[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fxcEu_rGcr1KuCueLuwh6hCYno4iF1XDK4QPmf5s92jE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":146,"fingerprints":196},"ajax-yandexmetrika","AJAX Yandex.Metrika","2.1.0","Sergey.S.Betke","https:\u002F\u002Fprofiles.wordpress.org\u002Fsergeysbetkenovgaroru\u002F","\u003Cp>Add Yandex.Metrika counter. And add counter integration for AJAX sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Theme requirements:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Theme must support \u003Cstrong>footer\u003C\u002Fstrong> (wp_footer). If not, you can change wp_register_script last parameter in php file: true => false.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information, please visit the \u003Ca href=\"http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fajax\u002Fyandex-metrika\" rel=\"nofollow ugc\">Sergey S. Betke blog\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>ToDo\u003C\u002Fh3>\n\u003Cp>The next version or later:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>commom option for script location (header \u002F footer)\u003C\u002Fli>\n\u003Cli>links to yandex.metrika siter from wp-admin\\options\u003C\u002Fli>\n\u003Cli>support jQuery ajax events, not just my custom actions (hit.counter)\u003C\u002Fli>\n\u003C\u002Ful>\n","Add Yandex.Metrika counter. And add counter integration for AJAX sites.",10,5692,0,"2012-04-07T20:25:00.000Z","3.2.1","3.0.0","",[19,20,21],"ajax","counter","jquery","http:\u002F\u002Fsergey-s-betke.blogs.novgaro.ru\u002Fcategory\u002Fit\u002Fweb\u002Fwordpress\u002Fajax-yandex-metrika","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-yandexmetrika.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"sergeysbetkenovgaroru",3,80,30,84,"2026-04-04T10:40:37.380Z",[36,63,86,107,126],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":13,"last_vuln_date":62,"fetched_at":26},"wpecounter","WP Views Counter","2.1.3","etruel","https:\u002F\u002Fprofiles.wordpress.org\u002Fetruel\u002F","\u003Cp>\u003Cstrong>WP Views Counter\u003C\u002Fstrong> is a lightweight, high-performance plugin that accurately tracks and displays post, page, and custom post type views — directly in the WordPress admin, via shortcode, or with a Gutenberg block.\u003C\u002Fp>\n\u003Cp>Built for bloggers, marketers, store owners, and developers, it works seamlessly across all post types — including WooCommerce and Easy Digital Downloads — with minimal impact on your site’s speed. No external scripts. No unnecessary bloat.\u003C\u002Fp>\n\u003Cp>This plugin does one job and does it exceptionally well: it tells you which content is getting the most attention.\u003C\u002Fp>\n\u003Ch4>Key Benefits\u003C\u002Fh4>\n\u003Cp>✅ \u003Cstrong>Accurate view counts\u003C\u002Fstrong> in admin columns, shortcode, or block\u003Cbr \u002F>\n✅ \u003Cstrong>Metabox per post\u003C\u002Fstrong> with real-time views and reset button\u003Cbr \u002F>\n✅ \u003Cstrong>Exclude views from logged-in users or specific roles\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Fully AJAX-powered\u003C\u002Fstrong> — no page reloads or slowdowns\u003Cbr \u002F>\n✅ \u003Cstrong>Works with all post types\u003C\u002Fstrong>, including EDD and WooCommerce\u003Cbr \u002F>\n✅ \u003Cstrong>Block to display popular posts\u003C\u002Fstrong> — no legacy widgets required\u003Cbr \u002F>\n✅ \u003Cstrong>Developer-friendly and fully translatable\u003C\u002Fstrong>\u003Cbr \u002F>\n✅ \u003Cstrong>Import views from other plugins\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Whether you’re optimizing your content strategy or simply want to know what’s working, \u003Cstrong>WP Views Counter\u003C\u002Fstrong> is the simple and effective alternative to bloated analytics plugins.\u003C\u002Fp>\n\u003Cp>📦 Start tracking your most popular content today — with clarity, speed and control.\u003C\u002Fp>\n\u003Cp>💡 Developer-friendly: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FEtruel-Developments\u002Fwpecounter\u002Fissues\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa> — forks and pull requests welcome.