[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvGU4bCn6qCpKFu0rnagBeZ6AxgYcFreFPCacGnhm1zg":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":62,"crawl_stats":37,"alternatives":68,"analysis":170,"fingerprints":377},"addfreestats","AFS Analytics","4.22","https:\u002F\u002Fprofiles.wordpress.org\u002Faddfreestats\u002F","\u003Cp>Full featured real-time Web Analytics solution.\u003C\u002Fp>\n\u003Cp>Includes advanced features such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Heatmaps\u003C\u002Fli>\n\u003Cli>Detailed user profile\u003C\u002Fli>\n\u003Cli>Predictive analytics\u003C\u002Fli>\n\u003Cli>Events tracking (AutoTrack)\u003C\u002Fli>\n\u003Cli>SEO Keyword rank tracker tool\u003C\u002Fli>\n\u003Cli>Enhanced e-commerce for WooCommerce store.\u003C\u002Fli>\n\u003Cli>and more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFQOHW3Ygijw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Easy to use, in addition or as an alternative to google analytics.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Get a clear vision of what is happening on your website\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Never wait to know what is happening. With key data monitored in real time, analyzed and displayed in continuously updated reports, you will be able to monitor at any time the performance of your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real Time monitoring and reporting.\u003C\u002Fli>\n\u003Cli>All reports available from your admin dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>… and see what is coming\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Every day, from the very first hours, Machine learning and IA based forecasts will help you to detect any new major trend.\u003Cbr \u002F>\nWill your website experience through the day an unusual traffic spike?\u003Cbr \u002F>\nWill your eShop sales break a new record?\u003Cbr \u002F>\nYou will know even before it happens.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Predictive analytics\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Increase user experience and site efficiency\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Stop losing visitors, sales, because of design errors.\u003Cbr \u002F>\nLearn where or when your users get confused, which actions they are unable to complete.\u003Cbr \u002F>\nSeparate what is working from what is not.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Heatmaps\u003C\u002Fli>\n\u003Cli>Events tracking\u003C\u002Fli>\n\u003Cli>Funnels\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Learn to know your visitors, understand their needs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Discover what they are searching for, how they navigated on your website.\u003Cbr \u002F>\nSee which pages get the most attention.\u003Cbr \u002F>\nIdentify returning visitors and members.\u003Cbr \u002F>\nBe alerted every time someone important visits your website.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detailed visitor profile\u003C\u002Fli>\n\u003Cli>Visitor journey\u003C\u002Fli>\n\u003Cli>Engagement \u003C\u002Fli>\n\u003Cli>Localization\u003C\u002Fli>\n\u003Cli>System infos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Boost your SEO strategy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Identify keywords search engines are hiding from you.\u003Cbr \u002F>\nDiscover which search term get you the most qualified traffic and sales.\u003Cbr \u002F>\nMonitor new backlinks, keywords ranking from Google, Bing, Yahoo and other search engines.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Advanced SEO\u003C\u002Fli>\n\u003Cli>IA Powered Keywords discovery\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get the most of your Ad dollars\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Get Newsletter and Marketing Campaign key metrics from an \u003Cstrong>independent party\u003C\u002Fstrong>.\u003Cbr \u002F>\nStop wasting dollars in inefficient campaigns.\u003Cbr \u002F>\nMesure traffic quality. Detect fake users, robots and zombies.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Marketing Campaigns advanced tracking\u003C\u002Fli>\n\u003Cli>Quality traffic indicators\u003C\u002Fli>\n\u003Cli>Zombies detection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Optimize your online store from fact based experience\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Monitor every aspect of your Woocommerce store.