WP-Safety

Trail Monitor Security & Risk Analysis

wordpress.org/plugins/vstm-trail-monitor

Display the status of trails on your website.

0 active installs v1.11 PHP 8.2+ WP 6.2+ Updated Nov 28, 2025
hikingoutdoorsstatustrailtrails
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Trail Monitor Safe to Use in 2026?

Generally Safe

Score 100/100

Trail Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The vstm-trail-monitor plugin exhibits a generally strong security posture, primarily due to its diligent use of prepared statements for all SQL queries and proper output escaping for all outputs. The absence of any recorded historical vulnerabilities and no critical or high-severity taint analysis findings further reinforce this positive outlook. The plugin appears to follow good development practices regarding data handling and presentation.

However, a notable concern is the presence of one unprotected AJAX handler. This represents a direct entry point that could potentially be exploited if not properly secured through other means not visible in this static analysis. While the plugin has a moderate number of entry points (9 total), the lack of authentication on one AJAX handler warrants attention. The use of a bundled library (DataTables) is also noted, which, while common, can introduce risks if not kept up-to-date, though no specific version information is provided here.

In conclusion, vstm-trail-monitor demonstrates a commitment to secure coding with its handling of SQL and output. The main weakness lies in the unprotected AJAX handler, which is a significant but isolated risk. The clean vulnerability history is a strong positive indicator of ongoing developer care. Addressing the unprotected AJAX endpoint would significantly improve its overall security.

Key Concerns

  • Unprotected AJAX handler
Vulnerabilities
None known

Trail Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Trail Monitor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
38 prepared
Unescaped Output
0
303 escaped
Nonce Checks
18
Capability Checks
8
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

100% prepared38 total queries

Output Escaping

100% escaped303 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
vstm_update (admin.php:389)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Trail Monitor Attack Surface

Entry Points9
Unprotected1

AJAX Handlers 1

authwp_ajax_vstm_update_statusvstm-trail-monitor.php:61

Shortcodes 8

[vstm-trail-status-youtube] vstm-trail-monitor.php:51
[vstm-trail-status-most-recent] vstm-trail-monitor.php:52
[vstm-trail-status-list] vstm-trail-monitor.php:72
[vstm-trail-status] vstm-trail-monitor.php:73
[vstm-trail-status-blocks] vstm-trail-monitor.php:74
[vstm-trail-status-submit] vstm-trail-monitor.php:75
[vstm-trail-status-youtube] vstm-trail-monitor.php:76
[vstm-trail-status-most-recent] vstm-trail-monitor.php:77
WordPress Hooks 12
actionall_admin_noticeshelpers\show-multiple-version-notice.php:16
actionadmin_inittemplates\settings.php:185
actionadmin_menutemplates\settings.php:430
actionwp_loadedvstm-trail-monitor.php:45
actionwidgets_initvstm-trail-monitor.php:46
actioninitvstm-trail-monitor.php:49
actionadmin_enqueue_scriptsvstm-trail-monitor.php:59
actionadmin_menuvstm-trail-monitor.php:60
actionwp_enqueue_scriptsvstm-trail-monitor.php:66
actionwp_enqueue_scriptsvstm-trail-monitor.php:69
actionparse_requestvstm-trail-monitor.php:79
actionpre_post_updatevstm-trail-monitor.php:94
Maintenance & Trust

Trail Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 28, 2025
PHP min version8.2
Downloads548

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Trail Monitor Alternatives

Trail Status

Trail Status

trail-status

A
100

Display the status of trails on your website.

10 No CVEs
Lift & Trail Status

Lift & Trail Status

lift-trail-status

A
100

Display the status of lifts and trails for your ski resort or adventure park on your website. Great for mountain bike, water, ropes & adventure parks.

0 No CVEs
Sanremo Trails

Sanremo Trails

sanremo-trails

A
85

Here is a short description of the plugin. This should be no more than 150 characters. No markup here.

0 No CVEs
Breadcrumb NavXT

Breadcrumb NavXT

breadcrumb-navxt

A
98

Adds breadcrumb navigation showing the visitor's path to their current location.

800K 2 CVEs
Custom Order Status Manager for WooCommerce

Custom Order Status Manager for WooCommerce

bp-custom-order-status-for-woocommerce

A
100

Custom Order Status Manager for WooCommerce plugin allows you to create, delete and edit order statuses to better control the flow of your orders.

30K No CVEs
Developer Profile

Trail Monitor Developer Profile

Mark Vejvoda

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Trail Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vstm-trail-monitor/vstm-trail-monitor.css
Script Paths
https://www.google.com/recaptcha/api.js
Version Parameters
vstm-trail-monitor/style.css?ver=vstm-trail-monitor.css?ver=

HTML / DOM Fingerprints

CSS Classes
vstm-trail-status-listvstm-trail-status-tablevstm-trail-status-blocksvstm-trail-status-submitvstm-trail-status-youtubevstm-trail-status-most-recent
Data Attributes
data-vstm-current-pagedata-vstm-total-pagesdata-vstm-trail-iddata-vstm-trail-namedata-vstm-trail-linkdata-vstm-trail-comment+11 more
JS Globals
vstm_ver
Shortcode Output
[vstm-trail-status-youtube[vstm-trail-status-most-recent[vstm-trail-status-list[vstm-trail-status
FAQ

Frequently Asked Questions about Trail Monitor