WP-Safety

UXsniff AI-powered Heatmaps and Session Recordings Security & Risk Analysis

wordpress.org/plugins/ux-sniff

Short Description: AI-powered Heatmaps, Session Recordings & A/B Testing

100 active installs v1.3.3 PHP 5.2.4+ WP 3.0.1+ Updated Mar 10, 2026
a-b-testingheatmapssession-recordings
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEApr 10, 2025
Download
Safety Verdict

Is UXsniff AI-powered Heatmaps and Session Recordings Safe to Use in 2026?

Mostly Safe

Score 78/100

UXsniff AI-powered Heatmaps and Session Recordings is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Apr 10, 2025Updated 25d ago
Risk Assessment

The 'ux-sniff' plugin v1.3.3 exhibits a mixed security posture. On the positive side, the static analysis reveals a limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication. Furthermore, all SQL queries are properly prepared, indicating good database interaction practices. However, a significant concern arises from the taint analysis, which shows that all analyzed flows have unsanitized paths, although no critical or high severity issues were flagged. The plugin's vulnerability history is also a major red flag, with one currently unpatched medium severity CVE for Cross-Site Scripting, which last occurred on April 10, 2025. This historical pattern, combined with a low percentage of properly escaped output (15%), suggests a recurring weakness in handling user-provided data, making it susceptible to XSS attacks if the unpatched CVE is exploited or if similar vulnerabilities exist and are not yet publicly known.

Key Concerns

  • Currently unpatched CVE (Medium)
  • All analyzed taint flows have unsanitized paths
  • Low output escaping rate (15%)
  • Bundled DataTables library
Vulnerabilities
1

UXsniff AI-powered Heatmaps and Session Recordings Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-32532medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

UXsniff <= 1.2.8 - Reflected Cross-Site Scripting

Apr 10, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

UXsniff AI-powered Heatmaps and Session Recordings Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
100
18 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

15% escaped118 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

7 flows7 with unsanitized paths
<options> (options.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

UXsniff AI-powered Heatmaps and Session Recordings Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 6
actionwp_enqueue_scriptsfunctions.php:52
actionadmin_menuuxsniff.php:14
actionadmin_enqueue_scriptsuxsniff.php:16
actionwp_footeruxsniff.php:18
actionadmin_inituxsniff.php:102
actionwp_enqueue_scriptsuxsniff.php:204
Maintenance & Trust

UXsniff AI-powered Heatmaps and Session Recordings Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMar 10, 2026
PHP min version5.2.4
Downloads7K

Community Trust

Rating100/100
Number of ratings2
Active installs100
Alternatives

UXsniff AI-powered Heatmaps and Session Recordings Alternatives

Lucky Orange

Lucky Orange

lucky-orange

A
100

Less time crunching numbers, more time growing your business.

2K No CVEs
Hotjar

Hotjar

hotjar

A
85

The fast & visual way to understand your users.

80K 1 CVE
Unbounce Landing Pages

Unbounce Landing Pages

unbounce

A
100

Unbounce is the most powerful standalone landing page builder available.

10K No CVEs
Mouseflow for WordPress

Mouseflow for WordPress

mouseflow-for-wordpress

A
85

Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess &hellip;

7K No CVEs
Instapage Plugin

Instapage Plugin

instapage

A
99

Instapage plugin - the best way for WordPress to seamlessly publish landing pages as a natural extension of your WordPress blog or website.

5K 1 CVE
Developer Profile

UXsniff AI-powered Heatmaps and Session Recordings Developer Profile

Pei Yong Goh

2 plugins · 100 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect UXsniff AI-powered Heatmaps and Session Recordings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ux-sniff/style.css/wp-content/plugins/ux-sniff/assets/css/main.css/wp-content/plugins/ux-sniff/assets/css/dataTables.bootstrap.min.css/wp-content/plugins/ux-sniff/assets/css/responsive.bootstrap.min.css/wp-content/plugins/ux-sniff/assets/css/fixedHeader.dataTables.min.css/wp-content/plugins/ux-sniff/assets/css/daterangepicker.css/wp-content/plugins/ux-sniff/assets/css/bootstrap.min.css/wp-content/plugins/ux-sniff/assets/js/global.min.js+4 more
Version Parameters
ux-sniff/style.css?ver=ux-sniff/assets/css/main.css?ver=ux-sniff/assets/css/dataTables.bootstrap.min.css?ver=ux-sniff/assets/css/responsive.bootstrap.min.css?ver=ux-sniff/assets/css/fixedHeader.dataTables.min.css?ver=ux-sniff/assets/css/daterangepicker.css?ver=ux-sniff/assets/css/bootstrap.min.css?ver=ux-sniff/assets/js/global.min.js?ver=ux-sniff/assets/js/bootstrap.bundle.js?ver=ux-sniff/assets/js/echarts.min.js?ver=ux-sniff/assets/js/jquery.dataTables.min.js?ver=ux-sniff/assets/js/dataTables.responsive.min.js?ver=

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about UXsniff AI-powered Heatmaps and Session Recordings