Does Tiny gtag.js Analytics have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Tiny gtag.js Analytics compatible with WordPress 6.8.5?

According to WordPress.org data, Tiny gtag.js Analytics 3.1.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Tiny gtag.js Analytics compatible with PHP 7.3+?

Tiny gtag.js Analytics requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tiny gtag.js Analytics updated?

Tiny gtag.js Analytics was last updated on Oct 29, 2025. Frequent updates are generally a positive security signal.

What is Tiny gtag.js Analytics's security score?

Tiny gtag.js Analytics has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tiny gtag.js Analytics Security & Risk Analysis

wordpress.org/plugins/tiny-gtag-js-analytics

Adds the required script tags for gtag.js, a.k.a. the Google tag, to your site's HTML.

400 active installs v3.1.0 PHP 7.3+ WP 5.0+ Updated Oct 29, 2025

analyticsgoogle

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Tiny gtag.js Analytics Safe to Use in 2026?

Generally Safe

Score 100/100

Tiny gtag.js Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The static analysis of tiny-gtag-js-analytics v3.1.0 reveals a generally good security posture, with no identified attack surface points, dangerous functions, or critical taint analysis findings. The plugin utilizes prepared statements for all SQL queries, which is a strong indicator of secure database interaction. File operations and external HTTP requests are also absent, reducing potential vectors for compromise. However, the analysis does highlight a weakness in output escaping, with 25% of outputs not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved in these unescaped outputs.

The absence of vulnerability history, including CVEs and common vulnerability types, suggests a well-maintained or less targeted plugin. The lack of critical findings in taint analysis further reinforces this. Despite the positive indicators, the unescaped output remains a potential concern that could be exploited. The plugin demonstrates good practice in avoiding common vulnerabilities like SQL injection and lacking a significant attack surface, but the output escaping issue needs attention to ensure a truly robust security profile.

Key Concerns

Unescaped output found

Vulnerabilities

None known

Tiny gtag.js Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Tiny gtag.js Analytics Release Timeline

v3.1.0Current

v3.0.1

v3.0.0

v2.0.1

v2.0.0

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Tiny gtag.js Analytics Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped16 total outputs

Attack Surface

Tiny gtag.js Analytics Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_menutiny-gtag-js-analytics.php:15

actionadmin_inittiny-gtag-js-analytics.php:44

actionwp_headtiny-gtag-js-analytics.php:380

actionwp_body_opentiny-gtag-js-analytics.php:519

actionwp_footertiny-gtag-js-analytics.php:522

Maintenance & Trust

Tiny gtag.js Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 29, 2025

PHP min version7.3

Downloads4K

Community Trust

Rating100/100

Number of ratings1

Active installs400

Alternatives

Tiny gtag.js Analytics Alternatives

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 11 CVEs

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

600K 37 CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

Developer Profile

Tiny gtag.js Analytics Developer Profile

Roy Orbitson

8 plugins · 3K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Tiny gtag.js Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tiny-gtag-js-analytics/dist/gtag.js

Script Paths

/wp-content/plugins/tiny-gtag-js-analytics/dist/gtag.js

Version Parameters

tiny-gtag-js-analytics/dist/gtag.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-gtag-optindata-gtag-id

JS Globals

window.gtagInit

FAQ