WP-Safety

Web Analytics for Woocommerce Security & Risk Analysis

wordpress.org/plugins/woo-customer-insight

Track your Customer activities ( Visits and Events ) and enhance Customer Flow. Opportunity Funnel helps you identify Customer drop offs.

10 active installs v1.0.1 PHP + WP 4.0+ Updated Apr 2, 2020
customer-insightcustomer-trackingevent-trackinguser-trackingwoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Web Analytics for Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Web Analytics for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The "woo-customer-insight" plugin version 1.0.1 exhibits a highly concerning security posture due to its extensive unprotected attack surface. All 23 identified AJAX handlers lack authentication checks, representing a significant risk for unauthorized access and malicious operations. Furthermore, the presence of the `unserialize` function, coupled with 8 taint flows identified as having unsanitized paths (6 of which are high severity), indicates a substantial vulnerability to remote code execution or sensitive data manipulation if an attacker can control the serialized data passed to these functions.

The plugin's static analysis reveals a mixed bag of practices. While it correctly utilizes prepared statements for all SQL queries, preventing direct SQL injection, and has a high percentage of properly escaped output, these strengths are overshadowed by the critical weaknesses in authentication and sanitization. The complete absence of nonce checks on AJAX actions exacerbates the risk, making cross-site request forgery (CSRF) attacks trivial. The vulnerability history is currently clean, with no recorded CVEs, which might suggest a lack of past exploitation or discovery. However, this does not mitigate the immediate risks identified in the static and taint analysis.

Key Concerns

  • All AJAX handlers lack authentication checks
  • Missing nonce checks on AJAX actions
  • High severity taint flows with unsanitized paths
  • Dangerous function 'unserialize' used
  • Unprotected entry points (AJAX handlers)
Vulnerabilities
None known

Web Analytics for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Web Analytics for Woocommerce Release Timeline

v1.0.1Current
Code Analysis
Analyzed Apr 16, 2026

Web Analytics for Woocommerce Code Analysis

Dangerous Functions
7
Raw SQL Queries
0
199 prepared
Unescaped Output
31
205 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
1

Dangerous Functions Found

unserialize$unserialized_spent_array = unserialize( $info_vals['information'] );includes/WCI_ChartData.php:1225
unserialize$unserialized_info = unserialize( $visit_info['information'] );includes/WCI_ChartData.php:1309
unserialize$unserialized_spent_array = unserialize( $info_vals['information'] );includes/WCI_ChartData.php:1769
unserialize$unserialized_info = unserialize( $visit_info['information'] );includes/WCI_ChartData.php:1853
unserialize$serialized_most_visited = unserialize($most_visited_value['information']);includes/WCI_HomePage.php:376
unserialize$unserialized_info = unserialize( $visit_info['information'] );includes/WCI_HomePage.php:403
unserialize$unserialized_spent_array = unserialize( $info_vals['information'] );includes/WCI_HomePage.php:701

Bundled Libraries

Select2

SQL Query Safety

100% prepared199 total queries

Output Escaping

87% escaped236 total outputs
Data Flows · Security
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
trackingHistory (includes/WooCustomerInsightHelper.php:57)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
23 unprotected

Web Analytics for Woocommerce Attack Surface

Entry Points23
Unprotected23

AJAX Handlers 23

authwp_ajax_visitor_time_spentincludes/WCI_AjaxActions.php:119
noprivwp_ajax_visitor_time_spentincludes/WCI_AjaxActions.php:120
authwp_ajax_button_clickincludes/WCI_AjaxActions.php:121
noprivwp_ajax_button_clickincludes/WCI_AjaxActions.php:122
authwp_ajax_shop_cartincludes/WCI_AjaxActions.php:123
noprivwp_ajax_shop_cartincludes/WCI_AjaxActions.php:124
authwp_ajax_cartincludes/WCI_AjaxActions.php:125
noprivwp_ajax_cartincludes/WCI_AjaxActions.php:126
authwp_ajax_wci_funnel_chartincludes/WCI_AjaxActions.php:127
authwp_ajax_wootracking_dashboardincludes/WCI_AjaxActions.php:128
authwp_ajax_fetch_pie_dataincludes/WCI_AjaxActions.php:129
authwp_ajax_update_sessionidincludes/WCI_AjaxActions.php:130
noprivwp_ajax_update_sessionidincludes/WCI_AjaxActions.php:131
authwp_ajax_insert_sessionid_for_guestincludes/WCI_AjaxActions.php:133
noprivwp_ajax_insert_sessionid_for_guestincludes/WCI_AjaxActions.php:134
authwp_ajax_cart_submitincludes/WCI_AjaxActions.php:136
authwp_ajax_wci_abandon_filterincludes/WCI_AjaxActions.php:138
authwp_ajax_wci_abandon_filter_onedayincludes/WCI_AjaxActions.php:139
authwp_ajax_wci_abandon_filter_oneweekincludes/WCI_AjaxActions.php:140
authwp_ajax_wci_abandon_filter_onemonthincludes/WCI_AjaxActions.php:141
authwp_ajax_wci_opportunity_filter_onedayincludes/WCI_AjaxActions.php:144
authwp_ajax_wci_opportunity_filter_oneweekincludes/WCI_AjaxActions.php:145
authwp_ajax_wci_opportunity_filter_onemonthincludes/WCI_AjaxActions.php:146
WordPress Hooks 10
actionwp_loginincludes/WCI_AjaxActions.php:243
actionwp_logoutincludes/WCI_AjaxActions.php:244
actionwp_dashboard_setupincludes/WooCustomerInsightUI.php:49
actioninitwoo-customer-insight.php:73
actionadmin_menuwoo-customer-insight.php:74
actionadmin_enqueue_scriptswoo-customer-insight.php:75
actionwp_footerwoo-customer-insight.php:131
actionwoocommerce_order_status_failedwoo-customer-insight.php:134
actionwoocommerce_order_status_completedwoo-customer-insight.php:135
actionwoocommerce_thankyouwoo-customer-insight.php:139
Maintenance & Trust

