WP-Safety

WP Smart Analytics Security & Risk Analysis

wordpress.org/plugins/wp-smart-analytics

WP Smart Analytics provides insights into visitor analytics provides security to your WordPress installation. This mobile friendly plugin uses only en …

0 active installs v1.2.1 PHP 5.3.0+ WP 3.9.0+ Updated Aug 7, 2022
banbehaviorsecurityvisitorwp-smart-analytics
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP Smart Analytics Safe to Use in 2026?

Generally Safe

Score 85/100

WP Smart Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago
Risk Assessment

The "wp-smart-analytics" v1.2.1 plugin exhibits a generally good security posture with a significant number of security checks in place. It correctly implements nonce and capability checks on its AJAX endpoints, and its REST API is properly secured. The plugin also demonstrates a strong adherence to secure coding practices by using prepared statements for the vast majority of its SQL queries.

However, concerns arise from the taint analysis results, which indicate 5 out of 7 analyzed flows have unsanitized paths. While no critical or high severity taint flows were identified, this suggests potential vulnerabilities related to how user-supplied data is processed, which could lead to unexpected behavior or data manipulation if exploited. The code analysis also shows that only 55% of output escaping is properly done, which could expose the plugin to Cross-Site Scripting (XSS) vulnerabilities if malicious data is present in the unescaped outputs.

The plugin's history of zero known CVEs is a positive indicator of its overall security maturity. It suggests that the development team is either proactive in addressing security issues or that the plugin has not been a significant target for vulnerabilities in the past. Despite the absence of historical vulnerabilities, the presence of unsanitized taint flows and insufficient output escaping in the current analysis warrants careful consideration. The plugin's strengths lie in its robust authentication and authorization mechanisms for its entry points, but its weaknesses are found in the sanitization and escaping of data within its code.

Key Concerns

  • Unsanitized taint flows detected
  • Insufficient output escaping
Vulnerabilities
None known

WP Smart Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

WP Smart Analytics Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
7 prepared
Unescaped Output
9
11 escaped
Nonce Checks
6
Capability Checks
9
File Operations
4
External Requests
1
Bundled Libraries
0

SQL Query Safety

88% prepared8 total queries

Output Escaping

55% escaped20 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
set_cookie_session (class-wpsa.php:597)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

WP Smart Analytics Attack Surface

Entry Points9
Unprotected0

AJAX Handlers 7

authwp_ajax_wpsa_view_logclass-wpsa.php:137
authwp_ajax_wpsa_delete_logclass-wpsa.php:138
authwp_ajax_wpsa_add_tagclass-wpsa.php:139
authwp_ajax_wpsa_save_settingsclass-wpsa.php:140
authwp_ajax_wpsa_generate_reportclass-wpsa.php:141
authwp_ajax_wpsa_view_log_shortcodeclass-wpsa.php:1996
noprivwp_ajax_wpsa_view_log_shortcodeclass-wpsa.php:1997

Shortcodes 2

[wpsa_log] class-wpsa.php:1991
[wpsa_count] class-wpsa.php:1992
WordPress Hooks 7
actionadmin_menuclass-wpsa.php:135
actioninitclass-wpsa.php:144
actioninitclass-wpsa.php:145
actionwp_footerclass-wpsa.php:146
actioninitclass-wpsa.php:148
actionadmin_enqueue_scriptsclass-wpsa.php:204
actionwp_enqueue_scriptsclass-wpsa.php:1994
Maintenance & Trust

WP Smart Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedAug 7, 2022
PHP min version5.3.0
Downloads3K

Community Trust

Rating100/100
Number of ratings1
Active installs0
Alternatives

WP Smart Analytics Alternatives

WP fail2ban – Advanced Security

WP fail2ban – Advanced Security

wp-fail2ban

A
99

WP fail2ban uses fail2ban to protect your WordPress site.

