Does Track, Analyze & Optimize by WP Tao have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Track, Analyze & Optimize by WP Tao compatible with WordPress 6.8.5?

According to WordPress.org data, Track, Analyze & Optimize by WP Tao 1.3.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Track, Analyze & Optimize by WP Tao compatible with PHP 5.3+?

Track, Analyze & Optimize by WP Tao requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Track, Analyze & Optimize by WP Tao updated?

Track, Analyze & Optimize by WP Tao was last updated on Jun 24, 2025. Frequent updates are generally a positive security signal.

What is Track, Analyze & Optimize by WP Tao's security score?

Track, Analyze & Optimize by WP Tao has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Track, Analyze & Optimize by WP Tao Security & Risk Analysis

wordpress.org/plugins/wp-tao

Track website visitors, log and analyze their behavior and increase your sales using WP Tao – a powerful, easy-to-use WordPress tracking plugin.

700 active installs v1.3.1 PHP 5.3+ WP 3.8+ Updated Jun 24, 2025

activityanalyticanalyticstracktracker

A · Safe

CVEs total1

Unpatched0

Last CVEJun 11, 2025

Plugin page Download

Safety Verdict

Is Track, Analyze & Optimize by WP Tao Safe to Use in 2026?

Generally Safe

Score 99/100

Track, Analyze & Optimize by WP Tao has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jun 11, 2025Updated 10mo ago

Risk Assessment

The wp-tao plugin version 1.3.1 exhibits a mixed security posture, with some good practices offset by significant concerns. The plugin demonstrates a strong adherence to using prepared statements for SQL queries and a substantial number of capability checks, which are positive security indicators. However, the presence of a dangerous function ('create_function') and a considerable number of flows with unsanitized paths, particularly five identified as high severity taint flows, are serious red flags indicating potential vulnerabilities. The attack surface is also a concern, with half of its AJAX entry points lacking authentication checks.

Key Concerns

High severity unsanitized taint flows (5)
AJAX handlers without auth checks (4)
Use of dangerous function 'create_function'
Flows with unsanitized paths (9 total)
Output escaping not always proper (24% not)

Vulnerabilities

1 published

Track, Analyze & Optimize by WP Tao Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-48145medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Track, Analyze & Optimize by WP Tao <= 1.3 - Reflected Cross-Site Scripting

Jun 11, 2025 Patched in 1.3.1 (15d)

Version History

Track, Analyze & Optimize by WP Tao Release Timeline

v1.3.1Current

v1.31 CVE

v1.2.101 CVE

v1.2.91 CVE

v1.2.8.11 CVE

v1.2.81 CVE

v1.2.71 CVE

v1.2.61 CVE

v1.2.5.41 CVE

v1.2.5.31 CVE

v1.2.5.21 CVE

v1.2.5.11 CVE

v1.2.51 CVE

v1.2.4.31 CVE

v1.2.4.21 CVE

v1.2.4.11 CVE

v1.2.41 CVE

v1.2.31 CVE

v1.2.2.21 CVE

v1.2.2.11 CVE

Code Analysis

Analyzed Mar 16, 2026

Track, Analyze & Optimize by WP Tao Code Analysis

Dangerous Functions

Raw SQL Queries

121 prepared

Unescaped Output

143

451 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function( '', 'echo "' . str_replace( '"', '\"', $section[ 'desc' ] ) . '";' )includes\admin\settings\class-settings-api.php:146

SQL Query Safety

93% prepared130 total queries

Output Escaping

76% escaped594 total outputs

Data Flows · Security

9 unsanitized

Data Flow Analysis

13 flows9 with unsanitized paths

search_controller (includes\admin\class-wptao-admin-users-list.php:71)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Track, Analyze & Optimize by WP Tao Attack Surface

Entry Points8

Unprotected4

AJAX Handlers 8

authwp_ajax_wptao_dashboard_orderincludes\admin\class-wptao-admin-dashboard.php:53

authwp_ajax_wptao_hide_escpresso_reportincludes\admin\class-wptao-admin-dashboard.php:54

