[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnfzUUwlcP1PGp4eefWYiu7Bhtbdk0LSKx957GgprK5A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":34,"analysis":125,"fingerprints":183},"am-cookies","AM Cookies","1.2.12","Johan Martin Aarstein","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohanaarstein\u002F","\u003Cp>AM Cookies for WordPress is easy to use, lightweight, and gives your visitors total control over what data they want to share with you.\u003C\u002Fp>\n\u003Cp>This plugin utilizes our own open source web component, \u003Ccode>am-gpdr\u003C\u002Fcode>, which is publicly available here: https:\u002F\u002Fgithub.com\u002Faarsteinmedia\u002Fam-gdpr.\u003C\u002Fp>\n\u003Cp>The purpose of this plugin is to give visitors to your website control over how their data is collected by third-party services such as Google, Meta, Snapchat, or TikTok. To use the plugin, simply input your tracking ID or pixel ID from any of these services – no coding is required. Our codebase includes links to sites like googletagmanager.com, gtm.com, facebook.net, sc-static.net, and tiktok.com, but none of these scripts are activated unless you choose to do so. When activated they will only collect data as per your configuration and with user consent. We do not collect any data through this plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Loads tracking codes automatically – no need to manually add any code\u003C\u002Fli>\n\u003Cli>Customizable layout\u003C\u002Fli>\n\u003Cli>Customizable fonts and colors\u003C\u002Fli>\n\u003Cli>Customizable text content\u003C\u002Fli>\n\u003Cli>Front-end script ~40 kB\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Feedback\u003C\u002Fh3>\n\u003Cp>We’d love to \u003Ca href=\"mailto:johan@aarstein.media\" rel=\"nofollow ugc\">hear from you\u003C\u002Fa>!\u003C\u002Fp>\n","Simple and versatile GDPR compatible Cookie Compliance Plugin for WordPress.",0,1528,"","6.9.4","5.9","7.2",[18,19,20,21,22],"analytics","cookies","gdpr","retargetting","tracking","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fam-cookies.1.2.12.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":24,"computed_at":33},"johanaarstein",2,800,1,"2026-04-05T07:08:59.056Z",[35,57,75,94,111],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":24,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":13,"tags":49,"homepage":53,"download_link":54,"security_score":24,"vuln_count":32,"unpatched_count":11,"last_vuln_date":55,"fetched_at":56},"goolytics-simple-google-analytics","Goolytics – Simple Google Analytics","1.1.3","wpseek","https:\u002F\u002Fprofiles.wordpress.org\u002Falphawolf\u002F","\u003Cp>I needed to have a clean and small plugin that offers data protection options for users running sites in Germany.\u003Cbr \u002F>\nUnlike many other Google Analytics plugins it offers to anonymize IPs as it’s neccessary for german users in order to have the GA code respect german data protection rules.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple and guided setup\u003C\u002Fli>\n\u003Cli>Lightweight and fast\u003C\u002Fli>\n\u003Cli>Anonymize IP (recommended for german users to respect german\u002Feuropean data protection rules according to DSGVO\u002FGDPR)\u003C\u002Fli>\n\u003Cli>Usercentrics support (recommended for german users to respect german\u002Feuropean data protection rules according to DSGVO\u002FGDPR)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fx.com\u002Fwpseek\" title=\"Developer on X\" rel=\"nofollow ugc\">Developer on X\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fbsky.app\u002Fprofile\u002Fcyberblitzbirne.bsky.social\" title=\"Developer on Bluesky\" rel=\"nofollow ugc\">Developer on Bluesky\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Included languages:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German (de_DE) (Thanks to me ;-))\u003C\u002Fli>\n\u003Cli>Spanish (es_ES) (Spanish translation by \u003Ca href=\"https:\u002F\u002Fwww.ibidem-translations.com\" rel=\"nofollow ugc\">Ibidem Group\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Looking for more WordPress plugins? Visit \u003Ca href=\"https:\u002F\u002Fwww.schloebe.de\u002Fportfolio\u002F\" rel=\"nofollow ugc\">www.schloebe.de\u002Fportfolio\u002F\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","A simple Google Analytics solution that works without slowing down your WordPress installation.",4000,46811,8,"2026-02-15T13:35:00.000Z","6.9.99","3.0",[18,50,20,51,52],"dsgvo","usercentrics","web-tracking","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgoolytics-simple-google-analytics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoolytics-simple-google-analytics.zip","2022-09-06 