WP-Safety

Affiliate Sales in Google Analytics and other tools Security & Risk Analysis

wordpress.org/plugins/wecantrack

Integrate all your affiliate sales in Google Analytics, Google Ads, Facebook, Data Studio and more!

2K active installs v4.0.2 PHP 7.4+ WP 5.0+ Updated Nov 13, 2025
affiliate-conversion-trackingaffiliate-dashboardgoogle-ads-integrationgoogle-analytics-integrationsubid-tracking
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 20, 2025
Plugin page Download
Safety Verdict

Is Affiliate Sales in Google Analytics and other tools Safe to Use in 2026?

Generally Safe

Score 99/100

Affiliate Sales in Google Analytics and other tools has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 20, 2025Updated 4mo ago
Risk Assessment

The "wecantrack" plugin v4.0.2 exhibits a mixed security posture. While it shows positive signs like using prepared statements for all SQL queries and performing file operations, significant concerns arise from its attack surface and output sanitization. The presence of two AJAX handlers without authentication checks presents a direct and exploitable entry point for attackers.

The taint analysis reveals a concerning four flows with unsanitized paths, indicating a potential for various vulnerabilities if these paths involve user-controlled input. Although the static analysis did not identify critical or high severity taint flows in this specific scan, the sheer number of unsanitized paths is a strong indicator of potential risk.

Historically, the plugin has had a medium-severity vulnerability classified as 'Open Redirect'. While there are currently no unpatched CVEs, the past occurrence of an Open Redirect, coupled with the current findings of unprotected AJAX endpoints and unsanitized paths, suggests a pattern of potential security weaknesses that require ongoing vigilance. The plugin's output escaping is also a weak point, with less than half of the outputs being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • Low percentage of properly escaped output
  • Past medium severity vulnerability (Open Redirect)
Vulnerabilities
1

Affiliate Sales in Google Analytics and other tools Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-12561medium · 6.1URL Redirection to Untrusted Site ('Open Redirect')

Affiliate Sales in Google Analytics and other tools <= 2.0.0 - Open Redirect

May 20, 2025 Patched in 2.0.1 (44d)
Code Analysis
Analyzed Mar 16, 2026

Affiliate Sales in Google Analytics and other tools Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
45
39 escaped
Nonce Checks
1
Capability Checks
2
File Operations
0
External Requests
5
Bundled Libraries
0

Output Escaping

46% escaped84 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

5 flows4 with unsanitized paths
wecantrack_handle_deprecated_go_redirect (wecantrack.php:287)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Affiliate Sales in Google Analytics and other tools Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wecantrack_form_responseWecantrackAdmin.php:63
authwp_ajax_wecantrack_advanced_settings_responseWecantrackAdmin.php:64
WordPress Hooks 6
actiontemplate_redirectwecantrack.php:42
actionupgrader_process_completewecantrack.php:56
actionadmin_menuWecantrackAdmin.php:60
actionadmin_enqueue_scriptsWecantrackAdmin.php:67
filterwp_redirectWecantrackApp.php:170
actionwp_headWecantrackApp.php:173
Maintenance & Trust

Affiliate Sales in Google Analytics and other tools Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 13, 2025
PHP min version7.4
Downloads38K

Community Trust

Rating96/100
Number of ratings12
Active installs2K
Alternatives

Affiliate Sales in Google Analytics and other tools Alternatives

AffiliateWP – Affiliate Area Tabs

AffiliateWP – Affiliate Area Tabs

affiliatewp-affiliate-area-tabs

A
100

Add and reorder tabs in AffiliateWP's Affiliate Area

4K No CVEs
AffiliateWP – Order Details For Affiliates

AffiliateWP – Order Details For Affiliates

affiliatewp-order-details-for-affiliates

A
100

Allow affiliates to see order details on referrals they generated

2K No CVEs
Developer Profile

Affiliate Sales in Google Analytics and other tools Developer Profile

wecantrack

2 plugins · 5K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
214 days
View full developer profile
Detection Fingerprints

How We Detect Affiliate Sales in Google Analytics and other tools

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wecantrack/build/static/js/main.js/wp-content/plugins/wecantrack/build/static/css/main.css
Script Paths
/wp-content/plugins/wecantrack/build/static/js/main.js
Version Parameters
wecantrack/build/static/css/main.css?ver=wecantrack/build/static/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes
wecantrack-admin-page
HTML Comments
<!-- WeCanTrack - START CODE FOR THE WEBSITES --><!-- WeCanTrack - END CODE FOR THE WEBSITES -->
Data Attributes
data-wecantrack-iddata-wct-id
JS Globals
window.wecantrackvar wecantrack
REST Endpoints
/wp-json/wecantrack/v1/track/wp-json/wecantrack/v1/redirect
FAQ

Frequently Asked Questions about Affiliate Sales in Google Analytics and other tools