\u003C\u002Fp>\n","Fast, lightweight post views counter. Display views in admin, blocks or shortcodes — no tracking scripts required.",2000,41916,100,5,"2025-12-19T18:09:00.000Z","6.9.4","3.1","7.0",[53,54,55,56,57],"ajax-counter","analytics","popular-posts","post-views","views-counter","https:\u002F\u002Fetruel.com\u002Fdownloads\u002Fwpecounter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpecounter.2.1.3.zip",98,2,"2025-12-14 00:00:00",{"slug":64,"name":65,"version":16,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":17,"tags":77,"homepage":82,"download_link":83,"security_score":46,"vuln_count":84,"unpatched_count":13,"last_vuln_date":85,"fetched_at":26},"ajax-archive-calendar","Ajax Archive Calendar","osman sorkar","https:\u002F\u002Fprofiles.wordpress.org\u002Fosmansorkar\u002F","\u003Cp>The Ajax Archive Calendar plugin goes beyond a standard calendar, offering a powerful archive solution for your WordPress site. It’s built upon and customizes the default WordPress calendar, providing a familiar yet enhanced experience. We’re confident you’ll appreciate its features, available in both Bengali and English.\u003C\u002Fp>\n\u003Cp>Now it is support WPML.\u003C\u002Fp>\n\u003Cp>f you need any modifications or encounter any problems, please report them on our GitHub repository.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fosmansorkar\u002Fajax-archive-calendar\u003C\u002Fp>\n","Ajax Archive Calendar .",1000,19675,90,4,"2025-07-28T09:12:00.000Z","6.8.5","3.0",[19,78,79,80,81],"ajax-archive","ajax-calendar","calendar","jquery-calendar","http:\u002F\u002Ffb.me\u002Fosmansorkar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-archive-calendar.zip",1,"2023-10-16 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":17,"tags":101,"homepage":105,"download_link":106,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"nav-menu-item-duplicate","Nav Menu Item Duplicator","1.0.1","Sohan Zaman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsohan5005\u002F","\u003Cp>This Plugin will save your time by adding a duplicate button on each menu item while editing a menu. A real time saver. Currently it doesn\\’t support customize screen, but I\\’ll add it soon. If you find any bugs, just head over to support forum, I\\’ll fix that asap.\u003C\u002Fp>\n\u003Cp>Please rate me a 5 star if you find this plugin helpful 🙂\u003C\u002Fp>\n","A simple plugin that adds a duplicate button to each items on edit menu screen.",600,7918,74,7,"2018-05-18T19:39:00.000Z","4.9.29","2.0.0",[102,19,21,103,104],"admin","menu","post","http:\u002F\u002Fthemestones.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnav-menu-item-duplicate.1.0.1.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":17,"tags":122,"homepage":124,"download_link":125,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-search-suggest","WP Search Suggest","8","Konstantin Obenland","https:\u002F\u002Fprofiles.wordpress.org\u002Fobenland\u002F","\u003Cp>This plugin lets you provide the user with search suggestions based on the information entered in the search field.\u003C\u002Fp>\n\u003Cp>It adds an AJAX call to the search form, returning matches for the current search query from the database.\u003Cbr \u002F>\nThere is no change of template files necessary as this plugin hooks in the existing WordPress API to unfold its magic.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>I will be more than happy to update the plugin with new locales, as soon as I receive them!\u003Cbr \u002F>\nCurrently available in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Deutsch\u003C\u002Fli>\n\u003Cli>Czech\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filter Reference\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>wpss_search_query_args\u003C\u002Fstrong> (\u003Cem>array|string\u003C\u002Fem>)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>The query args, passed to \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002FWP_Query\" title=\"WP_Query in the WordPress Codex\" rel=\"nofollow ugc\">WP_Query\u003C\u002Fa>, either as an array or a string.\u003Cbr \u002F>\n  An array with the default query args and the current search query are passed to the filter.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>wpss_search_results\u003C\u002Fstrong> (\u003Cem>array\u003C\u002Fem>)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>An array with the result strings as values. An array with the default results and the WP_Query object are passed to the filter.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Provides title suggestions while typing a search query, using the built-in jQuery suggest script.",500,32989,92,11,"2023-11-12T22:31:00.000Z","6.4.8","3.3",[19,21,123],"search","http:\u002F\u002Fen.obenland.it\u002Fwp-search-suggest\u002F#utm_source=wordpress&utm_medium=plugin&utm_campaign=wp-search-suggest","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-search-suggest.8.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":72,"num_ratings":118,"last_updated":136,"tested_up_to":137,"requires_at_least":129,"requires_php":17,"tags":138,"homepage":144,"download_link":145,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"infinite-scroll-and-load-more-ajax-pagination","Infinite Scroll and Load More Ajax Pagination","1.0","pixellanguage","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixellanguage\u002F","\u003Cp>Go to Pix Plugin >> Infinite Load – Please check plugin url to control the setting.