00:00:00","2026-03-15T15:16:48.613Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":14,"requires_at_least":70,"requires_php":16,"tags":71,"homepage":73,"download_link":74,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":56},"etracker","etracker analytics","2.7.7","etracker GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fetrackerofficial\u002F","\u003Cp>The plugin is the perfect solution for seamlessly integrating powerful web analytics into your WordPress website or WooCommerce store with etracker analytics. With \u003Ca href=\"https:\u002F\u002Fwww.etracker.com\u002F?etcc_cmp=eA%20Plugin&etcc_med=Pluginstore&etcc_grp=wordpress&etcc_ctv=plugindescription\" rel=\"nofollow ugc\">etracker analytics\u003C\u002Fa>, you can achieve comprehensive data analyses without data loss, even if blocking add-ons or browser protection measures are activated. Thanks to data privacy-friendly processing in compliance with GDPR and TDDDG, outstanding data quality is achieved!\u003C\u002Fp>\n\u003Ch3>Functions of the plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Integration of the tracking code via plugin:\u003C\u002Fstrong> Automatically record page views, scroll and download events, video playbacks and clicks on external links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimized for WooCommerce:\u003C\u002Fstrong> In addition to the general tracking functions in WooCommerce stores, automatically receive e-commerce activities such as product views, items added to the shopping cart, removed items and orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrated tag and consent management:\u003C\u002Fstrong> For third-party tags, the integrated \u003Ca href=\"https:\u002F\u002Fwww.etracker.com\u002Fen\u002Ftag-manager\u002F?etcc_cmp=eA%20Plugin&etcc_med=Pluginstore&etcc_grp=wordpress&etcc_ctv=plugindescription\" rel=\"nofollow ugc\">etracker tag manager\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.etracker.com\u002Fen\u002Fconsent-manager\u002F?etcc_cmp=eA%20Plugin&etcc_med=Pluginstore&etcc_grp=wordpress&etcc_ctv=plugindescription\" rel=\"nofollow ugc\">etracker consent manager\u003C\u002Fa> is the comfortable \u003Cstrong>all-in-one solution\u003C\u002Fstrong> for managing consent easily as well as controlling it conveniently and in compliance with data protection regulations. Google Consent Mode is supported as standard for Google tags.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Easy setup\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Already have an etracker account?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Activate the plugin, enter your etracker account key and you’re ready to go!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Don’t have an etracker account yet?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwww.etracker.com\u002Fen\u002Fsignup\u002F\" rel=\"nofollow ugc\">etracker.com\u003C\u002Fa>, start your 30-day no-obligation trial and convince yourself of etracker analytics!\u003C\u002Fp>\n\u003Cp>\u003Cem>Optimize your website or online store with etracker analytics, the data protection-compliant web analysis without data loss made in Germany.\u003C\u002Fem>\u003C\u002Fp>\n","Consent-free, despite ad blockers and tracking prevention: Web analytics, tag and consent manager for best data quality, ad returns and conversions.",1000,36947,78,7,"2025-12-02T14:41:00.000Z","5.5",[18,50,20,22,72],"woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fetracker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fetracker.2.7.7.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":65,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":91,"download_link":92,"security_score":93,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":56},"sv-tracking-manager","SV Tracking Manager","2.0.02","straightvisions GmbH","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatthias-reuter\u002F","\u003Cp>This lightweight plugin is an advanced tracking manager and allows you to implement various tags from different tracking providers.\u003C\u002Fp>\n\u003Cp>✔ GDPR (DSGVO) ready (via Usercentrics)\u003Cbr \u002F>\n✔ Google Analytics (including User Identification, Anonymize IP and Custom Events)\u003Cbr \u002F>\n✔ Google Tag Manager\u003Cbr \u002F>\n✔ Custom Scripts\u003Cbr \u002F>\n✔ Facebook\u003Cbr \u002F>\n✔ Google Optimize\u003Cbr \u002F>\n✔ Hotjar\u003Cbr \u002F>\n✔ Hubspot\u003Cbr \u002F>\n✔ LinkedIn\u003Cbr \u002F>\n✔ Mailchimp\u003Cbr \u002F>\n✔ Microsoft Advertising\u003Cbr \u002F>\n✔ Mouseflow\u003Cbr \u002F>\n✔ Yahoo\u003Cbr \u002F>\n✔ Plausible\u003C\u002Fp>\n\u003Cp>You need another tracking service? Just add it to the ✔ Custom Scripts and you are ready to go.