WP-Safety

Conversion Tracking for WooCommerce Security & Risk Analysis

wordpress.org/plugins/woocommerce-conversion-tracking

Adds various conversion tracking codes to cart, checkout, registration success and product page on WooCommerce

20K active installs v2.1.5 PHP 7.4+ WP 5.4+ Updated Feb 5, 2026
commercee-commerceecommercetrackingwoocommerce
98
A · Safe
CVEs total4
Unpatched0
Last CVEJan 31, 2024
Plugin page Download
Safety Verdict

Is Conversion Tracking for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Conversion Tracking for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Jan 31, 2024Updated 1mo ago
Risk Assessment

The "woocommerce-conversion-tracking" plugin version 2.1.5 presents a mixed security posture. On the positive side, it demonstrates good practices in several areas, including the absence of dangerous functions, 100% of SQL queries utilizing prepared statements, and a robust number of nonce and capability checks. File operations and bundled libraries are also absent, which can reduce the attack surface in those categories. However, there are notable concerns. The presence of an AJAX handler without authentication checks is a significant risk, creating a direct entry point for unauthenticated actions. While taint analysis shows no current critical or high severity flows, the historically high number of reported CVEs (4 total) with a significant portion being medium or high severity (1 high, 3 medium) is a strong indicator of past security weaknesses. Common vulnerability types like missing authorization and cross-site scripting further reinforce the need for caution. Despite the current lack of critical vulnerabilities and good practices in certain code aspects, the plugin's history of past vulnerabilities and the identified unprotected AJAX handler warrant careful consideration and vigilance.

Key Concerns

  • Unprotected AJAX handler found
  • High number of past vulnerabilities (4 total)
  • Past high severity vulnerabilities (1 high, 3 medium)
  • Past vulnerabilities include missing authorization and XSS
  • Output escaping not fully implemented (78%)
Vulnerabilities
4

Conversion Tracking for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2022
2022
2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
3

4 total CVEs

CVE-2024-24711medium · 4.3Missing Authorization

WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization via wcct_install_happy_addons

Jan 31, 2024 Patched in 2.0.12 (3d)
CVE-2023-52217medium · 4.3Missing Authorization

WooCommerce Conversion Tracking <= 2.0.11 - Missing Authorization

Jan 3, 2024 Patched in 2.0.12 (21d)
WF-84003388-c47c-41db-8d2d-4643aa375a89-woocommerce-conversion-trackingmedium · 4.3Missing Authorization

Appsero <= 1.2.1 - Missing Authorization

Dec 16, 2022 Patched in 2.0.11 (699d)
WF-e203fc8f-fc57-4918-8ef2-3ba6ae979d40-woocommerce-conversion-trackinghigh · 8.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WooCommerce Conversion Tracking <= 2.0.4 - Cross-Site Request Forgery and Cross-Site Scripting

Jan 2, 2020 Patched in 2.0.6 (1482d)
Code Analysis
Analyzed Mar 16, 2026

Conversion Tracking for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
39
138 escaped
Nonce Checks
7
Capability Checks
8
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

78% escaped177 total outputs
Attack Surface
1 unprotected

Conversion Tracking for WooCommerce Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 4