noprivwp_ajax_wptao_eventincludes\class-wptao-events.php:51

authwp_ajax_wptao_eventincludes\class-wptao-events.php:52

authwp_ajax_wptao_get_eventsincludes\class-wptao-events.php:60

authwp_ajax_wptao_delete_eventincludes\class-wptao-events.php:63

noprivwp_ajax_wtbp_247p_fireincludes\mods\popups\includes\ajax.php:12

authwp_ajax_wtbp_247p_fireincludes\mods\popups\includes\ajax.php:13

WordPress Hooks 109

actioninitincludes\actions.php:33

actioninitincludes\actions.php:48

actionadmin_initincludes\admin\class-wptao-admin-dashboard.php:47

actionadmin_initincludes\admin\class-wptao-admin-dashboard.php:49

actionadmin_initincludes\admin\class-wptao-admin-dashboard.php:51

actionadmin_initincludes\admin\class-wptao-admin-events.php:38

actionadmin_menuincludes\admin\class-wptao-admin-menus.php:25

actionadmin_menuincludes\admin\class-wptao-admin-menus.php:26

actionadmin_menuincludes\admin\class-wptao-admin-menus.php:27

actionadmin_menuincludes\admin\class-wptao-admin-menus.php:28

actionadmin_menuincludes\admin\class-wptao-admin-menus.php:29

filteradmin_body_classincludes\admin\class-wptao-admin-menus.php:32

actionadmin_initincludes\admin\class-wptao-admin-menus.php:34

actionadmin_initincludes\admin\class-wptao-admin-reports.php:112

actionadmin_initincludes\admin\class-wptao-admin-unidentified.php:60

actionadmin_initincludes\admin\class-wptao-admin-unidentified.php:62

actionadmin_initincludes\admin\class-wptao-admin-user.php:63

actionadmin_initincludes\admin\class-wptao-admin-user.php:66

actionadmin_initincludes\admin\class-wptao-admin-users-list.php:63

filterwptao_traffic_campaign_nameincludes\admin\reports\class-basic-sales-campaigns.php:49

actionadmin_enqueue_scriptsincludes\admin\settings\class-settings-api.php:62

actionadmin_initincludes\admin\settings\class-wptao-core-settings.php:41

actionadmin_noticesincludes\admin\upgrades\upgrade-functions.php:107

actionwtbp_wptao_remove_port_from_pageviewsincludes\admin\upgrades\upgrade-functions.php:196

actionwtbp_wptao_update_edd_currency_for_order_paymentincludes\admin\upgrades\upgrade-functions.php:247

actionwtbp_wptao_update_status_for_identifiedincludes\admin\upgrades\upgrade-functions.php:282

actionwtbp_wptao_update_events_missing_user_idincludes\admin\upgrades\upgrade-functions.php:327

actionwtbp_wptao_v122_update_users_metaincludes\admin\upgrades\upgrade-functions.php:402

