Does PalmsTrack – WordPress Costs & Subscriptions Tracker have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is PalmsTrack – WordPress Costs & Subscriptions Tracker compatible with WordPress 6.7.5?

According to WordPress.org data, PalmsTrack – WordPress Costs & Subscriptions Tracker 1.6.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is PalmsTrack – WordPress Costs & Subscriptions Tracker compatible with PHP 7.2+?

PalmsTrack – WordPress Costs & Subscriptions Tracker requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is PalmsTrack – WordPress Costs & Subscriptions Tracker's security score?

PalmsTrack – WordPress Costs & Subscriptions Tracker has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PalmsTrack – WordPress Costs & Subscriptions Tracker Security & Risk Analysis

wordpress.org/plugins/subscription-tracker

Track, organize and optimize your WordPress site's costs, subscription renewal dates, and grow your site's bottom line.

10 active installs v1.6.1 PHP 7.2+ WP 5.2+ Updated Apr 13, 2025

cost-trackerexpense-managementsubscription-managementwordpress-costs

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PalmsTrack – WordPress Costs & Subscriptions Tracker Safe to Use in 2026?

Generally Safe

Score 92/100

PalmsTrack – WordPress Costs & Subscriptions Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "subscription-tracker" v1.6.1 plugin exhibits a strong security posture based on the provided static analysis. It demonstrates excellent adherence to WordPress security best practices, with all identified entry points (14 AJAX handlers) protected by both nonce and capability checks. The code also shows robust defense against common vulnerabilities, as evidenced by the 100% use of prepared statements for SQL queries and proper output escaping for all identified outputs. The absence of dangerous functions, file operations, and external HTTP requests further contributes to its secure design. Taint analysis did not reveal any critical or high-severity vulnerabilities related to unsanitized data flows.

The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a consistent track record of security. This lack of historical issues, combined with the positive static analysis results, indicates a well-maintained and secure plugin. However, it's important to note that static analysis is not exhaustive and may not catch all potential vulnerabilities, especially those arising from complex interactions or environment-specific configurations. The relatively high number of AJAX handlers, though secured, does represent a significant attack surface that is constantly being monitored and maintained.

In conclusion, "subscription-tracker" v1.6.1 appears to be a secure plugin. Its strengths lie in its comprehensive use of WordPress security mechanisms like nonces and capability checks, along with secure coding practices for database queries and output handling. The absence of known vulnerabilities reinforces this assessment. The only minor area of consideration is the number of AJAX endpoints, which, while secured, represent potential areas for future vulnerabilities if not rigorously maintained. Overall, the risk associated with this plugin is low.

Vulnerabilities

None known

PalmsTrack – WordPress Costs & Subscriptions Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

PalmsTrack – WordPress Costs & Subscriptions Tracker Release Timeline

v1.6.1Current

v1.6

v1.5

v1.4

v1.3

Code Analysis

Analyzed Apr 16, 2026

PalmsTrack – WordPress Costs & Subscriptions Tracker Code Analysis

Dangerous Functions

Raw SQL Queries

45 prepared

Unescaped Output

293 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared45 total queries

Output Escaping

100% escaped294 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

palmsst_get_notes (includes/class-palmsst-admin.php:204)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

