WP-Safety

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Security & Risk Analysis

wordpress.org/plugins/woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K active installs v1.58.1 PHP 7.3+ WP 3.7+ Updated Mar 10, 2026
conversion-trackingfacebook-pixelgoogle-adsgoogle-analyticswoocommerce
95
A · Safe
CVEs total4
Unpatched0
Last CVEDec 15, 2025
Plugin page Download
Safety Verdict

Is Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Safe to Use in 2026?

Generally Safe

Score 95/100

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 15, 2025Updated 24d ago
Risk Assessment

The `woocommerce-google-adwords-conversion-tracking-tag` plugin exhibits a mixed security posture. While static analysis indicates good practices in output escaping (95%) and a significant portion of SQL queries using prepared statements (60%), several concerns are evident. The presence of 7 AJAX handlers, with a concerning 6 lacking proper authentication checks, significantly expands the attack surface and presents a direct risk of unauthorized actions or information disclosure. The plugin also lacks sufficient nonce checks (only 2 for 7 AJAX handlers) which exacerbates the risk posed by unprotected AJAX endpoints.

Historically, the plugin has a concerning track record with 4 known medium-severity vulnerabilities, including Cross-Site Scripting and Exposure of Sensitive Information. While there are currently no unpatched CVEs, the past prevalence of these vulnerability types suggests a recurring weakness in input sanitization and output handling, or reliance on external sources that may introduce risks. The presence of bundled Freemius v1.0, while not explicitly flagged as outdated, is a potential area for future concern if not regularly updated. In conclusion, the plugin has some strengths in code hardening, but the significant number of unprotected AJAX endpoints and the historical vulnerability patterns warrant caution and active monitoring.

Key Concerns

  • AJAX handlers without auth checks
  • Insufficient nonce checks on AJAX
  • 4 medium severity CVEs historically
  • Bundled Freemius v1.0 library
Vulnerabilities
4

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
4

4 total CVEs

CVE-2025-67564medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Pixel Manager for WooCommerce <= 1.51.1 - Unauthenticated Information Exposure

Dec 15, 2025 Patched in 1.52.0 (6d)
CVE-2025-12545medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information Exposure

Nov 18, 2025 Patched in 1.49.3 (1d)
CVE-2025-6201medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pixel Manager for WooCommerce (PRO) <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode

Jun 18, 2025 Patched in 1.49.1 (1d)
WF-379a5016-3968-4b28-8d6e-0f517e419016-woocommerce-google-adwords-conversion-tracking-tagmedium · 5.3Use of Less Trusted Source

Various Plugins <= Various Version - Use of Polyfill.io

Jun 25, 2024 Patched in 1.43.4 (14d)
Code Analysis
Analyzed Mar 16, 2026

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
6 prepared
Unescaped Output
36
623 escaped
Nonce Checks
2
Capability Checks
5
File Operations
39
External Requests
17
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

60% prepared10 total queries

Output Escaping

95% escaped659 total outputs
Attack Surface
6 unprotected

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Attack Surface

Entry Points9
Unprotected6

AJAX Handlers 7

authwp_ajax_pmw_dismissed_notice_handlerincludes\admin\class-ask-for-rating.php:33
authwp_ajax_pmw_get_cart_itemsincludes\pixels\class-pixel-manager.php:169
noprivwp_ajax_pmw_get_cart_itemsincludes\pixels\class-pixel-manager.php:170
authwp_ajax_pmw_get_product_idsincludes\pixels\class-pixel-manager.php:171
noprivwp_ajax_pmw_get_product_idsincludes\pixels\class-pixel-manager.php:172
authwp_ajax_pmw_purchase_pixels_firedincludes\pixels\class-pixel-manager.php:173
noprivwp_ajax_pmw_purchase_pixels_firedincludes\pixels\class-pixel-manager.php:174