actionadmin_initincludes\class-wptao-events.php:44

actionadmin_initincludes\class-wptao-events.php:45

actionwtbp_wptao_initincludes\class-wptao-events.php:47

actionwptao_track_eventincludes\class-wptao-events.php:49

actionwp_enqueue_scriptsincludes\class-wptao-events.php:54

actionwptao_user_identifiedincludes\class-wptao-events.php:56

actionadmin_enqueue_scriptsincludes\class-wptao-events.php:59

actionwptao_user_identifiedincludes\class-wptao-fingerprints.php:72

actioninitincludes\class-wptao-fingerprints.php:113

actionadmin_initincludes\class-wptao-install.php:24

actionadmin_initincludes\class-wptao-maintenance.php:48

actioninitincludes\class-wptao-users.php:39

actioninitincludes\class-wptao-users.php:40

actionwptao_user_identifiedincludes\class-wptao-users.php:44

filterwptao_before_user_addincludes\class-wptao-users.php:46

actionwoocommerce_add_to_cartincludes\events\add_to_cart.php:7

filteredd_add_to_cart_itemincludes\events\add_to_cart.php:33

filterwptao_event_add_to_cart_titleincludes\events\add_to_cart.php:84

filterwptao_event_add_to_cart_descriptionincludes\events\add_to_cart.php:112

actionwp_insert_commentincludes\events\comment.php:7

filterwptao_event_comment_titleincludes\events\comment.php:47

filterwptao_event_comment_descriptionincludes\events\comment.php:75

actioninitincludes\events\contact.php:7

filterwptao_fingerprints_bypassincludes\events\contact.php:121

filterwptao_event_contact_titleincludes\events\contact.php:131

filterwptao_event_contact_descriptionincludes\events\contact.php:147

actionwptao_user_identifiedincludes\events\identified.php:7

filterwptao_event_identified_titleincludes\events\identified.php:36

filterwptao_event_identified_descriptionincludes\events\identified.php:62

actionwp_loginincludes\events\login.php:7

actionwp_login_failedincludes\events\login.php:46

filterwptao_event_login_titleincludes\events\login.php:68

actionwoocommerce_checkout_order_processedincludes\events\order.php:7

actionedd_insert_paymentincludes\events\order.php:60

filterwptao_event_order_titleincludes\events\order.php:112

filterwptao_event_order_descriptionincludes\events\order.php:135

actiontemplate_redirectincludes\events\pageview.php:7

filterwptao_event_pageview_titleincludes\events\pageview.php:108

filterwptao_event_pageview_descriptionincludes\events\pageview.php:167

actionwoocommerce_payment_completeincludes\events\payment.php:7

actionwoocommerce_order_status_completedincludes\events\payment.php:8

actionedd_complete_purchaseincludes\events\payment.php:77

actionedd_recurring_record_paymentincludes\events\payment.php:170

filterwptao_event_payment_titleincludes\events\payment.php:182

filterwptao_event_payment_descriptionincludes\events\payment.php:205

actionuser_registerincludes\events\register.php:7

actionwoocommerce_cart_item_removedincludes\events\remove_from_cart.php:7

actionedd_pre_remove_from_cartincludes\events\remove_from_cart.php:34

filterwptao_event_remove_from_cart_titleincludes\events\remove_from_cart.php:83

filterwptao_event_remove_from_cart_descriptionincludes\events\remove_from_cart.php:111

actiontemplate_redirectincludes\events\search.php:7

filterwptao_event_search_titleincludes\events\search.php:35

actionwp_footerincludes\events\_exit_intent.php:7

actionadmin_initincludes\integrations\edd.php:45

filterwptao_register_sales_platformsincludes\integrations\edd.php:47

filterwptao_report_mp_exclude_orderincludes\integrations\edd.php:49

filterwptao_event_pageview_query_args_storeincludes\integrations\edd.php:51

filterwptao_event_pageview_user_dataincludes\integrations\edd.php:52

actionadmin_noticesincludes\integrations\edd.php:103

actionadmin_initincludes\integrations\woocommerce.php:45

filterwptao_register_sales_platformsincludes\integrations\woocommerce.php:47

filterwptao_report_mp_exclude_orderincludes\integrations\woocommerce.php:49

actionadmin_noticesincludes\integrations\woocommerce.php:100

actionadmin_initincludes\mods\popups\247-popup.php:107

actiontemplate_redirectincludes\mods\popups\247-popup.php:109

actioninitincludes\mods\popups\247-popup.php:164

actioninitincludes\mods\popups\includes\admin\register-popup.php:19

actionadd_meta_boxesincludes\mods\popups\includes\admin\register-popup.php:21

filterwptao_settings_sectionsincludes\mods\popups\includes\admin\settings.php:7

filterwptao_settingsincludes\mods\popups\includes\admin\settings.php:22

actionwp_footerincludes\mods\popups\includes\class-popup.php:181

actionwtbp_247p_popup_was_firedincludes\mods\popups\includes\events\display-popup.php:7

filterwptao_events_actionsincludes\mods\popups\includes\events\display-popup.php:30

filterwptao_event_247popup_display_titleincludes\mods\popups\includes\events\display-popup.php:52

filterwptao_events_actionsincludes\mods\popups\includes\events\success-popup.php:11

filterwptao_event_247popup_success_titleincludes\mods\popups\includes\events\success-popup.php:33

filterwptao_event_contact_excludeincludes\mods\popups\includes\events\success-popup.php:69

actionwtbp_247p_pre_popup_titleincludes\mods\popups\includes\functions.php:362

actioninitwp-tao.php:331

actionadmin_initwp-tao.php:333

actionadmin_noticeswp-tao.php:484

Maintenance & Trust

Track, Analyze & Optimize by WP Tao Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 24, 2025

PHP min version5.3

Downloads33K

Community Trust

Rating98/100

Number of ratings17

Active installs700

Alternatives

Track, Analyze & Optimize by WP Tao Alternatives

User Activity Tracking and Log

user-activity-tracking-and-log

Track time and monitor user activity & history on your website, LMS online learning system, membership or WooCommerce site.

3K 2 CVEs

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts

tracemyip-visitor-analytics-ip-tracking-control

100

Comprehensive visitor IP tracking and website analytics solution with real-time statistics, page view counting, and customizable email alerts.

1K No CVEs

Matomo Tracker

matomo-analytics

100

The easiest way to track visitors in Matomo. No nonsense, just stats!

100 No CVEs

UTM Manager – UTM Tracking, Lead Attribution & Campaign Analytics

utm-manager

100

Track UTM parameters, capture leads with full attribution, and analyze marketing campaigns directly from your WordPress dashboard.

100 No CVEs

EchoDash

echodash

100

Track user events and interactions from popular WordPress plugins in real-time with EchoDash analytics.

