Does TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Security & Risk Analysis

wordpress.org/plugins/tracksharp

Secure server-side GA4 tracking for WooCommerce + a built-in Audit Dashboard to detect Google Ads & Meta attribution risks.

0 active installs v1.3.1 PHP 7.4+ WP 6.1+ Updated Mar 4, 2026

facebook-pixelga4google-adsserver-side-trackingwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The tracksharp plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all SQL queries and properly escaping a high percentage of its output. The absence of known vulnerabilities in its history is also a good sign, suggesting a generally well-maintained codebase.

However, significant concerns arise from the static analysis. The plugin exposes two REST API routes without any permission callbacks, creating a substantial attack surface that is unprotected. Furthermore, the taint analysis reveals two high-severity flows with unsanitized paths, indicating potential vulnerabilities where external input could be improperly handled and lead to security issues.

While the lack of historical CVEs is encouraging, the presence of critical security weaknesses in the current code analysis cannot be ignored. The unprotected REST API endpoints and the high-severity taint flows present immediate risks that need to be addressed. The plugin has a strong foundation in some areas, but these specific vulnerabilities represent notable weaknesses that expose users to potential harm.

Key Concerns

Unprotected REST API routes
High severity unsanitized taint flows

Vulnerabilities

None known

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

56 prepared

Unescaped Output

310 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared56 total queries

Output Escaping

96% escaped323 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

<class-tracksharp-wizard> (includes\admin\class-tracksharp-wizard.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

POST/wp-json/tracksharp/v1/pincludes\class-tracksharp-rest.php:62

POST/wp-json/tracksharp/v1/collectincludes\class-tracksharp-rest.php:69

WordPress Hooks 31

actionadmin_menuincludes\admin\class-tracksharp-admin.php:61

actionadmin_menuincludes\admin\class-tracksharp-admin.php:62

actionadmin_initincludes\admin\class-tracksharp-admin.php:63

actionadmin_initincludes\admin\class-tracksharp-admin.php:64

actionadmin_enqueue_scriptsincludes\admin\class-tracksharp-admin.php:65

actionadmin_noticesincludes\admin\class-tracksharp-admin.php:66

actionadmin_noticesincludes\admin\class-tracksharp-admin.php:67

actionadmin_noticesincludes\admin\class-tracksharp-admin.php:68

actionadd_meta_boxesincludes\admin\class-tracksharp-admin.php:69

actionrest_api_initincludes\class-tracksharp-loader.php:136

actionwp_headincludes\class-tracksharp-loader.php:140

actionwp_enqueue_scriptsincludes\class-tracksharp-loader.php:147

actionwp_enqueue_scriptsincludes\class-tracksharp-loader.php:148

actiontracksharp_prune_eventsincludes\class-tracksharp-loader.php:150

actiontracksharp_ga4_purchase_fallbackincludes\class-tracksharp-loader.php:151

filtertracksharp_ga4_requires_marketingincludes\class-tracksharp-loader.php:153

filtertracksharp_tracker_is_consent_grantedincludes\class-tracksharp-loader.php:154

actioninitincludes\class-tracksharp-woocommerce.php:73

actionwoocommerce_checkout_create_orderincludes\class-tracksharp-woocommerce.php:74

actionwoocommerce_payment_completeincludes\class-tracksharp-woocommerce.php:76

actionwoocommerce_order_status_processingincludes\class-tracksharp-woocommerce.php:77

actionwoocommerce_order_status_completedincludes\class-tracksharp-woocommerce.php:78

actionwoocommerce_thankyouincludes\class-tracksharp-woocommerce.php:80

actionwoocommerce_order_status_changedincludes\class-tracksharp-woocommerce.php:81

actionwoocommerce_add_to_cartincludes\class-tracksharp-woocommerce.php:83

actionwp_enqueue_scriptsincludes\class-tracksharp-woocommerce.php:84

actionwoocommerce_checkout_order_processedincludes\class-tracksharp-woocommerce.php:85

filterdefault_currencyTracksharp-tracker.php:101

filterplugin_iconTracksharp-tracker.php:105

filteris_submenu_visibleTracksharp-tracker.php:109

actionconnect/after_license_inputTracksharp-tracker.php:133

Scheduled Events 2

tracksharp_prune_events

tracksharp_ga4_purchase_fallback

Maintenance & Trust

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 4, 2026

PHP min version7.4

Downloads512

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Alternatives

Server Side Tracking via GTM for Google Analytics 4, Meta Conversions API & Google Ads

server-side-tagging-via-google-tag-manager-for-wordpress

100

Fix missing WooCommerce conversions using server-side GTM tracking. Improve GA4, Google Ads & Meta Conversions API accuracy.

20 No CVEs

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

Track GA4 Analytics, Google Ads, Microsoft Ads, & Conversion with server-side tracking (CAPI) & product feed to improve ROAS, reports for WooCommerce.

10K 10 CVEs

Tag Pilot FREE – Google Tag Manager Integration for WooCommerce

gtm-ecommerce-woo

100

Complete GTM plugin for WooCommerce (Consent Mode v2 and Server-Side). Ready for GA4 and FB Pixel. Product feed for Google Merchant Center.

2K No CVEs

Pixelavo – Server Side Tracking & Pixel + AI Ads Tools

pixelavo

100

Add pixel tracking to your WordPress site with Conversions API, server-side tracking, AI ad copy generation, and AI marketing consultant.

800 No CVEs

Developer Profile

TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce Developer Profile

TrackSharp

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TrackSharp: Server-Side GA4 Tracking + Attribution Audit for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tracksharp/assets/css/admin.css/wp-content/plugins/tracksharp/assets/js/admin.js/wp-content/plugins/tracksharp/assets/css/frontend.css/wp-content/plugins/tracksharp/assets/js/frontend.js

Script Paths

/wp-content/plugins/tracksharp/assets/js/admin.js/wp-content/plugins/tracksharp/assets/js/frontend.js

Version Parameters

tracksharp/assets/css/admin.css?ver=tracksharp/assets/js/admin.js?ver=tracksharp/assets/css/frontend.css?ver=tracksharp/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

tracksharp-admin-wraptracksharp-settings-wraptracksharp-wizard-wraptracksharp-dashboard-wraptracksharp-events-page-wraptracksharp-dashboard-widget

HTML Comments

Data Attributes

data-tracksharp-event-iddata-tracksharp-user-id

JS Globals

TrackSharpAdminTrackSharpFrontend

REST Endpoints

/wp-json/tracksharp/v1/events/wp-json/tracksharp/v1/settings

Shortcode Output

[tracksharp_tracking_code]

FAQ