[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvtzwqjqfOHvUqFC1Usbr3XeEBqvSm2hjfQzSqN03jI4":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":43,"crawl_stats":34,"alternatives":47,"analysis":152,"fingerprints":297},"chartbeat","Chartbeat","2.0.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fchartbeat\u002F","\u003Cp>Chartbeat for Publishing shows you live audience and traffic data for your websites and apps, and helps you track important trends over time. If you have a Chartbeat subscription, you can use this plugin to automatically add Chartbeat’s JavaScript to your WordPress site. After installing, you’ll see your site’s traffic and audience data visualized in real time, all within WordPress.\u003C\u002Fp>\n\u003Cp>Questions? Problems? Need more info? Email us at \u003Ca href=\"support@chartbeat.com\" rel=\"nofollow ugc\">support@chartbeat.com\u003C\u002Fa>.\u003C\u002Fp>\n","The Chartbeat plugin automatically adds real-time data and a top pages widget to your blog. See who’s on your site, what they’re doing - right now",1000,584418,50,2,"2020-07-01T21:11:00.000Z","4.7.32","2.8","",[19,20,4,21],"amp","analytics","instant-articles","http:\u002F\u002Fchartbeat.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchartbeat.2.0.7.zip",63,1,"2025-08-26 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34},"CVE-2025-53250","chartbeat-authenticated-subscriber-server-side-request-forgery","Chartbeat \u003C= 2.0.7 - Authenticated (Subscriber+) Server-Side Request Forgery","The Chartbeat plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",null,"\u003C=2.0.7","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-09-03 20:59:28",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1f35fd20-a5ff-40e3-8af0-df3876c41ef8?source=api-prod",{"slug":4,"display_name":5,"profile_url":7,"plugin_count":25,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":44,"trust_score":45,"computed_at":46},30,68,"2026-04-04T11:37:19.303Z",[48,73,93,113,131],{"slug":49,"name":50,"version":51,"author":52,"author_profile":53,"description":54,"short_description":55,"active_installs":56,"downloaded":57,"rating":58,"num_ratings":59,"last_updated":60,"tested_up_to":61,"requires_at_least":62,"requires_php":63,"tags":64,"homepage":68,"download_link":69,"security_score":70,"vuln_count":25,"unpatched_count":71,"last_vuln_date":72,"fetched_at":27},"header-footer","Head, Footer and Post Injections","3.3.3","Stefano Lissa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatollo\u002F","\u003Cp>Why you have to install 10 plugins to add Google Analytics, Facebook Pixel, custom\u003Cbr \u002F>\ntracking code, Google DFP code, Google Webmaster\u002FAlexa\u002FBing\u002FTradedoubler verification code and so on…\u003C\u002Fp>\n\u003Cp>With Header and Footer plugin you can just copy the code those services give you\u003Cbr \u002F>\nin a centralized point to manage them all. And theme independent: you can change your theme\u003Cbr \u002F>\nwithout loosing the code injected!\u003C\u002Fp>\n\u003Ch4>Injection points and features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>in the  page section where most if the codes are usually added\u003C\u002Fli>\n\u003Cli>just after the  tag as required by some JavaScript SDK (like Facebook)\u003C\u002Fli>\n\u003Cli>in the page footer (just before the  tag)\u003C\u002Fli>\n\u003Cli>recognize and execute PHP code to add logic to your injections\u003C\u002Fli>\n\u003Cli>distinct desktop and mobile injections\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>AMP\u003C\u002Fh4>\n\u003Cp>A new AMP dedicated section compatible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Famp\" rel=\"ugc\">AMP plugin\u003C\u002Fa> lets you to inject specific codes in\u003Cbr \u002F>\nAMP pages. Should be ok even with other AMP plugins.\u003C\u002Fp>\n\u003Ch4>Post Top and Bottom Codes\u003C\u002Fh4>\n\u003Cp>Do you need to inject a banner over the post content or after it? No problem. With Header and\u003Cbr \u002F>\nFooter you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add codes on \u003Cem>top\u003C\u002Fem>, \u003Cem>bottom\u003C\u002Fem> and in the \u003Cem>middle\u003C\u002Fem> of posts and pages\u003C\u002Fli>\n\u003Cli>Differentiate between \u003Cem>mobile\u003C\u002Fem> and \u003Cem>desktop\u003C\u002Fem> (you don’t display the same ad format on both, true?)\u003C\u002Fli>\n\u003Cli>Separate post and page configuration\u003C\u002Fli>\n\u003Cli>Native PHP code enabled\u003C\u002Fli>\n\u003Cli>Shortcodes enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Special Injections\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Just after the opening BODY tag\u003C\u002Fli>\n\u003Cli>In the middle of post content (using configurable rules)\u003C\u002Fli>\n\u003Cli>Everywhere on template (using placeholders)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>bbPress\u003C\u002Fh4>\n\u003Cp>The specific bbPress injections are going to be removed. Switch to my\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fads-bbpress\" rel=\"ugc\">Ads for bbPress\u003C\u002Fa>, which is more flexible and complete.\u003C\u002Fp>\n\u003Ch4>Limits\u003C\u002Fh4>\n\u003Cp>This plugin cannot change the menu or the footer layout, those features must be covered by your theme!