PalmsTrack – WordPress Costs & Subscriptions Tracker Attack Surface

Entry Points14

Unprotected0

AJAX Handlers 14

authwp_ajax_palmsst_save_plugin_dataincludes/class-palmsst-admin.php:21

authwp_ajax_palmsst_export_plugin_dataincludes/class-palmsst-admin.php:22

authwp_ajax_palmsst_get_calendar_eventsincludes/class-palmsst-admin.php:24

authwp_ajax_palmsst_sync_pluginsincludes/class-palmsst-admin.php:25

authwp_ajax_palmsst_add_subscriptionincludes/class-palmsst-admin.php:26

authwp_ajax_palmsst_delete_subscriptionincludes/class-palmsst-admin.php:27

authwp_ajax_palmsst_get_notesincludes/class-palmsst-admin.php:28

authwp_ajax_palmsst_save_notesincludes/class-palmsst-admin.php:29

authwp_ajax_palmsst_add_free_trialincludes/class-palmsst-admin.php:30

authwp_ajax_palmsst_get_trial_notesincludes/class-palmsst-admin.php:31

authwp_ajax_palmsst_update_trial_notesincludes/class-palmsst-admin.php:32

authwp_ajax_palmsst_delete_trialincludes/class-palmsst-admin.php:33

authwp_ajax_palmsst_update_subscriptionincludes/class-palmsst-admin.php:35

authwp_ajax_palmsst_dismiss_renewal_alertincludes/class-palmsst-admin.php:38

WordPress Hooks 6

actionadmin_enqueue_scriptsincludes/class-palmsst-admin.php:19

actionadmin_menuincludes/class-palmsst-admin.php:20

actionwp_dashboard_setupincludes/class-palmsst-admin.php:23

actionadmin_noticesincludes/class-palmsst-admin.php:36

actionwp_loginincludes/class-palmsst-admin.php:37

actionadmin_initsubscription-tracker.php:34

Maintenance & Trust

PalmsTrack – WordPress Costs & Subscriptions Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedApr 13, 2025

PHP min version7.2

Downloads761

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

PalmsTrack – WordPress Costs & Subscriptions Tracker Alternatives

YITH WooCommerce Subscription

yith-woocommerce-subscription

It allows you to manage recurring payments for product subscription that grant you constant periodical income

7K 1 CVE

Recurio – Ultimate Subscription for WooCommerce

recurio

100

A powerful and comprehensive WooCommerce subscription management plugin with advanced analytics, automated billing, and customer portal.

900 No CVEs

Memberstack – Member Management & Content Protection

memberstack

100

Transform your WordPress site into a premium membership platform. Create members-only content and manage subscriptions with ease.

100 No CVEs

Cancellation Survey and Offers for Woo Subscriptions

cancellation-surveys-offers-for-woo-subscriptions

100

Increase retention for WooCommerce Subscriptions by making retention offers (discounts or skip renewal), and collecting feedback with surveys when cus …

30 No CVEs

1CRM Customer Connection for WordPress

1crm-customer-connection

The easiest way to connect 1CRM with WordPress.

10 No CVEs

Developer Profile

PalmsTrack – WordPress Costs & Subscriptions Tracker Developer Profile

PalmsTrack

2 plugins · 10 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PalmsTrack – WordPress Costs & Subscriptions Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/subscription-tracker/assets/lib/fullcalendar.min.js/wp-content/plugins/subscription-tracker/assets/js/psm-admin.js/wp-content/plugins/subscription-tracker/assets/css/psm-admin.css/wp-content/plugins/subscription-tracker/assets/lib/chart.min.js/wp-content/plugins/subscription-tracker/assets/lib/chartjs-plugin-datalabels/dist/chartjs-plugin-datalabels.min.js/wp-content/plugins/subscription-tracker/assets/js/palmsst-settings.js

Script Paths

/wp-content/plugins/subscription-tracker/assets/lib/fullcalendar.min.js/wp-content/plugins/subscription-tracker/assets/js/psm-admin.js/wp-content/plugins/subscription-tracker/assets/lib/chart.min.js/wp-content/plugins/subscription-tracker/assets/lib/chartjs-plugin-datalabels/dist/chartjs-plugin-datalabels.min.js/wp-content/plugins/subscription-tracker/assets/js/palmsst-settings.js

Version Parameters

subscription-tracker/assets/lib/fullcalendar.min.js?ver=subscription-tracker/assets/js/psm-admin.js?ver=subscription-tracker/assets/css/psm-admin.css?ver=subscription-tracker/assets/lib/chart.min.js?ver=subscription-tracker/assets/lib/chartjs-plugin-datalabels/dist/chartjs-plugin-datalabels.min.js?ver=subscription-tracker/assets/js/palmsst-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes

palms-subscription-tracker-wrap

Data Attributes

data-nonce="palmsst_nonce"data-ajaxurl="admin-ajax.php"

JS Globals

palmsstpalmsst_insights_ajax_object

REST Endpoints

/wp-json/palmsst/v1/subscriptions/wp-json/palmsst/v1/sync

FAQ