\u003Cbr \u002F>\nFind out which AD Campaign generates the most revenue, and those that are performing poorly.\u003Cbr \u002F>\nSee which search terms are most profitable.\u003Cbr \u002F>\nFollow in real time multiple KPI.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Advanced eCommerce analytics\u003C\u002Fli>\n\u003Cli>Enhanced WooCommerce support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced Guides for developers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>From analytics.js optimization guides to detailed explanations on how to make your site 100% GDPR compliant a large amount of up-to-date documentation is available in our \u003Ca href=\"https:\u002F\u002Fdev.afsanalytics.com\u002F\" rel=\"nofollow ugc\">Developers Center\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Live demo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A live demo is freely accessible from the plugin.\u003C\u002Fp>\n","Full featured Web Analytics solution. Easy to use, in addition or as an alternative to google analytics.",600,53928,82,9,"2025-06-05T02:55:00.000Z","6.8.5","3.5.0","5.3",[19,20,21,22,23],"afsanalytics","analytics","heatmaps","web-analytics","website-statistics","https:\u002F\u002Fwww.afsanalytics.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faddfreestats.4.22.zip",98,2,0,"2025-06-12 00:00:00","2026-03-15T15:16:48.613Z",[32,47],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2025-49864","afs-analytics-missing-authorization","AFS Analytics \u003C= 4.21 - Missing Authorization","The AFS Analytics plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.21. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=4.21","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-06-17 14:45:20",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5e822372-4f38-4b2a-b1d6-5a095ecb716f?source=api-prod",6,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2022-37402","afs-analytics-authenticated-administrator-stored-cross-site-scripting","AFS Analytics \u003C= 4.15 - Authenticated (Administrator+) Stored Cross-Site Scripting","The AFS Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.15","4.16",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2022-10-31 00:00:00","2024-01-22 19:56:02",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F16c70597-32a0-4771-877b-c57cf7550ee7?source=api-prod",449,{"slug":4,"display_name":5,"profile_url":7,"plugin_count":27,"total_installs":63,"avg_security_score":64,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},620,99,228,78,"2026-04-04T18:11:58.661Z",[69,85,107,128,149],{"slug":70,"name":71,"version":72,"author":5,"author_profile":7,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":78,"last_updated":79,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":80,"homepage":24,"download_link":83,"security_score":84,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"afs-analytics-for-woocommerce","AFS Analytics for WooCommerce","2.20","\u003Cp>Full featured Web Analytics solution with enhanced eCommerce support.\u003Cbr \u002F>\nEasy to use, in addition or as an alternative to google analytics.\u003C\u002Fp>\n\u003Cp>This version comes with enhanced WooCommerce support.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFQOHW3Ygijw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Monitor every aspect of your WooCommerce store\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Monitor transactions, sales, carts, products performance and more …\u003C\u002Fli>\n\u003Cli>See customer’s entire profile, activity and history.\u003C\u002Fli>\n\u003Cli>Find out which Marketing Campaign generates the most revenue, and those performing poorly. \u003C\u002Fli>\n\u003Cli>See which search terms are the most profitable. \u003C\u002Fli>\n\u003Cli>Follow in real time multiple KPI.\u003C\u002Fli>\n\u003Cli>Access to multiple reports updated in real time from within your WordPress dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Also includes advanced Analytics features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Heatmaps\u003C\u002Fli>\n\u003Cli>Detailed user profile\u003C\u002Fli>\n\u003Cli>Predictive analytics\u003C\u002Fli>\n\u003Cli>Events tracking (AutoTrack)\u003C\u002Fli>\n\u003Cli>SEO Keyword rank tracker tool\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Live demo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A live demo is freely accessible from the plugin (no account required).