Visitor Audit Security & Risk Analysis
wordpress.org/plugins/visitorauditAllows you to easily view your current visitors, analyze their behaviour, deduce their experience and identify malicious behavior.
Is Visitor Audit Safe to Use in 2026?
Generally Safe
Score 85/100Visitor Audit has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "visitoraudit" plugin v1.0.0 exhibits a concerning security posture primarily due to a large number of unprotected AJAX handlers, representing its entire attack surface. While the code generally favors prepared statements for SQL queries and avoids dangerous functions or external requests, the lack of authentication and capability checks on all five AJAX endpoints is a significant weakness. This leaves the plugin highly vulnerable to unauthorized actions if an attacker can trigger these handlers.
The taint analysis, though limited, found two flows with unsanitized paths. While these were not classified as critical or high severity, they could potentially lead to unintended behavior or information disclosure if combined with other vulnerabilities or specific user actions. The plugin's vulnerability history is clean, with no recorded CVEs. This absence of past issues, coupled with the use of prepared statements and avoidance of common risky functions, suggests a potential for good development practices in certain areas. However, the unprotected AJAX handlers represent a critical oversight that overshadows these positive aspects.
Key Concerns
- 5 AJAX handlers without auth checks
- 2 flows with unsanitized paths
- 0 Nonce checks
- 91% of outputs not properly escaped
Visitor Audit Security Vulnerabilities
Visitor Audit Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Visitor Audit Attack Surface
AJAX Handlers 5
WordPress Hooks 6
Maintenance & Trust
Visitor Audit Maintenance & Trust
Maintenance Signals
Community Trust
Visitor Audit Alternatives
Activity Log – Monitor & Record User Changes
aryo-activity-log
This top rated Activity Log plugin helps you monitor & log all changes and actions on your WordPress site, so you can remain secure and organized.
Visitor Traffic Real Time Statistics
visitors-traffic-real-time-statistics
This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.
Zero Spam for WordPress
zero-spam
No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.
WPS Visitor Counter
wps-visitor-counter
Display website visitor statistics with widget, shortcode, and Gutenberg block support.
Mechanic Visitor Counter
mechanic-visitor-counter
Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include …
Visitor Audit Developer Profile
1 plugin · 10 total installs
How We Detect Visitor Audit
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/visitoraudit/visitor-audit.css/wp-content/plugins/visitoraudit/js/visitor-audit.js/wp-content/plugins/visitoraudit/js/visitor-audit.jsvisitoraudit/visitor-audit.css?ver=visitoraudit/js/visitor-audit.js?ver=HTML / DOM Fingerprints
visitor-audit-tablevisitor_audit_idvisitor_audit_ipvisitor_audit_ip_forwardedvisitor_audit_timestampvisitor_audit_statsvisitor_audit_statusvisitor_audit_actions<!-- Visitor Audit Admin Table --><!-- Visitor Audit Modal -->data-visitor-audit-iddata-visitor-audit-actionajax_object/wp-json/visitoraudit/v1/details/wp-json/visitoraudit/v1/history/wp-json/visitoraudit/v1/ban_temp/wp-json/visitoraudit/v1/ban_perm/wp-json/visitoraudit/v1/ban_remove