[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foBgei0xvDuOFxRhXFbRL4nTYhF8WS_q1DRREwK0Q_jM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":124,"fingerprints":202},"anura-io","Anura.io","3.0.2","anurasupport","https:\u002F\u002Fprofiles.wordpress.org\u002Fanurasupport\u002F","\u003Cp>Anura is an enterprise class platform focused on fraud identification and mitigation. The solution uses comprehensive algorithms and machine learning techniques to analyze traffic and detect various forms of fraud, such as bot traffic, click fraud, and other forms of invalid traffic, including residential proxy attacks, regardless of your vertical. Anura aims to help businesses ensure their advertising efforts are reaching genuine users, thereby maximizing the return on investment and maintaining the integrity of their digital marketing campaigns. On top of our industry-leading accuracy, Anura provides a highly detailed analytics dashboard to verify instances of fraud. Leveraging a combination of machine learning and the expertise of seasoned engineers, Anura is capable of detecting even the most advanced fraud techniques in real-time.\u003C\u002Fp>\n","Anura aims to help businesses ensure their advertising efforts are reaching genuine users, thereby maximizing the return on investment and maintaining &hellip;",10,2174,0,"2025-12-03T15:01:00.000Z","6.9.4","5.3","7.4",[19,20,21,22,23],"ad-fraud","adfraud","affiliate-fraud-detection","click-fraud","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanura-io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanura-io.3.0.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,94,"2026-04-04T15:37:07.706Z",[36,56,70,86,102],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":48,"tags":49,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cheq-essentials-go-to-market-security","CHEQ Essentials","1.13","eranfl","https:\u002F\u002Fprofiles.wordpress.org\u002Feranfl\u002F","\u003Cp>As a website owner, one of the biggest challenges you face is dealing with invalid traffic. Invalid traffic (27% of direct and organic traffic on average in 2022) refers to any non-human or fraudulent activity, such as bots, click farms, and other forms of automated traffic. This can not only damage your site’s reputation but also result in lost revenue, slow performance, and skewed data that damage your decision-making.\u003C\u002Fp>\n\u003Cp>CHEQ Essentials is here to help. We use advanced algorithms and machine learning techniques to analyze user behavior and distinguish between legitimate and invalid traffic.\u003C\u002Fp>\n\u003Cp>With this plugin, you can automatically monitor your website traffic in real time and identify any suspicious patterns or behavior. The plugin also provides detailed reports and analytics that can help you better understand your traffic and identify any potential issues.\u003C\u002Fp>\n\u003Cp>Once the plugin detects invalid traffic, it can take immediate action to prevent further damage. This may include blocking IP addresses on Google Ads, redirecting traffic to a 403 page, or implementing other measures to prevent bots and other automated traffic from accessing your site.\u003C\u002Fp>\n\u003Cp>Overall, this is an essential tool for any website owner who wants to secure and protect their site from fraudulent activity and ensure a safe and reliable user experience. With CHEQ Essentials, you can rest assured that your site is protected from invalid traffic and other forms of online fraud.\u003C\u002Fp>\n\u003Cp>You will need an active CHEQ Essentials subscription to use this WordPress plugin.\u003C\u002Fp>\n","Protect, analyze & block threats in real time your website from bots, click fraud, and invalid traffic with CHEQ Essentials.",700,6693,"2025-07-21T15:20:00.000Z","6.6.5","5.6",[50,22,51,52,53],"bot-protection","fraud-protection","spam-protection","website-protection","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheq-essentials-go-to-market-security.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":13,"num_ratings":13,"last_updated":66,"tested_up_to":15,"requires_at_least":67,"requires_php":17,"tags":68,"homepage":54,"download_link":69,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"click-fraud-free","ClickFraudFree","1.0.0","cffjerson","https:\u002F\u002Fprofiles.wordpress.org\u002Fcffjerson\u002F","\u003Cp>ClickFraudFree is a \u003Cstrong>service-based plugin\u003C\u002Fstrong> that helps website owners protect their traffic and advertising campaigns from fraudulent clicks, bots, and malicious users.\u003C\u002Fp>\n\u003Cp>This plugin connects your WordPress site to the \u003Cstrong>ClickFraudFree external service\u003C\u002Fstrong>, which analyzes traffic patterns and detects invalid or fraudulent activity in real time.