[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7xtBqd7q6z-Ruqf2zOgoFldWTwR_kMNWGPCIWUkvnWU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":146,"fingerprints":329},"bstats","bStat","6.1","Casey Bisson","https:\u002F\u002Fprofiles.wordpress.org\u002Fmisterbisson\u002F","\u003Cp>Log and analyze activity related to posts. Pageview, comment, and click activity trackers are built-in. Other activity can be easily integrated and correlated.\u003C\u002Fp>\n\u003Cp>Dependencies (only for viewing reports in the dashboard): \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGigaOM\u002Fgo-graphing\" rel=\"nofollow ugc\">go-graphing\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Ch4>In the WordPress.org plugin repo\u003C\u002Fh4>\n\u003Cp>Here: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbstats\u002F\u003C\u002Fp>\n\u003Ch4>Fork me!\u003C\u002Fh4>\n\u003Cp>This plugin is on Github: https:\u002F\u002Fgithub.com\u002Fmisterbisson\u002Fbstat\u003C\u002Fp>\n\u003Ch4>History\u003C\u002Fh4>\n\u003Cp>bStat is a reboot of the stats components of bSuite, which was the outgrowth of the original bStat plugin. In a way, things have come full circle, but this plugin does not read or use data gathered by the old plugins. The focus of this plugin is now more narrowly aimed at recent and streaming activty, not deep history.\u003C\u002Fp>\n\u003Cp>To learn more about \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Ftags\u002Fbsuite\" rel=\"ugc\">the whole family of bSuite plugins\u003C\u002Fa>, click back there.\u003C\u002Fp>\n\u003Ch4>Build status\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Fmisterbisson\u002Fbstat\" rel=\"nofollow ugc\">Master build status at Travis-CI\u003C\u002Fa>: \u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Fmisterbisson\u002Fbstat\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","Log and analyze activity.",10,6292,0,"","4.0.38","3.7",[18,19,20,21,22],"activity","activity-stream","bsuite","stats","webstats","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbstats\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbstats.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"misterbisson",7,290,84,3405,68,"2026-04-05T02:22:18.339Z",[38,60,85,109,129],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":25,"num_ratings":11,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":14,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"disable-user-gravatar","Disable User Gravatar","3.1","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>This is a very simple and lightweight plugin that anonymizes default avatars and prevents the user’s gravatar being automatically obtained from gravatar.com based on their registered email. This would be useful for sites where users require an extra layer of privacy, or if you just want to prevent potentially silly or embarrasing avatar accidents.\u003C\u002Fp>\n\u003Cp>If you’re using Identicons or any other generated default avatar, the user should keep a consistent avatar unless they change their registered email.\u003C\u002Fp>\n\u003Cp>You can also disable Gravatar completely and choose a default image to display.\u003C\u002Fp>\n\u003Cp>This plugin is also compatible with other avatar customization plugins such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Favatar-manager\u002F\" rel=\"ugc\">Avatar Manager\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" rel=\"ugc\">BuddyPress\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadd-new-default-avatar\u002F\" rel=\"ugc\">Add New Default Avatar\u003C\u002Fa>, since this plugin specifically prevents the gravatar of a specific user email being used and reverts to the default or user-defined avatar.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important 3.0 Update – BuddyPress users should visit the Settings > Discussion page on your dashboard and choose one of the Disable Gravatar options to restore previous behavior.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have any issues or suggestions, please visit our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-user-gravatar\" rel=\"ugc\">support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you find this plugin useful and would like to say thanks, please leave us a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fdisable-user-gravatar?filter=5\" rel=\"ugc\">5 star review\u003C\u002Fa>!\u003C\u002Fp>\n","Stops WordPress from grabbing a user avatar using their registrated email from gravatar.com.",3000,40294,"2022-11-01T16:00:00.000Z","6.1.10","2.7",[19,52,53,54,55],"avatar","gravatar","wordpress-mu","wpmu","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-gravatar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-gravatar.zip",85,"2026-03-15T15:16:48.613Z",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":46,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":80,"download_link":81,"security_score":82,"vuln_count":83,"unpatched_count":13,"last_vuln_date":84,"fetched_at":59},"user-activity-tracking-and-log","User Activity Tracking and Log","4.2.1","Moove Agency","https:\u002F\u002Fprofiles.wordpress.org\u002Fmooveagency\u002F","\u003Cp>\u003Cstrong>Track user activity & duration on your website with this incredibly powerful, easy-to-use and well supported plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is privacy-friendly: it stores no cookies on users’ computers and therefore requires no cookie opt-in from users (unlike Google Analytics or Google Tag Manager).