Analytics WordPress Plugins That Need Review
129 indexed plugins
Plugins
129
Active Installs
11m+
Average Score
55
Audited
122
Needs Review
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #51 | Traffic Monitor | 39 | 6 | 143 | 1k+ | Direct Query | ||
| #52 | UserHeat Plugin | 39 | 121 | 20 | 6k+ | Non Singular String Literal Domain | ||
| #53 | Yandex Metrica | 39 | 92 | 46 | 20k+ | Output is not escaped | ||
| #54 | Analytics Germanized for Google Analytics (GDPR / DSGVO) | 40 | 49 | 14 | 8k+ | Output is not escaped | ||
| #55 | heatmap for WordPress – Realtime analytics | 40 | 94 | 15 | 1k+ | Non Singular String Literal Domain | ||
| #56 | Statify Widget | 40 | 52 | 13 | 4k+ | Output is not escaped | ||
| #57 | ShinyStat Analytics | 41 | 88 | 25 | 1k+ | Output is not escaped | ||
| #58 | Chartbeat | 42 | 33 | 18 | 1k+ | Output is not escaped | ||
| #59 | GA Google Analytics – Connect Google Analytics to WordPress | 42 | 46 | 30 | 400k+ | Output is not escaped | ||
| #60 | Goolytics – Simple Google Analytics | 42 | 37 | 5 | 4k+ | Unsafe printing function | ||
| #61 | Usermaven | 42 | 36 | 77 | 1k+ | Request data is not unslashed | ||
| #62 | Yandex.Metrika | 42 | 15 | 20 | 900 | Unsafe printing function | ||
| #63 | Simple Matomo Tracking Code | 44 | 23 | 6 | 1k+ | Unsafe printing function | ||
| #64 | Easy Share Solution For WordPress | 48 | 15 | 33 | 1k+ | Output is not escaped | ||
| #65 | Super Simple Google Analytics | 48 | 55 | 3 | 2k+ | Output is not escaped | ||
| #66 | Analytics by BestWebSoft – Google Analytics Dashboard and Statistic Plugin for WordPress | 49 | 478 | 176 | 1k+ | Text Domain Mismatch | ||
| #67 | StoryChief | 51 | 12 | 55 | 1k+ | Input is not sanitized | ||
| #68 | User Activity Tracking and Log | 51 | 28 | 237 | 3k+ | Non-prefixed global variable | ||
| #69 | Simple Blog Stats | 53 | 25 | 76 | 4k+ | Non-prefixed function | ||
| #70 | Skroutz Analytics for WooCommerce | 53 | 57 | 15 | 1k+ | Text Domain Mismatch | ||
| #71 | Analytics Head | 54 | 34 | 7 | 600 | Output is not escaped | ||
| #72 | Head, Footer and Post Injections | 55 | 9 | 52 | 300k+ | Non-prefixed global variable | ||
| #73 | Known Agents – Track AI Bots and Crawlers, Block Scrapers, Analyze LLM Referral Traffic | 57 | 37 | 12 | 1k+ | Setting is missing a sanitization callback | ||
| #74 | etracker analytics | 59 | 16 | 9 | 1k+ | Exception output is not escaped | ||
| #75 | Fathom Analytics for WP | 63 | 25 | 15 | 10k+ | Output is not escaped | ||
| #76 | Mailster Google Analytics | 63 | 26 | 9 | 900 | Output is not escaped | ||
| #77 | Pageviews | 64 | 15 | 12 | 1k+ | Missing Translators Comment | ||
| #78 | WP Scroll Depth | 66 | 29 | 9 | 1k+ | Output is not escaped | ||
| #79 | Controls for Contact Form 7 (Redirects, Analytics & Tracking) | 68 | 4 | 14 | 10k+ | Missing nonce verification | ||
| #80 | ミエルカヒートマップ タグマネージャー | 68 | 9 | 11 | 800 | Input is not validated | ||
| #81 | BestPrice Analytics Integration | 69 | 36 | 11 | 1k+ | Text Domain Mismatch | ||
| #82 | Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative) | 69 | 33 | 368 | 200k+ | Direct Query | ||
| #83 | CallRail Phone Call Tracking | 69 | 11 | 12 | 10k+ | Input is not validated | ||
| #84 | WEBKINDER Integration for Google Analytics and Google Tag Manager | 70 | 15 | 22 | 10k+ | Output is not escaped | ||
| #85 | Albacross for WordPress | 73 | 18 | 5 | 1k+ | Text Domain Mismatch | ||
| #86 | Website Optimization – Plerdy | 73 | 48 | 1 | 1k+ | wp function not compatible with requires wp | ||
| #87 | Audience Analytics – by Quantcast | 76 | 17 | 3 | 1k+ | Text Domain Mismatch | ||
| #88 | Lucky Orange | 76 | 56 | 0 | 2k+ | wp function not compatible with requires wp | ||
| #89 | Simple Universal Google Analytics | 78 | 11 | 0 | 4k+ | Output is not escaped | ||
| #90 | Global Site Tag Tracking | 79 | 11 | 1 | 1k+ | Output is not escaped | ||
| #91 | Klaviyo | 79 | 26 | 86 | 100k+ | Non-prefixed function | ||
| #92 | Яндекс Метрика | 79 | 10 | 4 | 10k+ | Unsafe printing function | ||
| #93 | Siteimprove | 81 | 6 | 23 | 800 | Nonce verification recommended | ||
| #94 | Metricool – Social media and site statistics | 82 | 9 | 4 | 80k+ | Exception output is not escaped | ||
| #95 | Inspectlet – AI-Powered Session Replay, Heatmaps & Analytics | 83 | 13 | 2 | 700 | Text Domain Mismatch | ||
| #96 | Mouseflow for WordPress | 83 | 9 | 8 | 7k+ | Output is not escaped | ||
| #97 | Crazy Egg | 84 | 12 | 1 | 7k+ | wp function not compatible with requires wp | ||
| #98 | GTM Kit – Google Tag Manager & GA4 integration | 87 | 5 | 17 | 30k+ | Missing direct file access protection | ||
| #99 | AI Powered Marketing | 89 | 8 | 8 | 50k+ | Offloaded Content | ||
| #100 | Statify | 89 | 5 | 33 | 100k+ | Direct Query |