\u003C\u002Fp>\n\u003Cp>Official page: \u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer\" rel=\"nofollow ugc\">Header and Footer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Other plugins by Stefano Lissa:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fhyper-cache\" rel=\"nofollow ugc\">Hyper Cache\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.thenewsletterplugin.com\" rel=\"nofollow ugc\">Newsletter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Finclude-me\" rel=\"nofollow ugc\">Include Me\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fthumbnails\" rel=\"nofollow ugc\">Thumbnails\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fads-bbpress\u002F\" rel=\"ugc\">Ads for bbPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>You can contribute to translate this plugin in your language on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">WordPress Translate\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy and GDPR\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or process any personal user data.\u003C\u002Fp>\n","Head and Footer plugin lets you to add HTML code to the head and footer sections of your site pages, inside posts... and more!",300000,5509086,98,734,"2026-02-03T07:01:00.000Z","6.9.4","6.1","7.0",[65,19,20,66,67],"ads","footer","header","https:\u002F\u002Fwww.satollo.net\u002Fplugins\u002Fheader-footer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheader-footer.3.3.3.zip",99,0,"2025-02-20 22:46:06",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":25,"last_updated":84,"tested_up_to":61,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":91,"download_link":92,"security_score":83,"vuln_count":71,"unpatched_count":71,"last_vuln_date":34,"fetched_at":27},"amplitude","Amplitude – Analytics, Session Replay, A\u002FB testing and CDP for your website","0.2.3","amplitudegrowth","https:\u002F\u002Fprofiles.wordpress.org\u002Famplitudegrowth\u002F","\u003Cp>Amplitude is a real-time digital analytics platform for both web and mobile, used to analyze visitors’ user behaviors. Amplitude lets businesses understand their customers better, personalize experiences and grow their business with confidence. Learn more at \u003Ca href=\"https:\u002F\u002Fwww.amplitude.com\u002F?utm_medium=referral&utm_source=wordpress\" rel=\"nofollow ugc\">www.amplitude.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002For8BtjqLcV8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Boost your WordPress site engagement and conversions by automatically sending analytics data to Amplitude—no developer required. Our new free, one-click plugin ( Beta edition ) enables teams to easily analyze web visitor data and run A\u002FB testing in Amplitude so they can make data-driven decisions about their WordPress site. Use the Amplitude for WordPress plugin to build your most engaging web experience.\u003C\u002Fp>\n\u003Cp>Amplitude gives you automated insights into your top-performing channels, campaigns, and pages. Use these insights to understand how web performance impacts your business and improve conversions. With our built-in templates and collaboration tools, Amplitude makes it easy for teams to generate analysis and share insights about your customers with your teams.\u003C\u002Fp>\n\u003Cp>The Amplitude for WordPress plugin also offers advanced features—including behavioral segmentation, Session Replay and a customer data platform —to elevate your site performance. Using our all-in-one plugin, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unlock audience segments based on visitor behaviors that you can use in your marketing campaigns.\u003C\u002Fli>\n\u003Cli>Run A\u002FB tests to understand how content and copy changes can improve conversion\u003C\u002Fli>\n\u003Cli>Use Session Replay to quickly diagnose issues and understand holistic site health.\u003C\u002Fli>\n\u003Cli>Personalize and target audiences with synced data using our customer data platform\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Go beyond the basics of Google Analytics (GA)—without the hassle of migration—using Amplitude’s no-code set-up and powerful features to grow your business.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FrW971asdh3A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Key features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Seamless integration:\u003C\u002Fstrong> Easily connect your WordPress site to Amplitude’s Digital Analytics Platform without touching a line of code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Out-of-the-box event tracking:\u003C\u002Fstrong> Start tracking key metrics—page views, sessions, clicks, and more—on day one to immediately understand site performance.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time insights:\u003C\u002Fstrong> Access real-time data on user behavior, conversion rates, and engagement directly from your Amplitude dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User journeys:\u003C\u002Fstrong> Understand your audiences’ journeys through your site to optimize pathways for engagement and conversions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>A\u002FB Testing:\u003C\u002Fstrong> Improve your website conversion by easily testing messaging, images, and CTAs in a few simple clicks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Session Replay:\u003C\u002Fstrong> Watch playbacks of user paths on your website to connect quantitative and qualitative insights and understand the bigger picture.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Retention analysis:\u003C\u002Fstrong> Pair audience segments (cohorts) with retention reports to keep users coming back.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Feature optimization:\u003C\u002Fstrong> Identify which features and pages drive engagement and which need improvement.