Does Taboola Pixel have any unpatched vulnerabilities?

No. All known vulnerabilities in Taboola Pixel have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Taboola Pixel compatible with WordPress 6.9.4?

According to WordPress.org data, Taboola Pixel 1.1.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Taboola Pixel compatible with PHP 7.4+?

Taboola Pixel requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Taboola Pixel updated?

Taboola Pixel was last updated on Feb 24, 2026. Frequent updates are generally a positive security signal.

What is Taboola Pixel's security score?

Taboola Pixel has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Taboola Pixel Security & Risk Analysis

wordpress.org/plugins/taboola-pixel

Taboola Pixel is a WordPress plugin that injects the Taboola Pixel code into your website for advanced tracking and analytics.

400 active installs v1.1.5 PHP 7.4+ WP 5.0+ Updated Feb 24, 2026

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Taboola Pixel Safe to Use in 2026?

Generally Safe

Score 100/100

Taboola Pixel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The Taboola Pixel plugin v1.1.5 exhibits a strong security posture based on the provided static analysis and vulnerability history. The code demonstrates good security practices, including 100% use of prepared statements for SQL queries and proper output escaping for all identified outputs. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface.

Critically, there are no critical or high-severity taint flows detected, indicating that user-supplied data is not being mishandled in a way that could lead to significant security breaches. The presence of nonce and capability checks on its two AJAX entry points suggests an effort to protect against common WordPress attack vectors. Furthermore, the plugin has no recorded vulnerabilities, CVEs, or historical security issues, implying a commitment to maintaining a secure codebase.

While the plugin demonstrates considerable strengths in secure coding practices and a clean vulnerability history, its limited attack surface with two unprotected AJAX handlers could be a point of concern if those handlers were to be modified in future versions without proper security considerations. However, based on the current data, the plugin appears to be very secure.

Vulnerabilities

None known

Taboola Pixel Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Taboola Pixel Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped28 total outputs

Attack Surface

Taboola Pixel Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_tabpx_install_account_idincludes\settings.php:127

authwp_ajax_tabpx_uninstall_account_idincludes\settings.php:128

WordPress Hooks 17

actionwp_headincludes\header.php:14

actionadmin_menuincludes\settings.php:12

actionadmin_enqueue_scriptsincludes\settings.php:15

actionadmin_initincludes\settings.php:17

actionadmin_enqueue_scriptsincludes\settings.php:93

actionin_admin_headerincludes\settings.php:147

actionwoocommerce_thankyouincludes\woocommerce-events.php:95

actionwoocommerce_add_to_cartincludes\woocommerce-events.php:111

actionwoocommerce_checkout_initincludes\woocommerce-events.php:130

actionwp_footerincludes\woocommerce-events.php:139

actionwoocommerce_before_single_productincludes\woocommerce-events.php:148

actionwp_footerincludes\woocommerce-events.php:151

actionwoocommerce_before_shop_loopincludes\woocommerce-events.php:160

actionwoocommerce_product_queryincludes\woocommerce-events.php:167

filterwoocommerce_add_to_cart_fragmentsincludes\woocommerce-events.php:183

actionwp_footerincludes\woocommerce-events.php:186

actioninitincludes\woocommerce-events.php:192

Maintenance & Trust

Taboola Pixel Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs400

Alternatives

Taboola Pixel Alternatives

No alternatives data available yet.

Developer Profile

Taboola Pixel Developer Profile

Taboola

3 plugins · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

183 days

View full developer profile

Detection Fingerprints

How We Detect Taboola Pixel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/taboola-pixel/js/taboola-pixel.js/wp-content/plugins/taboola-pixel/css/taboola-pixel.css/wp-content/plugins/taboola-pixel/js/taboola-pixel-woocommerce.js

Script Paths

/wp-content/plugins/taboola-pixel/js/taboola-pixel.js/wp-content/plugins/taboola-pixel/js/taboola-pixel-woocommerce.js

Version Parameters

taboola-pixel/js/taboola-pixel.js?ver=taboola-pixel/css/taboola-pixel.css?ver=taboola-pixel/js/taboola-pixel-woocommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes

wc-taboola-event-placeholder

JS Globals

window._tfa

FAQ