[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVovoIG3io9u8iJ2LQw_Frx-w8yL7FZRkRetHKifJQ_o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":52,"analysis":144,"fingerprints":239},"abwp-simple-counter","Simple Counter","1.0.3","abwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fabwp\u002F","\u003Cp>The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.\u003C\u002Fp>\n\u003Cp>Tools webmaster:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebmaster.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Webmaster\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fwebmasters\u002Ftools\u002F\" rel=\"nofollow ugc\">Google Search Console\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Code counters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Metrika\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.google.com\u002Fanalytics\u002F\" rel=\"nofollow ugc\">Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.",1000,11365,100,2,"2024-04-22T19:17:00.000Z","6.5.8","3.9","",[20,21,22,23,24],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81","%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","metrika","statistics","yandex","https:\u002F\u002Fab-wp.com\u002Fplugins\u002Fsimple-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabwp-simple-counter.1.0.3.zip",71,1,"2023-12-19 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2023-50377","simple-counter-authenticated-administrator-stored-cross-site-scripting-via-settings","Simple Counter \u003C= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings","The Simple Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0.3","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-05-17 13:46:44",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fcb4eb28a-3dd5-4d8d-bef0-53cee7285180?source=api-prod",{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":50,"computed_at":51},2000,82,30,81,"2026-04-04T13:31:41.448Z",[53,72,86,104,123],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":14,"last_updated":63,"tested_up_to":64,"requires_at_least":17,"requires_php":18,"tags":65,"homepage":68,"download_link":69,"security_score":70,"vuln_count":71,"unpatched_count":71,"last_vuln_date":37,"fetched_at":30},"wt-yandex-metrika","WT Yandex Metrika","1.1","Roman Kusty","https:\u002F\u002Fprofiles.wordpress.org\u002Fkustyrt\u002F","\u003Cp>С помощью этого плагина вы можете c легкость добавить на свой сайт счетчик \u003Cstrong>Яндекс.Метрика\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\" rel=\"nofollow ugc\">Яндекс.Метрика\u003C\u002Fa> — инструмент для оценки посещаемости сайтов, анализа поведения посетителей и эффективности рекламы. Метрика работает по традиционному принципу интернет-счетчиков: код, установленный на страницах вашего сайта, регистрирует каждое посещение, собирая о нем данные.\u003C\u002Fp>\n\u003Ch4>Возможности плагина\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Выбор расположения кода счетчика: Header \u002F Footer\u003C\u002Fli>\n\u003Cli>Отключение счетчика при посещении сайта администратором\u003C\u002Fli>\n\u003Cli>Активация счетчика в панели администратора\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>После установки и активации плагина в \u003Cstrong>настройках сайта\u003C\u002Fstrong> появится раздел \u003Cstrong>WT Яндекс Метрика\u003C\u002Fstrong>, в котором необходимо вставить код счетчика и настроить отображение.\u003C\u002Fp>\n\u003Ch4>Поддержка\u003C\u002Fh4>\n\u003Cp>Домашняя страница и документация плагина: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress\u002F\" rel=\"nofollow ugc\">WT Yandex Metrika\u003C\u002Fa>.\u003Cbr \u002F>\nРазработка и поддержка: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\" rel=\"nofollow ugc\">АИТ “Web Technology”\u003C\u002Fa>.\u003Cbr \u002F>\nСообщество Вконтакте: \u003Ca href=\"https:\u002F\u002Fvk.com\u002Fagency_web_technology\" rel=\"nofollow ugc\">vk.com\u002Fagency_web_technology\u003C\u002Fa>.\u003C\u002Fp>\n","Простое добавление на сайт счетчика Яндекс.Метрика",6000,45465,"2020-05-25T14:17:00.000Z","5.4.19",[20,66,21,67],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81-%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","yandex-metrika","https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-yandex-metrika.zip",85,0,{"slug":73,"name":74,"version":75,"author":7,"author_profile":8,"description":76,"short_description":77,"active_installs":11,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":82,"homepage":83,"download_link":84,"security_score":85,"vuln_count":71,"unpatched_count":71,"last_vuln_date":37,"fetched_at":30},"easy-yandex-metrica","Easy Yandex Metrica","1.2.2","\u003Cp>The Easy Yandex Metrica plugin allows you to view some Yandex Metrica data directly in your WordPress