\u003C\u002Fp>\n\u003Cp>The plugin is especially useful for tracking users on membership sites, \u003Cstrong>LMS online learning systems\u003C\u002Fstrong> or \u003Cstrong>WooCommerce\u003C\u002Fstrong> sites. It can track both \u003Cstrong>logged-in\u003C\u002Fstrong> and \u003Cstrong>anonymous users\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You can track \u003Cstrong>page visits\u003C\u002Fstrong>, \u003Cstrong>duration of the visit\u003C\u002Fstrong>, \u003Cstrong>login and logout time\u003C\u002Fstrong>, and you can even setup \u003Cstrong>event goal triggers\u003C\u002Fstrong> too (ie. click of a button, PDF download, mailto links and more).\u003C\u002Fp>\n\u003Cp>Our plugin will accurately track time spent on specific pages which is very useful when you’d like to monitor user’s reading time, video watching time, tracking time in LMS online learning system, or how long users look at your e-commerce product pages before purchasing.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple & intuitive\u003C\u002Fli>\n\u003Cli>Powerful search, export options, API endpoints\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce and other user registration plugins\u003C\u002Fli>\n\u003Cli>Tracks both logged-in and non logged-in users (ie. unknown users)\u003C\u002Fli>\n\u003Cli>GDPR \u002F CCPA \u002F privacy ready (IP address can be stored in anonymized format)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-friendly\u003C\u002Fstrong>: stores no cookies on users’ computers \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Local Data Storage\u003C\u002Fstrong>: all user data is stored locally on your website only; we do not collect or store any of your user data on our servers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Time tracking & Session Duration\u003C\u002Fstrong>: see the duration of user visits in the activity logs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Login\u002Flogout time\u003C\u002Fstrong>: see the exact time when users login and logout from your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event goal tracking\u003C\u002Fstrong>: setup event goal triggers for various actions that users take on your site (ie. click on a specific button, PDF download, mailto links and more)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[NEW] Email notifications\u003C\u002Fstrong>: receive email notifications when an event was triggered \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto logout\u003C\u002Fstrong>: setup automatic logout for idle users to improve your analytics\u003C\u002Fli>\n\u003Cli>Track all \u003Cstrong>custom post-types and archives\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anonymize\u003C\u002Fstrong> IP addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export logs to CSV\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Track specific roles\u003C\u002Fstrong>: track logged-in users only or only certain roles such as subscribers \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rest API endpoints\u003C\u002Fstrong> for activity logs in JSON format\u003C\u002Fli>\n\u003Cli>Custom timezone\u003C\u002Fli>\n\u003Cli>Advanced Filters \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002Fuser-activity-tracking-and-log\u002F\" rel=\"nofollow ugc\">Download the Premium Add-on here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Demo Video\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F305493827\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Event Triggers Video Tutorial\u003C\u002Fh3>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F551423323\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n\u003Ch3>Activity data that will be logged:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Login date and time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logout date and time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Last seen\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Duration\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Username & email\u003C\u002Fstrong> (if user is logged-in)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User role\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Activity\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Page name and URL\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP address\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Location\u003C\u002Fstrong> (by IP Address)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer URL\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Tried many, but this one had just what I wanted. I like this plugins feature set, minimal but exactly what I need to see. Helps me to send offers on a WooCommerce digital content site when I notice users are looking at a particular product often, but not purchasing. A little nudge helps and this plugin puts that info in a place I can easily see.” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Ftried-many-but-this-one-had-just-what-i-wanted\u002F\" rel=\"ugc\">Ryan\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Simple to install & performs well. The reporting is clear and very useful!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-to-install-performs-well\u002F\" rel=\"ugc\">hannahfinch\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>“Very useful plugin!! I was looking for something to track users on our website. This plugin is exactly what I needed. You can track activity and users. You can see who visited which pages, and the referring page they came from. The premium version gives you even more useful features like tracking only users who are logged in, additional view options, and so on. Excellent plugin, highly recommended!!” – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fvery-useful-plugin-771\u002F\" rel=\"ugc\">msiciliano\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>About us\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002F\" rel=\"nofollow ugc\">Moove Agency\u003C\u002Fa> is a premium supplier of quality WordPress plugins, services and support. \u003Ca href=\"https:\u002F\u002Fwww.mooveagency.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Visit our site\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Track time and monitor user activity & history on your website, LMS online learning system, membership or WooCommerce site.",142611,70,33,"2026-01-22T09:22:00.000Z","6.9.4","4.3","5.6",[76,77,78,21,79],"activity-log","analytics","statistics","time-tracking","http:\u002F\u002Fwww.mooveagency.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-activity-tracking-and-log.4.2.1.zip",99,2,"2024-01-29 00:00:00",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":25,"num_ratings":95,"last_updated":96,"tested_up_to":97,"requires_at_least":98,"requires_php":14,"tags":99,"homepage":104,"download_link":105,"security_score":106,"vuln_count":107,"unpatched_count":83,"last_vuln_date":108,"fetched_at":59},"bp-activity-plus-reloaded","Activity Plus Reloaded for BuddyPress","1.1.2","BuddyDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fbuddydev\u002F","\u003Cp>Activity Plus Reloaded for BuddyPress gives your social network all the features and ease of Facebook when it comes to uploading and sharing media!\u003C\u002Fp>\n\u003Cp>It is a fork of now unmaintained \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fbuddypress-activity-plus\u002F\" rel=\"ugc\">BuddyPress Activity Plus\u003C\u002Fa>\u003Cbr \u002F>\nThe plugin adds 3 new buttons to your BuddyPress activity stream.  Enabling you to attach photos, videos, and even share web links with everyone on your network!\u003C\u002Fp>\n\u003Cp>Here’s the quick overview of this plugin’s features:\u003Cbr \u002F>\n * Upload a photo (or multiple) directly from your computer to the activity stream\u003Cbr \u002F>\n * Embed a video from popular sites such as youtube and vimeo by copying the link\u003Cbr \u002F>\n * Embed a link to any site – the site title and description will automatically be pulled in\u003Cbr \u002F>\n * Embedding a link also allows you to choose a thumbnail image from a list of images on the site’s homepage\u003Cbr \u002F>\n * Works perfectly with any theme based on the BuddyPress Default theme\u003C\u002Fp>\n\u003Cp>Blog Post :\u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fintroducing-buddypress-activity-plus-reloaded\u002F\" rel=\"nofollow ugc\">Introducing BuddyPress Activity Plus Reloaded\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Credit\u003C\u002Fh4>\n\u003Cp>Activity Plus Reloaded for BuddyPress is a fork of \u003Cem>BuddyPress Activity Plus\u003C\u002Fem>(now abandoned) by @wpmudev. We have refactored it to wok with current BuddyPress\u002FWordPress.\u003Cbr \u002F>\n and we plan to maintain and further develop it.\u003Cbr \u002F>\n We would like to express our sincere gratitude to the @wpmudv team for their cooperation in getting this plugin back.\u003C\u002Fp>\n\u003Cp>If you are looking to optimize media, We recommend \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-smushit\u002F\" rel=\"ugc\">Smush\u003C\u002Fa> to optimize your BuddyPress media.\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>The plugin is available on gihub. You can contribute by sending pull request, reporting errors and helping others.