WP-Safety

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Security & Risk Analysis

wordpress.org/plugins/wp-analytify

Analytify is the must-have Plugin for Google Analytics 4 Integration, Tracking, & Reporting in WordPress. Enhanced eCommerce, Events, & Call Analytics

20K active installs v8.1.2 PHP + WP 4.0+ Updated Mar 9, 2026
analyticsgoogle-analyticsgoogle-analytics-4google-analytics-dashboardwordpress-analytics
96
A · Safe
CVEs total13
Unpatched0
Last CVEMar 27, 2025
Plugin page Download
Safety Verdict

Is Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Safe to Use in 2026?

Generally Safe

Score 96/100

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) has a strong security track record. Known vulnerabilities have been patched promptly.

13 known CVEsLast CVE: Mar 27, 2025Updated 25d ago
Risk Assessment

The plugin "wp-analytify" v8.1.2 exhibits a mixed security posture. While it demonstrates good practices in many areas, such as a high percentage of prepared SQL statements and properly escaped output, there are notable concerns. The static analysis reveals a significant attack surface with several unprotected entry points, specifically 4 AJAX handlers and 1 REST API route lacking authentication checks. This absence of robust authorization is a critical weakness that could be exploited by unauthenticated attackers.

The vulnerability history of this plugin is a significant red flag. With 13 known CVEs, primarily in categories like Missing Authorization, CSRF, and XSS, it suggests a pattern of recurring security flaws. The presence of a high-severity vulnerability and 12 medium-severity ones in its history, even with 0 currently unpatched, indicates a persistent struggle with secure coding practices in certain areas. The taint analysis, while currently showing no critical or high severity issues, should be continuously monitored as the identified unprotected entry points could potentially become targets for taint-related attacks if malicious input is processed without proper sanitization.

In conclusion, "wp-analytify" v8.1.2 has strengths in its output escaping and prepared statement usage. However, the substantial number of unprotected entry points and its historical vulnerability patterns, especially concerning authorization and input validation, present significant risks. A proactive approach to fortify these unprotected entry points and continued vigilance regarding its security track record are strongly recommended.

Key Concerns

  • 4 AJAX handlers without auth checks
  • 1 REST API route without permission callbacks
  • 1 high severity vulnerability in history
  • 12 medium severity vulnerabilities in history
  • Common vulnerability types: Missing Auth, CSRF, XSS
Vulnerabilities
13

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Security Vulnerabilities

CVEs by Year

3 CVEs in 2022
2022
3 CVEs in 2023
2023
5 CVEs in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
12

13 total CVEs

CVE-2025-30897medium · 4.3Missing Authorization

Analytify <= 5.5.1 - Missing Authorization to Authenticated (Subscriber+) Minor Settings Update

Mar 27, 2025 Patched in 6.0.0 (8d)
CVE-2025-26773medium · 4.3Missing Authorization

Analytify <= 5.5.0 - Missing Authorization

Feb 14, 2025 Patched in 5.5.1 (5d)
CVE-2024-53814medium · 4.3Missing Authorization

Analytify <= 5.4.3 - Missing Authorization

Dec 2, 2024 Patched in 5.5.0 (10d)
CVE-2024-43265medium · 4.3Missing Authorization

Analytify <= 5.3.1 - Cross-Site Request Forgery to Opt-out

Aug 12, 2024 Patched in 5.4.0 (11d)
CVE-2024-35689medium · 4.3Cross-Site Request Forgery (CSRF)

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Cross-Site Request Forgery

Jun 6, 2024 Patched in 5.2.4 (7d)
CVE-2024-1809medium · 5.4Exposure of Sensitive System Information to an Unauthorized Control Sphere

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) <= 5.2.3 - Missing Authorization

Apr 29, 2024 Patched in 5.2.4 (4d)
CVE-2024-1584medium · 5.3Improper Access Control

Analytify <= 5.2.1 - Missing Authorization to Unauthenticated Google Analytics Tracking ID Modification

Apr 26, 2024 Patched in 5.2.4 (7d)
CVE-2023-47841medium · 4.3Cross-Site Request Forgery (CSRF)