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstraightvisions.com\u002Fen\u002Fsv-tracking-manager\u002F\" rel=\"nofollow ugc\">More information\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Requires:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP 7.3 or higher\u003C\u002Fli>\n\u003Cli>WordPress 5.3.x or higher\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Description\u003C\u002Fh4>\n\u003Cp>SV Tracking Manager allows you to implement tracking scripts on your website – GDPR (DSGVO) compatible with Usercentrics support.\u003C\u002Fp>\n\u003Ch4>Team\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Developed and maintenanced by \u003Ca href=\"https:\u002F\u002Fstraightvisions.com\" rel=\"nofollow ugc\">straightvisions GmbH\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Missing a feature?\u003C\u002Fh3>\n\u003Cp>Please use the plugin support forum here on WordPress.org. We will add your wish – if achievable – on our todo list. Please note that we can not give any time estimate for that list or any feature request.\u003C\u002Fp>\n\u003Ch4>Paid Services\u003C\u002Fh4>\n\u003Cp>Nevertheless, feel free to contact our \u003Ca href=\"https:\u002F\u002Fstraightvisions.com\" rel=\"nofollow ugc\">WordPress Agency\u003C\u002Fa> if you have any of the following needs:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>get a customization\u003C\u002Fli>\n\u003Cli>get a feature rapidly \u002F on time\u003C\u002Fli>\n\u003Cli>get a custom WordPress plugin or theme developed to exactly fit your needs.\u003C\u002Fli>\n\u003C\u002Ful>\n","SV Tracking Manager allows you to implement tracking scripts on your website - GDPR (DSGVO) compatible with Usercentrics support.",21331,94,3,"2024-07-18T12:15:00.000Z","6.5.8","6.0","8.0",[18,50,20,22,51],"https:\u002F\u002Fstraightvisions.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsv-tracking-manager.2.0.02.zip",92,{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":11,"num_ratings":11,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":16,"tags":107,"homepage":13,"download_link":110,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":56},"utm-master","UTM Master","1.0.1","Ghaas Technologies Pvt. Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fghaas\u002F","\u003Cp>UTM Master helps you capture and preserve UTM parameters in cookies for attribution and tracking. Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Auto-save UTM parameters (\u003Ccode>utm_source\u003C\u002Fcode>, \u003Ccode>utm_medium\u003C\u002Fcode>, etc.)\u003C\u002Fli>\n\u003Cli>Support for custom UTM parameters\u003C\u002Fli>\n\u003Cli>Append UTM to all site links and CTAs\u003C\u002Fli>\n\u003Cli>GDPR-compliant consent banner\u003C\u002Fli>\n\u003Cli>Shortcode to retrieve current and original UTM values\u003C\u002Fli>\n\u003C\u002Ful>\n","Store UTM parameters in cookies, append them to links automatically, and manage GDPR compliance easily.",50,374,"2025-07-17T11:59:00.000Z","6.8.5","5.0",[19,20,108,22,109],"marketing","utm","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Futm-master.1.0.1.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":11,"downloaded":119,"rating":11,"num_ratings":11,"last_updated":120,"tested_up_to":105,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":13,"download_link":124,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":56},"check-permission-dialogue","Check Permission Dialogue","2025.07","danmz","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanmz\u002F","\u003Cp>Background\u002FMotivation: Historically analytics and tracking have been used without explict user consent.\u003Cbr \u002F>\nRecently there has been a push to change this, both from a technical standpoint and from a legal standpoint.\u003Cbr \u002F>\nWhile analytics are recognized to be useful to website owners, users should be aware that they are being tracked, and have the option to avoid this tracking.\u003C\u002Fp>\n\u003Cp>This plugin aims to make it easy and simple to get tracking\u002Fanalytics consent from users, and respect the users’ stated preferences for the most common tracking scenarios.\u003Cbr \u002F>\nThe user’s preferences are stored for the duration of their browser session.\u003C\u002Fp>\n\u003Cp>This plugin removes known tracking scripts (google, facebook, and crazyegg) from generated markup until a user explicitly opts in to allow their use.\u003Cbr \u002F>\nThis applies to all markup prior to \u003Ccode>wp_footer();\u003C\u002Fcode>.  Due to limitations of WordPress hooks we cannot filter content after this.\u003Cbr \u002F>\nThis plugin attempts to ONLY block markup whose stated purpose is tracking (such as items from the googletagmanager.com domain), and not other items which might potentially do tracking.