70K 1 CVE
Stop User Enumeration

Stop User Enumeration

stop-user-enumeration

A
91

Helps secure your site against hacking attacks through detecting User Enumeration

50K 6 CVEs
WP Fail2Ban Redux

WP Fail2Ban Redux

wp-fail2ban-redux

A
100

Records various WordPress events to your server's system log for integration with Fail2Ban.

8K No CVEs
WP fail2ban Blocklist

WP fail2ban Blocklist

wpf2b-addon-blocklist

A
100

WP fail2ban Blocklist is a collaborative preemptive blocklist for WordPress.

4K No CVEs
Banhammer – Monitor Site Traffic, Block Bad Users and Bots

Banhammer – Monitor Site Traffic, Block Bad Users and Bots

banhammer

A
99

Monitor traffic and ban unwanted visitors. Block any user or IP address so they can't access your site.

1K 1 CVE
Developer Profile

WP Smart Analytics Developer Profile

Vinod Sebastian

2 plugins · 10 total installs

89
trust score
Avg Security Score
93/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Smart Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-smart-analytics/inc/admin/css/backend-style.css/wp-content/plugins/wp-smart-analytics/inc/admin/css/backend-style-responsive.css/wp-content/plugins/wp-smart-analytics/inc/admin/css/sweetalert.css/wp-content/plugins/wp-smart-analytics/inc/admin/css/jquery-ui.css/wp-content/plugins/wp-smart-analytics/inc/admin/css/jquery.dataTables.min.css/wp-content/plugins/wp-smart-analytics/inc/admin/css/select2.min.css/wp-content/plugins/wp-smart-analytics/inc/admin/js/backend-script.js/wp-content/plugins/wp-smart-analytics/inc/admin/js/sweetalert.min.js+9 more
Script Paths
/wp-content/plugins/wp-smart-analytics/inc/admin/js/backend-script.js/wp-content/plugins/wp-smart-analytics/inc/admin/js/sweetalert.min.js/wp-content/plugins/wp-smart-analytics/inc/admin/js/jquery-ui.min.js/wp-content/plugins/wp-smart-analytics/inc/admin/js/jquery.dataTables.min.js/wp-content/plugins/wp-smart-analytics/inc/admin/js/Chart.bundle.min.js/wp-content/plugins/wp-smart-analytics/inc/admin/js/select2.full.min.js+4 more
Version Parameters
wp-smart-analytics/inc/admin/css/backend-style.css?ver=wp-smart-analytics/inc/admin/css/backend-style-responsive.css?ver=wp-smart-analytics/inc/admin/css/sweetalert.css?ver=wp-smart-analytics/inc/admin/css/jquery-ui.css?ver=wp-smart-analytics/inc/admin/css/jquery.dataTables.min.css?ver=wp-smart-analytics/inc/admin/css/select2.min.css?ver=wp-smart-analytics/inc/admin/js/backend-script.js?ver=wp-smart-analytics/inc/admin/js/sweetalert.min.js?ver=wp-smart-analytics/inc/admin/js/jquery-ui.min.js?ver=wp-smart-analytics/inc/admin/js/jquery.dataTables.min.js?ver=wp-smart-analytics/inc/admin/js/Chart.bundle.min.js?ver=wp-smart-analytics/inc/admin/js/select2.full.min.js?ver=wp-smart-analytics/inc/admin/js/moment.min.js?ver=wp-smart-analytics/inc/admin/js/daterangepicker.js?ver=wp-smart-analytics/inc/admin/js/admin-script.js?ver=wp-smart-analytics/inc/frontend/css/frontend-style.css?ver=wp-smart-analytics/inc/frontend/js/frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp_smart_analytics_admin_page
HTML Comments
<!-- WP Smart Analytics Admin Page -->
Data Attributes
data-wpsa-admin-ajax-urldata-wpsa-nonce
JS Globals
wpsa_admin_ajax_object
REST Endpoints
/wp-json/wpsa/v1/settings/wp-json/wpsa/v1/logs
FAQ

Frequently Asked Questions about WP Smart Analytics