Analytify Dashboard <= 5.1.1 - Cross-Site Request Forgery

Nov 20, 2023 Patched in 5.2.0 (64d)
CVE-2023-41695medium · 4.3Missing Authorization

Analytify Dashboard <= 5.1.0 - Missing Authorization to Opt-In

Sep 5, 2023 Patched in 5.1.1 (140d)
CVE-2022-45830medium · 4.3Cross-Site Request Forgery (CSRF)

Analytify <= 4.2.3 - Missing Authorization & Cross-Site Request Forgery

Jan 3, 2023 Patched in 4.3.0 (385d)
CVE-2022-38137high · 8.8Cross-Site Request Forgery (CSRF)

Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Cross-Site Request Forgery

Sep 29, 2022 Patched in 4.2.3 (481d)
WF-b899ca76-d6f4-4369-8f66-738b144433b7-wp-analytifymedium · 6.5Missing Authorization

Analytify – Google Analytics Dashboard For WordPress <= 4.2.2 - Authorization Bypass

Aug 22, 2022 Patched in 4.2.3 (519d)
WF-27cfd3cd-e622-4be7-af47-84324d6f6ea3-wp-analytifymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Analytify <= 4.2.0 - Reflected Cross-Site Scripting

Jun 20, 2022 Patched in 4.2.1 (582d)
Code Analysis
Analyzed Mar 16, 2026

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
6 prepared
Unescaped Output
71
898 escaped
Nonce Checks
34
Capability Checks
36
File Operations
8
External Requests
24
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

86% prepared7 total queries

Output Escaping

93% escaped969 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
deactivate (inc\ajax-traits\utility.php:434)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Attack Surface

Entry Points13
Unprotected5

AJAX Handlers 10

authwp_ajax_activate-analytify-dashboard-freeclasses\analytify-dashboard-widget.php:24
authwp_ajax_send_analytics_emailclasses\analytify-email\bootstrap.php:63
authwp_ajax_analytify_opt_out_optioninc\class-analytify-ajax.php:29
authwp_ajax_analytify_refresh_ga4_streamsinc\class-analytify-ajax.php:30
authwp_ajax_analytify_dismiss_rank_math_noticeinc\class-analytify-loader.php:126
authwp_ajax_get_ajax_single_admin_analyticsinc\class-analytify-loader.php:195
authwp_ajax_set_module_stateinc\class-analytify-loader.php:196
authwp_ajax_analytify_get_post_sessionsinc\class-analytify-post-columns.php:43
authwp_ajax_dismiss_analytify_noticeinc\core-traits\profile-helpers.php:165
authwp_ajax_analytify_factory_resetwp-analytify.php:1468

REST API Routes 1

GET/wp-json/wp-analytify/v1/get_report/(?P<request_type>[a-zA-Z0-9-]+)classes\analytify-rest\bootstrap.php:118

