Does Webnalytics — Privacy-Friendly On-site Analytics have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Webnalytics — Privacy-Friendly On-site Analytics compatible with WordPress 6.9.4?

According to WordPress.org data, Webnalytics — Privacy-Friendly On-site Analytics 3.4.26.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Webnalytics — Privacy-Friendly On-site Analytics compatible with PHP 7.4+?

Webnalytics — Privacy-Friendly On-site Analytics requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is Webnalytics — Privacy-Friendly On-site Analytics's security score?

Webnalytics — Privacy-Friendly On-site Analytics has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Webnalytics — Privacy-Friendly On-site Analytics Security & Risk Analysis

wordpress.org/plugins/webnalytics

Privacy-friendly on-site analytics dashboard for WordPress & WooCommerce with pages, referrers, devices, real-time, funnels and heatmaps.

0 active installs v3.4.26.4 PHP 7.4+ WP 6.0+ Updated Feb 19, 2026

analyticsdashboardheatmapprivacywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Webnalytics — Privacy-Friendly On-site Analytics Safe to Use in 2026?

Generally Safe

Score 100/100

Webnalytics — Privacy-Friendly On-site Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The webnalytics plugin v3.4.26.4 exhibits a generally strong security posture with excellent practices in output escaping and a high percentage of prepared SQL statements. The absence of known CVEs and a clean vulnerability history further bolster confidence in its security. However, the static analysis reveals specific areas of concern that introduce potential risks.

The primary risk stems from the presence of four unprotected AJAX handlers, representing a significant portion of the plugin's attack surface without proper authentication or authorization checks. This could allow unauthenticated users to trigger potentially sensitive actions. Additionally, the taint analysis identified one flow with unsanitized paths, classified as high severity, indicating a potential for more complex vulnerabilities if not addressed.

While the plugin demonstrates strengths in many areas, the unprotected AJAX endpoints and the identified unsanitized path flow are notable weaknesses. The lack of past vulnerabilities is a positive indicator, suggesting developer diligence, but it does not negate the immediate risks identified in the current version's code. A balanced view suggests a plugin with good fundamentals but requiring immediate attention to its exposed AJAX functionality and the high-severity taint flow.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized path flow

Vulnerabilities

None known

Webnalytics — Privacy-Friendly On-site Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Webnalytics — Privacy-Friendly On-site Analytics Release Timeline

v3.4.26.4Current

Code Analysis

Analyzed Mar 17, 2026

Webnalytics — Privacy-Friendly On-site Analytics Code Analysis

Dangerous Functions

Raw SQL Queries

147 prepared

Unescaped Output

422 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

86% prepared170 total queries

Output Escaping

99% escaped425 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths

heatmap (includes\class-webnalytics-v3-admin.php:1658)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Webnalytics — Privacy-Friendly On-site Analytics Attack Surface

Entry Points29

Unprotected4

AJAX Handlers 4

authwp_ajax_webnalytics_v3_clickincludes\class-webnalytics-v3-tracker.php:14

noprivwp_ajax_webnalytics_v3_clickincludes\class-webnalytics-v3-tracker.php:15

authwp_ajax_webnalytics_v3_heatmap_pingincludes\class-webnalytics-v3-tracker.php:18

noprivwp_ajax_webnalytics_v3_heatmap_pingincludes\class-webnalytics-v3-tracker.php:19

REST API Routes 25

GET/wp-json/webnalytics/v3/summaryincludes\class-webnalytics-v3-api.php:145

GET/wp-json/webnalytics/v3/pagesincludes\class-webnalytics-v3-api.php:149

GET/wp-json/webnalytics/v3/referrersincludes\class-webnalytics-v3-api.php:152

GET/wp-json/webnalytics/v3/funnelsincludes\class-webnalytics-v3-api.php:155

GET/wp-json/webnalytics/v3/realtimeincludes\class-webnalytics-v3-api.php:158

GET/wp-json/webnalytics/v3/geoincludes\class-webnalytics-v3-api.php:164

GET/wp-json/webnalytics/v3/devicesincludes\class-webnalytics-v3-api.php:167

GET/wp-json/webnalytics/v3/search-termsincludes\class-webnalytics-v3-api.php:170

GET/wp-json/webnalytics/v3/heatmap/clicksincludes\class-webnalytics-v3-api.php:173

GET/wp-json/webnalytics/v3/heatmap/elementsincludes\class-webnalytics-v3-api.php:176

GET/wp-json/webnalytics/v3/export/metaincludes\class-webnalytics-v3-api.php:183

GET/wp-json/webnalytics/v3/export/eventsincludes\class-webnalytics-v3-api.php:189