\u003C\u002Fp>\n","Advanced eCommerce Analytics solution. Grow your online business by measuring user satisfaction and site efficiency.",20,2831,80,3,"2025-06-05T02:58:00.000Z",[19,20,21,81,82],"real-time-analytics","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fafs-analytics-for-woocommerce.2.20.zip",100,{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":26,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":99,"tags":100,"homepage":104,"download_link":105,"security_score":64,"vuln_count":78,"unpatched_count":28,"last_vuln_date":106,"fetched_at":30},"plausible-analytics","Plausible Analytics","2.5.6","Plausible Insights OÜ","https:\u002F\u002Fprofiles.wordpress.org\u002Fplausible\u002F","\u003Cp>Plausible Analytics is an easy-to-use, open source, lightweight and privacy-friendly web analytics alternative to Google Analytics.\u003C\u002Fp>\n\u003Cp>Plausible Analytics doesn’t use cookies and is fully compliant with GDPR, CCPA and PECR. Made and hosted in the EU, powered by European-owned cloud infrastructure 🇪🇺.\u003C\u002Fp>\n\u003Cp>Take a look at \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fplausible.io\" rel=\"nofollow ugc\">the live demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You need a subscription to Plausible Analytics to track your stats. There’s a free 30-day trial with no credit card required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We’re completely independent, self-funded, bootstrapped and debt-free. We’re not interested in raising funds or taking investment. We choose the subscription business model rather than surveillance capitalism. We’re operating a sustainable project funded solely by the fees that our subscribers pay us.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fplausible.io\u002F\" rel=\"nofollow ugc\">Visit our website\u003C\u002Fa> for full details.\u003C\u002Fp>\n\u003Ch3>Why use Plausible?\u003C\u002Fh3>\n\u003Cp>Google Analytics is frustrating to use, difficult to understand, slow to load and privacy-invasive. That’s why we built Plausible Analytics, a simple but powerful, lightweight, open source and privacy-friendly alternative.\u003C\u002Fp>\n\u003Cp>Here’s what makes Plausible a great Google Analytics alternative and why over 16,000 paying subscribers trust us with their website and business insights:\u003C\u002Fp>\n\u003Ch3>Smooth transition from Google Analytics\u003C\u002Fh3>\n\u003Cp>Plausible features a realtime dashboard, entry pages report and integration with Search Console. You can track your paid campaigns and conversions. You can invite team members. You can even \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fgoogle-analytics-import\" rel=\"nofollow ugc\">import your historical stats from Google Analytics\u003C\u002Fa>. Learn how to get the most out of \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fyour-plausible-experience\" rel=\"nofollow ugc\">your Plausible experience\u003C\u002Fa> and join thousands who have already migrated from Google Analytics.\u003C\u002Fp>\n\u003Ch3>Simple analytics at a glance\u003C\u002Fh3>\n\u003Cp>Plausible is simple analytics. It is easy to understand and it cuts through the noise. Check your site traffic and get all the essential insights on one page in one minute. There are no layers of menus, there is no need for you to build custom reports, custom dashboards or PowerPoint documents.\u003C\u002Fp>\n\u003Ch3>Lightweight script that keeps your site speed fast\u003C\u002Fh3>\n\u003Cp>Plausible is lightweight analytics. Our script is 75 times smaller than Google Analytics. Your page weight will be cut down, your site will load faster and you’ll reduce your carbon footprint for a greener and more sustainable web. A site with 100,000 monthly visitors can save 8.2 kg of CO2 emissions per year by switching.\u003C\u002Fp>\n\u003Ch3>No need for cookie banners or GDPR consent\u003C\u002Fh3>\n\u003Cp>Plausible is privacy-friendly analytics. All the site measurement is carried out absolutely anonymously. Cookies are not used and no personal data is collected. There are no persistent identifiers. No cross-site or cross-device tracking either. Your site data is not used for any other purposes. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.