Shortcodes 2

[analytify_user_optout] classes\class-analytify-user-optout.php:24
[analytify_user_optin] classes\class-analytify-user-optout.php:25
WordPress Hooks 105
actioninitanalytify-general.php:211
actioninitclasses\analytify-base.php:120
actionwp_dashboard_setupclasses\analytify-dashboard-widget.php:23
actionadmin_noticesclasses\analytify-email\bootstrap.php:47
actionadmin_enqueue_scriptsclasses\analytify-email\bootstrap.php:58
actionanalytify_email_cron_functionclasses\analytify-email\bootstrap.php:59
filterwp_analytify_pro_setting_tabsclasses\analytify-email\bootstrap.php:60
filterwp_analytify_pro_setting_fieldsclasses\analytify-email\bootstrap.php:61
actionafter_single_view_stats_buttonsclasses\analytify-email\bootstrap.php:62
actionanalytify_settings_logsclasses\analytify-email\bootstrap.php:64
filtertrp_stop_translating_pageclasses\analytify-email\scheduler.php:42
actioninitclasses\analytify-email.php:90
actionadmin_menuclasses\analytify-logs.php:32
actionadmin_initclasses\analytify-logs.php:33
actioninitclasses\analytify-logs.php:49
actioninitclasses\analytify-logs.php:50
actionrest_api_initclasses\analytify-rest\bootstrap.php:105
filteranalytify_general_stats_footerclasses\analytify-rest\bootstrap.php:106
filteranalytify_single_post_sectionsclasses\analytify-rest\bootstrap.php:107
actionwp_analytify_tracking_accordion_promoclasses\analytify-settings\promo-helpers.php:114
actionwp_analytify_tracking_accordion_proclasses\analytify-settings\promo-helpers.php:198
actionadmin_initclasses\analytify-settings.php:68
actionadmin_enqueue_scriptsclasses\analytify-settings.php:71
actionadmin_post_analytify_delete_cacheclasses\analytify-settings.php:72
actionadmin_enqueue_scriptsclasses\analytify-settings.php:73
actionadmin_noticesclasses\analytify-utils\analytify-utils-notices.php:57
actionadmin_enqueue_scriptsclasses\class-analytify-admin-assets.php:43
filterwt_cli_third_party_scriptsclasses\class-analytify-gdpr-compliance.php:38
filterwt_cli_plugin_integrationsclasses\class-analytify-gdpr-compliance.php:39
actioninitclasses\class-analytify-gdpr-compliance.php:40
filteranalytiy_user_optout_messageclasses\class-analytify-user-optout.php:22
filteranalytiy_user_optin_messageclasses\class-analytify-user-optout.php:23
actionwp_loadedclasses\class-wp-analytify-compatibility-upgrade.php:384
actionwidgets_initinc\analytify-widgets.php:149
actionadmin_bar_menuinc\class-analytify-adminbar.php:25
actioninitinc\class-analytify-loader.php:102
actionadmin_noticesinc\class-analytify-loader.php:119
actionadmin_noticesinc\class-analytify-loader.php:120
actionadmin_noticesinc\class-analytify-loader.php:121
actionadmin_noticesinc\class-analytify-loader.php:122
actionadmin_noticesinc\class-analytify-loader.php:123
actionadmin_enqueue_scriptsinc\class-analytify-loader.php:142
actionadmin_enqueue_scriptsinc\class-analytify-loader.php:143
actionwp_enqueue_scriptsinc\class-analytify-loader.php:144
actionwp_enqueue_scriptsinc\class-analytify-loader.php:145
actionadmin_headinc\class-analytify-loader.php:146
actionadmin_headinc\class-analytify-loader.php:147
actionwp_wpb_sdk_after_uninstallinc\class-analytify-loader.php:163
actionadmin_initinc\class-analytify-loader.php:179
actionadmin_initinc\class-analytify-loader.php:180
actionadmin_initinc\class-analytify-loader.php:181
actionadmin_noticesinc\class-analytify-loader.php:182
actionadmin_noticesinc\class-analytify-loader.php:183
filterplugin_row_metainc\class-analytify-loader.php:184
actionadd_meta_boxesinc\class-analytify-loader.php:192
filterpost_row_actionsinc\class-analytify-loader.php:199
filterpage_row_actionsinc\class-analytify-loader.php:200
actionpost_submitbox_minor_actionsinc\class-analytify-loader.php:201
actionupdate_option_wp-analytify-profileinc\class-analytify-loader.php:209
actionupdate_option_wp-analytify-advancedinc\class-analytify-loader.php:210
actionadmin_initinc\class-analytify-loader.php:211
actioninitinc\class-analytify-loader.php:219
actionadd_meta_boxesinc\class-analytify-loader.php:220
actionadmin_initinc\class-analytify-loader.php:228
actioninitinc\class-analytify-logging.php:31
actioninitinc\class-analytify-logging.php:34
filtermanage_edit-post_columnsinc\class-analytify-post-columns.php:32
actionmanage_posts_custom_columninc\class-analytify-post-columns.php:33
filtermanage_edit-page_columnsinc\class-analytify-post-columns.php:36
actionmanage_pages_custom_columninc\class-analytify-post-columns.php:37
actioninitinc\class-analytify-post-columns.php:40
actionrestrict_manage_postsinc\class-analytify-post-columns.php:41
actionadmin_footerinc\class-analytify-post-columns.php:42
actionadmin_footerinc\core-traits\profile-helpers.php:121
filteranalytify_register_log_handlersinc\core-traits\profile-helpers.php:248
actionadmin_print_scriptsinc\core-traits\profile-helpers.php:318
actionadmin_headinc\core-traits\profile-helpers.php:319
actioninitinc\gdpr-compliance.php:45
actionadd_meta_boxesinc\gdpr-compliance.php:46
actionadmin_initinc\module-manager.php:45
actionadmin_enqueue_scriptsinc\page-addons.php:42
actionupdate_option_wp-analytify-profileinc\profile-management.php:51
actionupdate_option_wp-analytify-advancedinc\profile-management.php:52
actionadmin_initinc\profile-management.php:53
actionadmin_noticesinc\promotions.php:192
actionadmin_noticesinc\promotions.php:273
actionadmin_footerinc\scripts-styles.php:330
actionadmin_footerinc\scripts-styles.php:432
actioninitwp-analytify.php:358
actionadmin_initwp-analytify.php:359
actionadmin_initwp-analytify.php:360
actionadmin_initwp-analytify.php:361
filterremovable_query_argswp-analytify.php:362
actionadmin_menuwp-analytify.php:363
actionplugin_row_metawp-analytify.php:365
actionwp_headwp-analytify.php:367
actionwp_headwp-analytify.php:368
filteradmin_footer_textwp-analytify.php:370
actionadmin_footerwp-analytify.php:371
actionadmin_initwp-analytify.php:373
actionanalytify_cleanup_logswp-analytify.php:375
actioninitwp-analytify.php:377
actionanalytify_analytics_lib_cronwp-analytify.php:386
actionadmin_footerwp-analytify.php:870
actionplugins_loadedwp-analytify.php:1423

