Does Track Debug have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Track Debug compatible with WordPress 6.8.5?

According to WordPress.org data, Track Debug 2.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Track Debug compatible with PHP 7.2+?

Track Debug requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Track Debug updated?

Track Debug was last updated on Mar 22, 2026. Frequent updates are generally a positive security signal.

What is Track Debug's security score?

Track Debug has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Track Debug Security & Risk Analysis

wordpress.org/plugins/track-debug

Track Debug is a WordPress debugging, performance monitoring, plugin analytics, page speed, memory usage, uptime check, security risk, WooCommerce deb …

0 active installs v2.1 PHP 7.2+ WP 5.0+ Updated Mar 22, 2026

debug-logpage-speedperformance-monitorplugin-analyticssecurity-scanner

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Track Debug Safe to Use in 2026?

Generally Safe

Score 100/100

Track Debug has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The 'track-debug' v1.6 plugin exhibits a generally strong security posture based on the provided static analysis. It demonstrates good practices by utilizing prepared statements for all SQL queries, ensuring proper output escaping for all identified outputs, and implementing nonce checks and capability checks for its entry points. The absence of external HTTP requests and shortcodes further reduces potential attack vectors.

However, a concerning finding is the presence of one unsanitized path identified during taint analysis. While no critical or high severity flows were flagged, this single unsanitized path represents a potential risk, as it could be exploited if user-supplied data is not sufficiently validated before being used in file operations, for example. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of its historical security. Nevertheless, the single taint analysis concern warrants attention.

In conclusion, 'track-debug' v1.6 is well-developed from a security perspective, adhering to many best practices. The primary weakness lies in the single identified unsanitized path, which, while not yet leading to a known vulnerability, presents a theoretical risk that should be addressed to further harden the plugin. The lack of historical vulnerabilities is a significant strength, but the taint analysis finding suggests vigilance is still required.

Key Concerns

Flows with unsanitized paths

Vulnerabilities

None known

Track Debug Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Track Debug Release Timeline

v2.1Current

v2.0

v1.6

v1.5

v1.4

v1.3

v1.2

Code Analysis

Analyzed Mar 17, 2026

Track Debug Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped4 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

sptrack_enable_log (includes\class-sptrack-dashboard.php:143)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Track Debug Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_sptrack_dashboard_ajax_callincludes\class-sptrack-dashboard.php:51

WordPress Hooks 3

actionadmin_menuincludes\class-sptrack-debug.php:25

actionadmin_enqueue_scriptsincludes\class-sptrack-meta.php:58

actionplugins_loadedmodule\sp-track-loader.php:44

Maintenance & Trust

Track Debug Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMar 22, 2026

PHP min version7.2

Downloads674

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Track Debug Alternatives

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

nitropack

Boost site speed and performance with an all-in-one cache and speed optimization plugin. Pass Core Web Vitals with CDN, image optimization, lazy loadi …

100K 7 CVEs

TinyPNG – JPEG, PNG & WebP image compression

tiny-compress-images

Speed up your website. Optimize your JPEG, PNG, and WebP images automatically with TinyPNG.

100K 1 CVE

Asset CleanUp: Page Speed Booster

wp-asset-clean-up

Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.

100K 6 CVEs

Insights from Google PageSpeed

google-pagespeed-insights

Use Insights from Google PageSpeed to increase your sites performance, your search engine ranking, and your visitors browsing experience.

20K 2 CVEs

PhastPress

phastpress

PhastPress automatically optimizes your site for the best possible performance.

10K 2 CVEs

Developer Profile

Track Debug Developer Profile

Bhumi

3 plugins · 300 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Track Debug

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/track-debug/build/index.js/wp-content/plugins/track-debug/build/index.css

Script Paths

/wp-content/plugins/track-debug/build/index.js

Version Parameters

track-debug/build/index.js?ver=track-debug/build/index.css?ver=

HTML / DOM Fingerprints

Data Attributes

data-sptrack-url

JS Globals

sp_track_object

FAQ