\u003Cbr \u002F>\nGithub repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-activity-plus-reloaded\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fbuddydev\u002Fbp-activity-plus-reloaded\u003C\u002Fa>\u003Cbr \u002F>\nSupport & reporting Issues: \u003Ca href=\"https:\u002F\u002Fbuddydev.com\u002Fsupport\u002Fforums\u002F\" rel=\"nofollow ugc\">BuddyDev Forums\u003C\u002Fa>\u003C\u002Fp>\n","Note: This plugin will be discontinued by March 31st, 2025 in favor of BuddyPress Attachment plugin. Please migrate to the new plugin before that date &hellip;",1000,38738,9,"2025-01-22T12:55:00.000Z","6.7.5","5.0",[19,100,101,102,103],"buddypress","buddypress-activity","buddypress-activity-upload","embed-video","https:\u002F\u002Fbuddydev.com\u002Fplugins\u002Fbp-activity-plus-reloaded\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-activity-plus-reloaded.1.1.2.zip",46,3,"2025-10-12 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":25,"downloaded":117,"rating":25,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"buddykit","BuddyKit – Additional features for BuddyPress","0.0.4","Joseph G.","https:\u002F\u002Fprofiles.wordpress.org\u002Fdunhakdis\u002F","\u003Cp>BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress sites. More social media related features are coming soon!\u003C\u002Fp>\n","BuddyKit adds several features like Live Notifications and Media Activities to your BuddyPress powered websites.",12833,1,"2019-09-08T10:15:00.000Z","4.9.29","4.5","5.4",[124,100,125,126],"activity-streams","community","social-networking","https:\u002F\u002Fbuddykit.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddykit.0.0.4.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":25,"num_ratings":118,"last_updated":139,"tested_up_to":72,"requires_at_least":140,"requires_php":141,"tags":142,"homepage":14,"download_link":145,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":59},"simple-webstats","Simple Webstats","2.0.2","Blucube","https:\u002F\u002Fprofiles.wordpress.org\u002Fedhicks\u002F","\u003Cp>Simple Webstats is an easy to use, privacy-focused web analytics solution for WordPress. Gain insights into how your website is used without sacrificing your visitors privacy.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No personal data or personally identifiable information (PII) collected.\u003C\u002Fli>\n\u003Cli>No cookies.\u003C\u002Fli>\n\u003Cli>No cross-site tracking.\u003C\u002Fli>\n\u003Cli>Data is stored in your own WordPress database and is owned by you.\u003C\u002Fli>\n\u003C\u002Ful>\n","Privacy-focused cookie-free web analytics for WordPress.",90,1997,"2025-12-05T11:40:00.000Z","4.6","7.3",[77,143,78,144,22],"privacy","tracking","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-webstats.2.0.2.zip",{"attackSurface":147,"codeSignals":240,"taintFlows":282,"riskAssessment":315,"analyzedAt":328},{"hooks":148,"ajaxHandlers":216,"restRoutes":237,"shortcodes":238,"cronEvents":239,"entryPointCount":222,"unprotectedCount":222},[149,153,157,160,163,166,170,174,177,180,184,187,191,194,197,199,202,205,208,211,213],{"type":150,"name":151,"callback":151,"file":152,"line":11},"action","wp_insert_comment","components\\class-bstat-comments.php",{"type":150,"name":154,"callback":155,"file":152,"line":156},"delete_comment","delete",13,{"type":150,"name":158,"callback":155,"file":152,"line":159},"comment_approved_to_unapproved",14,{"type":150,"name":161,"callback":155,"file":152,"line":162},"comment_approved_to_spam",15,{"type":150,"name":164,"callback":155,"file":152,"line":165},"comment_approved_to_trash",16,{"type":150,"name":167,"callback":168,"file":152,"line":169},"comment_unapproved_to_approved","insert",17,{"type":150,"name":171,"callback":172,"file":152,"line":173},"edit_comment","insert_conditionally",18,{"type":150,"name":175,"callback":172,"file":152,"line":176},"comment_post",19,{"type":150,"name":178,"callback":178,"file":179,"line":159},"init","components\\class-bstat-report.php",{"type":150,"name":181,"callback":182,"file":179,"line":183},"admin_menu","admin_menu_init",60,{"type":150,"name":185,"callback":185,"file":179,"line":186},"admin_notices",80,{"type":150,"name":188,"callback":188,"file":189,"line":190},"user_register","components\\class-bstat-wpcore.php",11,{"type":150,"name":192,"callback":193,"priority":11,"file":189,"line":159},"set_auth_cookie","user_sign_in",{"type":150,"name":195,"callback":196,"file":189,"line":169},"activated_plugin","plugin",{"type":150,"name":198,"callback":196,"file":189,"line":173},"deactivated_plugin",{"type":150,"name":200,"callback":200,"priority":11,"file":189,"line":201},"widget_update_callback",22,{"type":150,"name":178,"callback":178,"priority":118,"file":203,"line":204},"components\\class-bstat.php",20,{"type":150,"name":206,"callback":206,"priority":162,"file":203,"line":207},"template_redirect",43,{"type":150,"name":209,"callback":168,"file":203,"line":210},"bstat_insert",55,{"type":150,"name":192,"callback":192,"priority":11,"file":203,"line":212},58,{"type":150,"name":214,"callback":214,"priority":118,"file":203,"line":215},"parse_query",61,[217,223,225,228,231,234],{"action":218,"nopriv":219,"callback":220,"hasNonce":219,"hasCapCheck":219