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin relies on a \u003Cstrong>remote service\u003C\u002Fstrong> and does not function without an active ClickFraudFree account.\u003C\u002Fp>\n\u003Ch3>How the service works\u003C\u002Fh3>\n\u003Cp>When enabled, the plugin sends limited traffic-related data to the ClickFraudFree servers for analysis. This allows the service to detect and prevent click fraud and invalid traffic.\u003C\u002Fp>\n\u003Cp>The plugin may communicate with the following external server:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>https:\u002F\u002Fclickfraudfree.com\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data sent to the service\u003C\u002Fh3>\n\u003Cp>Depending on your configuration, the plugin may transmit the following data to the ClickFraudFree service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Client ID (provided by the ClickFraudFree account)\u003C\u002Fli>\n\u003Cli>Visitor IP address\u003C\u002Fli>\n\u003Cli>HTTP referrer URL\u003C\u002Fli>\n\u003Cli>Timestamp of the visit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personally identifiable user data is collected intentionally beyond what is required for fraud detection.\u003C\u002Fp>\n\u003Ch3>Why this data is needed\u003C\u002Fh3>\n\u003Cp>This information is required to:\u003Cbr \u002F>\n* Identify repeat or automated traffic\u003Cbr \u002F>\n* Detect bot activity and click farms\u003Cbr \u002F>\n* Prevent competitors from generating invalid ad clicks\u003Cbr \u002F>\n* Protect advertising budgets and analytics accuracy\u003C\u002Fp>\n\u003Ch3>Account requirement\u003C\u002Fh3>\n\u003Cp>An active ClickFraudFree account is required to use this plugin.\u003Cbr \u002F>\nYou must sign up at \u003Cstrong>https:\u002F\u002Fclickfraudfree.com\u003C\u002Fstrong> and obtain a Client ID.\u003C\u002Fp>\n","Protects websites and ad campaigns from bots, competitors, and invalid traffic using a remote click fraud detection service.",40,155,"2026-01-26T12:20:00.000Z","6.0",[19,50,22,51,53],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclick-fraud-free.1.0.0.zip",{"slug":71,"name":72,"version":59,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":13,"downloaded":77,"rating":13,"num_ratings":13,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":17,"tags":81,"homepage":54,"download_link":85,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bunkr-solution","Bunkr Solution","Bunkr","https:\u002F\u002Fprofiles.wordpress.org\u002Fyfel\u002F","\u003Cp>Bunkr Solution provides enterprise-grade bot protection for your WordPress site through sophisticated server-side analysis.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Real-time behavioral analysis\u003Cbr \u002F>\n* Advanced bot detection\u003Cbr \u002F>\n* Seamless user experience for legitimate visitors\u003Cbr \u002F>\n* Enterprise-grade protection\u003Cbr \u002F>\n* Easy integration with WordPress\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Bunkr API service to analyze website traffic and provide bot protection. Here’s what you need to know:\u003C\u002Fp>\n\u003Ch4>Service Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Service\u003C\u002Fstrong>: Bunkr Bot Protection API (https:\u002F\u002Fwpde.bunkr-solution.com)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Purpose\u003C\u002Fstrong>: Real-time analysis of website requests to identify and block malicious bot traffic\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider\u003C\u002Fstrong>: Bunkr Solution (https:\u002F\u002Fbunkr-solution.com)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Transmission\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>When data is sent\u003C\u002Fstrong>: Every time a non-admin user visits your website (excluding AJAX requests)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What data is sent\u003C\u002Fstrong>:\u003Cbr \u002F>\n* Request metadata: URL, HTTP method, referrer, timestamp\u003Cbr \u002F>\n* Server headers: User-Agent, Accept headers, security headers (Sec-* headers)\u003Cbr \u002F>\n* Network information: IP address, domain name\u003Cbr \u002F>\n* Browser context: Mobile detection, HTTPS status\u003Cbr \u002F>\n* Cookie analysis: Count and types of cookies (WordPress, session, persistent)\u003Cbr \u002F>\n* Request identifier: Unique request identifier\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No sensitive data\u003C\u002Fstrong>: The plugin does not send form data, post content, user credentials, or personal information.