Does utm.codes have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is utm.codes compatible with WordPress 6.8.5?

According to WordPress.org data, utm.codes 1.9.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is utm.codes compatible with PHP 7.1.0+?

utm.codes requires PHP 7.1.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is utm.codes updated?

utm.codes was last updated on Jun 17, 2025. Frequent updates are generally a positive security signal.

What is utm.codes's security score?

utm.codes has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

utm.codes Security & Risk Analysis

wordpress.org/plugins/utm-dot-codes

A WordPress plugin that makes building analytics friendly links quick and easy.

400 active installs v1.9.1 PHP 7.1.0+ WP 5.1.0+ Updated Jun 17, 2025

analyticscampaign-marketinggoogle-analyticsutm-codes

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is utm.codes Safe to Use in 2026?

Generally Safe

Score 100/100

utm.codes has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "utm-dot-codes" plugin v1.9.1 exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates excellent adherence to secure coding practices, with no dangerous functions identified, all SQL queries utilizing prepared statements, and a remarkably high percentage (97%) of outputs being properly escaped. Furthermore, the absence of any file operations and a robust implementation of nonce and capability checks on its single AJAX handler indicate a well-thought-out approach to preventing common vulnerabilities. The vulnerability history is also clean, with no known CVEs, suggesting a history of responsible development and maintenance.

However, while the current analysis shows no critical or high-severity issues, there are subtle points to consider. The presence of four external HTTP requests, while not inherently a vulnerability, represents a potential attack vector if the external services are compromised or if the plugin does not handle responses securely. Although the single entry point is protected, a larger attack surface could introduce more complex challenges. The data indicates a proactive approach to security, but continuous vigilance regarding external dependencies and potential future vulnerabilities remains important.

Key Concerns

External HTTP requests detected

Vulnerabilities

None known

utm.codes Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

utm.codes Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

utm.codes Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

90 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

97% escaped93 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

1 flows

<class-utmdotcodes> (classes\class-utmdotcodes.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

utm.codes Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_utmdc_check_url_responseclasses\class-utmdotcodes.php:49

WordPress Hooks 21

actionplugins_loadedclasses\class-utmdotcodes.php:39

actioninitclasses\class-utmdotcodes.php:40

actionadmin_menuclasses\class-utmdotcodes.php:41

actionadmin_initclasses\class-utmdotcodes.php:42

actionadmin_headclasses\class-utmdotcodes.php:43

actionadmin_footerclasses\class-utmdotcodes.php:44

actionadd_meta_boxesclasses\class-utmdotcodes.php:45

actionadd_meta_boxesclasses\class-utmdotcodes.php:46

actionsave_postclasses\class-utmdotcodes.php:47

actiondashboard_glance_itemsclasses\class-utmdotcodes.php:48

filterwp_insert_post_dataclasses\class-utmdotcodes.php:52

filtergettextclasses\class-utmdotcodes.php:53

actionrestrict_manage_postsclasses\class-utmdotcodes.php:65

actionpre_get_postsclasses\class-utmdotcodes.php:66

filtermonths_dropdown_resultsclasses\class-utmdotcodes.php:69

filterpost_row_actionsclasses\class-utmdotcodes.php:71

filterredirect_post_locationclasses\class-utmdotcodes.php:744

actionsave_postclasses\class-utmdotcodes.php:854

filterredirect_post_locationclasses\class-utmdotcodes.php:1028

filterredirect_post_locationclasses\class-utmdotcodes.php:1043

filterredirect_post_locationclasses\class-utmdotcodes.php:1491

Maintenance & Trust

utm.codes Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 17, 2025

PHP min version7.1.0

Downloads11K

Community Trust

Rating100/100

Number of ratings2

Active installs400

Alternatives

utm.codes Alternatives

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 11 CVEs

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

WP Statistics – Simple, privacy-friendly Google Analytics alternative

wp-statistics

Get website traffic insights with GDPR/CCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.

600K 37 CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

GA Google Analytics – Connect Google Analytics to WordPress

ga-google-analytics

100

Adds Google Analytics tracking code to your WordPress site. Supports many tracking features.

400K No CVEs

Developer Profile

utm.codes Developer Profile

Chris Carlevato

1 plugin · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect utm.codes

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/utm-dot-codes/css/utmdotcodes-admin.css/wp-content/plugins/utm-dot-codes/js/utmdotcodes-admin.js/wp-content/plugins/utm-dot-codes/js/utmdotcodes-link-preview.js

Generator Patterns

utm.codes v1.9.1

Script Paths

/wp-content/plugins/utm-dot-codes/js/utmdotcodes-admin.js/wp-content/plugins/utm-dot-codes/js/utmdotcodes-link-preview.js

Version Parameters

utm-dot-codes/css/utmdotcodes-admin.css?ver=utm-dot-codes/js/utmdotcodes-admin.js?ver=utm-dot-codes/js/utmdotcodes-link-preview.js?ver=

HTML / DOM Fingerprints

CSS Classes

utmdotcodes-admin-cssutmdotcodes-link-preview-cssutmdotcodes-fieldutmdotcodes-field-required

HTML Comments

Data Attributes

data-copy-textdata-copy-titledata-copy-success-titledata-copy-error-titledata-utmdc-ajax-urldata-utmdc-nonce+2 more

JS Globals

utm_dot_codes_admin_paramsutm_dot_codes_link_preview_params

REST Endpoints

/wp-json/utmdc/v1/check_url_response

Shortcode Output

<div class="utmdotcodes-shortcode-wrapper"><div class="utmdotcodes-shortcode-link"><a href="

FAQ