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Ajax Infinite Scroll.\u003C\u002Fli>\n\u003Cli>Ajax Load More Pagination.\u003C\u002Fli>\n\u003Cli>Dynamically call jQuery Library.\u003C\u002Fli>\n\u003Cli>Custom Loader.\u003C\u002Fli>\n\u003Cli>Message Control.\u003C\u002Fli>\n\u003Cli>Very Lightweight and many More.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Live Preview: http:\u002F\u002Fpixellanguage.com\u002Fwordpress-infinite-and-load-more-pagination-plugin\u002F\u003C\u002Fp>\n","No more page refresh for next page click. User can stay on same page to see all result with Infinite Scroll and Load More.",200,12415,"2015-12-16T06:43:00.000Z","4.4.34",[139,140,141,142,143],"ajax-infinite-pagination","ajax-load-more-pagination","infinite-scroll","jquery-pagination","load-more","http:\u002F\u002Fpixellanguage.com\u002Fwordpress-infinite-and-load-more-pagination-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finfinite-scroll-and-load-more-ajax-pagination.zip",{"attackSurface":147,"codeSignals":173,"taintFlows":188,"riskAssessment":189,"analyzedAt":195},{"hooks":148,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":13,"unprotectedCount":13},[149,155,158,160,164,166],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","init","closure","admin\\admin.php",21,{"type":150,"name":156,"callback":152,"file":153,"line":157},"admin_init",33,{"type":150,"name":159,"callback":152,"file":153,"line":31},"admin_menu",{"type":150,"name":151,"callback":161,"file":162,"line":163},"options_script_position_init","admin\\options-script-position\\options-script-position.php",27,{"type":150,"name":156,"callback":165,"file":162,"line":157},"options_script_position_admin_init",{"type":150,"name":151,"callback":152,"file":167,"line":168},"ajax-yandex-metrika.php",54,[],[],[],[],{"dangerousFunctions":174,"sqlUsage":175,"outputEscaping":177,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":84,"bundledLibraries":187},[],{"prepared":13,"raw":13,"locations":176},[],{"escaped":13,"rawEcho":73,"locations":178},[179,182,184,185],{"file":153,"line":180,"context":181},63,"raw output",{"file":153,"line":183,"context":181},67,{"file":162,"line":117,"context":181},{"file":162,"line":186,"context":181},103,[],[],{"summary":190,"deductions":191},"The 'ajax-yandexmetrika' plugin v2.1.0 exhibits a generally strong security posture based on the provided static analysis.  The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface.  Furthermore, the complete lack of dangerous functions and the use of prepared statements for all SQL queries are excellent practices. The plugin also shows a clean vulnerability history with zero recorded CVEs, indicating a history of responsible development or a lack of targeted attacks.\n\nHowever, a critical concern arises from the output escaping signals, where 100% of the four identified outputs are not properly escaped. This presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities if any of the data being output can be influenced by user input, even indirectly. The absence of nonce checks and the sole capability check also suggest potential areas for improvement in ensuring proper authorization and preventing unauthorized actions, especially if any future entry points are introduced.\n\nIn conclusion, while the plugin benefits from a minimal attack surface and robust SQL handling, the lack of output escaping is a glaring weakness that needs immediate attention. The clean vulnerability history is positive, but it does not negate the inherent risks identified in the current code. Addressing the output escaping issues is paramount to improving the plugin's security.",[192],{"reason":193,"points":194},"Unescaped output identified",6,"2026-03-17T00:38:57.314Z",{"wat":197,"direct":207},{"assetPaths":198,"generatorPatterns":201,"scriptPaths":202,"versionParams":204},[199,200],"\u002Fwp-content\u002Fplugins\u002Fajax-yandex-metrika\u002Fjquery\u002Fajax\u002Fcounters\u002Fjquery.ajax.counters.js","\u002Fwp-content\u002Fplugins\u002Fajax-yandex-metrika\u002Fajax-yandex-metrika.js",[],[203],"http:\u002F\u002Fmc.yandex.ru\u002Fresource\u002Fwatch.js",[205,206],"ajax-yandex-metrika\u002Fjquery\u002Fajax\u002Fcounters\u002Fjquery.ajax.counters.js?ver=","ajax-yandex-metrika\u002Fajax-yandex-metrika.js?ver=",{"cssClasses":208,"htmlComments":209,"htmlAttributes":210,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":214},[],[],[],[],[213],"YaMetrikaConfig",[]]