WP-Safety

Visual Website Optimizer Security & Risk Analysis

wordpress.org/plugins/visual-web-optimizer

VWO is the all-in-one platform that helps you conduct visitor research, build an optimization roadmap, and run continuous experimentation.

5K active installs v4.13 PHP + WP 2.7+ Updated Apr 1, 2026
a-b-testingsplit-testingvwowoocommerce-trackingwordpress-optimization
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Visual Website Optimizer Safe to Use in 2026?

Generally Safe

Score 100/100

Visual Website Optimizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The plugin 'visual-web-optimizer' v4.12 presents a generally strong security posture based on the provided static analysis. The absence of any identified attack surface entry points like AJAX handlers, REST API routes, shortcodes, or cron events is a significant positive. Furthermore, the code demonstrates good practices by exclusively using prepared statements for SQL queries and having no recorded vulnerability history, including CVEs. This indicates a commitment to secure coding and maintenance.

Key Concerns

  • 60% of outputs are not properly escaped
  • No capability checks on potential entry points
  • No nonce checks on potential entry points
Vulnerabilities
None known

Visual Website Optimizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Visual Website Optimizer Release Timeline

v4.13Current
v4.12
v4.11
v4.10
v4.9
v4.8
v4.7
v4.6
v4.5
v4.4
v4.3
v4.2
v4.1
v4.0
v3.9
v3.8
v3.7
v3.6
v3.5
v3.4
Code Analysis
Analyzed Mar 16, 2026

Visual Website Optimizer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
38
56 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

60% escaped94 total outputs
Attack Surface

Visual Website Optimizer Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionwp_headvisual-website-optimizer.php:128
actionadmin_menuvisual-website-optimizer.php:129
actionadmin_initvisual-website-optimizer.php:130
actionadmin_noticesvisual-website-optimizer.php:131
actionadmin_enqueue_scriptsvisual-website-optimizer.php:783
actionwp_headvisual-website-optimizer.php:832
actionwp_enqueue_scriptsvisual-website-optimizer.php:870
actionwoocommerce_after_single_productwoocommerce-events.php:23
actionwoocommerce_after_single_productwoocommerce-events.php:24
actionwoocommerce_after_add_to_cart_buttonwoocommerce-events.php:26
actionwoocommerce_add_to_cartwoocommerce-events.php:27
actionwoocommerce_cart_item_removedwoocommerce-events.php:29
actionwoocommerce_after_cartwoocommerce-events.php:30
actionwoocommerce_thankyouwoocommerce-events.php:32
actionwoocommerce_thankyouwoocommerce-events.php:33
actioninitwoocommerce-events.php:54
actionwp_footerwoocommerce-events.php:55
Maintenance & Trust

Visual Website Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 1, 2026
PHP min version
Downloads155K

Community Trust

Rating60/100
Number of ratings6
Active installs5K
Alternatives

Visual Website Optimizer Alternatives

Unbounce Landing Pages

Unbounce Landing Pages

unbounce

A
100

Unbounce is the most powerful standalone landing page builder available.

10K No CVEs
Personizely — A/B Testing, Personalization, Popups & CRO

Personizely — A/B Testing, Personalization, Popups & CRO

personizely

A
99

Personizely is a Conversion Optimization Toolkit that helps you boost engagement and sales through A/B testing, website personalization, and popups.

400 1 CVE
Convert Experiences

Convert Experiences

convert-experiments

A
100

Convert Experiences provides advanced A/B and MVT Testing functionality for your website or blog.

100 No CVEs
PageTest.ai – AI-Powered A/B and Multivariate Testing for WordPress

PageTest.ai – AI-Powered A/B and Multivariate Testing for WordPress

pagetest-ai

A
100

Run AI-powered A/B and multivariate tests on your WordPress site—no coding needed. Optimize conversions by finding your best content.

20 No CVEs
abtestkit – AB testing for WooCommerce

abtestkit – AB testing for WooCommerce

abtestkit

A
100

Increase WooCommerce Revenue with A/B Testing. Track Real Sales, Not Just Clicks.

10 No CVEs
Developer Profile

Visual Website Optimizer Developer Profile

VWO

2 plugins · 6K total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Visual Website Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/visual-web-optimizer/vwo-settings.js/wp-content/plugins/visual-web-optimizer/vwo-scripts.js/wp-content/plugins/visual-web-optimizer/vwo-async.js/wp-content/plugins/visual-web-optimizer/vwo-inline.js/wp-content/plugins/visual-web-optimizer/vwo-common.js
Script Paths
https://dev.visualwebsiteoptimizer.com/lib/
Version Parameters
visual-web-optimizer/vwo-settings.js?ver=visual-web-optimizer/vwo-scripts.js?ver=visual-web-optimizer/vwo-async.js?ver=visual-web-optimizer/vwo-inline.js?ver=visual-web-optimizer/vwo-common.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Start VWO Common Smartcode --><!-- End VWO Common Smartcode --><!-- Start VWO Smartcode --><!-- End VWO Smartcode -->+3 more
Data Attributes
data-cfasync="false"nowprocketdata-jetpack-boost="ignore"
JS Globals
var _vwo_clicks =window._vwo_codewindow._vis_opt_urlwindow.VWO_vwo_code.nonce_vwo_code.use_existing_jquery+10 more
FAQ

Frequently Asked Questions about Visual Website Optimizer