Scheduled Events 3

analytify_email_cron_function
analytify_cleanup_logs
analytify_analytics_lib_cron
Maintenance & Trust

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version
Downloads2.4M

Community Trust

Rating94/100
Number of ratings487
Active installs20K
Alternatives

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Alternatives

Analytify – Dashboard Widget for Google Analytics

Analytify – Dashboard Widget for Google Analytics

analytify-analytics-dashboard-widget

A
100

Google Analytics Dashboard widget is a Free Add-on for Google Analytics by Analytify plugin to show Google Analytics widget at WordPress dashboard.

10K No CVEs
MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

MonsterInsights – Google Analytics Dashboard for WordPress (Website Stats Made Easy)

google-analytics-for-wordpress

A
96

The best free Google Analytics plugin for WordPress. See how visitors find and use your website so you can grow your business with powerful analytics.

2.0M 10 CVEs
Beehive Analytics – Google Analytics Dashboard

Beehive Analytics – Google Analytics Dashboard

beehive-analytics

A
100

View visitor stats and track user behavior from within WordPress. A Google Analytics plugin with dashboard reports and Google Tag Manager support.

30K No CVEs
Analytics Insights – Google Analytics Dashboard for WordPress

Analytics Insights – Google Analytics Dashboard for WordPress

analytics-insights

A
100

A full-featured and entirely free Google Analytics Dashboard plugin for WordPress. Displays stats to help you to better understand your site content.

10K 1 CVE
GA4WP – Analytics Dashboard for the Website

GA4WP – Analytics Dashboard for the Website

ga-for-wp

C
56

Google Analytics Dashboard for WordPress Plugin by GA4WP is Lightweight, Easy to connect and comes with plenty of great features.

2K 2 unpatched
Developer Profile

Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking) Developer Profile

Adnan

11 plugins · 660K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
526 days
View full developer profile
Detection Fingerprints

How We Detect Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-analytify/analytify-general.php/wp-content/plugins/wp-analytify/inc/analytify-constants.php/wp-content/plugins/wp-analytify/lib/wpb-sdk/start.php

HTML / DOM Fingerprints

CSS Classes
analytify-main-menuwp-analytify-settings
HTML Comments
<!-- TELEMETRY SDK INITIALIZATION START --><!-- TELEMETRY SDK INITIALIZATION END --><!-- MAIN PLUGIN CLASS DEFINITION START --><!-- CONSTRUCTOR & CORE METHODS START -->
Data Attributes
data-analytify-hook
JS Globals
window.wpb_dynamic_init
FAQ

Frequently Asked Questions about Analytify – Google Analytics Dashboard For WordPress (GA4 analytics tracking)