Does WP Global Site Tag have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Global Site Tag have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Global Site Tag compatible with WordPress 6.8.5?

According to WordPress.org data, WP Global Site Tag 1.0.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Global Site Tag updated?

WP Global Site Tag was last updated on May 2, 2025. Frequent updates are generally a positive security signal.

What is WP Global Site Tag's security score?

WP Global Site Tag has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Global Site Tag Security & Risk Analysis

wordpress.org/plugins/wp-global-site-tag

Global Site Tag (gtag.js) is a new Google Analytics replacement – giving you better control while making implementation easier. Using gtag.

8K active installs v1.0.7 PHP + WP 3.0.1+ Updated May 2, 2025

global-site-taggoogle-analyticsgoogle-tag-managergtm

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Global Site Tag Safe to Use in 2026?

Generally Safe

Score 100/100

WP Global Site Tag has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The 'wp-global-site-tag' plugin, version 1.0.7, exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the code analysis reveals no dangerous functions, no file operations, no external HTTP requests, and critically, no SQL queries that are not properly prepared, which are all positive indicators of secure coding practices.

While the plugin demonstrates excellent handling of SQL queries and a high percentage of properly escaped output, there are a couple of areas that warrant attention. The complete lack of nonce checks and capability checks across all entry points, though currently zero in number, represents a potential blind spot. If future functionality introduces new entry points, the absence of these fundamental security mechanisms could lead to vulnerabilities.

With a clean vulnerability history, including zero known CVEs, the plugin appears to be robust and well-maintained in terms of past security issues. The strengths lie in its minimal attack surface and secure data handling. The primary weakness, albeit theoretical given the current lack of entry points, is the absence of built-in authorization checks that would be crucial if the plugin's functionality were to expand.

Key Concerns

No nonce checks present
No capability checks present

Vulnerabilities

None known

WP Global Site Tag Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Global Site Tag Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

84% escaped45 total outputs

Attack Surface

WP Global Site Tag Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actionplugins_loadedincludes\class-wp-global-site-tag.php:149

actionadmin_enqueue_scriptsincludes\class-wp-global-site-tag.php:164

actionadmin_menuincludes\class-wp-global-site-tag.php:165

actionadmin_initincludes\class-wp-global-site-tag.php:166

actionadmin_initincludes\class-wp-global-site-tag.php:167

actionadmin_initincludes\class-wp-global-site-tag.php:168

actionadmin_noticesincludes\class-wp-global-site-tag.php:169

filterplugin_action_links_wp-global-site-tag/wp-global-site-tag.phpincludes\class-wp-global-site-tag.php:170

actionupgrader_process_completeincludes\class-wp-global-site-tag.php:171

actionadmin_noticesincludes\class-wp-global-site-tag.php:172

actionadmin_noticesincludes\class-wp-global-site-tag.php:173

actionwp_headincludes\class-wp-global-site-tag.php:189

Maintenance & Trust

WP Global Site Tag Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 2, 2025

PHP min version

Downloads72K

Community Trust

Rating100/100

Number of ratings3

Active installs8K

Alternatives

WP Global Site Tag Alternatives

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

Google Analytics and Google Tag Manager

wk-google-analytics

Google Analytics or Google Tag Manager for WordPress without tracking your own visits.

10K No CVEs

DeMomentSomTres WP Admin GTM

demomentsomtres-wp-admin-gtm

DeMomentSomTres Google Tag Manager for WP-Admin allows to extend DuracellTomi's Google Tag Manager into WP administration.

100 No CVEs

Sugoi Tag Inserter: GTM & gtag.js Made Easy

sugoi-tag-inserter

・2 step installation of GTM / gtag.js Plugin to make Google Tag Manager (GTM) & gtag.js(Google Ads / Google Analytics).

20 No CVEs

ACh Tag Manager

ach-tag-manager

Manage GA4 Measurement ID, Google Tag Manager, and Google Analytics. You can set up Google Analytics 4 property (GA4).

10 No CVEs

Developer Profile

WP Global Site Tag Developer Profile

digitalapps

5 plugins · 13K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Global Site Tag

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-global-site-tag/admin/css/wp-global-site-tag-admin.css

Version Parameters

wp-global-site-tag-admin.css?ver=

HTML / DOM Fingerprints

FAQ