Does WhatConverts have any unpatched vulnerabilities?

No. All known vulnerabilities in WhatConverts have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WhatConverts compatible with WordPress 6.9.4?

According to WordPress.org data, WhatConverts 1.0.7 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is WhatConverts updated?

WhatConverts was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is WhatConverts's security score?

WhatConverts has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WhatConverts Security & Risk Analysis

wordpress.org/plugins/whatconverts

Enables WhatConverts on all pages.

7K active installs v1.0.7 PHP + WP 3.0+ Updated Dec 1, 2025

analytics-call-trackingcall-trackingform-trackinggoal-trackingwhatconverts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WhatConverts Safe to Use in 2026?

Generally Safe

Score 100/100

WhatConverts has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The static analysis of 'whatconverts' v1.0.7 reveals an exceptionally clean codebase with no identified vulnerabilities or security weaknesses. The absence of any attack surface entries, dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, or taint analysis findings suggests a highly secure design and implementation. The plugin also has no recorded vulnerability history, further reinforcing its robust security profile. The presence of 100% prepared statements for SQL and 100% properly escaped output are particularly strong indicators of good security practices. While the lack of nonce and capability checks is noted, given the zero-attack-surface finding, this does not currently present a measurable risk. Overall, this plugin appears to be exceptionally secure based on the provided data, with no immediate areas of concern.

Vulnerabilities

None known

WhatConverts Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WhatConverts Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped3 total outputs

Attack Surface

WhatConverts Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_initwhatconverts.php:58

actionadmin_menuwhatconverts.php:59

actionwp_enqueue_scriptswhatconverts.php:63

Maintenance & Trust

WhatConverts Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version

Downloads31K

Community Trust

Rating100/100

Number of ratings3

Active installs7K

Alternatives

WhatConverts Alternatives

LocaliQ – Tracking Code

reachedge

Adds LocaliQ's tracking code on all pages.

2K No CVEs

ConvertContacts

reachlocal-convertcontacts

ConvertContacts offers lead & call tracking, lead notifications & nurturing, ROI reports, analytics & insights, and mobile app & alerts.

20 No CVEs

Chartlocal

chartlocal

Chartlocal offers lead & call tracking, lead notifications & nurturing, ROI reports, analytics & insights, and mobile app & alerts.

0 No CVEs

CallRail Phone Call Tracking

callrail-phone-call-tracking

Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.

10K 2 CVEs

CallTrackingMetrics

call-tracking-metrics

100

CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.

3K No CVEs

Developer Profile

WhatConverts Developer Profile

whatconverts call tracking and reporting

1 plugin · 7K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WhatConverts

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

//s.ksrndkehqnwntyxlhgto.com/

HTML / DOM Fingerprints

JS Globals

window.$wc_loadwindow.$wc_leads

FAQ