwp_footerchrs-simple-options.php:326
actionwp_enqueue_scriptschrs-simple-options.php:327
Maintenance & Trust

Simple Tracking Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 27, 2025
PHP min version8.1
Downloads16K

Community Trust

Rating100/100
Number of ratings1
Active installs300
Alternatives

Simple Tracking Alternatives

PixelYourSite – Your smart PIXEL (TAG) & API Manager

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

A
89

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs
GA Google Analytics – Connect Google Analytics to WordPress

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

A
100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs
Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

A
95

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs
Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

A
90

Track GA4 Analytics, Google Ads, Microsoft Ads, & Conversion with server-side tracking (CAPI) & product feed to improve ROAS, reports for WooCommerce.

10K 10 CVEs
Simple Universal Google Analytics

Simple Universal Google Analytics

simple-universal-google-analytics

A
85

Enable Universal Google Analytics tracking option on your WordPress site. Add tracking code to every page with WordPress Google Analytics plugin.

4K No CVEs
Developer Profile

Simple Tracking Developer Profile

CHRS Interactive

4 plugins · 400 total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
701 days
View full developer profile
Detection Fingerprints

How We Detect Simple Tracking

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-theme-options/assets/css/chrssto-admin-styles.css/wp-content/plugins/simple-theme-options/assets/js/chrssto-admin-scripts.js/wp-content/plugins/simple-theme-options/assets/js/simple-theme-options.js
Script Paths
/wp-content/plugins/simple-theme-options/assets/js/chrssto-admin-scripts.js/wp-content/plugins/simple-theme-options/assets/js/simple-theme-options.js
Version Parameters
simple-theme-options/assets/css/chrssto-admin-styles.css?ver=simple-theme-options/assets/js/chrssto-admin-scripts.js?ver=simple-theme-options/assets/js/simple-theme-options.js?ver=

HTML / DOM Fingerprints

CSS Classes
chrssto-social-tablechrssto-template-codechrssto-shortcodechrssto-copy-btn
Data Attributes
data-copy
JS Globals
chrssto_vars
Shortcode Output
[social-link[social-icons]
FAQ

Frequently Asked Questions about Simple Tracking