admin panel\u003C\u002Fp>\n\u003Ch4>What is Yandex Metrica\u003C\u002Fh4>\n\u003Cp>Yandex Metrica is a free tool for evaluating site traffic and analyzing user behavior. Learn all the features of the service\u003Cbr \u002F>\nyou can on the official \u003Ca href=\"https:\u002F\u002Fmetrica.yandex.com\u002F\" rel=\"nofollow ugc\">page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>The Easy Yandex Metrica plugin adds a graphical display of the following data to the administrative panel\u003Cbr \u002F>\n– the number of visitors to the site\u003Cbr \u002F>\n– sources, summary\u003Cbr \u002F>\n– summary of transitions from search engines\u003Cbr \u002F>\n– summary of transitions from sites\u003Cbr \u002F>\n– summary of transitions from social networks\u003C\u002Fp>\n\u003Cp>This plugin does not add the tracking counter code to the site, if you need a simple installation of the code – use our plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fabwp-simple-counter\u002F\" rel=\"ugc\">Simple Counter\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>The plugin is available in the following languages:\u003Cbr \u002F>\n– English (en_US), built-in\u003Cbr \u002F>\n– Russian (ru_RU), native support\u003C\u002Fp>\n\u003Cp>You can help with translation to other languages-the plugin is completely ready for translation!\u003C\u002Fp>\n","Easily add statistics display Yandex Metrica to the Wordpress admin panel.",15557,74,3,"2024-04-22T12:35:00.000Z",[66,21,24,67],"https:\u002F\u002Fab-wp.com\u002Fplugins\u002Feasy-yandex-metrica\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-yandex-metrica.1.2.2.zip",92,{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":71,"num_ratings":71,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":102,"download_link":103,"security_score":13,"vuln_count":71,"unpatched_count":71,"last_vuln_date":37,"fetched_at":30},"fast-yandex-metrika","Fast Yandex Metrika","1.1.5","Sergey Parshin","https:\u002F\u002Fprofiles.wordpress.org\u002Fpss777\u002F","\u003Cp>Plugin for configuring the counter and Yandex Metrica goals.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supports the following counter settings:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>whether to collect data for a click map;\u003C\u002Fli>\n\u003Cli>track clicks on outbound links;\u003C\u002Fli>\n\u003Cli>accurate bounce rate;\u003C\u002Fli>\n\u003Cli>whether to use Session Replay (Webvisor 2.0);\u003C\u002Fli>\n\u003Cli>hash tracking in the browser’s address bar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Loading by event:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>scroll: when the page starts scrolling (recommended if the counter script affects the speed of the site);\u003C\u002Fli>\n\u003Cli>ready: after building the HTML document, but before loading external resources: styles, scripts, images, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Embedding in HTML:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>adding before \u003C\u002Fhead>;\u003C\u002Fli>\n\u003Cli>adding after \u003Cbody>;\u003C\u002Fli>\n\u003Cli>adding before \u003C\u002Fbody>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Easy goal setting for:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>phone;\u003C\u002Fli>\n\u003Cli>form;\u003C\u002Fli>\n\u003Cli>button;\u003C\u002Fli>\n\u003Cli>link;\u003C\u002Fli>\n\u003Cli>HTML tag.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Error control\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When working with goals on the user side, the plugin monitors the correct indication of CSS selectors.\u003Cbr \u002F>\nJavaScript with a syntax violation does not cause an error, but fixes it in the browser console (F12).\u003C\u002Fp>\n\u003Cp>\u003Cem>Goal #1. SyntaxError: Failed to execute ‘querySelectorAll’ on ‘Document’: ‘.class 777’ is not a valid selector.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>To see information about errors, in the plugin settings, enable the “Error control in the browser console” option.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Ftr9teIOTOqk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Plugin for configuring the counter and Yandex Metrica goals.",200,4412,"2025-04-15T12:14:00.000Z","6.8.5","6.8","8.1",[20,21,101,22,24],"metrica","https:\u002F\u002Fru.wordpress.org\u002Fplugins\u002Ffast-yandex-metrika\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast-yandex-metrika.1.1.5.zip",{"slug":105,"name":106,"version":75,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":113,"num_ratings":114,"last_updated":115,"tested_up_to":97,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":119,"download_link":120,"security_score":121,"vuln_count":28,"unpatched_count":28,"last_vuln_date":122,"fetched_at":30},"wp-yandex-metrika","Yandex.Metrica","Yandex Metrika","https:\u002F\u002Fprofiles.wordpress.org\u002Fyandexmetrika\u002F","\u003Ch4>Yandex.Metrica\u003C\u002Fh4>\n\u003Cp>The free official Yandex.Metrica plugin for WordPress. This plugin helps you install a Yandex.Metrica tag on your site and configure the transfer of E-commerce data without manually editing the site’s code. It also transmits data about product views, additions to the basket, and sales.