\u003C\u002Fp>\n\u003Ch4>Legal Information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Terms of Service\u003C\u002Fstrong>: https:\u002F\u002Fbunkr-solution.com\u002Fterms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy\u003C\u002Fstrong>: https:\u002F\u002Fbunkr-solution.com\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>User Consent\u003C\u002Fh4>\n\u003Cp>By installing and activating this plugin, you acknowledge that:\u003Cbr \u002F>\n1. Request data will be sent to Bunkr’s servers for analysis\u003Cbr \u002F>\n2. This data transmission is necessary for the plugin’s bot protection functionality\u003Cbr \u002F>\n3. You have reviewed Bunkr’s terms of service and privacy policy\u003Cbr \u002F>\n4. You are responsible for informing your website users about this data processing if required by applicable privacy laws\u003C\u002Fp>\n","Advanced bot protection for WordPress using real-time behavioral analysis. Blocks malicious traffic while allowing legitimate users seamless access.",519,"2025-10-10T13:14:00.000Z","6.8.5","5.0",[82,50,22,83,84],"anti-spam","firewall","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbunkr-solution.1.0.2.zip",{"slug":87,"name":88,"version":59,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":13,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":54,"tested_up_to":15,"requires_at_least":67,"requires_php":17,"tags":94,"homepage":54,"download_link":100,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":101},"campaign-ai","Campaign AI","campaignai2026","https:\u002F\u002Fprofiles.wordpress.org\u002Fcampaignai2026\u002F","\u003Cp>Campaign AI is a \u003Cstrong>service-connected WordPress plugin\u003C\u002Fstrong> that integrates your website with the Campaign AI fraud prevention platform.\u003C\u002Fp>\n\u003Cp>The plugin enables your site to communicate with Campaign AI’s remote analysis system, allowing traffic activity to be evaluated for signs of automated behavior, malicious access, or advertising abuse.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Notice:\u003C\u002Fstrong>\u003Cbr \u002F>\nCampaign AI requires an \u003Cstrong>active external account\u003C\u002Fstrong>. The plugin alone does not provide fraud detection without a valid Campaign AI integration code.\u003C\u002Fp>\n\u003Ch3>How Campaign AI works\u003C\u002Fh3>\n\u003Cp>Once configured, Campaign AI observes incoming visits and sends limited technical data to its remote service.\u003Cbr \u002F>\nThis information is processed to help identify patterns commonly associated with click fraud, bots, and invalid traffic sources.\u003C\u002Fp>\n\u003Cp>The plugin communicates with the following external service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>https:\u002F\u002Fcronjob.campaign-ai.com\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Information transmitted\u003C\u002Fh3>\n\u003Cp>To function correctly, Campaign AI may transmit the following data elements to its service endpoint:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Campaign AI integration code\u003C\u002Fli>\n\u003Cli>Visitor IP address\u003C\u002Fli>\n\u003Cli>Referrer URL (if available)\u003C\u002Fli>\n\u003Cli>Time of the request\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used strictly for traffic evaluation and fraud detection purposes.\u003C\u002Fp>\n\u003Ch3>Purpose of data processing\u003C\u002Fh3>\n\u003Cp>The transmitted information allows Campaign AI to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detect automated or scripted traffic\u003C\u002Fli>\n\u003Cli>Identify suspicious click behavior\u003C\u002Fli>\n\u003Cli>Reduce waste from invalid advertising interactions\u003C\u002Fli>\n\u003Cli>Improve campaign performance insights\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Campaign AI does \u003Cstrong>not intentionally collect personal user information\u003C\u002Fstrong> beyond what is technically necessary to perform fraud analysis.\u003C\u002Fp>\n\u003Ch3>Account requirement\u003C\u002Fh3>\n\u003Cp>An active Campaign AI account is required to use this plugin.\u003Cbr \u002F>\nYou can register and obtain an integration code at:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>https:\u002F\u002Fwww.campaign-ai.com\u003C\u002Fstrong>\u003C\u002Fp>\n","Campaign AI integration plugin that protects websites and ad campaigns from bots and invalid traffic using real-time click fraud detection.",118,[95,96,97,98,99],"ad-fraud-protection","ads-security","bot-detection","click-fraud-prevention","invalid-traffic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcampaign-ai.