WP-Safety

XYZZY Basic SEO & Analytics Security & Risk Analysis

wordpress.org/plugins/xyzzy-basic-seo-analytics

XYZZY Basic SEO & Analytics es un sencillo y ligero plugin con el que integrar Analytics y los metadatos SEO en nuestra web.

20 active installs v1.0.5 PHP 5.6+ WP 5.0+ Updated Jun 18, 2021
analyticsgoogle-newsseo
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is XYZZY Basic SEO & Analytics Safe to Use in 2026?

Generally Safe

Score 85/100

XYZZY Basic SEO & Analytics has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "xyzzy-basic-seo-analytics" v1.0.5 plugin presents a mixed security posture. On the positive side, the plugin exhibits a commendably small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication or permission checks. Furthermore, all SQL queries are properly prepared, and there are no known historical vulnerabilities (CVEs) associated with this plugin, indicating a potentially stable development history.

However, there are significant areas of concern within the static analysis. A mere 15% of output escaping is a critical weakness. This means that a substantial amount of user-supplied or dynamically generated data is likely being rendered directly into the browser without proper sanitization, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also reveals two flows with unsanitized paths, although thankfully these are not currently classified as critical or high severity. The complete absence of nonce checks is also a notable concern, especially in conjunction with the limited capability checks and the potential for XSS. While the attack surface is small, the lack of robust output escaping is the most pressing issue, leaving it vulnerable to client-side attacks.

Key Concerns

  • Insufficient output escaping (15%)
  • Unsanitized paths in taint flows (2)
  • No nonce checks
Vulnerabilities
None known

XYZZY Basic SEO & Analytics Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

XYZZY Basic SEO & Analytics Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
22
4 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

15% escaped26 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
xbs_set_metadata (inc\functions\head-embed.php:4)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

XYZZY Basic SEO & Analytics Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
actionadmin_menuinc\functions\admin-menu.php:34
actionadmin_initinc\functions\admin-menu.php:75
actioninitinc\functions\admin-meta.php:25
actionadd_meta_boxesinc\functions\admin-meta.php:42
actionsave_postinc\functions\admin-meta.php:125
actioninitinc\functions\admin-meta.php:130
actionadmin_enqueue_scriptsinc\functions\enqueue-styles.php:6
actionwp_headinc\functions\head-embed.php:61
filterpre_get_document_titleinc\functions\head-embed.php:100
Maintenance & Trust

XYZZY Basic SEO & Analytics Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedJun 18, 2021
PHP min version5.6
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

XYZZY Basic SEO & Analytics Alternatives

SEO SIMPLE PACK

SEO SIMPLE PACK

seo-simple-pack

A
91

This is a very simple SEO plugin. You can easily set and customize meta tags and OGP tags for each page.

100K 1 CVE
CallRail Phone Call Tracking

CallRail Phone Call Tracking

callrail-phone-call-tracking

A
99

Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.

10K 2 CVEs
Website Optimization – Plerdy

Website Optimization – Plerdy

plerdy-heatmap

A
100

Optimize your website with Plerdy by analyzing traffic sources, scroll depth, user clicks, and usability to enhance conversion and strategy.

1K 1 CVE
SEO Engine

SEO Engine

seo-engine

A
100

Made it through the SEO plugin wasteland? You've earned a coffee ☺️ Quietly powerful AI SEO that actually works. No bloat, just results. Enjoy! 💕

1K No CVEs
ShinyStat Analytics

ShinyStat Analytics

shinystat-analytics

A
100

Plugin to activate the ShinyStat Analytics services on your website.

1K No CVEs
Developer Profile

XYZZY Basic SEO & Analytics Developer Profile

xyzzyestudioweb

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect XYZZY Basic SEO & Analytics

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/xyzzy-basic-seo-analytics/admin/js/token-form.js/wp-content/plugins/xyzzy-basic-seo-analytics/admin/css/xbs-admin-styles.css
Script Paths
/wp-content/plugins/xyzzy-basic-seo-analytics/admin/js/token-form.js
Version Parameters
xyzzy-basic-seo-analytics/admin/js/token-form.js?ver=xyzzy-basic-seo-analytics/admin/css/xbs-admin-styles.css?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- XYZZY Basic SEO meta tags --><!-- End XYZZY Basic SEO meta tags -->
Data Attributes
data-block="editor"data-editor="editor"data-editor-theme="theme"data-editor-content="content"data-components="components"data-wp-edit-post="edit-post"
JS Globals
window.wp.datawindow.wp.componentswindow.wp.domReadywindow.wp.i18nwindow.wp.compose
REST Endpoints
/wp-json/wp/v2/posts
FAQ

Frequently Asked Questions about XYZZY Basic SEO & Analytics