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Official Yandex.Metrica plugin\u003C\u002Fli>\n\u003Cli>E-commerce event tracking without manually editing the site’s code\u003C\u002Fli>\n\u003Cli>Quick installation\u003C\u002Fli>\n\u003Cli>Support for WordPress versions 5.2.9 and higher\u003C\u002Fli>\n\u003Cli>Scheduled updates\u003C\u002Fli>\n\u003Cli>Prompt support service\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>List of functions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically search for and configure installed Yandex.Metrica tags.\u003C\u002Fli>\n\u003Cli>Quickly add new Yandex.Metrica tags. The following parameters are set by default:\n\u003Cul>\n\u003Cli>E-commerce: Enabled\u003C\u002Fli>\n\u003Cli>Session Replay: Enabled (can be disabled if necessary)\u003C\u002Fli>\n\u003Cli>Click map: enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Transfer of e-commerce events according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fdata\u002Fe-commerce.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Adding an item to the basket\u003C\u002Fli>\n\u003Cli>Pageview of a product profile\u003C\u002Fli>\n\u003Cli>Removing an item from the basket\u003C\u002Fli>\n\u003Cli>Placing an order\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Detalization of transferred product data according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fecommerce\u002Fdata.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Event logs with the following error codes:\n\u003Cul>\n\u003Cli>The WordPress version is deprecated\u003C\u002Fli>\n\u003Cli>The site lacks the brand taxonomy indicated by the user\u003C\u002Fli>\n\u003Cli>The theme doesn’t have the hook required for the plugin to work\u003C\u002Fli>\n\u003Cli>The tag number contains characters that aren’t numbers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n","The free official Yandex.Metrica plugin for WordPress.",60000,262856,70,13,"2025-09-25T10:44:00.000Z","5.2.9","5.6.20",[20,66,21,101,24],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-yandex-metrika\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-yandex-metrika.1.2.2.zip",78,"2025-12-07 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":133,"num_ratings":134,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":138,"tags":139,"homepage":142,"download_link":143,"security_score":85,"vuln_count":71,"unpatched_count":71,"last_vuln_date":37,"fetched_at":30},"yandex-metrica","Yandex Metrica","2.0.2","Mustafa Uysal","https:\u002F\u002Fprofiles.wordpress.org\u002Fm_uysl\u002F","\u003Cp>The best Yandex Metrica plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>What is Metrica\u003C\u002Fh4>\n\u003Cp>Metrica is an analytics tool like just like google analytics. You can learn more about from \u003Ca href=\"https:\u002F\u002Fmetrica.yandex.com\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to manage counter’s  tracking options.\u003C\u002Fli>\n\u003Cli>Role based user tracking\u003C\u002Fli>\n\u003Cli>Dashboard widget that displays Metrica graphics,, summary of site usage, top pages etc..\u003C\u002Fli>\n\u003Cli>Role based user access for the displaying dashboard widget\u003C\u002Fli>\n\u003Cli>Basic mode is ready! If you don’t want to give API access, you can try basic mode.\u003C\u002Fli>\n\u003Cli>i18n support: Completely translation ready!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (en_US), built-in\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR), native support\u003C\u002Fli>\n\u003Cli>Russian (ru_RU), \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Foleg0789\" rel=\"nofollow ugc\">oleg0789\u003C\u002Fa> and Ксения Рыбка\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmustafauysal\u002Fyandex-metrica\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you like Yandex Metrica, then consider checking out my other projects:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F3WIGUTg\" rel=\"friend nofollow ugc\">Powered Cache\u003C\u002Fa> – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F4ag2OAc\" rel=\"friend nofollow ugc\">Magic Login Pro\u003C\u002Fa> – Easy, secure, and passwordless authentication for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F3wAFSxM\" rel=\"friend nofollow ugc\">Easy Text-to-Speech for WordPress\u003C\u002Fa> – Transform your textual content into high-quality synthesized speech with Amazon Polly.