\u003C\u002Fp>\n\u003Ch3>Track events and marketing campaigns\u003C\u002Fh3>\n\u003Cp>Plausible is useful. Segment your audience by any metric you click on. Answer the important questions about your visitors, content and referral sources. Analyze paid campaigns using UTM parameters. Track scroll depth, site search terms, outbound link clicks, cloaked affiliate link clicks, file downloads, form completions, 404 error pages, post authors, post categories and custom taxonomies without manually configuring anything or writing any code.\u003C\u002Fp>\n\u003Ch3>Built-in WooCommerce and Easy Digital Downloads analytics\u003C\u002Fh3>\n\u003Cp>Plausible provides automated WooCommerce and Easy Digital Downloads analytics solutions to track conversions, revenue and attribution. Activities tracked include adding to cart, removing from cart, entering checkout and completing a purchase. A purchase funnel looking at the user journey from viewing a product to making a purchase is enabled to help you see the drop-off rates between the different steps, understand your cart abandonment rate and increase your conversions.\u003C\u002Fp>\n\u003Ch3>Invite team members and share your dashboard\u003C\u002Fh3>\n\u003Cp>Plausible is shareable. Your stats are private by default but you can choose to be transparent and make them public so anyone with your custom link can view them. You can also share your stats privately by generating a secure link. This link is impossible to guess but you can add password protection for extra security. You can invite team members and assign user roles too.\u003C\u002Fp>\n\u003Ch3>Transparent and open source software\u003C\u002Fh3>\n\u003Cp>Plausible is open source analytics. Our source code is available and accessible on GitHub so anyone can read it, inspect it and review it to verify that our actions match with our words. We welcome feedback and have a public roadmap. If you’re happy to manage your own infrastructure, you can self-host Plausible too.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Our product is updated several times per week and with our WordPress plugin you always have access to all the latest features\u003C\u002Fli>\n\u003Cli>Automatically includes tracking code in the header of your site\u003C\u002Fli>\n\u003Cli>Simple plugin settings page with easy options and an onboarding guide \u003C\u002Fli>\n\u003Cli>Get more accurate stats and count those who use adblockers by running the Plausible script as a first-party connection from your domain name\u003C\u002Fli>\n\u003Cli>View your Plausible stats directly in your WordPress dashboard (you can grant access to other user roles too)\u003C\u002Fli>\n\u003Cli>Tracking of admin users is disabled by default (you can also disable tracking of other user roles)\u003C\u002Fli>\n\u003Cli>Enable WooCommerce or Easy Digital Downloads revenue tracking\u003C\u002Fli>\n\u003Cli>Enable file downloads, external link clicks, cloaked affiliate link clicks, site search terms, form completions and 404 error pages tracking \u003C\u002Fli>\n\u003Cli>Enable automated tracking of post authors, post categories and custom taxonomies for better content analysis\u003C\u002Fli>\n\u003Cli>Custom events and custom dimensions can be setup using CSS class names directly in the WordPress editor, no JS knowledge needed\u003C\u002Fli>\n\u003Cli>Integrate with Google Search Console so you can see search queries people use to find your site in Google’s search results\u003C\u002Fli>\n\u003Cli>Import your historical Google Analytics stats\u003C\u002Fli>\n\u003Cli>Keep an eye on your traffic with weekly and\u002For monthly email and Slack reports\u003C\u002Fli>\n\u003Cli>Get traffic spike notifications via email or Slack so you don’t miss being on the Hacker News\u003C\u002Fli>\n\u003Cli>Tag your paid ads, emails and social media posts with UTM tags and analyze your ecommerce and marketing campaigns from click to conversion using marketing funnels \u003C\u002Fli>\n\u003Cli>Filter the dashboard by any metric that you click on to get further insights. Mix and match filters too\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information: \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fwordpress-analytics-plugin\" rel=\"nofollow ugc\">How to setup Plausible Analytics WordPress plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Plausible Analytics is a privacy-friendly web analytics plugin for WordPress that is an easy-to-use, lightweight and more accurate  alternative to Goo &hellip;",10000,343380,30,"2026-02-17T10:56:00.000Z","6.9.4","5.9","7.2",[20,101,102,103,22],"google-analytics","privacy","stats","https:\u002F\u002Fplausible.