YD Profile Visitor Tracker Security & Risk Analysis
wordpress.org/plugins/yd-profile-visitor-trackerWho has visited your profile?
Is YD Profile Visitor Tracker Safe to Use in 2026?
Generally Safe
Score 85/100YD Profile Visitor Tracker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "yd-profile-visitor-tracker" v0.1.9 plugin exhibits a generally good security posture with no known vulnerabilities or critical code signals. The absence of dangerous functions, external HTTP requests, and file operations, along with the use of prepared statements for all SQL queries, are strong indicators of secure coding practices. The presence of both nonce and capability checks also contributes positively to its security.
However, a significant concern arises from the taint analysis, which identified 3 flows with unsanitized paths. While none were classified as critical or high severity, unsanitized paths can still lead to various vulnerabilities such as path traversal or information disclosure if exploited. The low percentage of properly escaped output (9%) is another area of concern, as it suggests a higher risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed.
Given the clean vulnerability history and the absence of known CVEs, the plugin appears to be well-maintained in that regard. Nevertheless, the identified unsanitized paths and the prevalent lack of output escaping represent potential security weaknesses that could be exploited. The overall risk is moderate, with a strong foundation in some security areas but notable weaknesses in input sanitization and output escaping.
Key Concerns
- Flows with unsanitized paths found
- Low percentage of properly escaped output
YD Profile Visitor Tracker Security Vulnerabilities
YD Profile Visitor Tracker Release Timeline
YD Profile Visitor Tracker Code Analysis
Output Escaping
Data Flow Analysis
YD Profile Visitor Tracker Attack Surface
WordPress Hooks 13
Scheduled Events 2
Maintenance & Trust
YD Profile Visitor Tracker Maintenance & Trust
Maintenance Signals
Community Trust
YD Profile Visitor Tracker Alternatives
Lead Forensics
lead-forensics-roi
Lead Forensics helps you to turn your anonymous website visitors into paying customers. Our business database is the biggest in the world, so every vi …
Pure Chat – Live Chat & More!
pure-chat
Pure Chat provides a Live Chat plugin with Unlimited Chats for your website!
Trace My IP – Visitor IP Tracker, Stats Analytics & Page Views Counter with Email Alerts
tracemyip-visitor-analytics-ip-tracking-control
Comprehensive visitor IP tracking and website analytics solution with real-time statistics, page view counting, and customizable email alerts.
Outfunnel: Web Visitor Tracking & CRM Integration
outfunnel
Track which leads visit your website and automatically sync WordPress form submissions to Pipedrive, HubSpot, Copper, or Salesforce.
Opti-Behavior – Self-Hosted Heatmaps, Session Recording & Analytics (GDPR-Native ,Free Hotjar & Clarity Alternative)
opti-behavior
Free self-hosted heatmaps, click tracking, session recordings & funnels. GDPR-ready. No session limits. Your data stays on your server.
YD Profile Visitor Tracker Developer Profile
16 plugins · 220 total installs
How We Detect YD Profile Visitor Tracker
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/yd-profile-visitor-tracker/css/yd.cssyd-profile-visitor-tracker/style.css?ver=yd-profile-visitor-tracker/script.js?ver=HTML / DOM Fingerprints
Just fill up necessary settings in the configuration arrayYou must specify a unique class nameThis file contains the actual YD Wordpress Plugin Framework components.Please do not change anything in this file.+12 moreshortcodewidget_classstylesheet_filetranslation_domainpvtPlugin[yd_visitor_profiles]