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F4bk1Tjp\" rel=\"friend nofollow ugc\">Handywriter\u003C\u002Fa> – AI-powered writing assistant that can help you create content for your WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F44GZOf8\" rel=\"friend nofollow ugc\">PaddlePress PRO\u003C\u002Fa> – Paddle Plugin for WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy way to use Yandex Metrica on your WordPress site.",20000,421614,76,33,"2025-02-23T12:49:00.000Z","6.7.5","5.0","5.6",[140,101,22,141,24],"analytics","stats","https:\u002F\u002Fgithub.com\u002Fmustafauysal\u002Fyandex-metrica","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyandex-metrica.2.0.2.zip",{"attackSurface":145,"codeSignals":181,"taintFlows":226,"riskAssessment":227,"analyzedAt":238},{"hooks":146,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":180,"entryPointCount":28,"unprotectedCount":71},[147,154,157,161,164,167,170],{"type":148,"name":149,"callback":150,"priority":151,"file":152,"line":153},"action","load-metrica_page_counters-settings","add_admin_help_tab",20,"includes\\admin-counters.php",7,{"type":148,"name":155,"callback":155,"file":156,"line":49},"init","simple-counter.php",{"type":148,"name":158,"callback":159,"file":156,"line":160},"plugins_loaded","load_plugin_textdomain",41,{"type":148,"name":162,"callback":162,"file":156,"line":163},"admin_menu",42,{"type":148,"name":165,"callback":165,"file":156,"line":166},"admin_init",43,{"type":148,"name":168,"callback":169,"file":156,"line":133},"wp_head","get_head_code",{"type":148,"name":171,"callback":172,"file":156,"line":173},"wp_footer","get_footer_code",77,[],[],[177],{"tag":178,"callback":179,"file":156,"line":121},"simple-counter","get_shortcode_counter",[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":71,"externalRequests":71,"nonceChecks":71,"capabilityChecks":28,"bundledLibraries":225},[],{"prepared":71,"raw":71,"locations":184},[],{"escaped":71,"rawEcho":186,"locations":187},18,[188,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223],{"file":152,"line":189,"context":190},14,"raw output",{"file":192,"line":14,"context":190},"includes\\page-admin-counters.php",{"file":192,"line":194,"context":190},11,{"file":192,"line":196,"context":190},27,{"file":192,"line":198,"context":190},48,{"file":192,"line":200,"context":190},52,{"file":192,"line":202,"context":190},54,{"file":192,"line":204,"context":190},65,{"file":192,"line":206,"context":190},80,{"file":192,"line":208,"context":190},99,{"file":192,"line":210,"context":190},101,{"file":192,"line":212,"context":190},103,{"file":156,"line":214,"context":190},84,{"file":156,"line":216,"context":190},87,{"file":156,"line":218,"context":190},91,{"file":156,"line":220,"context":190},96,{"file":156,"line":222,"context":190},105,{"file":156,"line":224,"context":190},110,[],[],{"summary":228,"deductions":229},"The \"abwp-simple-counter\" plugin exhibits a mixed security posture. On the positive side, it has a very small attack surface with only one shortcode and no AJAX handlers or REST API routes. All SQL queries are properly prepared, and there are no detected file operations or external HTTP requests. The presence of a capability check on its sole entry point is also a good sign.\n\nHowever, significant concerns arise from the lack of output escaping. With 18 outputs and 0% properly escaped, this plugin is highly vulnerable to Cross-Site Scripting (XSS) attacks. The absence of nonce checks on any potential entry points further exacerbates this risk, as it allows for potential Cross-Site Request Forgery (CSRF) if malicious actors can trigger actions. The vulnerability history, which includes a known medium-severity XSS vulnerability that remains unpatched, strongly reinforces these concerns.\n\nIn conclusion, while the plugin demonstrates some good security practices like prepared SQL statements, the critical lack of output escaping and the unpatched XSS vulnerability present a substantial risk. The developer needs to address output sanitization and ensure all known vulnerabilities are patched to improve the plugin's security.",[230,233,235],{"reason":231,"points":232},"Unpatched Medium CVE",15,{"reason":234,"points":232},"100% Unescaped Output",{"reason":236,"points":237},"0 Nonce Checks",5,"2026-03-16T19:04:40.672Z",{"wat":240,"direct":245},{"assetPaths":241,"generatorPatterns":242,"scriptPaths":243,"versionParams":244},[],[],[],[],{"cssClasses":246,"htmlComments":248,"htmlAttributes":249,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":252},[247],"wrap",[],[],[],[],[253,254],"[simple-counter id=\"metrika\"]","[simple-counter id=\"analytics\"]"]