User Tracker Security & Risk Analysis
wordpress.org/plugins/user-trackerTrack the pages visited by users, without using external servers. Displays a table with users and page views
Is User Tracker Safe to Use in 2026?
Generally Safe
Score 85/100User Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "user-tracker" plugin version 0.1.1 presents a mixed security posture. On the positive side, the plugin has no known recorded vulnerabilities (CVEs) and demonstrates good practices by using prepared statements for all its SQL queries. The static analysis also indicates a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that lack authorization checks. Furthermore, there are no file operations or external HTTP requests, and taint analysis shows no critical or high severity unsanitized flows.
However, a significant concern arises from the complete lack of output escaping. With 33 total outputs identified and 0% properly escaped, this opens the door to potential Cross-Site Scripting (XSS) vulnerabilities. Any user-provided data that is displayed on the frontend without proper sanitization could be exploited. The absence of nonce checks and capability checks, especially if any of the identified entry points were to be exposed or if future versions introduce them, also represents a potential weakness. While the plugin is currently free of known vulnerabilities, the unescaped output is a critical oversight that demands immediate attention.
Key Concerns
- 0% of outputs properly escaped
- 0 nonces checked
- 0 capability checks
User Tracker Security Vulnerabilities
User Tracker Code Analysis
SQL Query Safety
Output Escaping
User Tracker Attack Surface
WordPress Hooks 4
Maintenance & Trust
User Tracker Maintenance & Trust
Maintenance Signals
Community Trust
User Tracker Alternatives
Adminify Activity Logs
adminify-activity-logs
Track WordPress dashboard activities with this free plugin. Monitor user actions, filter by time, role for complete site security and accountability
TW Login Alert & Tracker
tw-login-alert-tracker
Track who logs in and when — and receive instant email alerts for every login event.
User Activity Logger
user-activity-logger
User Activity Logger
WP Cron Viewer and Manager
wp-cron-viewer-and-manager
Cron Viewer and Manager will help you view your WordPress Cron events right from the admin dashboard
Activity Tracker
activity-tracker
Tracks user activity when posts, pages, WooCommerce products, or custom post types are updated. Displays the activity log in a custom meta box.
User Tracker Developer Profile
5 plugins · 320 total installs
How We Detect User Tracker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/user-tracker/admin_helper.cssHTML / DOM Fingerprints
field_wrapperlabelfield_captionUserOption/*
* some function to create admin panel for plugin
*
* rev.02
*
*/// add a panel in wordpres menu//@FIXME pur passando gli stessi parametri non funziona!!!// add a field in form for admin panel+9 moreid="user-{$row['user']}"name="user-{$row['user']}"id="admin_helper"name="usertracker_options"window.ChangeColor