,"file":221,"line":222},"bstat",false,"bstat_ajax","components\\class-bstat-admin.php",6,{"action":218,"nopriv":224,"callback":220,"hasNonce":219,"hasCapCheck":219,"file":221,"line":31},true,{"action":226,"nopriv":219,"callback":227,"hasNonce":219,"hasCapCheck":219,"file":179,"line":162},"bstat_report_goal_items","goal_items_ajax",{"action":229,"nopriv":219,"callback":230,"hasNonce":219,"hasCapCheck":219,"file":179,"line":165},"bstat_report_goal_flow","goal_flow_ajax",{"action":232,"nopriv":219,"callback":233,"hasNonce":219,"hasCapCheck":219,"file":179,"line":169},"bstat_report_top_sessions","top_sessions_ajax",{"action":235,"nopriv":219,"callback":236,"hasNonce":219,"hasCapCheck":219,"file":179,"line":173},"bstat_report_top_users","top_users_ajax",[],[],[],{"dangerousFunctions":241,"sqlUsage":242,"outputEscaping":245,"fileOperations":13,"externalRequests":13,"nonceChecks":118,"capabilityChecks":13,"bundledLibraries":281},[],{"prepared":243,"raw":13,"locations":244},5,[],{"escaped":210,"rawEcho":169,"locations":246},[247,250,253,254,257,258,260,262,264,266,267,270,272,274,276,278,279],{"file":179,"line":248,"context":249},1154,"raw output",{"file":251,"line":252,"context":249},"components\\templates\\report-action-info.php",23,{"file":251,"line":252,"context":249},{"file":255,"line":256,"context":249},"components\\templates\\report-goal-items.php",25,{"file":255,"line":256,"context":249},{"file":255,"line":259,"context":249},57,{"file":255,"line":261,"context":249},171,{"file":263,"line":35,"context":249},"components\\templates\\report-goal-timeseries.php",{"file":263,"line":265,"context":249},69,{"file":263,"line":69,"context":249},{"file":268,"line":269,"context":249},"components\\templates\\report-timeseries.php",62,{"file":268,"line":271,"context":249},63,{"file":268,"line":273,"context":249},64,{"file":275,"line":204,"context":249},"components\\templates\\report-top-components-and-actions.php",{"file":277,"line":204,"context":249},"components\\templates\\report-top-sessions.php",{"file":277,"line":204,"context":249},{"file":280,"line":204,"context":249},"components\\templates\\report-top-users.php",[],[283,302],{"entryPoint":284,"graph":285,"unsanitizedCount":13,"severity":301},"\u003Cbstat-viewer> (components\\templates\\bstat-viewer.php:0)",{"nodes":286,"edges":299},[287,293],{"id":288,"type":289,"label":290,"file":291,"line":292},"n0","source","$_GET (x2)","components\\templates\\bstat-viewer.php",108,{"id":294,"type":295,"label":296,"file":291,"line":297,"wp_function":298},"n1","sink","echo() [XSS]",113,"echo",[300],{"from":288,"to":294,"sanitized":224},"low",{"entryPoint":303,"graph":304,"unsanitizedCount":83,"severity":314},"\u003Cclass-bstat-report> (components\\class-bstat-report.php:0)",{"nodes":305,"edges":312},[306,308],{"id":288,"type":289,"label":290,"file":179,"line":307},208,{"id":294,"type":295,"label":309,"file":179,"line":310,"wp_function":311},"get_results() [SQLi]",615,"get_results",[313],{"from":288,"to":294,"sanitized":219},"high",{"summary":316,"deductions":317},"The \"bstats\" v6.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and having no recorded vulnerabilities in its history, suggesting a generally secure development process or minimal exposure. However, the static analysis reveals significant security concerns, primarily related to its attack surface.  All six identified AJAX handlers lack authentication checks, presenting a substantial risk for unauthorized actions. Furthermore, while most outputs are properly escaped, the presence of one flow with an unsanitized path flagged as high severity taint is a critical concern that could lead to various security issues if exploited. The lack of capability checks on AJAX handlers exacerbates these risks, allowing any authenticated user, regardless of their role, to potentially interact with these vulnerable endpoints.",[318,320,323,326],{"reason":319,"points":11},"AJAX handlers without authentication checks",{"reason":321,"points":322},"High severity unsanitized taint flow",12,{"reason":324,"points":325},"AJAX handlers without capability checks",8,{"reason":327,"points":107},"Outputs not properly escaped","2026-03-16T23:30:43.655Z",{"wat":330,"direct":339},{"assetPaths":331,"generatorPatterns":334,"scriptPaths":335,"versionParams":336},[332,333],"\u002Fwp-content\u002Fplugins\u002Fbstats\u002Fcss\u002Fbstat-report.css","\u002Fwp-content\u002Fplugins\u002Fbstats\u002Fjs\u002Fbstat-report.js",[],[333],[337,338],"bstats\u002Fcss\u002Fbstat-report.css?ver=","bstats\u002Fjs\u002Fbstat-report.js?ver=",{"cssClasses":340,"htmlComments":342,"htmlAttributes":344,"restEndpoints":346,"jsGlobals":350,"shortcodeOutput":352},[341],"bstats-report",[343],"comment tracking is kept separate as an example of how to build other integrations",[345],"data-role=\"goal-flow\"",[347,348,349],"\u002Fwp-json\u002Fbstats\u002Fv1\u002Fsessions","\u002Fwp-json\u002Fbstats\u002Fv1\u002Fgoals","\u002Fwp-json\u002Fbstats\u002Fv1\u002Fgoal",[351],"bstats_report_vars",[]]