Does Traffic have any unpatched vulnerabilities?

No. All known vulnerabilities in Traffic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Traffic compatible with WordPress 6.9.4?

According to WordPress.org data, Traffic 3.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Traffic compatible with PHP 8.1+?

Traffic requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Traffic updated?

Traffic was last updated on Nov 14, 2025. Frequent updates are generally a positive security signal.

What is Traffic's security score?

Traffic has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Traffic Security & Risk Analysis

wordpress.org/plugins/traffic

Full featured monitoring & analytics for WordPress APIs.

200 active installs v3.3.0 PHP 8.1+ WP 6.2+ Updated Nov 14, 2025

analyticsapireportsrest-apistatistics

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Traffic Safe to Use in 2026?

Generally Safe

Score 100/100

Traffic has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "traffic" plugin v3.3.0 presents a mixed security posture. While the absence of known CVEs and a low number of critical taint flows are positive indicators, concerns arise from its attack surface and output escaping. Two AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. Furthermore, a significant portion of output (42%) is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without sanitization. The plugin's vulnerability history is clean, suggesting a generally good track record, but this should be balanced against the present code analysis findings. Overall, the plugin demonstrates some good security practices like a high percentage of prepared SQL statements and nonce checks, but the unauthenticated AJAX endpoints and output escaping issues require attention to mitigate potential risks.

Key Concerns

Unprotected AJAX handlers
Unescaped output detected

Vulnerabilities

None known

Traffic Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Traffic Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

55 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

83% prepared24 total queries

Output Escaping

58% escaped95 total outputs

Attack Surface

2 unprotected

Traffic Attack Surface

Entry Points7

Unprotected2

AJAX Handlers 3

authwp_ajax_hide_traffic_nagincludes\plugin\class-core.php:110

authwp_ajax_traffic_get_statsincludes\plugin\class-core.php:111

authwp_ajax_poo_switch_autoupdateperfopsone\functions.php:32

Shortcodes 4

[traffic-wpcli] includes\features\class-wpcli.php:711

[traffic-changelog] includes\plugin\class-core.php:82

[traffic-libraries] includes\plugin\class-core.php:83

[traffic-statistics] includes\plugin\class-core.php:84

WordPress Hooks 37

filterinit_perfopsone_admin_menusadmin\class-traffic-admin.php:194

filterpre_http_requestincludes\features\class-capture.php:75

filterhttp_api_debugincludes\features\class-capture.php:76

filterrest_pre_echo_responseincludes\features\class-capture.php:77

actionshutdownincludes\features\class-memory.php:91

actionshutdownincludes\features\class-memory.php:93

actionshutdownincludes\features\class-schema.php:72

filterperfopsone_plugin_infoincludes\plugin\class-core.php:78

actioninitincludes\plugin\class-core.php:79

actioninitincludes\plugin\class-core.php:80

actionwp_headincludes\plugin\class-core.php:81

actionrest_api_initincludes\plugin\class-core.php:87

actioninitincludes\plugin\class-core.php:100

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:101

actionadmin_enqueue_scriptsincludes\plugin\class-core.php:102

actionadmin_menuincludes\plugin\class-core.php:103

actionadmin_menuincludes\plugin\class-core.php:104

actionadmin_menuincludes\plugin\class-core.php:105

actionadmin_initincludes\plugin\class-core.php:106

filterplugin_row_metaincludes\plugin\class-core.php:108

actionadmin_noticesincludes\plugin\class-core.php:109

filtermyblogs_blog_actionsincludes\plugin\class-core.php:112

filtermanage_sites_action_linksincludes\plugin\class-core.php:113

actionwp_enqueue_scriptsincludes\plugin\class-core.php:125

actionwp_enqueue_scriptsincludes\plugin\class-core.php:126

filterplugins_apiincludes\plugin\class-updater.php:66

filtersite_transient_update_pluginsincludes\plugin\class-updater.php:67

actionupgrader_process_completeincludes\plugin\class-updater.php:68

filterclean_urlincludes\plugin\class-updater.php:69

filterperfopsone_apcu_infoincludes\system\class-apcu.php:51

filtersite_status_testsincludes\system\class-sitehealth.php:77

filtersite_status_testsincludes\system\class-sitehealth.php:78

filtersite_status_testsincludes\system\class-sitehealth.php:79

filtersite_status_testsincludes\system\class-sitehealth.php:81

filterdebug_informationincludes\system\class-sitehealth.php:91

filterdebug_informationincludes\system\class-sitehealth.php:109

actionadmin_bar_menuperfopsone\class-adminbar.php:54

Maintenance & Trust

Traffic Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 14, 2025

PHP min version8.1

Downloads22K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

Traffic Alternatives

SlimStat Analytics

wp-slimstat

The leading web analytics plugin for WordPress

80K 23 CVEs

API Stats

wp-api-stats

100

View and filter API calls to your website with details about Method, Path, Response time, and Count.

100 No CVEs

Vectoron

vectoron

100

A WordPress REST API plugin for external content management with authenticated API endpoints, GA4 tracking shortcodes, and ACF integration.

0 No CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs

Developer Profile

Traffic Developer Profile

Pierre Lannoy

12 plugins · 15K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

65 days

View full developer profile

Detection Fingerprints

How We Detect Traffic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/traffic/dist/css/traffic.css/wp-content/plugins/traffic/dist/js/traffic.js

Script Paths

/wp-content/plugins/traffic/dist/js/traffic.js

Version Parameters

traffic/dist/css/traffic.css?ver=traffic/dist/js/traffic.js?ver=

HTML / DOM Fingerprints

CSS Classes

traffic-dashboardtraffic-rowtraffic-about-logo

HTML Comments

+4 more

Data Attributes

style="opacity:0;"style="width:16px;vertical-align:text-bottom;"style="min-height: 100px; position: fixed; bottom: 4vh; right: 4vw; z-index: 10000"style="background-color: #FFF; padding: 20px; border-radius: 4px; box-shadow: 2px 2px 10px rgba(0, 0, 0, 0.2)"style="width:60px; margin-right: 20px;"style="float: right; text-align: center;padding-top:10px"

JS Globals

TRAFFIC_ASSETS_IDTRAFFIC_PRODUCT_NAMETRAFFIC_VERSIONTRAFFIC_SLUG

Shortcode Output

[traffic-libraries][traffic-changelog][traffic-wpcli]

FAQ