authwp_ajax_wcct_save_settingsincludes\class-ajax.php:12
authwp_ajax_activate_happy_addonsincludes\class-ajax.php:13
authwp_ajax_wcct_dismissable_noticeincludes\class-ajax.php:15
authwp_ajax_wcct_dismiss_noticeincludes\class-welcome-20.php:13
WordPress Hooks 46
actionbefore_woocommerce_initconversion-tracking.php:85
actionplugins_loadedconversion-tracking.php:187
actioninitconversion-tracking.php:188
actionadmin_noticesconversion-tracking.php:190
actionadmin_noticesconversion-tracking.php:192
actionswitch_themedependencies\Appsero\Insights.php:135
actionswitch_themedependencies\Appsero\Insights.php:136
actionadmin_footerdependencies\Appsero\Insights.php:146
actionadmin_noticesdependencies\Appsero\Insights.php:161
actionadmin_initdependencies\Appsero\Insights.php:164
filtercron_schedulesdependencies\Appsero\Insights.php:168
actionadmin_menudependencies\Appsero\License.php:219
actionafter_switch_themedependencies\Appsero\License.php:781
actionswitch_themedependencies\Appsero\License.php:782
actionadmin_enqueue_scriptsincludes\class-admin.php:12
actionadmin_menuincludes\class-admin.php:13
filterupgrader_package_optionsincludes\class-ajax.php:95
actionplugins_loadedincludes\class-event-dispatcher.php:19
actionwp_headincludes\class-event-dispatcher.php:20
actionwoocommerce_add_to_cartincludes\class-event-dispatcher.php:23
actionwoocommerce_after_checkout_formincludes\class-event-dispatcher.php:24
actionwoocommerce_thankyouincludes\class-event-dispatcher.php:25
actionwoocommerce_after_single_productincludes\class-event-dispatcher.php:28
actionwoocommerce_after_shop_loopincludes\class-event-dispatcher.php:29
actionwoocommerce_registration_redirectincludes\class-event-dispatcher.php:32
actiontemplate_redirectincludes\class-event-dispatcher.php:33
actionpre_get_postsincludes\class-event-dispatcher.php:36
filteryith_wcwl_added_to_wishlistincludes\class-event-dispatcher.php:39
actionwoocommerce_wishlist_add_itemincludes\class-event-dispatcher.php:40
actionwp_footerincludes\class-event-dispatcher.php:157
filterwcct_settings_fbincludes\class-integration-pro-features.php:12
filterwcct_settings_twitterincludes\class-integration-pro-features.php:13
filterwcct_settings_adwordsincludes\class-integration-pro-features.php:14
actionadmin_enqueue_scriptsincludes\class-integration-pro-features.php:15
filterwcct_nav_tabincludes\class-integration-pro-features.php:17
actionwcct_sidebarincludes\class-integration-pro-features.php:19
actionadmin_initincludes\class-welcome-20.php:11
actionwoocommerce_update_options_integrationincludes\integration.php:22
actionwoocommerce_product_options_reviewsincludes\integration.php:25
actionwoocommerce_process_product_metaincludes\integration.php:26
actionwoocommerce_registration_redirectincludes\integration.php:28
actiontemplate_redirectincludes\integration.php:29
actionwp_headincludes\integration.php:30
actionwp_footerincludes\integration.php:31
actionwoocommerce_thankyouincludes\integration.php:32
actionwp_headincludes\integration.php:162
Maintenance & Trust

Conversion Tracking for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 5, 2026
PHP min version7.4
Downloads815K

Community Trust

Rating62/100
Number of ratings23
Active installs20K
Alternatives

Conversion Tracking for WooCommerce Alternatives

Conversion Tracking for WooCommerce

Conversion Tracking for WooCommerce

conversion-tracking-for-woocommerce

A
85

Outputs WooCommerce variables on the cart, checkout, and order confirmation pages as a global named WCPAYLOAD to make integration with analytics and c &hellip;

10 No CVEs
Pythia for Woocommerce

Pythia for Woocommerce

pythia-for-woocommerce

A
100

Pythia for Woocommerce is a Tracking Tool solution built on WooCommerce.

0 No CVEs
Klarna for WooCommerce

Klarna for WooCommerce

klarna-payments-for-woocommerce

A
100

Grow your business for increased sales and enhanced shopping experiences at no extra costs.

30K 1 CVE
Kustom Checkout for WooCommerce

Kustom Checkout for WooCommerce

klarna-checkout-for-woocommerce

A
99

The leading checkout in the Nordics, built for higher conversion and returning shoppers. Easy to integrate, supports Klarna and all popular payment me &hellip;

10K 2 CVEs
Japanized for WooCommerce

Japanized for WooCommerce

woocommerce-for-japan

A
95

Essential Japanese localization toolkit for WooCommerce - adds address formats, payment methods, delivery scheduling, and legal compliance.

10K 6 CVEs
Developer Profile

Conversion Tracking for WooCommerce Developer Profile

weDevs

20 plugins · 113K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
366 days
View full developer profile
Detection Fingerprints

How We Detect Conversion Tracking for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-conversion-tracking/assets/css/frontend.css/wp-content/plugins/woocommerce-conversion-tracking/assets/js/frontend.js
Script Paths
/wp-content/plugins/woocommerce-conversion-tracking/assets/js/frontend.js
Version Parameters
woocommerce-conversion-tracking/assets/css/frontend.css?ver=woocommerce-conversion-tracking/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- weDevs Conversion Tracking --><!-- End weDevs Conversion Tracking --><!-- weDevs Conversion Tracking Hook --><!-- End weDevs Conversion Tracking Hook -->+2 more
Data Attributes
data-wcct-settings
JS Globals
wcct_params
FAQ

Frequently Asked Questions about Conversion Tracking for WooCommerce