\u003C\u002Fp>\n\u003Cp>This plugin also clears known tracking cookies associated with those known trackers for users who have not opted in to tracking functionality.\u003C\u002Fp>\n","This plugin adds an opt-in permission for certain known tracking scripts and tracking cookies.",1474,"2025-07-15T17:00:00.000Z","4.9.8","8.1.0",[18,19,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheck-permission-dialogue.zip",{"attackSurface":126,"codeSignals":167,"taintFlows":175,"riskAssessment":176,"analyzedAt":182},{"hooks":127,"ajaxHandlers":150,"restRoutes":151,"shortcodes":165,"cronEvents":166,"entryPointCount":30,"unprotectedCount":30},[128,134,138,143,146],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","admin_menu","menu","includes\\admin.php",17,{"type":129,"name":135,"callback":136,"file":132,"line":137},"admin_enqueue_scripts","enqueue_scripts",18,{"type":129,"name":139,"callback":140,"file":141,"line":142},"wp_enqueue_scripts","init","includes\\frontend.php",9,{"type":129,"name":144,"callback":145,"file":141,"line":67},"wp_body_open","add_web_component",{"type":129,"name":147,"callback":148,"file":149,"line":133},"rest_api_init","register_options_rest_route","includes\\rest-api.php",[],[152,160],{"namespace":153,"route":154,"methods":155,"callback":157,"permissionCallback":158,"file":149,"line":159},"am-cookies-settings\u002Fv1","\u002Foptions",[156],"GET","options_read_rest_route_callback","__return_true",27,{"namespace":153,"route":154,"methods":161,"callback":163,"permissionCallback":158,"file":149,"line":164},[162],"POST","options_write_rest_route_callback",40,[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":85,"bundledLibraries":174},[],{"prepared":11,"raw":11,"locations":170},[],{"escaped":172,"rawEcho":11,"locations":173},28,[],[],[],{"summary":177,"deductions":178},"The \"am-cookies\" plugin version 1.2.12 exhibits a generally good security posture in several key areas. Static analysis reveals a complete absence of dangerous functions, SQL queries not using prepared statements, and all output is properly escaped. The plugin also does not perform file operations or make external HTTP requests, further limiting potential attack vectors. There is no recorded vulnerability history, indicating a mature and well-maintained codebase.\n\nHowever, a significant concern arises from the identified attack surface. The plugin exposes two REST API routes without any permission callbacks. This means that any unauthenticated user can potentially interact with these endpoints, creating a serious security risk if these endpoints handle sensitive data or perform actions that could be exploited. While taint analysis shows no identified issues, the lack of authentication on REST API routes is a critical oversight that bypasses standard WordPress security practices.\n\nIn conclusion, while \"am-cookies\" demonstrates strong coding hygiene in many aspects, the unprotected REST API endpoints are a major weakness. This needs immediate attention to implement proper permission checks. The lack of historical vulnerabilities is a positive sign, but the current attack surface presents a clear and present danger that overshadows the other positive findings.",[179],{"reason":180,"points":181},"REST API routes exposed without permission checks",15,"2026-03-17T05:50:13.904Z",{"wat":184,"direct":200},{"assetPaths":185,"generatorPatterns":191,"scriptPaths":192,"versionParams":196},[186,187,188,189,190],"\u002Fwp-content\u002Fplugins\u002Fam-cookies\u002Fbuild\u002Fsettings.js","\u002Fwp-content\u002Fplugins\u002Fam-cookies\u002Fscripts\u002Fam-gdpr.min.js","\u002Fwp-content\u002Fplugins\u002Fam-cookies\u002Fscripts\u002Fadd-text.js","\u002Fwp-content\u002Fplugins\u002Fam-cookies\u002Fstyles\u002Fdist\u002Fadmin.min.css","\u002Fwp-content\u002Fplugins\u002Fam-cookies\u002Fstyles\u002Fdist\u002Fpreview.min.css",[],[193,194,195],"scripts\u002Fam-gdpr.min.js","scripts\u002Fadd-text.js","build\u002Fsettings.js",[197,198,199],"am-cookies\u002Fscripts\u002Fam-gdpr.min.js?ver=","am-cookies\u002Fscripts\u002Fadd-text.js?ver=","am-cookies\u002Fbuild\u002Fsettings.js?ver=",{"cssClasses":201,"htmlComments":202,"htmlAttributes":203,"restEndpoints":215,"jsGlobals":217,"shortcodeOutput":222},[],[],[204,205,206,207,208,209,210,211,212,213,214],"alignPrompt","alignMiniPrompt","accentColor","backgroundColor","fontFamily","borderWidth","googleID","metaPixelID","snapChatPixelID","tiktokPixelID","privacyPolicyURL",[216],"\u002Fwp-json\u002Fam-cookies-settings\u002Fv1\u002Foptions",[218,219,220,221],"aamd_cookies","aamd_cookies_admin","aamd_cookies_frontend","amCookiesElement",[223],"\u003Cam-cookies"]