WP-Safety

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Security & Risk Analysis

wordpress.org/plugins/sitestats-analytics

Drag-and-drop WordPress analytics dashboard that combines data from Google Analytics, Search Console, Bing Webmaster, WordPress, WooCommerce & others.

10 active installs v1.5.2 PHP 7.0+ WP 5.9+ Updated Feb 20, 2026
bing-webmasterbing-webmaster-toolsgoogle-analyticssearch-consolewordpress-analytics
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Safe to Use in 2026?

Generally Safe

Score 100/100

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The static analysis of sitestats-analytics v1.5.2 reveals a generally strong security posture, with a notable absence of critical code signals like dangerous functions, unsanitized taint flows, and direct SQL queries without prepared statements. The presence of nonce and capability checks, along with a high percentage of output escaping, are positive indicators of secure coding practices. The plugin also demonstrates good hygiene by avoiding file operations and bundled libraries, and it has no recorded vulnerability history, suggesting a stable and well-maintained codebase.

However, the analysis does highlight some areas for caution. The plugin makes a significant number of external HTTP requests (15), which can introduce risks if the target endpoints are compromised or if the data exchanged is not handled securely. While the attack surface appears minimal with no identified entry points without authentication checks, the absence of any AJAX handlers, REST API routes, shortcodes, or cron events could also mean limited functionality or that critical functions are exposed through less obvious means. The 15% of unescaped output, while not critical, still represents a potential avenue for cross-site scripting (XSS) vulnerabilities if sensitive data is involved.

Overall, sitestats-analytics v1.5.2 presents as a relatively secure plugin, especially given its lack of historical vulnerabilities and its adherence to fundamental secure coding principles like prepared statements and escaping. The primary concerns revolve around the external HTTP requests and the small percentage of unescaped output. The limited attack surface, while positive, should be monitored for any future additions that might introduce new risks. The plugin's stability and lack of past issues are significant strengths, but vigilance regarding external dependencies and output sanitization is still warranted.

Key Concerns

  • Unescaped output present
  • External HTTP requests present
Vulnerabilities
None known

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
13 prepared
Unescaped Output
33
187 escaped
Nonce Checks
14
Capability Checks
30
File Operations
0
External Requests
15
Bundled Libraries
0

SQL Query Safety

100% prepared13 total queries

Output Escaping

85% escaped220 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
render_settings_page (includes\class-plugin.php:935)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 22
actionadmin_post_sitestats_bing_connectincludes\class-bing-connect.php:17
actionadmin_post_sitestats_bing_disconnectincludes\class-bing-connect.php:18
actionadmin_post_sitestats_bing_callbackincludes\class-bing-connect.php:20
actionadmin_post_sitestats_google_connectincludes\class-google-connect.php:18
actionadmin_post_sitestats_google_disconnectincludes\class-google-connect.php:19
actionadmin_post_sitestats_google_callbackincludes\class-google-connect.php:21
actionadmin_initincludes\class-onboarding.php:18
actionadmin_enqueue_scriptsincludes\class-onboarding.php:21
actionadmin_post_sitestats_onboarding_start_googleincludes\class-onboarding.php:23
actionadmin_post_sitestats_onboarding_start_bingincludes\class-onboarding.php:24
actionadmin_post_sitestats_onboarding_create_modulesincludes\class-onboarding.php:25
actionadmin_menuincludes\class-plugin.php:62
actionadmin_enqueue_scriptsincludes\class-plugin.php:63
actioninitincludes\class-plugin.php:65
actionrest_api_initincludes\class-plugin.php:68
actionadmin_noticesincludes\class-plugin.php:75
actionsitestats_analytics/onboarding/seed_modulesincludes\class-plugin.php:77
actionadmin_initincludes\class-settings-global.php:12
actionsitestats_analytics/onboarding/seedincludes\onboarding-seed.php:8
actionadmin_menusitestats-analytics.php:32
actionplugins_loadedsitestats-analytics.php:39
actionplugins_loadedsitestats-analytics.php:61
Maintenance & Trust

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 20, 2026
PHP min version7.0
Downloads519

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Alternatives

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

A
96

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs
Independent Analytics – Google Analytics Alternative for WordPress

Independent Analytics – Google Analytics Alternative for WordPress

independent-analytics

A
100

A simple WordPress analytics plugin that is privacy-friendly, fast, and an alternative to Google Analytics.

100K No CVEs
Beehive Analytics – Google Analytics Dashboard

Beehive Analytics – Google Analytics Dashboard

beehive-analytics

A
100

View visitor stats and track user behavior from within WordPress. A Google Analytics plugin with dashboard reports and Google Tag Manager support.

30K No CVEs
Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking)

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking)

wp-analytify

A
96

Analytify is the must-have Plugin for Google Analytics 4 Integration, Tracking, & Reporting in WordPress. Enhanced eCommerce, Events, & Call Analytics

20K 13 CVEs
Analytics Insights – Google Analytics Dashboard for WordPress

Analytics Insights – Google Analytics Dashboard for WordPress

analytics-insights

A
100

A full-featured and entirely free Google Analytics Dashboard plugin for WordPress. Displays stats to help you to better understand your site content.

10K 1 CVE
Developer Profile

SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console Developer Profile

Quicksnail Plugins

4 plugins · 370 total installs

93
trust score
Avg Security Score
98/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sitestats-analytics/assets/css/onboarding.css/wp-content/plugins/sitestats-analytics/assets/js/onboarding.js
Script Paths
/wp-content/plugins/sitestats-analytics/assets/js/onboarding.js
Version Parameters
sitestats-analytics/assets/css/onboarding.css?ver=sitestats-analytics/assets/js/onboarding.js?ver=

HTML / DOM Fingerprints

CSS Classes
sitestats-onboardingsitestats-onboarding__shellsitestats-onboarding__headersitestats-onboarding__brand
Data Attributes
data-step
JS Globals
SiteStatsOnboarding
REST Endpoints
/wp-json/sitestats_analytics/v1/google_sites/wp-json/sitestats_analytics/v1/google_properties/wp-json/sitestats_analytics/v1/bing_sites
FAQ

Frequently Asked Questions about SiteStats Analytics – Google Analytics, Bing Webmaster & Search Console