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplausible-analytics.2.5.6.zip","2023-08-16 00:00:00",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":46,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":125,"download_link":126,"security_score":127,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"mouseflow-for-wordpress","Mouseflow for WordPress","5.1.3","mouseflow","https:\u002F\u002Fprofiles.wordpress.org\u002Fmouseflow\u002F","\u003Cp>With Mouseflow for WordPress you can access everything Mouseflow has to offer – directly from your WordPress dashboard! Learn more about your visitors by analyzing heatmaps and recordings of user sessions, including mouse movements, clicks, scroll events and more. The plugin makes it quick and easy to install Mouseflow on your WordPress-site.\u003C\u002Fp>\n","Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess &hellip;",7000,88910,76,"2023-09-26T07:43:00.000Z","6.3.8","4.5.0","",[20,21,111,123,124],"user-behaviour","ux","https:\u002F\u002Fmouseflow.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmouseflow-for-wordpress.zip",85,{"slug":129,"name":130,"version":131,"author":130,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":137,"num_ratings":138,"last_updated":139,"tested_up_to":15,"requires_at_least":140,"requires_php":141,"tags":142,"homepage":145,"download_link":146,"security_score":64,"vuln_count":147,"unpatched_count":28,"last_vuln_date":148,"fetched_at":30},"web-stat","Web-Stat","2.6","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebstat\u002F","\u003Cp>Observe visitors interacting with your web site through real-time and intuitive reports! Web-Stat is FREE and records the details of all your visits. We detect everything that can be detected and present the results in clear, user-friendly charts and graphics.\u003C\u002Fp>\n\u003Cp>Check out the kind of info you can gain on your visitors with our \u003Ca href=\"https:\u002F\u002Fwww.web-stat.com\u002Fcheckstats.htm?loginID=demo\" rel=\"nofollow ugc\">demo stats\u003C\u002Fa>. You can get the same type of data for your own site immediately: simply add the Web-Stat plugin.\u003C\u002Fp>\n\u003Cp>You can install Web-Stat in just two steps: click on ‘install’, click on ‘activate’, and you are done! Web-Stat will initialize automatically.\u003C\u002Fp>\n\u003Cp>Our stats are live, fast, easy to use and very accurate. We are currently serving 125,000 web sites.\u003C\u002Fp>\n\u003Ch4>Plugin\u002F Theme Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin works out of the box for all themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Localization\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English at \u003Ca href=\"https:\u002F\u002Fwww.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French at \u003Ca href=\"https:\u002F\u002Fwww.web-stat.fr\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.web-stat.fr\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish at \u003Ca href=\"https:\u002F\u002Fes.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fes.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Portuguese at \u003Ca href=\"https:\u002F\u002Fpt.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fpt.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Italian at \u003Ca href=\"https:\u002F\u002Fit.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fit.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>German at \u003Ca href=\"https:\u002F\u002Fde.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fde.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Turkish at \u003Ca href=\"https:\u002F\u002Ftr.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Ftr.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian at \u003Ca href=\"https:\u002F\u002Fru.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fru.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Japanese at \u003Ca href=\"https:\u002F\u002Fjp.web-stat.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fjp.web-stat.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>We are hoping for your suggestions and feedback – Thank you for using or trying out our plugin!