[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSrMMd-QdJltwxr0hNylReLWPa12gLVarMTcD0ZJ1YVQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":53,"fingerprints":154},"awstats-script","AWStats Script","0.3","Jorge Garcia de Bustos","https:\u002F\u002Fprofiles.wordpress.org\u002Fjgbustos\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fawstats.sourceforge.net\u002F\" title=\"AWstats\" rel=\"nofollow ugc\">AWStats\u003C\u002Fa> is a free log file analysis\u003Cbr \u002F>\ntool for web servers. It consists of a collection of Perl scripts that analyse\u003Cbr \u002F>\nApache-style access logs and produce graphical web pages with extended information\u003Cbr \u002F>\nabout the visits.\u003C\u002Fp>\n\u003Ch4>Browser Data Collection\u003C\u002Fh4>\n\u003Cp>AWStats can collect information about the browser capabilities and screen size,\u003Cbr \u002F>\nbut that requires embedding a \u003Ccode>\u003Cscript>\u003C\u002Fcode> HTML tag in all the pages. This calls\u003Cbr \u002F>\na JavaScript function contained in the file \u003Ccode>awstats_misc_tracker.js\u003C\u002Fcode> that will\u003Cbr \u002F>\nreport the extra data to the web server in a specific HTTP GET request. An\u003Cbr \u002F>\nextended explanation is provided in the \u003Ca href=\"http:\u002F\u002Fawstats.sourceforge.net\u002Fdocs\u002Fawstats_faq.html#SCREENSIZE\" title=\"AWStats FAQ\" rel=\"nofollow ugc\">AWStats FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin simplifies the job of adding the required \u003Ccode>\u003Cscript>\u003C\u002Fcode> tag and provides\u003Cbr \u002F>\nthe latest stable version of the \u003Ccode>awstats_misc_tracker.js\u003C\u002Fcode> file, both in extended\u003Cbr \u002F>\nand “minified” version using the \u003Ca href=\"http:\u002F\u002Fdeveloper.yahoo.com\u002Fyui\u002Fcompressor\u002F\" title=\"Yahoo YUI Compressor\" rel=\"nofollow ugc\">Yahoo YUI Compressor\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Placing the Script\u003C\u002Fh4>\n\u003Cp>To speed-up the page rendering, the \u003Ccode>\u003Cscript>\u003C\u002Fcode> tag is best placed at the bottom\u003Cbr \u002F>\nof the page. This is the preferred option for WordPress themes that have a footer.\u003Cbr \u002F>\nIf the theme doesn’t have a footer, the tag is added to the page header. This\u003Cbr \u002F>\nbehaviour can be controlled using the plugin’s settings page. This has been\u003Cbr \u002F>\nborrowed from the \u003Ca href=\"http:\u002F\u002Fcavemonkey50.com\u002Fcode\u002Fgoogle-analyticator\" title=\"Google Analyticator\" rel=\"nofollow ugc\">Google Analyticator\u003C\u002Fa> plugin by Ronald Heft Jr.\u003C\u002Fp>\n\u003Ch4>No Logging for Administrators\u003C\u002Fh4>\n\u003Cp>The plugin also allows administrators to remove themselves and their visits from\u003Cbr \u002F>\nthe AWStats log. There is a field in the settings page where we can enter the user\u003Cbr \u002F>\nlevel (a number from 0 to 10) above which the plugin will omit the \u003Ccode>\u003Cscript>\u003C\u002Fcode> tag.\u003C\u002Fp>\n","Adds the HTML script tag and JS code that AWStats requires to enable collection of browser data like screen size and browser capabilities.",30,5406,100,1,"2008-07-01T00:53:00.000Z","2.5.1","2.2","",[20],"awstats","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawstats-script.0.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":22,"avg_patch_time_days":11,"trust_score":31,"computed_at":32},"jgbustos",2,40,84,"2026-04-05T17:18:31.496Z",[34],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":23,"num_ratings":23,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":18,"tags":47,"homepage":51,"download_link":52,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25},"awstats-xtended-info","AWStats Xtended Info","2.1b r005","mikefl420","https:\u002F\u002Fprofiles.wordpress.org\u002Fmikefl420\u002F","\u003Cp>AWStats Xtended Info inserts the awstats_misc_tracker.js into each page WordPress serves, allowing you to track additional items including screen size, Flash, PDF, and Java support among other things.\u003C\u002Fp>\n\u003Cp>For finer control you can select which types of pages will include the script from the AWStats X Options page.\u003C\u002Fp>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Cp>No known issues.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support please e-mail michael@michael-gerard.com or visit \u003Ca href=\"http:\u002F\u002Fwww.michael-gerard.com\u002Fcreations\u002Fwp-awstats-x\" rel=\"nofollow ugc\">Tossed Salad\u003C\u002Fa>\u003C\u002Fp>\n","AWStats Xtended Info inserts the awstats_misc_tracker.js into each page WordPress serves, allowing you to track additional items including screen size &hellip;",10,2959,"2008-05-19T23:54:00.000Z","2.5","2.0",[20,48,49,50],"blogging","statistics","wordpressplugins","http:\u002F\u002Fwww.michael-gerard.com\u002Fcreations\u002Fwp-awstats-x","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fawstats-xtended-info.2.1b005.zip",{"attackSurface":54,"codeSignals":73,"taintFlows":106,"riskAssessment":147,"analyzedAt":153},{"hooks":55,"ajaxHandlers":69,"restRoutes":70,"shortcodes":71,"cronEvents":72,"entryPointCount":23,"unprotectedCount":23},[56,62,66],{"type":57,"name":58,"callback":59,"file":60,"line":61},"action","admin_menu","add_aws_option_page","awstats-script.php",55,{"type":57,"name":63,"callback":64,"file":60,"line":65},"wp_footer","add_awstats_script",239,{"type":57,"name":67,"callback":64,"file":60,"line":68},"wp_head",241,[],[],[],[],{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":77,"fileOperations":29,"externalRequests":23,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":105},[],{"prepared":23,"raw":23,"locations":76},[],{"escaped":23,"rawEcho":78,"locations":79},12,[80,83,85,87,89,91,93,95,97,99,101,103],{"file":60,"line":81,"context":82},65,"raw output",{"file":60,"line":84,"context":82},130,{"file":60,"line":86,"context":82},143,{"file":60,"line":88,"context":82},158,{"file":60,"line":90,"context":82},163,{"file":60,"line":92,"context":82},177,{"file":60,"line":94,"context":82},194,{"file":60,"line":96,"context":82},199,{"file":60,"line":98,"context":82},214,{"file":60,"line":100,"context":82},217,{"file":60,"line":102,"context":82},253,{"file":60,"line":104,"context":82},257,[],[107,136],{"entryPoint":108,"graph":109,"unsanitizedCount":23,"severity":135},"aws_options_page (awstats-script.php:99)",{"nodes":110,"edges":131},[111,116,122,126],{"id":112,"type":113,"label":114,"file":60,"line":115},"n0","source","$_POST (x4)",105,{"id":117,"type":118,"label":119,"file":60,"line":120,"wp_function":121},"n1","sink","update_option() [Settings Manipulation]",108,"update_option",{"id":123,"type":113,"label":124,"file":60,"line":125},"n2","$_POST",111,{"id":127,"type":118,"label":128,"file":60,"line":129,"wp_function":130},"n3","file_put_contents() [File Write]",117,"file_put_contents",[132,134],{"from":112,"to":117,"sanitized":133},true,{"from":123,"to":127,"sanitized":133},"low",{"entryPoint":137,"graph":138,"unsanitizedCount":23,"severity":135},"\u003Cawstats-script> (awstats-script.php:0)",{"nodes":139,"edges":144},[140,141,142,143],{"id":112,"type":113,"label":114,"file":60,"line":115},{"id":117,"type":118,"label":119,"file":60,"line":120,"wp_function":121},{"id":123,"type":113,"label":124,"file":60,"line":125},{"id":127,"type":118,"label":128,"file":60,"line":129,"wp_function":130},[145,146],{"from":112,"to":117,"sanitized":133},{"from":123,"to":127,"sanitized":133},{"summary":148,"deductions":149},"The 'awstats-script' plugin v0.3 exhibits a generally strong security posture based on the static analysis and vulnerability history provided. The absence of known CVEs and a lack of critical or high-severity issues in its history are positive indicators. Furthermore, the plugin demonstrates good security practices by utilizing prepared statements for all SQL queries and including nonce and capability checks. The attack surface is reported as zero, with no AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces potential entry points for attackers.\n\nHowever, a significant concern arises from the output escaping analysis. With 100% of its 12 outputs not properly escaped, the plugin presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is rendered on a page without proper sanitization could be exploited. While taint analysis showed no unsanitized paths, this is limited by the scope of the analysis and does not negate the direct finding of unescaped output.\n\nIn conclusion, while the plugin has a clean vulnerability history and good defensive coding practices in place for data handling and access control, the lack of output escaping is a critical weakness that needs immediate attention. This single oversight could undermine the otherwise robust security measures implemented. Addressing the unescaped output is paramount to mitigating the risk of XSS attacks.",[150],{"reason":151,"points":152},"Output not properly escaped",20,"2026-03-16T22:26:04.101Z",{"wat":155,"direct":161},{"assetPaths":156,"generatorPatterns":158,"scriptPaths":159,"versionParams":160},[157],"\u002Fwp-content\u002Fplugins\u002Fawstats-script\u002Fjs\u002Fawstats_misc_tracker.js",[],[],[],{"cssClasses":162,"htmlComments":163,"htmlAttributes":165,"restEndpoints":166,"jsGlobals":167,"shortcodeOutput":169},[],[164],"\u003C!-- AWStats Script tracking code -->",[],[],[168],"awstatsmisctrackerurl",[]]