Shortcodes 2

[view-item] includes\pixels\class-shortcodes.php:25
[conversion-pixel] includes\pixels\class-shortcodes.php:26
WordPress Hooks 133
actionadmin_menuclass-wgact.php:54
actionadmin_noticesclass-wgact.php:55
actionbefore_woocommerce_initclass-wgact.php:78
actioninitclass-wgact.php:79
actioninitclass-wgact.php:85
actioninitclass-wgact.php:91
actionwoocommerce_initclass-wgact.php:97
actioninitclass-wgact.php:99
actionpmw_reactivate_duplication_preventionclass-wgact.php:104
actionpmw_deactivate_log_http_requestsclass-wgact.php:107
actionpmw_tracking_accuracy_analysisclass-wgact.php:110
actionpmw_print_product_data_layer_script_by_productclass-wgact.php:113
actionpmw_print_product_data_layer_script_by_product_idclass-wgact.php:116
actionpmw_batch_process_vertical_ltv_calculationclass-wgact.php:123
actionpmw_horizontal_ltv_calculation_checkclass-wgact.php:126
actionpmw_horizontal_ltv_calculationclass-wgact.php:129
actionaction_scheduler_failed_actionclass-wgact.php:132
actionaction_scheduler_failed_executionclass-wgact.php:135
actionaction_scheduler_unexpected_shutdownclass-wgact.php:138
actionwoocommerce_order_status_cancelledclass-wgact.php:141
actionwoocommerce_order_refundedclass-wgact.php:145
filtershow_trialclass-wgact.php:355
filtershow_admin_noticeclass-wgact.php:357
filterconnect_urlfreemius-loader.php:71
filterafter_skip_urlfreemius-loader.php:72
filterafter_connect_urlfreemius-loader.php:73
filterafter_pending_connect_urlfreemius-loader.php:74
filtershow_deactivation_subscription_cancellationfreemius-loader.php:75
actionrest_api_initincludes\admin\class-admin-rest.php:28
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:29
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:30
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:31
actionadmin_menuincludes\admin\class-admin.php:33
actionadmin_initincludes\admin\class-admin.php:35
actionadmin_initincludes\admin\class-admin.php:36
actionload-plugins.phpincludes\admin\class-admin.php:38
filtertemplates/checkout.phpincludes\admin\class-admin.php:40
filtercheckout/purchaseCompletedincludes\admin\class-admin.php:41
actioninitincludes\admin\class-admin.php:44
actionadmin_headincludes\admin\class-admin.php:45
actionadmin_headincludes\admin\class-admin.php:47
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:128
actionwoocommerce_admin_order_data_after_order_detailsincludes\admin\class-admin.php:222
actionadmin_noticesincludes\admin\class-admin.php:1616
actionadmin_enqueue_scriptsincludes\admin\class-ask-for-rating.php:32
actionadmin_noticesincludes\admin\class-ask-for-rating.php:34
actionupgrader_process_completeincludes\admin\class-environment.php:153
filterwoocommerce_gla_disable_gtag_trackingincludes\admin\class-environment.php:1122
filtercmplz_whitelisted_script_tagsincludes\admin\class-environment.php:1140
filteroption_cookiebot-gcmincludes\admin\class-environment.php:1154
filternsc_bar_output_google_consent_mode_scriptincludes\admin\class-environment.php:1168
filternsc_bar_block_scriptincludes\admin\class-environment.php:1172
filteroption_wpl_options_custom-scriptsincludes\admin\class-environment.php:1193
filterdefault_option_wpl_options_custom-scriptsincludes\admin\class-environment.php:1194
filtersgo_javascript_combine_excluded_inline_contentincludes\admin\class-environment.php:1214
filtersgo_js_async_excludeincludes\admin\class-environment.php:1228
filterlitespeed_optimize_js_excludesincludes\admin\class-environment.php:1239
filterfacebook_for_woocommerce_integration_pixel_enabledincludes\admin\class-environment.php:1294
filterwc_facebook_fb_retailer_idincludes\admin\class-environment.php:1298
filterwoocommerce_pinterest_disable_trackingincludes\admin\class-environment.php:1308
filterreddit_for_woocommerce_filter_tracking_dataincludes\admin\class-environment.php:1317
filterwoocommerce_ga_disable_trackingincludes\admin\class-environment.php:1333
actionRCB/Templates/TechnicalHandlingIntegrationincludes\admin\class-environment.php:1356
filtergooglesitekit_analytics-4_tag_blockedincludes\admin\class-environment.php:1412
filtergooglesitekit_ads_tag_blockedincludes\admin\class-environment.php:1417
filterwgdr_third_party_cookie_preventionincludes\admin\class-environment.php:1470
filteroption_bwf_gen_configincludes\admin\class-environment.php:1475
filteroption_add_facebook_pixelincludes\admin\class-environment.php:1515
filteroption_add_facebook_capiincludes\admin\class-environment.php:1519
filteroption_add_remarketingincludes\admin\class-environment.php:1526
filtersgo_javascript_combine_excluded_inline_contentincludes\admin\class-environment.php:1574