Web Analytics for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested4.5.33
Last updatedApr 2, 2020
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Web Analytics for Woocommerce Alternatives

Dashly

Dashly

dashly

A
85

Dashly combines all instruments for marketing automation, sales and communications. Supports WooCommerce 5.x, 6.x, 7.x (tested up to 7.1.0).

60 No CVEs
Meta Pixel Event Tracker for WooCommerce

Meta Pixel Event Tracker for WooCommerce

meta-pixel-event-tracker

A
100

Adds customizable Meta Pixel event tracking support to WooCommerce.

40 No CVEs
Instant Conversion Analytics – User Analytics Directly Inside Emails Sent From Your Website

Instant Conversion Analytics – User Analytics Directly Inside Emails Sent From Your Website

instant-conversion-analytics

A
92

This plugin adds user's analytics in emails sent from Contact Form 7, Ninja Forms, WPForms, and WooCommerce.

10 No CVEs
EdenPersona – Connector & Analytics

EdenPersona – Connector & Analytics

edenpersona-connector-analytics

A
100

Advanced WooCommerce analytics with AI-powered customer insights and comprehensive customer journey tracking.

0 No CVEs
ShopAnalytics Lite – WooCommerce Sales & Customer Reports

ShopAnalytics Lite – WooCommerce Sales & Customer Reports

shopanalytics-lite-customer-sales-insights

A
100

Instant, lightweight WooCommerce reporting. Track revenue, orders, top customers, and export to CSV. Fast insights for shop owners.

0 No CVEs
Developer Profile

Web Analytics for Woocommerce Developer Profile

Smackcoders Inc.,

23 plugins · 40K total installs

71
trust score
Avg Security Score
88/100
Avg Patch Time
946 days
View full developer profile
Detection Fingerprints

How We Detect Web Analytics for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woo-customer-insight/js/wootracking_select2.min.js/wp-content/plugins/woo-customer-insight/js/wootracking-chart.js/wp-content/plugins/woo-customer-insight/js/wootracking-pie-chart.js/wp-content/plugins/woo-customer-insight/js/wootracking-dashboard.js/wp-content/plugins/woo-customer-insight/js/d3.min.js/wp-content/plugins/woo-customer-insight/js/d3-funnel.js/wp-content/plugins/woo-customer-insight/js/morris.min.js/wp-content/plugins/woo-customer-insight/js/raphael-min.js+6 more
Version Parameters
woo-customer-insight/js/wootracking_select2.min.js?ver=woo-customer-insight/js/wootracking-chart.js?ver=woo-customer-insight/js/wootracking-pie-chart.js?ver=woo-customer-insight/js/wootracking-dashboard.js?ver=woo-customer-insight/js/d3.min.js?ver=woo-customer-insight/js/d3-funnel.js?ver=woo-customer-insight/js/morris.min.js?ver=woo-customer-insight/js/raphael-min.js?ver=woo-customer-insight/css/morris.css?ver=woo-customer-insight/css/wootracking_jquery-ui.css?ver=woo-customer-insight/css/wootracking_select2.min.css?ver=woo-customer-insight/css/wootracking_product_view.css?ver=woo-customer-insight/css/font-awesome.min.css?ver=woo-customer-insight/css/wootracking_bootstrap.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
WCI_ChartDataWooCustomerInsightUIWooCustomerInsightSchemaWooCustomerInsightHelperSM_Woo_Customer_InsightWC_Session_Handler
Data Attributes
data-wci-chartdata-wci-funneldata-wci-pie
JS Globals
wci_select2wci_chartwci_piewci_dashboardwci_funnelwci_morris+1 more
FAQ

Frequently Asked Questions about Web Analytics for Woocommerce