\u003C\u002Fli>\n\u003Cli>Drop us a line on \u003Ca href=\"https:\u002F\u002Fwww.web-stat.com\u002Fcontact_us.htm\" rel=\"nofollow ugc\">our contact form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Or follow us on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002FLiveTrafficAnalysis\" rel=\"nofollow ugc\">our Facebook page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Free, real-time stats for your web site with full visitors details. Add Web-Stat in just one click and check out your site's activity, live!",6000,103875,88,19,"2025-04-19T15:58:00.000Z","4.9.5","5.2.4",[22,143,129,144],"web-stats","webstat","https:\u002F\u002Fwww.web-stat.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweb-stat.2.6.zip",1,"2021-02-23 00:00:00",{"slug":150,"name":151,"version":152,"author":153,"author_profile":154,"description":155,"short_description":156,"active_installs":157,"downloaded":158,"rating":159,"num_ratings":160,"last_updated":161,"tested_up_to":162,"requires_at_least":163,"requires_php":121,"tags":164,"homepage":168,"download_link":169,"security_score":84,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"lucky-orange","Lucky Orange","2.1.1","luckyorange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrickeys\u002F","\u003Cp>Less time crunching numbers, more time growing your business.\u003C\u002Fp>\n\u003Ch3>Understand your visitors. Improve your website. Increase your sales.\u003C\u002Fh3>\n\u003Cp>If your WordPress site is getting traffic but not conversions, Lucky Orange shows you why. With one-click install and a free plan to get started, you can uncover where visitors struggle, what’s stopping them from buying, and how to turn browsers into customers.\u003Cbr \u002F>\nFrom session recordings to heatmaps, live chat to Page Insights, Lucky Orange helps you optimize every part of your customer journey with clear, visual data.\u003C\u002Fp>\n\u003Ch3>Dynamic Heatmaps\u003C\u002Fh3>\n\u003Cp>Discover where people click, scroll, and hover—including dynamic content like popups, dropdowns, and forms. Works seamlessly with SPAs and AJAX-loaded pages.\u003C\u002Fp>\n\u003Ch3>Session Recordings\u003C\u002Fh3>\n\u003Cp>Replay real visitor sessions to see how people navigate your site, where they abandon, and what’s preventing conversions.\u003C\u002Fp>\n\u003Ch3>Conversion Funnels\u003C\u002Fh3>\n\u003Cp>Visualize each step of your funnel to find out which pages drive success—and where people are dropping off.\u003C\u002Fp>\n\u003Ch3>Visitor Profiles\u003C\u002Fh3>\n\u003Cp>See each visitor’s journey in a single view, including traffic source, cart value, and all sessions tied to that individual.\u003C\u002Fp>\n\u003Ch3>Live Chat\u003C\u002Fh3>\n\u003Cp>Engage visitors in real time based on behavior triggers. Answer questions and recover abandoned conversions before they’re lost.\u003C\u002Fp>\n\u003Ch3>Live View\u003C\u002Fh3>\n\u003Cp>See what your visitors are doing right now on your site—every movement, scroll, and click in real time.\u003C\u002Fp>\n\u003Ch3>Page Insights\u003C\u002Fh3>\n\u003Cp>Instantly surface key performance stats: top-clicked elements, frustration signals, engagement trends, and activity snapshots—all tied to specific pages.\u003C\u002Fp>\n\u003Ch3>Surveys\u003C\u002Fh3>\n\u003Cp>Ask the right questions at the right time—like what visitors are looking for, what’s missing, or why they didn’t convert.\u003C\u002Fp>\n\u003Ch3>Announcements\u003C\u002Fh3>\n\u003Cp>Target visitors with personalized messages, discount offers, or key updates based on device, behavior, or source.\u003C\u002Fp>\n\u003Ch3>Discovery\u003C\u002Fh3>\n\u003Cp>Uncover Optimization Opportunities based on specific parts of the customer journey. Know where to focus, and what changes can move the needle.\u003C\u002Fp>\n","Less time crunching numbers, more time growing your business.",2000,70312,86,24,"2025-04-14T15:38:00.000Z","6.8.0","2.0.3",[20,165,21,166,167],"conversion-rate-optimization","session-recordings","surveys","https:\u002F\u002Fwww.luckyorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flucky-orange.2.2.11.zip",{"attackSurface":171,"codeSignals":243,"taintFlows":307,"riskAssessment":362,"analyzedAt":376},{"hooks":172,"ajaxHandlers":234,"restRoutes":240,"shortcodes":241,"cronEvents":242,"entryPointCount":147,"unprotectedCount":147},[173,179,183,187,192,196,200,204,209,213,216,219,222,225,227],{"type":174,"name":175,"callback":176,"file":177,"line":178},"action","plugins_loaded","on_plugins_loaded","addfreestats.php",47,{"type":174,"name":180,"callback":181,"file":177,"line":182},"admin_init","init",49,{"type":174,"name":184,"callback":185,"file":177,"line":