GET/wp-json/webnalytics/v3/export/sessionsincludes\class-webnalytics-v3-api.php:195

GET/wp-json/webnalytics/v3/export/pagesincludes\class-webnalytics-v3-api.php:201

GET/wp-json/webnalytics/v3/export/referrersincludes\class-webnalytics-v3-api.php:207

GET/wp-json/webnalytics/v3/export/devicesincludes\class-webnalytics-v3-api.php:213

GET/wp-json/webnalytics/v3/export/geoincludes\class-webnalytics-v3-api.php:219

GET/wp-json/webnalytics/v3/export/funnelsincludes\class-webnalytics-v3-api.php:225

GET/wp-json/webnalytics/v3/export/heatmap_clicksincludes\class-webnalytics-v3-api.php:235

GET/wp-json/webnalytics/v3/export/heatmap_elementsincludes\class-webnalytics-v3-api.php:241

GET/wp-json/webnalytics/v3/export/flowincludes\class-webnalytics-v3-api.php:247

GET/wp-json/webnalytics/v3/export/ordersincludes\class-webnalytics-v3-api.php:253

GET/wp-json/webnalytics/v3/export/search-termsincludes\class-webnalytics-v3-api.php:259

POST/wp-json/webnalytics/v3/eventincludes\class-webnalytics-v3-tracker.php:187

POST/wp-json/webnalytics/v3/clickincludes\class-webnalytics-v3-tracker.php:197

WordPress Hooks 16

actionadmin_menuincludes\class-webnalytics-v3-admin.php:61

actionadmin_initincludes\class-webnalytics-v3-admin.php:63

actionadmin_enqueue_scriptsincludes\class-webnalytics-v3-admin.php:64

actionadmin_post_webnalytics_v3_saveincludes\class-webnalytics-v3-admin.php:65

actionadmin_footerincludes\class-webnalytics-v3-admin.php:66

actionrest_api_initincludes\class-webnalytics-v3-api.php:10

filtercron_schedulesincludes\class-webnalytics-v3-flow.php:12

actionwp_enqueue_scriptsincludes\class-webnalytics-v3-tracker.php:10

actionrest_api_initincludes\class-webnalytics-v3-tracker.php:11

actionwoocommerce_add_to_cartincludes\class-webnalytics-v3-tracker.php:22

actionwoocommerce_checkout_initincludes\class-webnalytics-v3-tracker.php:23

actionwoocommerce_payment_completeincludes\class-webnalytics-v3-tracker.php:24

actionplugins_loadedwebnalytics.php:49

actioninitwebnalytics.php:71

filtershow_admin_barwebnalytics.php:77

actionwp_enqueue_scriptswebnalytics.php:81

Maintenance & Trust

Webnalytics — Privacy-Friendly On-site Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 19, 2026

PHP min version7.4

Downloads216

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

Webnalytics — Privacy-Friendly On-site Analytics Alternatives

AWCA – The Great Analytics Insights for Your eStore

advance-wc-analytics

Provides Google Analytics Integration for WooCommerce eStore. It provides detailed insights & powerful independent reports for WooCommerce website.

3K 1 CVE

GA4WP – Analytics Dashboard for the Website

ga-for-wp

Google Analytics Dashboard for WordPress Plugin by GA4WP is Lightweight, Easy to connect and comes with plenty of great features.

2K 2 unpatched

QA Assistants – Driven by data

qa-heatmap-analytics

Let your data speak — assistants with different perspectives help you understand your site, alongside heatmaps and replays.

2K 1 CVE

Page Visit Counter Analytics – Google Analytics Alternative for WordPress

page-visit-counter-analytics

100

A fast, privacy-first WordPress analytics plugin that tracks views, sessions, bounce rate, traffic, and UTMs—no cookies or external scripts.

90 No CVEs

Dashboard and Analytics for WooCommerce

dashboard-and-analytics-for-woocommerce

100

The ultimate analytics dashboard for WooCommerce. See sales, orders, and reports at a glance. A simple, clean, and powerful analytics solution.

70 No CVEs

Developer Profile

Webnalytics — Privacy-Friendly On-site Analytics Developer Profile

webnalytics

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Webnalytics — Privacy-Friendly On-site Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/webnalytics/assets/css/preview.css/wp-content/plugins/webnalytics/assets/js/preview.js

Script Paths

/wp-content/plugins/webnalytics/assets/js/preview.js

Version Parameters

webnalytics-preview

HTML / DOM Fingerprints

JS Globals

WEBNALYTICS_VERSION

FAQ