WP-Safety

Yandex Metrica Security & Risk Analysis

wordpress.org/plugins/yandex-metrica

Easy way to use Yandex Metrica on your WordPress site.

20K active installs v2.0.2 PHP 5.6+ WP 5.0+ Updated Feb 23, 2025
analyticsmetricametrikastatsyandex
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Yandex Metrica Safe to Use in 2026?

Generally Safe

Score 92/100

Yandex Metrica has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The yandex-metrica v2.0.2 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with exposed entry points significantly limits the plugin's attack surface. Furthermore, the use of prepared statements for all SQL queries and the presence of nonce and capability checks demonstrate good development practices in preventing common web vulnerabilities. The lack of any known vulnerabilities, historical or current, is also a positive indicator of the plugin's security maintenance.

Key Concerns

  • Output escaping is not fully implemented
  • External HTTP requests present
Vulnerabilities
None known

Yandex Metrica Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Yandex Metrica Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
46
61 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

57% escaped107 total outputs
Attack Surface

Yandex Metrica Attack Surface

Entry Points0
Unprotected0
Maintenance & Trust

Yandex Metrica Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 23, 2025
PHP min version5.6
Downloads422K

Community Trust

Rating76/100
Number of ratings33
Active installs20K
Alternatives

Yandex Metrica Alternatives

Яндекс Метрика

Яндекс Метрика

yandex-metrika

A
85

Яндекс Метрика для вашего сайта на WordPress.

10K No CVEs
DCO Insert Analytics Code

DCO Insert Analytics Code

dco-insert-analytics-code

A
85

Allows you to insert analytics code before </head> or after <body> or before </body>

4K No CVEs
Fast Yandex Metrika

Fast Yandex Metrika

fast-yandex-metrika

A
100

Plugin for configuring the counter and Yandex Metrica goals.

200 No CVEs
Komito Analytics

Komito Analytics

komito-analytics

A
92

Komito Analytics is a free, open-source enhancement for the most popular web analytics software.

100 No CVEs
JSON-LD Schema for Yandex Metrica

JSON-LD Schema for Yandex Metrica

antoniolite-yandex-metrica-json-ld-schema

A
100

Insert the needed JSON-LD Schema in your post pages so you can use the content reports in Yandex Metrica

10 No CVEs
Developer Profile

Yandex Metrica Developer Profile

Mustafa Uysal

9 plugins · 20K total installs

94
trust score
Avg Security Score
92/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Yandex Metrica

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/yandex-metrica/js/Chart.min.js
Script Paths
/wp-content/plugins/yandex-metrica/templates/tracker-js-new.php/wp-content/plugins/yandex-metrica/templates/tracker-js.php
Version Parameters
yandex-metrica/js/Chart.min.js?ver=yandex-metrica/style.css?ver=

HTML / DOM Fingerprints

CSS Classes
yandex-metrica-widget
HTML Comments
<!-- Yandex Metrica Settings --><!-- Yandex Metrica Dashboard Widget -->
Data Attributes
data-counter-iddata-period
JS Globals
window.ymwindow.YandexMetricavar ymvar YandexMetrica
FAQ

Frequently Asked Questions about Yandex Metrica