186},"admin_menu","render_menu",50,{"type":174,"name":188,"callback":189,"priority":190,"file":177,"line":191},"admin_enqueue_scripts","on_enqueue_scripts",10,51,{"type":174,"name":193,"callback":194,"file":177,"line":195},"wp_enqueue_scripts","on_enqueue_script",53,{"type":174,"name":197,"callback":198,"file":177,"line":199},"wp_head","on_header_rendered",54,{"type":174,"name":201,"callback":202,"file":177,"line":203},"wp_footer","on_footer_rendered",55,{"type":174,"name":205,"callback":206,"priority":190,"file":207,"line":208},"edit_form_after_title","on_edit_form_after_title","includes\\class-afsa-admin.php",16,{"type":174,"name":210,"callback":211,"priority":190,"file":207,"line":212},"save_post","on_save_post",17,{"type":174,"name":214,"callback":215,"file":207,"line":138},"admin_head","on_admin_header_rendered",{"type":174,"name":217,"callback":218,"file":207,"line":75},"admin_footer","on_admin_footer_rendered",{"type":174,"name":220,"callback":189,"file":207,"line":221},"wp_admin_enqueue_scripts",22,{"type":174,"name":223,"callback":224,"file":207,"line":160},"wp_dashboard_setup","on_wp_dashboard_setup",{"type":174,"name":223,"callback":224,"file":207,"line":226},118,{"type":228,"name":229,"callback":230,"priority":231,"file":232,"line":233},"filter","update_footer","closure",11,"includes\\controllers\\renderer\\class-afsa-renderer.php",12,[235],{"action":236,"nopriv":237,"callback":238,"hasNonce":237,"hasCapCheck":237,"file":177,"line":239},"afsa_stats_server",false,"stats_server",58,[],[],[],{"dangerousFunctions":244,"sqlUsage":245,"outputEscaping":262,"fileOperations":147,"externalRequests":27,"nonceChecks":78,"capabilityChecks":147,"bundledLibraries":306},[],{"prepared":27,"raw":246,"locations":247},5,[248,252,255,258,260],{"file":249,"line":250,"context":251},"includes\\class-afsa-db.php",31,"$wpdb->get_var() with variable interpolation",{"file":249,"line":253,"context":254},61,"$wpdb->get_results() with variable interpolation",{"file":249,"line":256,"context":257},70,"$wpdb->query() with variable interpolation",{"file":249,"line":259,"context":257},96,{"file":249,"line":261,"context":254},119,{"escaped":263,"rawEcho":212,"locations":264},33,[265,269,271,273,276,278,280,282,284,287,289,292,293,295,298,301,303],{"file":266,"line":267,"context":268},"includes\\account\\class-afsa-account-controller.php",151,"raw output",{"file":270,"line":138,"context":268},"includes\\ajax\\class-afsa-ajax.php",{"file":207,"line":272,"context":268},39,{"file":274,"line":275,"context":268},"includes\\class-afsa-tools.php",67,{"file":277,"line":239,"context":268},"includes\\class-afsa-tracker.php",{"file":277,"line":279,"context":268},64,{"file":281,"line":231,"context":268},"includes\\controllers\\class-afsa-dashboard-page.php",{"file":281,"line":283,"context":268},23,{"file":285,"line":286,"context":268},"includes\\controllers\\settings\\class-afsa-setting-page.php",89,{"file":285,"line":288,"context":268},110,{"file":290,"line":291,"context":268},"includes\\controllers\\settings\\tabs\\class-afsa-setting-tab-main.php",40,{"file":290,"line":191,"context":268},{"file":290,"line":294,"context":268},84,{"file":296,"line":297,"context":268},"includes\\controllers\\settings\\tabs\\class-afsa-setting-tab-woo.php",28,{"file":299,"line":300,"context":268},"includes\\controllers\\settings\\tabs\\class-afsa-setting-tab.php",175,{"file":299,"line":302,"context":268},177,{"file":304,"line":305,"context":268},"includes\\woo\\trait-afsa-woo-hooks-utils.php",73,[],[308,323,341,351],{"entryPoint":309,"graph":310,"unsanitizedCount":147,"severity":39},"render_tabs (includes\\controllers\\settings\\class-afsa-setting-page.php:102)",{"nodes":311,"edges":321},[312,316],{"id":313,"type":314,"label":315,"file":285,"line":288},"n0","source","$_GET['page']",{"id":317,"type":318,"label":319,"file":285,"line":288,"wp_function":320},"n1","sink","echo() [XSS]","echo",[322],{"from":313,"to":317,"sanitized":237},{"entryPoint":324,"graph":325,"unsanitizedCount":27,"severity":39},"init (includes\\controllers\\settings\\tabs\\class-afsa-setting-tab-main.php:5)",{"nodes":326,"edges":338},[327,329,333,336],{"id":313,"type":314,"label":328,"file":290,"line":208},"$_GET",{"id":317,"type":318,"label":330,"file":290,"line":331,"wp_function":332},"update_option() [Settings