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":103,"name":104,"version":48,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":33,"num_ratings":111,"last_updated":112,"tested_up_to":15,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":122,"unpatched_count":13,"last_vuln_date":123,"fetched_at":28},"akismet","Akismet Anti-spam: Spam Protection","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,1173,"2025-11-12T16:31:00.000Z","5.8","7.2",[82,116,117,118,23],"antispam","comments","contact-form","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,2,"2015-10-13 00:00:00",{"attackSurface":125,"codeSignals":181,"taintFlows":191,"riskAssessment":192,"analyzedAt":201},{"hooks":126,"ajaxHandlers":164,"restRoutes":165,"shortcodes":177,"cronEvents":178,"entryPointCount":122,"unprotectedCount":122},[127,133,138,142,145,149,152,156,158,161],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","anura_cleanup_blocked_logins","Anura\\LoginLogs\\cleanup_old_blocked_logins_cron","anura-plugin.php",54,{"type":128,"name":134,"callback":135,"priority":31,"file":136,"line":137},"wp_head","closure","anura-script.php",19,{"type":139,"name":140,"callback":135,"priority":11,"file":136,"line":141},"filter","script_loader_tag",45,{"type":128,"name":143,"callback":135,"file":136,"line":144},"send_headers",82,{"type":128,"name":146,"callback":135,"priority":31,"file":147,"line":148},"login_head","login-protection.php",32,{"type":128,"name":150,"callback":135,"file":147,"line":151},"login_init",55,{"type":128,"name":153,"callback":135,"file":154,"line":155},"admin_menu","settings.php",25,{"type":128,"name":157,"callback":135,"file":154,"line":64},"admin_enqueue_scripts",{"type":128,"name":159,"callback":135,"file":154,"line":160},"rest_api_init",85,{"type":128,"name":162,"callback":135,"file":154,"line":163},"plugins_loaded",132,[],[166,173],{"namespace":167,"route":168,"methods":169,"callback":171,"permissionCallback":27,"file":154,"line":172},"anura\u002Fv1","anura-settings",[170],"GET","anonymous",96,{"namespace":167,"route":174,"methods":175,"callback":171,"permissionCallback":27,"file":154,"line":176},"blocked-logins",[170],117,[],[179],{"hook":129,"callback":129,"file":131,"line":180},37,{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":186,"fileOperations":13,"externalRequests":189,"nonceChecks":13,"capabilityChecks":189,"bundledLibraries":190},[],{"prepared":184,"raw":13,"locations":185},8,[],{"escaped":187,"rawEcho":13,"locations":188},14,[],3,[],[],{"summary":193,"deductions":194},"The Anura IO plugin (v3.0.2) exhibits a generally strong security posture due to its adherence to secure coding practices. Notably, it utilizes prepared statements for all SQL queries and properly escapes all output, mitigating common web application vulnerabilities. The absence of dangerous functions, file operations, and known vulnerabilities in its history further contributes to this positive assessment. However, there are significant concerns regarding the plugin's attack surface, particularly its unprotected REST API routes.  Two REST API routes are exposed without any permission callbacks, meaning any unauthenticated user can potentially interact with these endpoints, which could lead to unintended actions or data exposure if these endpoints perform sensitive operations.\n\nWhile the plugin has no recorded CVEs and uses capability checks for some operations, the lack of authorization checks on its REST API endpoints is a critical oversight. This creates a direct entry point for attackers that bypasses WordPress's built-in permission system. The plugin also has an unprotected cron event, which, while not as directly exploitable as REST API routes, could still be a vector for certain types of attacks if its execution context is not properly secured. The zero taint analysis flows suggest that currently, there are no identified paths where unsanitized data could lead to critical or high-severity issues, but this is based on the specific analysis performed and does not negate the risk of the exposed entry points.\n\nIn conclusion, Anura IO v3.0.2 demonstrates good secure coding practices in areas like SQL and output handling. However, the significant number of unprotected entry points, specifically its REST API routes, presents a substantial security risk that needs immediate attention. The absence of known vulnerabilities is positive but does not excuse the current lack of robust authorization on its API. Addressing these unprotected endpoints should be the highest priority to improve the plugin's overall security.",[195,198],{"reason":196,"points":197},"REST API routes without permission callbacks",15,{"reason":199,"points":200},"Cron events without clear authorization checks",5,"2026-03-17T00:31:55.532Z",{"wat":203,"direct":213},{"assetPaths":204,"generatorPatterns":207,"scriptPaths":208,"versionParams":210},[205,206],"\u002Fwp-content\u002Fplugins\u002Fanura-io\u002Fanura-script.js","\u002Fwp-content\u002Fplugins\u002Fanura-io\u002Fanura-script.css",[],[209],"https:\u002F\u002Fscript.anura.io\u002Frequest.js",[211,212],"anura-script.js?ver=","anura-script.css?ver=",{"cssClasses":214,"htmlComments":215,"htmlAttributes":216,"restEndpoints":219,"jsGlobals":220,"shortcodeOutput":222},[],[],[217,218],"data-anura-id","data-anura-instance",[],[221],"anura_validate_visitor",[]]