filtersgo_javascript_combine_excludeincludes\admin\class-environment.php:1575
filtersgo_javascript_combine_exclude_move_afterincludes\admin\class-environment.php:1576
filtersgo_js_minify_excludeincludes\admin\class-environment.php:1577
filtersgo_js_async_excludeincludes\admin\class-environment.php:1578
filterlitespeed_optimize_js_excludesincludes\admin\class-environment.php:1582
filterlitespeed_optm_js_defer_excincludes\admin\class-environment.php:1583
filterlitespeed_optm_cssjsincludes\admin\class-environment.php:1584
filteroption_litespeed.conf.optm-js_inline_deferincludes\admin\class-environment.php:1585
filterautoptimize_filter_js_consider_minifiedincludes\admin\class-environment.php:1589
filterautoptimize_filter_js_dontmoveincludes\admin\class-environment.php:1590
filterwp-optimize-minify-default-exclusionsincludes\admin\class-environment.php:1595
filteroption_aj_plugin_exclusionsincludes\admin\class-environment.php:1599
filteroption_sbp_optionsincludes\admin\class-environment.php:1615
filterpre_update_option_FLYING_PRESS_CONFIGincludes\admin\class-environment.php:1637
filteroption_FLYING_PRESS_CONFIGincludes\admin\class-environment.php:1656
filterrocket_delay_js_exclusionsincludes\admin\class-environment.php:1716
filterrocket_defer_inline_exclusionsincludes\admin\class-environment.php:1717
filterrocket_exclude_defer_jsincludes\admin\class-environment.php:1718
filterrocket_exclude_jsincludes\admin\class-environment.php:1719
filterrocket_minify_excluded_external_jsincludes\admin\class-environment.php:1720
filterrocket_excluded_inline_js_contentincludes\admin\class-environment.php:1721
actionpre_get_postsincludes\admin\class-order-columns.php:25
actionmanage_shop_order_posts_custom_columnincludes\admin\class-order-columns.php:28
filtermanage_edit-shop_order_columnsincludes\admin\class-order-columns.php:29
filtermanage_woocommerce_page_wc-orders_columnsincludes\admin\class-order-columns.php:30
actionmanage_woocommerce_page_wc-orders_custom_columnincludes\admin\class-order-columns.php:33
actionwoocommerce_order_list_table_prepare_items_query_argsincludes\admin\class-order-columns.php:34
filterviews_woocommerce_page_wc-ordersincludes\admin\class-order-columns.php:35
filterviews_edit-shop_orderincludes\admin\class-order-columns.php:188
actionadmin_enqueue_scriptsincludes\admin\notifications\class-notifications.php:22
actionadmin_enqueue_scriptsincludes\admin\notifications\class-notifications.php:23
actionadmin_noticesincludes\admin\notifications\class-notifications.php:24
actionadmin_noticesincludes\admin\notifications\class-trial-promotion-notification.php:40
actionwp_abilities_api_categories_initincludes\class-abilities.php:47
actionwp_abilities_api_initincludes\class-abilities.php:48
actionwp_headincludes\pixels\class-pixel-manager.php:53
actionwp_enqueue_scriptsincludes\pixels\class-pixel-manager.php:58
actionlitespeed_esi_load-pmw_data_layerincludes\pixels\class-pixel-manager.php:80
actionwp_headincludes\pixels\class-pixel-manager.php:82
actionwp_headincludes\pixels\class-pixel-manager.php:152
actionwp_enqueue_scriptsincludes\pixels\class-pixel-manager.php:159
actionwp_enqueue_scriptsincludes\pixels\class-pixel-manager.php:167
filterscript_loader_tagincludes\pixels\class-pixel-manager.php:177
actionwp_body_openincludes\pixels\class-pixel-manager.php:188
actionwp_footerincludes\pixels\class-pixel-manager.php:195
actionwoocommerce_after_shop_loop_itemincludes\pixels\class-pixel-manager.php:201
filterwoocommerce_blocks_product_grid_item_htmlincludes\pixels\class-pixel-manager.php:207
actionwp_headincludes\pixels\class-pixel-manager.php:213
actionwoocommerce_after_cart_item_nameincludes\pixels\class-pixel-manager.php:215
actionwoocommerce_after_mini_cart_item_nameincludes\pixels\class-pixel-manager.php:221
actionwoocommerce_mini_cart_contentsincludes\pixels\class-pixel-manager.php:227
actionwoocommerce_new_orderincludes\pixels\class-pixel-manager.php:228
actionwoocommerce_order_status_processingincludes\pixels\class-pixel-manager.php:229
actionwoocommerce_order_status_completedincludes\pixels\class-pixel-manager.php:235
actiontemplate_redirectincludes\pixels\class-pixel-manager.php:245
actionrest_api_initincludes\pixels\class-pixel-manager.php:246
actionsave_postincludes\pixels\class-pixel-manager.php:248
actionrest_api_initincludes\pixels\google\class-gtg-proxy.php:119
filterdo_parse_requestincludes\pixels\google\class-gtg-proxy.php:120
actionupdate_option_wgact_plugin_optionsincludes\pixels\google\class-gtg-proxy.php:123
actioninitincludes\pixels\google\class-gtg-proxy.php:126
actionplugins_loadedpmw-loader.php:15
Maintenance & Trust

