Does UTM Generator have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is UTM Generator compatible with WordPress 5.2.24?

According to WordPress.org data, UTM Generator 1.0 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is UTM Generator updated?

UTM Generator was last updated on Aug 14, 2019. Frequent updates are generally a positive security signal.

What is UTM Generator's security score?

UTM Generator has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

UTM Generator Security & Risk Analysis

wordpress.org/plugins/tru-utm-generator

Generate UTM links

10 active installs v1.0 PHP + WP 4.4+ Updated Aug 14, 2019

google-analytics-url-buildergoogle-url-builderutmutm-generatorutm-url-builder

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is UTM Generator Safe to Use in 2026?

Generally Safe

Score 85/100

UTM Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "tru-utm-generator" plugin v1.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its single SQL query and has a clean vulnerability history with no known CVEs. The absence of file operations, external HTTP requests, and critical/high severity taint flows is also reassuring.

However, there are notable areas of concern. The plugin has an unprotected AJAX handler, which represents a significant attack surface without authentication. Furthermore, only 30% of its outputs are properly escaped, leaving potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is displayed without adequate sanitization. The presence of a bundled library, DataTables, could also pose a risk if it's an outdated version, though this is not explicitly detailed in the provided data.

In conclusion, while the plugin avoids common pitfalls like raw SQL or exploitable taint flows, the unprotected AJAX endpoint and insufficient output escaping are critical weaknesses. These flaws, combined with the potential risks from bundled libraries, necessitate caution. Addressing these specific issues would significantly improve the plugin's overall security.

Key Concerns

Unprotected AJAX handler
Low percentage of properly escaped output
Bundled DataTables library

Vulnerabilities

None known

UTM Generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

UTM Generator Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

UTM Generator Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

100% prepared1 total queries

Output Escaping

30% escaped40 total outputs

Attack Surface

1 unprotected

UTM Generator Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 3

authwp_ajax_tru_utm_url_generateclasses/tru_utm_generator.php:9

noprivwp_ajax_tru_utm_url_generateclasses/tru_utm_generator.php:10

authwp_ajax_mk_tru_utm_generator_helpclasses/tru_utm_generator.php:13

Shortcodes 1

[tru_utm_generator] classes/tru_utm_generator.php:8

WordPress Hooks 3

actionadmin_menuclasses/tru_utm_generator.php:7

actionwp_enqueue_scriptsclasses/tru_utm_generator.php:11

actionadmin_enqueue_scriptsclasses/tru_utm_generator.php:12

Maintenance & Trust

UTM Generator Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 14, 2019

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

UTM Generator Alternatives

UTM Code Generator for Google Analytics Tracking URL

utm-generator

In order to make the visitors tracking easy, Google analytics created the UTM tracker, for this reason

10 No CVEs

Easy UTM Builder

easy-utm-builder

100

Easy to build trackable URLs with UTM parameters in Bulk (complete site or specific post type) for Google Analytics!

400 No CVEs

UTM – URL Builder for GA4

utm-url-builder-ga4

Add a UTM & URL builder to your site for GA4.

0 No CVEs

Tracking Code Manager

tracking-code-manager

A plugin to manage ALL of your tracking code and conversion pixels. Compatible with Facebook Ads, Google Adwords, WooCommerce, Easy Digital Downloads, …

90K 6 CVEs

HandL UTM Grabber / Tracker

handl-utm-grabber

The WordPress attribution plugin used by over 200,000+ sites to capture UTMs, gclid, and source data in your forms, CRM, and revenue workflows.

10K 3 CVEs

Developer Profile

UTM Generator Developer Profile

mndpsingh287

8 plugins · 4.1M total installs

trust score

Avg Security Score

79/100

Avg Patch Time

1115 days

View full developer profile

Detection Fingerprints

How We Detect UTM Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/tru-utm-generator/assets/css/style.css/wp-content/plugins/tru-utm-generator/assets/js/main.js

Script Paths

/wp-content/plugins/tru-utm-generator/assets/js/main.js

Version Parameters

tru-utm-generator/assets/css/style.css?ver=tru-utm-generator/assets/js/main.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-nonce

Shortcode Output

<form method="post" id="tru_utm_form">

FAQ