WP-Safety

Taboola Pixel Security & Risk Analysis

wordpress.org/plugins/taboola-pixel

Taboola Pixel is a WordPress plugin that injects the Taboola Pixel code into your website for advanced tracking and analytics.

400 active installs v1.1.5 PHP 7.4+ WP 5.0+ Updated Feb 24, 2026
99
A · Safe
CVEs total1
Unpatched0
Last CVEMar 20, 2026
Download
Safety Verdict

Is Taboola Pixel Safe to Use in 2026?

Generally Safe

Score 99/100

Taboola Pixel has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Mar 20, 2026Updated 2mo ago
Risk Assessment

The Taboola Pixel plugin v1.1.5 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code demonstrates good security practices, including 100% use of prepared statements for SQL queries and proper output escaping for all identified outputs. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface.

Critically, there are no critical or high-severity taint flows detected, indicating that user-supplied data is not being mishandled in a way that could lead to significant security breaches. The presence of nonce and capability checks on its two AJAX entry points suggests an effort to protect against common WordPress attack vectors. Furthermore, the plugin has no recorded vulnerabilities, CVEs, or historical security issues, implying a commitment to maintaining a secure codebase.

While the plugin demonstrates considerable strengths in secure coding practices and a clean vulnerability history, its limited attack surface with two unprotected AJAX handlers could be a point of concern if those handlers were to be modified in future versions without proper security considerations. However, based on the current data, the plugin appears to be very secure.

Vulnerabilities
1 published

Taboola Pixel Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-32545medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Taboola Pixel <= 1.1.4 - Reflected Cross-Site Scripting

Mar 20, 2026 Patched in 1.1.5 (7d)
Version History

Taboola Pixel Release Timeline

v1.1.5Current
v1.1.41 CVE
CVE-2026-32545
v1.1.31 CVE
CVE-2026-32545
v1.0.241 CVE
CVE-2026-32545
v1.0.231 CVE
CVE-2026-32545
v1.0.221 CVE
CVE-2026-32545
v1.0.211 CVE
CVE-2026-32545
Code Analysis
Analyzed Mar 17, 2026

Taboola Pixel Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
28 escaped
Nonce Checks
3
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

100% escaped28 total outputs
Attack Surface

Taboola Pixel Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_tabpx_install_account_idincludes\settings.php:127
authwp_ajax_tabpx_uninstall_account_idincludes\settings.php:128
WordPress Hooks 17
actionwp_headincludes\header.php:14
actionadmin_menuincludes\settings.php:12
actionadmin_enqueue_scriptsincludes\settings.php:15
actionadmin_initincludes\settings.php:17
actionadmin_enqueue_scriptsincludes\settings.php:93
actionin_admin_headerincludes\settings.php:147
actionwoocommerce_thankyouincludes\woocommerce-events.php:95
actionwoocommerce_add_to_cartincludes\woocommerce-events.php:111
actionwoocommerce_checkout_initincludes\woocommerce-events.php:130
actionwp_footerincludes\woocommerce-events.php:139
actionwoocommerce_before_single_productincludes\woocommerce-events.php:148
actionwp_footerincludes\woocommerce-events.php:151
actionwoocommerce_before_shop_loopincludes\woocommerce-events.php:160
actionwoocommerce_product_queryincludes\woocommerce-events.php:167
filterwoocommerce_add_to_cart_fragmentsincludes\woocommerce-events.php:183
actionwp_footerincludes\woocommerce-events.php:186
actioninitincludes\woocommerce-events.php:192
Maintenance & Trust

Taboola Pixel Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 24, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs400
Alternatives

Taboola Pixel Alternatives

No alternatives data available yet.

Developer Profile

Taboola Pixel Developer Profile

Taboola

3 plugins · 3K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
95 days
View full developer profile
Detection Fingerprints

How We Detect Taboola Pixel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/taboola-pixel/js/taboola-pixel.js/wp-content/plugins/taboola-pixel/css/taboola-pixel.css/wp-content/plugins/taboola-pixel/js/taboola-pixel-woocommerce.js
Script Paths
/wp-content/plugins/taboola-pixel/js/taboola-pixel.js/wp-content/plugins/taboola-pixel/js/taboola-pixel-woocommerce.js
Version Parameters
taboola-pixel/js/taboola-pixel.js?ver=taboola-pixel/css/taboola-pixel.css?ver=taboola-pixel/js/taboola-pixel-woocommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc-taboola-event-placeholder
JS Globals
window._tfa
FAQ

Frequently Asked Questions about Taboola Pixel