Does WhatsLink Click Tracker have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WhatsLink Click Tracker compatible with WordPress 7.0?

According to WordPress.org data, WhatsLink Click Tracker 1.5.6 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is WhatsLink Click Tracker compatible with PHP 7.0+?

WhatsLink Click Tracker requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WhatsLink Click Tracker updated?

WhatsLink Click Tracker was last updated on Apr 14, 2026. Frequent updates are generally a positive security signal.

What is WhatsLink Click Tracker's security score?

WhatsLink Click Tracker has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WhatsLink Click Tracker Security & Risk Analysis

wordpress.org/plugins/whatslink-click-tracker

Track every WhatsApp and Telegram link click in WordPress. See which pages, UTM sources, and campaigns drive real conversations — no code needed.

20 active installs v1.5.6 PHP 7.0+ WP 6.0+ Updated Apr 14, 2026

analyticsclick-trackertelegramutmwhatsapp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WhatsLink Click Tracker Safe to Use in 2026?

Generally Safe

Score 100/100

WhatsLink Click Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "whatslink-click-tracker" v1.1.1 plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers, representing its primary attack surface. While the plugin demonstrates good practices in output escaping and generally uses prepared statements for SQL queries, the lack of authentication checks on these AJAX endpoints is a critical vulnerability. The taint analysis reveals three high-severity flows with unsanitized paths, which, when combined with the unprotected AJAX handlers, strongly suggests potential for unauthorized actions or data manipulation. The plugin's lack of any recorded historical vulnerabilities, while seemingly positive, could also indicate that it hasn't been subjected to rigorous security testing or that past vulnerabilities were not publicly disclosed, offering little reassurance. Overall, the plugin's strengths in code sanitation and SQL querying are overshadowed by the critical security flaw of exposed AJAX functionality, making it a high-risk component if not immediately addressed.

Key Concerns

Unprotected AJAX handlers
High severity taint flows with unsanitized paths

Vulnerabilities

None known

WhatsLink Click Tracker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WhatsLink Click Tracker Release Timeline

v1.5.6Current

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.0

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

WhatsLink Click Tracker Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

91% prepared11 total queries

Output Escaping

100% escaped28 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

whatslink_click_tracker_ajax_get_single_link_count (includes\class-whatslink-click-tracker-logs-manager.php:284)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

6 unprotected

WhatsLink Click Tracker Attack Surface

Entry Points6

Unprotected6

AJAX Handlers 6

authwp_ajax_whatslink_click_tracker_reset_click_logsincludes\class-whatslink-click-tracker-logs-manager.php:54

noprivwp_ajax_whatslink_click_tracker_log_clickincludes\class-whatslink-click-tracker-logs-manager.php:55

authwp_ajax_whatslink_click_tracker_log_clickincludes\class-whatslink-click-tracker-logs-manager.php:56

authwp_ajax_whatslink_click_tracker_get_single_link_countincludes\class-whatslink-click-tracker-logs-manager.php:57

noprivwp_ajax_whatslink_click_tracker_get_single_link_countincludes\class-whatslink-click-tracker-logs-manager.php:58

authwp_ajax_whatslink_click_tracker_build_click_logs_htmlincludes\class-whatslink-click-tracker-logs-manager.php:59

WordPress Hooks 10

actionadmin_menuadmin\class-whatslink-click-tracker-admin.php:113

actionadmin_menuadmin\class-whatslink-click-tracker-admin.php:114

actionadmin_enqueue_scriptsadmin\class-whatslink-click-tracker-admin.php:115

actionadmin_enqueue_scriptsadmin\class-whatslink-click-tracker-admin.php:116

actionadmin_enqueue_scriptsincludes\class-whatslink-click-tracker.php:136

actionadmin_enqueue_scriptsincludes\class-whatslink-click-tracker.php:137

actionwp_enqueue_scriptsincludes\class-whatslink-click-tracker.php:149

actionwp_enqueue_scriptsincludes\class-whatslink-click-tracker.php:150

actionwp_enqueue_scriptspublic\class-whatslink-click-tracker-public.php:78

actionwp_enqueue_scriptspublic\class-whatslink-click-tracker-public.php:79

Maintenance & Trust

WhatsLink Click Tracker Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedApr 14, 2026

PHP min version7.0

Downloads971

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

WhatsLink Click Tracker Alternatives

Novera Smart Chat

novera-smart-chat

100

WhatsApp Floating Chat Button with Analytics, UTM Tracking, GA4 & Conversion Tools

10 No CVEs

Joinchat

creame-whatsapp-me

100

WhatsApp, Messenger, Telegram, Phone call… capture users through their favorite Apps and turn into clients

700K No CVEs

Pulsating Chat Button

amin-chat-button

WhatsApp or Telegram Chat🔥. Adds a pulsating WhatsApp or Telegram button 🍀 to your website. Fast and easy installation. Setting up target id GTM and Y …

2K 1 CVE

UTM Event Tracker and Analytics, UTM Grabber

utm-event-tracker-and-analytics

100

Easily capture UTM parameters, track button and link clicks, and analyze campaigns to improve your marketing ROI in WordPress.

1K No CVEs

Floating Contact Button for MAX and Telegram

floating-contact-button-for-max-and-telegram

100

A lightweight floating contact button for WordPress with support for Telegram, WhatsApp, Facebook Messenger and MAX.

900 No CVEs

Developer Profile

WhatsLink Click Tracker Developer Profile

WPSani

2 plugins · 40 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WhatsLink Click Tracker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/whatslink-click-tracker/admin/css/whatslink-click-tracker-admin.css/wp-content/plugins/whatslink-click-tracker/admin/js/whatslink-click-tracker-admin.js/wp-content/plugins/whatslink-click-tracker/public/css/whatslink-click-tracker-public.css/wp-content/plugins/whatslink-click-tracker/public/js/whatslink-click-tracker-public.js

Script Paths

/wp-content/plugins/whatslink-click-tracker/admin/js/whatslink-click-tracker-admin.js/wp-content/plugins/whatslink-click-tracker/public/js/whatslink-click-tracker-public.js

Version Parameters

whatslink-click-tracker/admin/css/whatslink-click-tracker-admin.css?ver=whatslink-click-tracker/admin/js/whatslink-click-tracker-admin.js?ver=whatslink-click-tracker/public/css/whatslink-click-tracker-public.css?ver=whatslink-click-tracker/public/js/whatslink-click-tracker-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

whatslink-click-tracker-admin-page

JS Globals

WhatsLink_Click_Tracker_Admin

FAQ