Manipulation]",18,"update_option",{"id":334,"type":314,"label":328,"file":290,"line":335},"n2",8,{"id":337,"type":318,"label":319,"file":290,"line":191,"wp_function":320},"n3",[339,340],{"from":313,"to":317,"sanitized":237},{"from":334,"to":337,"sanitized":237},{"entryPoint":342,"graph":343,"unsanitizedCount":28,"severity":350},"\u003Cclass-afsa-setting-page> (includes\\controllers\\settings\\class-afsa-setting-page.php:0)",{"nodes":344,"edges":347},[345,346],{"id":313,"type":314,"label":315,"file":285,"line":288},{"id":317,"type":318,"label":319,"file":285,"line":288,"wp_function":320},[348],{"from":313,"to":317,"sanitized":349},true,"low",{"entryPoint":352,"graph":353,"unsanitizedCount":27,"severity":350},"\u003Cclass-afsa-setting-tab-main> (includes\\controllers\\settings\\tabs\\class-afsa-setting-tab-main.php:0)",{"nodes":354,"edges":359},[355,356,357,358],{"id":313,"type":314,"label":328,"file":290,"line":208},{"id":317,"type":318,"label":330,"file":290,"line":331,"wp_function":332},{"id":334,"type":314,"label":328,"file":290,"line":335},{"id":337,"type":318,"label":319,"file":290,"line":191,"wp_function":320},[360,361],{"from":313,"to":317,"sanitized":237},{"from":334,"to":337,"sanitized":237},{"summary":363,"deductions":364},"The addfreestats plugin v4.22 exhibits a mixed security posture. On the positive side, there are no currently unpatched known vulnerabilities, and the plugin avoids dangerous functions and bundled outdated libraries. The presence of nonce checks, capability checks, and a reasonable rate of prepared SQL statements and output escaping suggest some adherence to secure coding practices.\n\nHowever, significant concerns arise from the static analysis. A critical finding is the single AJAX handler that lacks authentication checks, creating a direct entry point for potential unauthorized actions. Furthermore, the taint analysis reveals three flows with unsanitized paths, which, although not classified as critical or high severity in this instance, represent a latent risk for cross-site scripting (XSS) or other input validation vulnerabilities if exploited.\n\nThe plugin's vulnerability history, with two medium-severity CVEs in the past, specifically related to missing authorization and XSS, further underscores the importance of addressing the identified weaknesses. While the current version may not have known exploits, the historical pattern suggests a tendency towards vulnerabilities that exploit input handling and access control. The conclusion is that while the plugin has made some improvements, the unprotected AJAX endpoint and unsanitized input paths demand immediate attention to mitigate potential security risks.",[365,367,369,371,374],{"reason":366,"points":190},"Unprotected AJAX handler",{"reason":368,"points":335},"Flows with unsanitized paths detected",{"reason":370,"points":246},"SQL queries lack prepared statements (71%)",{"reason":372,"points":373},"Output escaping not consistently applied (34%)",4,{"reason":375,"points":190},"Known past vulnerabilities (2 medium)","2026-03-16T19:28:09.526Z",{"wat":378,"direct":399},{"assetPaths":379,"generatorPatterns":388,"scriptPaths":389,"versionParams":390},[380,381,382,383,384,385,386,387],"\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fcss\u002Fdashboard.css","\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fcss\u002Fintro.css","\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fcss\u002Fsettings.css","\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fcss\u002Fwelcome.css","\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fjs\u002Fintro.js","\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fjs\u002Fdashboard.js","\u002Fwp-content\u002Fplugins\u002Faddfreestats\u002Fjs\u002Fsettings.js",[],[385,387,386,384],[391,392,393,394,395,396,397,398],"addfreestats\u002Fcss\u002Fdashboard.css?ver=","addfreestats\u002Fcss\u002Fintro.css?ver=","addfreestats\u002Fcss\u002Fsettings.css?ver=","addfreestats\u002Fcss\u002Fwelcome.css?ver=","addfreestats\u002Fjs\u002Fadmin.js?ver=","addfreestats\u002Fjs\u002Fintro.js?ver=","addfreestats\u002Fjs\u002Fdashboard.js?ver=","addfreestats\u002Fjs\u002Fsettings.js?ver=",{"cssClasses":400,"htmlComments":403,"htmlAttributes":405,"restEndpoints":408,"jsGlobals":410,"shortcodeOutput":415},[401,402],"afsa_dashboard_widget","afsa_welcome_wrap",[404],"\u003C!-- Custom Admin Dashboard Widget -->",[406,407],"data-afsa-id","data-afsa-user-id",[409],"\u002Fwp-json\u002Fafsa\u002Fv1\u002Fstats",[411,412,413,414],"AFSA_CONFIG","AFSA_SETTINGS","AFSA_DASHBOARD_PARAMS","AFSA_ADMIN_PARAMS",[]]