30 No CVEs

Developer Profile

Track, Analyze & Optimize by WP Tao Developer Profile

Michal Jaworski

5 plugins · 740 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect Track, Analyze & Optimize by WP Tao

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-tao/assets/css/wptao-admin-styles.css/wp-content/plugins/wp-tao/assets/css/wptao-chart.css/wp-content/plugins/wp-tao/assets/css/wptao-common-styles.css/wp-content/plugins/wp-tao/assets/css/wptao-dashboard.css/wp-content/plugins/wp-tao/assets/css/wptao-datatable.css/wp-content/plugins/wp-tao/assets/css/wptao-forms.css/wp-content/plugins/wp-tao/assets/css/wptao-frontend-tracking.css/wp-content/plugins/wp-tao/assets/css/wptao-global.css+26 more

Script Paths

/wp-content/plugins/wp-tao/assets/js/wptao-admin-scripts.js/wp-content/plugins/wp-tao/assets/js/wptao-chart.js/wp-content/plugins/wp-tao/assets/js/wptao-common-scripts.js/wp-content/plugins/wp-tao/assets/js/wptao-dashboard.js/wp-content/plugins/wp-tao/assets/js/wptao-datatable.js/wp-content/plugins/wp-tao/assets/js/wptao-editor.js+11 more

Version Parameters

wp-tao/assets/css/wptao-admin-styles.css?ver=wp-tao/assets/css/wptao-chart.css?ver=wp-tao/assets/css/wptao-common-styles.css?ver=wp-tao/assets/css/wptao-dashboard.css?ver=wp-tao/assets/css/wptao-datatable.css?ver=wp-tao/assets/css/wptao-forms.css?ver=wp-tao/assets/css/wptao-frontend-tracking.css?ver=wp-tao/assets/css/wptao-global.css?ver=wp-tao/assets/css/wptao-login-redirect.css?ver=wp-tao/assets/css/wptao-maintenance.css?ver=wp-tao/assets/css/wptao-notifications.css?ver=wp-tao/assets/css/wptao-reports.css?ver=wp-tao/assets/css/wptao-scan.css?ver=wp-tao/assets/css/wptao-settings.css?ver=wp-tao/assets/css/wptao-social-login.css?ver=wp-tao/assets/css/wptao-timeline.css?ver=wp-tao/assets/css/wptao-user-profile.css?ver=wp-tao/assets/js/wptao-admin-scripts.js?ver=wp-tao/assets/js/wptao-chart.js?ver=wp-tao/assets/js/wptao-common-scripts.js?ver=wp-tao/assets/js/wptao-dashboard.js?ver=wp-tao/assets/js/wptao-datatable.js?ver=wp-tao/assets/js/wptao-editor.js?ver=wp-tao/assets/js/wptao-frontend-tracking.js?ver=wp-tao/assets/js/wptao-global.js?ver=wp-tao/assets/js/wptao-login-redirect.js?ver=wp-tao/assets/js/wptao-maintenance.js?ver=wp-tao/assets/js/wptao-notifications.js?ver=wp-tao/assets/js/wptao-reports.js?ver=wp-tao/assets/js/wptao-scan.js?ver=wp-tao/assets/js/wptao-settings.js?ver=wp-tao/assets/js/wptao-social-login.js?ver=wp-tao/assets/js/wptao-timeline.js?ver=wp-tao/assets/js/wptao-user-profile.js?ver=

HTML / DOM Fingerprints

CSS Classes

wptao-scan-results-wrapwptao-admin-user-profilewptao-dashboard-wrapperwptao-datatable-wrapperwptao-reports-wrapperwptao-settings-wrapperwptao-timeline-wrapperwptao-user-profile-wrapper+2 more

Data Attributes

data-wptao-user-iddata-wptao-event-id

JS Globals

WPTAO_TRACKING_OPTIONSWPTAO_FRONTEND_TRACKING_INITWPTAO_CHART_DATAWPTAO_USER_PROFILE_DATAWPTAO_REPORTS_DATA

REST Endpoints

/wp-json/wp-tao/v1/track

FAQ

Track, Analyze & Optimize by WP Tao Security & Risk Analysis

Is Track, Analyze & Optimize by WP Tao Safe to Use in 2026?

Generally Safe

Key Concerns

Track, Analyze & Optimize by WP Tao Security Vulnerabilities

CVEs by Year

Severity Breakdown

Track, Analyze & Optimize by WP Tao Release Timeline

Track, Analyze & Optimize by WP Tao Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Track, Analyze & Optimize by WP Tao Attack Surface

AJAX Handlers 8

Track, Analyze & Optimize by WP Tao Maintenance & Trust

Maintenance Signals

Community Trust

Track, Analyze & Optimize by WP Tao Alternatives

User Activity Tracking and Log

Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts

Matomo Tracker

UTM Manager – UTM Tracking, Lead Attribution & Campaign Analytics

EchoDash

Track, Analyze & Optimize by WP Tao Developer Profile

How We Detect Track, Analyze & Optimize by WP Tao

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Track, Analyze & Optimize by WP Tao