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.3
Downloads3.3M

Community Trust

Rating98/100
Number of ratings395
Active installs50K
Alternatives

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Alternatives

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels

enhanced-e-commerce-for-woocommerce-store

A
88

Track GA4 Analytics, Google Ads, Microsoft Ads, & Conversion with server-side tracking (CAPI) & product feed to improve ROAS, reports for WooCommerce.

10K 10 CVEs
Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels

Pixel Tag Manager for WooCommerce – Google Analytics 4, Google Ads, and More Pixels

pixel-manager-for-woocommerce

A
100

Pixel Tag Manager for WooCommerce is a powerful plugin to monitor eCommerce events with seamless integration. Track Google Analytics 4, Google Ads, Bi &hellip;

3K No CVEs
Affiliate Sales in Google Analytics and other tools

Affiliate Sales in Google Analytics and other tools

wecantrack

A
99

Integrate all your affiliate sales in Google Analytics, Google Ads, Facebook, Data Studio and more!

2K 1 CVE
Pixelavo – Server Side Tracking & Pixel + AI Ads Tools

Pixelavo – Server Side Tracking & Pixel + AI Ads Tools

pixelavo

A
100

Add pixel tracking to your WordPress site with Conversions API, server-side tracking, AI ad copy generation, and AI marketing consultant.

800 No CVEs
Content Snippet Manager

Content Snippet Manager

content-snippet-manager

A
91

Content Snippet Manager plugin allows you to create and manage unlimited numbers of HTML and WordPress shortcodes in your WordPress content

200 1 CVE
Developer Profile

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing Developer Profile

alekv

2 plugins · 52K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/js/admin/pmw-admin-freemius.p1.min.js/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/css/admin/pmw-admin.css/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/css/admin/pmw-admin.p1.min.css
Script Paths
/wp-content/plugins/woocommerce-google-adwords-conversion-tracking-tag/js/admin/pmw-admin-freemius.p1.min.js
Version Parameters
woocommerce-google-adwords-conversion-tracking-tag/css/admin/pmw-admin.css?ver=woocommerce-google-adwords-conversion-tracking-tag/css/admin/pmw-admin.p1.min.css?ver=

HTML / DOM Fingerprints

CSS Classes
pmw-chatbot-widgetpmw-chatbot-togglepmw-chatbot-panelpmw-chatbot-panel-headerpmw-chatbot-closepmw-chatbot-panel-content
HTML Comments
TODO move script for copying debug info into a proper .js enqueued file, or switch tabs to JavaScript switching and always save all settings at the same timeDeleteIf(wcMarketFree)endDeleteIf(wcMarketFree)Output the floating chatbot widget button+1 more
Data Attributes
id="pmw-chatbot-widget"id="pmw-chatbot-toggle"id="pmw-chatbot-panel"id="pmw-chatbot-close"id="pmw-chatbot-iframe"
JS Globals
pmw_codypmwDataLayer
FAQ

Frequently Asked Questions about Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing