[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fG8d4nWji9dGiIPaHd6hAjuf7Lvl3E1Ngs9QxLbasZ4c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":132,"fingerprints":327},"blog-essential-traffic-rankings","Blog Essential Traffic and Rankings from Google","1.0.0","bplotplugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fbplotplugin\u002F","\u003Cp>The “Blog essential traffic and rankings from Google” plugin gives you instant access to your essential traffic and rankings data pulled from your Google Analytics 4 (GA4) and Google Search Console (GSC), without leaving WordPress and digging into the complex (and slow) GA4 and GSC data views.\u003C\u002Fp>\n\u003Cp>It sorts through oceans of data in GA4 and GSC and extracts only the stats you really need as a blogger such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View your site’s pageviews, sessions, organic traffic, time on page, average ranking\u003C\u002Fli>\n\u003Cli>See traffic evolution over time\u003C\u002Fli>\n\u003Cli>View traffic and rankings by post for a given time frame (30 days, 1 week, etc)\u003C\u002Fli>\n\u003Cli>Track changes in traffic and rankings by post\u003C\u002Fli>\n\u003Cli>See your traffic sources including organic sources, social, referrals\u003C\u002Fli>\n\u003Cli>Find your top search queries sitewide and for each post!\u003C\u002Fli>\n\u003Cli>View traffic by top countries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Easily connect your WordPress site to your GA4 and GSC accounts just once, then access your stats with a simple click inside WP.\u003C\u002Fp>\n\u003Cp>The data is shared directly with your WordPress site (not with some developer) so no-one else but you has access to it.\u003C\u002Fp>\n\u003Cp>The free version of the plugin gives you access to a dashboard containing all the key information listed above, in the form of graphs and “top 10” tables. You also have access to the full list of search queries for your website as well as for each post. The premium version lets you dig deeper beyond the top 10 for several metrics.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.bloggerplot.com\u002Fwp-plugin\u002F\" rel=\"nofollow ugc\">Go to the website\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>THIRD PARTY SERVICE DISCLOSURE\u003C\u002Fh3>\n\u003Cp>** Google Analytics 4 and Google Search Console **\u003C\u002Fp>\n\u003Cp>This plugin relies on Google Analytics 4 for traffic data and Google Search Console for rankings and search queries. It only connects to these Google services if you give it permission to do so through the Settings page.\u003C\u002Fp>\n\u003Cp>You can find Google’s Privacy Policy here: \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Detailed information about your data safety: \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fanalytics\u002Fanswer\u002F6004245\" rel=\"nofollow ugc\">https:\u002F\u002Fsupport.google.com\u002Fanalytics\u002Fanswer\u002F6004245\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>** PayPal **\u003C\u002Fp>\n\u003Cp>The plugin also communicates with external PayPal services via the API for subscriptions. Paypal’s privacy policy can be found here: \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fus\u002Flegalhub\u002Fprivacy-full\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.paypal.com\u002Fus\u002Flegalhub\u002Fprivacy-full\u003C\u002Fa>\u003C\u002Fp>\n","This plugin gives you instant access to your blog’s essential traffic and rankings data from Google Analytics 4 and Search Console, inside WordPress.",0,775,"2024-07-18T11:28:00.000Z","6.6.5","6.2","7.3",[18,19,20,21,22],"ga","ga4","google-analytics-4","google-search-console","gsc","https:\u002F\u002Fwww.bloggerplot.com\u002Fwp-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-essential-traffic-rankings.1.0.0.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,88,"2026-04-05T02:32:31.773Z",[35,56,75,90,109],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"amp-google-analytics-4-support","AMP Google Analytics 4 Support","1.1.6","Roland","https:\u002F\u002Fprofiles.wordpress.org\u002Frolandfarkas\u002F","\u003Cp>This is a simple plugin to add GA4 support to AMP and insert GA4 tags into your AMP WordPress pages or posts.\u003C\u002Fp>\n\u003Ch4>Description\u003C\u002Fh4>\n\u003Cp>This is a simple plugin to add GA4 support to AMP and insert GA4 tags into your AMP WordPress pages or posts.\u003C\u002Fp>\n\u003Cp>*Requires the AMP Plugin\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Roland Farkas – https:\u002F\u002Fgithub.com\u002FrolandfarkasCOM\u003Cbr \u002F>\nDavid Vallejo – https:\u002F\u002Fgithub.com\u002Fthyngster – https:\u002F\u002Fgithub.com\u002Fanalytics-debugger\u002Fgoogle-analytics-4-for-amp\u002Fblob\u002Fmain\u002Fga4.json\u003C\u002Fp>\n","A WordPress plugin to add GA4 - Google Analytics 4 Support to AMP - Accelerated Mobile Pages.",200,4561,100,4,"2024-05-29T17:30:00.000Z","6.5.8","4.9","5.6",[52,53,19,20],"amp","amp-ga4-support","https:\u002F\u002Fgithub.com\u002FrolandfarkasCOM\u002Fampanalyticssupport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Famp-google-analytics-4-support.1.1.6.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":43,"downloaded":64,"rating":11,"num_ratings":11,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":73,"download_link":74,"security_score":45,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"quick-google-analytics","Quick Google Analytics","1.5","Eric-Oliver Mächler","https:\u002F\u002Fprofiles.wordpress.org\u002Fannubis\u002F","\u003Cp>The quick solution for adding your Google Analytics Code into your header.php file – without coding.\u003C\u002Fp>\n\u003Cp>Add the New gtag.js into your header.php file\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add Google Analytics 4 Code to your Header File\u003C\u002Fli>\n\u003Cli>IP Anonymizing Yes or No\u003C\u002Fli>\n\u003C\u002Ful>\n","Add your Google Analytics GA4 Code into your Website and you can use Google Analytics for your daily statistic analysis",7138,"2025-05-24T20:17:00.000Z","6.8.5","4.0","",[19,70,20,71,72],"google-analytics","statistics","wordpress-analytics","http:\u002F\u002Fwww.chefblogger.me","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquick-google-analytics.1.5.zip",{"slug":76,"name":77,"version":59,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":45,"num_ratings":30,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":68,"tags":87,"homepage":68,"download_link":89,"security_score":45,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"doubledome-google-analytics","Easy Google Analytics Integration – DoubleDome","doubledome","https:\u002F\u002Fprofiles.wordpress.org\u002Fdoubledome\u002F","\u003Cp>For users setting up Google Analytics on website, this plugin supports seamless Google Analytics 4 WordPress integration. Whether you’re setting up Google Analytics on a website or looking for Google Analytics help, the plugin is your go-to for smooth GA4 integration.\u003C\u002Fp>\n\u003Cp>If you’re looking to integrate analytics, this plugin also supports other Google Analytics integrations and helps you with setting up Google Analytics 4. Additionally, it guides users on how to set up Google Analytics website tracking, including detailed instructions on how to install Google Analytics on website. Perfect for those seeking help with Google Analytics how to setup, you can easily manage analytics integrations and ensure proper GA4 installation for comprehensive website tracking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to Enable Google Analytics 4:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Create a GA4 account \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fanalytics\u002Fanswer\u002F9306384\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Note down your tracking ID.\u003C\u002Fli>\n\u003Cli>Enter your tracking ID in the plugin settings.\u003C\u002Fli>\n\u003Cli>Choose where the tracking code will be placed (not following Google’s default recommendation).\u003C\u002Fli>\n\u003Cli>Optionally, configure any custom GTag objects.\u003C\u002Fli>\n\u003Cli>Add any custom code you want to include with your tracking script.\u003C\u002Fli>\n\u003Cli>Set the location for your custom code if needed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Easy GA4 Tracking ID entry\u003C\u002Fli>\n\u003Cli>Flexible script location settings\u003C\u002Fli>\n\u003Cli>Option to add custom GTag objects\u003C\u002Fli>\n\u003Cli>Ability to include custom code and specify its location\u003C\u002Fli>\n\u003Cli>Email support for the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>How To Install DoubleDome Google Analytics plugin\u003C\u002Fh3>\n\u003Cp>This very simple plugin allows you to quickly connect your website to your Google Analytics account for complete tracking. Within one setting view you’ll be able to add your GA 4 ID, page location, and any desired custom GTag objects and custom code.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Do you have questions or issues with DoubleDome – Google Analytics Setup? Please send an email to \u003Ca href=\"mailto:pluginsupport@doubledome.com?subject=GA%204%20Plugin%20Support:%20DoubleDome%20Digital%20Marketing\" rel=\"nofollow ugc\">pluginsupport@doubledome.com\u003C\u002Fa>.\u003C\u002Fp>\n","Seamlessly incorporate Google Analytics integration into the website using this easy-to-use Google Analytics integration plugin.",80,2401,"2025-12-09T11:53:00.000Z","6.9.4","5.4",[18,19,70,20,88],"google-analytics-setup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdoubledome-google-analytics.1.5.zip",{"slug":91,"name":92,"version":6,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":11,"num_ratings":11,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":106,"download_link":107,"security_score":108,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"lazy-load-ga4","Lazy Load GA4","-","https:\u002F\u002Fprofiles.wordpress.org\u002Fjorcus\u002F","\u003Cp>Lazy Load GA4 plugin is a simple and lightweight plugin that allows you to place your Google Analytics 4 script without affecting your website page speed.\u003C\u002Fp>\n","Place your Google Analytics 4 script without affecting your website page speed.",10,588,"2023-12-12T19:47:00.000Z","6.4.8","5.0.1","7.4",[19,20,104,105],"lazy-load-google-analytics-4","speed-up-google-analytics-4","https:\u002F\u002Fwww.jorcus.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-load-ga4.zip",85,{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":85,"requires_at_least":122,"requires_php":102,"tags":123,"homepage":128,"download_link":129,"security_score":130,"vuln_count":30,"unpatched_count":11,"last_vuln_date":131,"fetched_at":27},"gtm-kit","GTM Kit – Google Tag Manager & GA4 integration","2.8.2","TLA Media","https:\u002F\u002Fprofiles.wordpress.org\u002Ftlamedia\u002F","\u003Cp>GTM Kit puts the Google Tag Manager container code on your website so that you don’t need to touch any code. It also pushes data from WooCommerce, Easy Digital Downloads (EDD) and Contact Form 7 to the data layer for use with for Google Analytics 4, Facebook and other GTM tags.\u003C\u002Fp>\n\u003Cp>The goal of GTM Kit is to provide a flexible tool for generating the data layer for Google Tag Manager. It is easy to use and doesn’t require any coding, but it allows developers to customize the plugin as needed.\u003C\u002Fp>\n\u003Ch3>eCommerce events tracked with Google Analytics 4\u003C\u002Fh3>\n\u003Cp>The following GA4 events are automatically included in the dataLayer:\u003C\u002Fp>\n\u003Ch3>WooCommerce\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>view_item_list\u003C\u002Fli>\n\u003Cli>select_item\u003C\u002Fli>\n\u003Cli>view_item\u003C\u002Fli>\n\u003Cli>add_to_wishlist \u003Cstrong>[Premium]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>add_to_cart\u003C\u002Fli>\n\u003Cli>view_cart\u003C\u002Fli>\n\u003Cli>remove_from_cart\u003C\u002Fli>\n\u003Cli>begin_checkout\u003C\u002Fli>\n\u003Cli>add_shipping_info\u003C\u002Fli>\n\u003Cli>add_payment_info\u003C\u002Fli>\n\u003Cli>purchase\u003C\u002Fli>\n\u003Cli>refund \u003Cstrong>[Premium]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>order_paid \u003Cstrong>[Premium]\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Unlock all features with \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fgtm-kit-woo-add-on\u002F\" rel=\"nofollow ugc\">GTM Kit Woo Add-On\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Easy Digital Downloads\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>view_item\u003C\u002Fli>\n\u003Cli>add_to_cart\u003C\u002Fli>\n\u003Cli>begin_checkout\u003C\u002Fli>\n\u003Cli>purchase\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Flexible container implementation\u003C\u002Fh3>\n\u003Cp>Depending on how you use Google Tag Manager you can delay the loading of the container script until the browser is idle. This may be relevant to you be if are focusing on pagespeed.\u003C\u002Fp>\n\u003Cp>You may enter a custom domain name if you are using a custom server side GTM (sGTM) container for tracking. It’s also possible to specify a custom loader. GTM Kit has full support for Stape server GTM hosting.\u003C\u002Fp>\n\u003Ch3>Post data\u003C\u002Fh3>\n\u003Cp>You may specify which post data elements you wish to include in the dataLayer for use in Google Tag Manager.\u003Cbr \u002F>\n– Post type: include the type of the current post or archive page.\u003Cbr \u002F>\n– Page type: include a defined page type. I.e. post, page, product, category, cart, checkout etc.\u003Cbr \u002F>\n– Categories: include the categories of the current post or archive page.\u003Cbr \u002F>\n– Tags: include the tags of the current post or archive page.\u003Cbr \u002F>\n– Post title: include the post title of the current post.\u003Cbr \u002F>\n– Post ID: include the Post ID of the current post.\u003Cbr \u002F>\n– Post date: include the post date.\u003Cbr \u002F>\n– Post author name: include the post author name.\u003Cbr \u002F>\n– Post author ID: include the post author ID.\u003C\u002Fp>\n","Google Tag Manager and GA4 integration. Including WooCommerce data for Google Analytics 4 and support for server side GTM.",30000,529394,96,19,"2026-02-17T08:28:00.000Z","6.7",[124,19,125,126,127],"analytics","google-tag-manager","gtm","woocommerce","https:\u002F\u002Fgtmkit.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgtm-kit.2.8.2.zip",99,"2025-03-31 00:00:00",{"attackSurface":133,"codeSignals":153,"taintFlows":183,"riskAssessment":314,"analyzedAt":326},{"hooks":134,"ajaxHandlers":149,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":11,"unprotectedCount":11},[135,141,145],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","bpetr_add_menu","BlogEssentialTrafficRankings.php",50,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_init","bpetr_ga4_settings_init",51,{"type":136,"name":146,"callback":147,"file":139,"line":148},"admin_enqueue_scripts","bpetr_loadJsScripts",52,[],[],[],[],{"dangerousFunctions":154,"sqlUsage":155,"outputEscaping":158,"fileOperations":30,"externalRequests":178,"nonceChecks":30,"capabilityChecks":11,"bundledLibraries":179},[],{"prepared":156,"raw":11,"locations":157},13,[],{"escaped":159,"rawEcho":160,"locations":161},146,7,[162,166,169,171,172,174,176],{"file":163,"line":164,"context":165},"includes\\pages\\my_subscription.php",152,"raw output",{"file":167,"line":168,"context":165},"includes\\pages\\traffic_change_analysis.php",138,{"file":167,"line":170,"context":165},148,{"file":167,"line":164,"context":165},{"file":167,"line":173,"context":165},153,{"file":167,"line":175,"context":165},158,{"file":177,"line":120,"context":165},"includes\\paypal_button.php",12,[180],{"name":181,"version":26,"knownCves":182},"DataTables",[],[184,204,217,232,240,254,273,284,294,303],{"entryPoint":185,"graph":186,"unsanitizedCount":30,"severity":203},"\u003Ccsv_export> (includes\\csv_export.php:0)",{"nodes":187,"edges":200},[188,194],{"id":189,"type":190,"label":191,"file":192,"line":193},"n0","source","$_GET","includes\\csv_export.php",305,{"id":195,"type":196,"label":197,"file":192,"line":198,"wp_function":199},"n1","sink","wp_remote_get() [SSRF]",309,"wp_remote_get",[201],{"from":189,"to":195,"sanitized":202},false,"medium",{"entryPoint":205,"graph":206,"unsanitizedCount":30,"severity":203},"\u003Ctimeframe_update> (includes\\timeframe_update.php:0)",{"nodes":207,"edges":215},[208,211],{"id":189,"type":190,"label":191,"file":209,"line":210},"includes\\timeframe_update.php",17,{"id":195,"type":196,"label":212,"file":209,"line":213,"wp_function":214},"header() [Header Injection]",20,"header",[216],{"from":189,"to":195,"sanitized":202},{"entryPoint":218,"graph":219,"unsanitizedCount":11,"severity":231},"bpetr_saveSettting (BlogEssentialTrafficRankings.php:241)",{"nodes":220,"edges":228},[221,224],{"id":189,"type":190,"label":222,"file":139,"line":223},"$_POST",254,{"id":195,"type":196,"label":225,"file":139,"line":226,"wp_function":227},"update_option() [Settings Manipulation]",268,"update_option",[229],{"from":189,"to":195,"sanitized":230},true,"low",{"entryPoint":233,"graph":234,"unsanitizedCount":11,"severity":231},"\u003CBlogEssentialTrafficRankings> (BlogEssentialTrafficRankings.php:0)",{"nodes":235,"edges":238},[236,237],{"id":189,"type":190,"label":222,"file":139,"line":223},{"id":195,"type":196,"label":225,"file":139,"line":226,"wp_function":227},[239],{"from":189,"to":195,"sanitized":230},{"entryPoint":241,"graph":242,"unsanitizedCount":11,"severity":231},"\u003Cmain> (includes\\main.php:0)",{"nodes":243,"edges":252},[244,248],{"id":189,"type":190,"label":245,"file":246,"line":247},"$_SERVER","includes\\main.php",103,{"id":195,"type":196,"label":249,"file":246,"line":250,"wp_function":251},"echo() [XSS]",110,"echo",[253],{"from":189,"to":195,"sanitized":230},{"entryPoint":255,"graph":256,"unsanitizedCount":30,"severity":231},"\u003Cpost_traffic_analysis> (includes\\pages\\post_traffic_analysis.php:0)",{"nodes":257,"edges":270},[258,262,263,267],{"id":189,"type":190,"label":259,"file":260,"line":261},"$_GET['graphMetric']","includes\\pages\\post_traffic_analysis.php",11,{"id":195,"type":196,"label":225,"file":260,"line":261,"wp_function":227},{"id":264,"type":190,"label":265,"file":260,"line":266},"n2","$_GET (x2)",15,{"id":268,"type":196,"label":249,"file":260,"line":269,"wp_function":251},"n3",25,[271,272],{"from":189,"to":195,"sanitized":202},{"from":264,"to":268,"sanitized":230},{"entryPoint":274,"graph":275,"unsanitizedCount":11,"severity":231},"\u003Csetting> (includes\\pages\\setting.php:0)",{"nodes":276,"edges":282},[277,280],{"id":189,"type":190,"label":245,"file":278,"line":279},"includes\\pages\\setting.php",16,{"id":195,"type":196,"label":249,"file":278,"line":281,"wp_function":251},37,[283],{"from":189,"to":195,"sanitized":230},{"entryPoint":285,"graph":286,"unsanitizedCount":30,"severity":231},"\u003Ctraffic_sources> (includes\\pages\\traffic_sources.php:0)",{"nodes":287,"edges":292},[288,291],{"id":189,"type":190,"label":289,"file":290,"line":178},"$_GET['channelfilter']","includes\\pages\\traffic_sources.php",{"id":195,"type":196,"label":225,"file":290,"line":178,"wp_function":227},[293],{"from":189,"to":195,"sanitized":202},{"entryPoint":295,"graph":296,"unsanitizedCount":30,"severity":231},"\u003Cpost_traffic_analysis_script> (includes\\post_traffic_analysis_script.php:0)",{"nodes":297,"edges":301},[298,300],{"id":189,"type":190,"label":259,"file":299,"line":97},"includes\\post_traffic_analysis_script.php",{"id":195,"type":196,"label":225,"file":299,"line":97,"wp_function":227},[302],{"from":189,"to":195,"sanitized":202},{"entryPoint":304,"graph":305,"unsanitizedCount":11,"severity":231},"\u003Ctimeframe> (includes\\timeframe.php:0)",{"nodes":306,"edges":312},[307,310],{"id":189,"type":190,"label":308,"file":309,"line":261},"$_GET (x7)","includes\\timeframe.php",{"id":195,"type":196,"label":249,"file":309,"line":311,"wp_function":251},31,[313],{"from":189,"to":195,"sanitized":230},{"summary":315,"deductions":316},"This plugin, 'blog-essential-traffic-rankings' v1.0.0, exhibits a generally strong security posture based on the provided static analysis. The absence of identified CVEs and a clean vulnerability history is a positive indicator. Furthermore, the code adheres to good practices by exclusively using prepared statements for SQL queries and having a high percentage of properly escaped output, significantly reducing the risk of common injection vulnerabilities. The limited attack surface with no apparent AJAX handlers, REST API routes, or shortcodes, and importantly, zero unprotected entry points, is also a strength.\n\nHowever, there are a few areas that warrant attention. The presence of 5 taint flows with unsanitized paths is a concern, even if no critical or high severities were identified. This suggests potential for unexpected behavior or vulnerabilities if the plugin's input handling is not robust. The single file operation, while not inherently risky, combined with the 12 external HTTP requests, could be vectors for attack if not properly validated or if dependencies are compromised. The lack of capability checks across the entire plugin is a significant weakness, as it implies that any user, regardless of their role, could potentially interact with its functionalities if an entry point were discovered or if the plugin's behavior is not strictly confined.\n\nIn conclusion, while the plugin demonstrates a commendable effort in secure coding practices, particularly concerning SQL and output handling, the unsanitized paths in taint flows and the absence of capability checks present notable risks. The clean vulnerability history is reassuring, but the identified code signals indicate areas for improvement to achieve a more robust security profile.",[317,319,321,324],{"reason":318,"points":266},"Unsanitized paths in taint flows (5)",{"reason":320,"points":213},"No capability checks",{"reason":322,"points":323},"File operations without specific context",5,{"reason":325,"points":323},"External HTTP requests without specific context","2026-03-17T06:54:40.897Z",{"wat":328,"direct":334},{"assetPaths":329,"generatorPatterns":331,"scriptPaths":332,"versionParams":333},[330],"\u002Fwp-content\u002Fplugins\u002Fblog-essential-traffic-rankings\u002Fimages\u002Fbp_wp_logo.png",[],[],[],{"cssClasses":335,"htmlComments":337,"htmlAttributes":338,"restEndpoints":340,"jsGlobals":341,"shortcodeOutput":344},[336],"bp-website-premium",[],[339],"data-bpetr-loading",[],[342,343],"bpetrApiUrl","bpetrServerState",[]]