WP-Safety

WEBFUL Analytics Security & Risk Analysis

wordpress.org/plugins/webful

Ultra-lightweight and privacy-friendly traffic analytics system for your WordPress site.

50 active installs v2.5.3 PHP 7.4+ WP 5.0+ Updated Mar 7, 2026
analyticsprivacystatisticstrackingwebful
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WEBFUL Analytics Safe to Use in 2026?

Generally Safe

Score 100/100

WEBFUL Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago
Risk Assessment

The "webful" plugin v2.5.3 exhibits a strong security posture regarding its entry points and output handling. All identified AJAX handlers, REST API routes, shortcodes, and cron events are protected with authentication and permission checks, which is a significant strength. Furthermore, all output is properly escaped, mitigating common cross-site scripting (XSS) vulnerabilities. The absence of known CVEs and historical vulnerabilities is also a positive indicator of the plugin's security maintenance.

However, the static analysis reveals a critical concern in the handling of SQL queries. With 100% of SQL queries not using prepared statements, the plugin is highly susceptible to SQL injection vulnerabilities. While no critical or high severity taint flows were identified, the raw SQL queries represent a significant risk that could be exploited if malicious input were to reach them. The presence of external HTTP requests also warrants attention, as these could potentially be manipulated if not handled with care and validation.

In conclusion, the "webful" plugin v2.5.3 has commendable security practices in place for its attack surface and output sanitization. The lack of historical vulnerabilities is a positive sign. The primary weakness lies in its database interaction, specifically the absence of prepared statements for SQL queries, which introduces a substantial risk of SQL injection. This needs to be addressed to significantly improve the plugin's overall security.

Key Concerns

  • 100% of SQL queries not using prepared statements
Vulnerabilities
None known

WEBFUL Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WEBFUL Analytics Release Timeline

v2.5.3Current
v2.5.2
v2.5.1
v2.5.0
v2.4.0
v2.2.0
v2.1.2
Code Analysis
Analyzed Mar 16, 2026

WEBFUL Analytics Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
0
38 escaped
Nonce Checks
6
Capability Checks
5
File Operations
0
External Requests
4
Bundled Libraries
0

SQL Query Safety

0% prepared1 total queries

Output Escaping

100% escaped38 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
ajax_connect (includes\class-webful-admin.php:696)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WEBFUL Analytics Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_webful_connectincludes\class-webful-admin.php:46
authwp_ajax_webful_disconnectincludes\class-webful-admin.php:47
authwp_ajax_webful_save_settingsincludes\class-webful-admin.php:48
authwp_ajax_webful_check_quotaincludes\class-webful-admin.php:49
authwp_ajax_webful_accept_consentincludes\class-webful-admin.php:50
authwp_ajax_webful_decline_consentincludes\class-webful-admin.php:51
WordPress Hooks 9
actionadmin_menuincludes\class-webful-admin.php:34
actionadmin_enqueue_scriptsincludes\class-webful-admin.php:37
actionadmin_enqueue_scriptsincludes\class-webful-admin.php:40
actionadmin_noticesincludes\class-webful-admin.php:43
actionwp_enqueue_scriptsincludes\class-webful-tracker.php:34
actionplugins_loadedwebful.php:82
actionplugins_loadedwebful.php:85
actionwp_enqueue_scriptswebful.php:191
actionwp_footerwebful.php:237
Maintenance & Trust

WEBFUL Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 7, 2026
PHP min version7.4
Downloads416

Community Trust

Rating100/100
Number of ratings1
Active installs50
Alternatives

WEBFUL Analytics Alternatives

Simple Webstats

Simple Webstats

simple-webstats

A
100

Privacy-focused cookie-free web analytics for WordPress.

100 No CVEs
Easy Media Statistics

Easy Media Statistics

easy-media-statistics

A
100

Get detailed insights into visitors behavior when they listen to audio or view videos on your site - privacy-friendly.

30 No CVEs
SFR Analytics

SFR Analytics

sfr-analytics

A
100

Lightweight, privacy-focused WordPress analytics. Track pageviews, visitors, campaigns and more — all data stored locally in your own database.

20 No CVEs
Metrix Analytics

Metrix Analytics

metrix-analytics

A
100

Privacy-focused web analytics with real-time visitor insights. GDPR compliant alternative to Google Analytics.

0 No CVEs
Valserv Analytics for SentinelPro

Valserv Analytics for SentinelPro

valserv-analytics-for-sentinelpro

A
100

Connect your site to SentinelPro Analytics with real-time tracking, post-level metrics, and a privacy-focused dashboard.

0 No CVEs
Developer Profile

WEBFUL Analytics Developer Profile

webfulchris

1 plugin · 50 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WEBFUL Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/webful/assets/css/badge.css
Version Parameters
webful/assets/css/badge.css?ver=

HTML / DOM Fingerprints

CSS Classes
webful-badge
HTML Comments
Analytics RGPD par WEBFUL - https://webful.fr
Data Attributes
title="Analytics RGPD par WEBFUL"rel="nofollow"
FAQ

Frequently Asked Questions about WEBFUL Analytics