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Behavioral cohorts:\u003C\u002Fstrong> Dig into your data with behavioral segmentation capabilities and engage with those segments using our many marketing integrations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audience engagement:\u003C\u002Fstrong> Build audience lists based on web visitor behaviors and personalize campaigns using behavioral insights\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Collaborative analytics:\u003C\u002Fstrong> Share insights across your team with built-in collaboration tools.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Simply put, Amplitude’s Digital Analytics Platform is the most complete solution for small teams. Our platform is both easy to use and powerful, helping you grow your business with data-driven confidence.\u003C\u002Fp>\n\u003Cp>Thousands of small businesses as well as leading companies such as Paypal, Dropbox, eBay, and Coursera all use Amplitude to take action and drive growth with Amplitude.\u003C\u002Fp>\n\u003Cp>\u003Cem>“The power of Amplitude is the ability to answer one question, which leads to another question, which leads to more questions. Within moments, marketers can make this self-serve journey and find the direction they should take.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cem>— Anish Jariwala, Sr. Director, Marketing Strategy and Operations at Coursera\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Whether you’re looking to improve user experiences, increase conversions, or boost engagement, the Amplitude for WordPress plugin provides the data and insights critical for success.\u003C\u002Fp>\n\u003Cp>As always, we’re here to help! If you experience any issues or have questions not addressed by the FAQ below, don’t hesitate to contact us at \u003Ca href=\"mailto:plugins@amplitude.com\" rel=\"nofollow ugc\">plugins@amplitude.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Elevate your WordPress site with data-driven insights\u003C\u002Fh3>\n\u003Cp>Make data-driven decisions to improve your WordPress site with Amplitude’s Digital Analytics Platform. For more information on getting started and maximizing your use of Amplitude, visit our documentation and support resources \u003Ca href=\"https:\u002F\u002Fhelp.amplitude.com\u002Fhc\u002Fen-us\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Terms, Conditions, and Disclosures\u003C\u002Fh3>\n\u003Cp>Amplitude may collect user data about your usage of our plugin. Please see our \u003Ca href=\"amplitude.com\u002Fprivacy\" rel=\"nofollow ugc\">privacy policy\u003C\u002Fa> to understand our policies and practices regarding the information that we collect.\u003C\u002Fp>\n\u003Cp>Your use of the \u003Ca href=\"https:\u002F\u002Famplitude.com\" rel=\"nofollow ugc\">Amplitude Services\u003C\u002Fa> is subject to the terms and conditions of the relevant \u003Ca href=\"https:\u002F\u002Famplitude.com\u002Flegal\" rel=\"nofollow ugc\">customer agreement\u003C\u002Fa> that you have executed with Amplitude, unless you have entered into a written master subscription agreement with Amplitude, in which case the most recent written master subscription agreement will govern your use of the Amplitude Services.\u003C\u002Fp>\n","Grow your website with confidence using our award winning digital analytics platform now available on WordPress",800,6405,100,"2025-12-19T20:18:00.000Z","5.2","5.6",[74,20,88,89,90],"google-analytics","tag-manager","web-analytics","https:\u002F\u002Famplitude.com\u002F?utm_medium=referral&utm_source=wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Famplitude.0.2.3.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":71,"num_ratings":71,"last_updated":103,"tested_up_to":61,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":111,"download_link":112,"security_score":83,"vuln_count":71,"unpatched_count":71,"last_vuln_date":34,"fetched_at":27},"easy-utm-builder","Easy UTM Builder","1.1","Atlas Gondal","https:\u002F\u002Fprofiles.wordpress.org\u002Fatlas_gondal\u002F","\u003Cp>This plugin will add a page called “Easy UTM Builder” under Settings. On this screen, you need to select post type, set the UTM parameter and select output type.\u003C\u002Fp>\n\u003Ch4>Main Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Filter by post type or status\u003C\u002Fli>\n\u003Cli>Generate complete site URLs in just few clicks\u003C\u002Fli>\n\u003Cli>Output in Dashboard\u003C\u002Fli>\n\u003Cli>Write in CSV file\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can create URLs manually but what if you have Hundreds\u002FThousands URLs. In that case, it’ll Cost you a lot of Time. We all know, Time is Money and you can save it by using this Free, and Easy to Use Plugin!\u003C\u002Fp>\n\u003Ch4>Why we need this plugin?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>For SEO\u003C\u002Fli>\n\u003Cli>Making URLs trackable in Google Analytics\u003C\u002Fli>\n\u003Cli>Monitoring E-Commerce Conversions\u003C\u002Fli>\n\u003Cli>Tracking Social Media Traffic like Facebook and Twitter\u003C\u002Fli>\n\u003Cli>Tracking Email Campaign Conversions\u003C\u002Fli>\n\u003Cli>Track Any Promotional Event\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>For further information please send me an \u003Ca href=\"https:\u002F\u002FAtlasGondal.com\u002Fcontact-me\u002F?utm_source=self&utm_medium=wp&utm_campaign=easy-utm-builder&utm_term=plugin-description\" rel=\"nofollow ugc\">email\u003C\u002Fa>.\u003C\u002Fp>\n","Easy to build trackable URLs with UTM parameters in Bulk (complete site or specific post type) for Google Analytics!",400,5841,"2025-12-13T11:19:00.000Z","3.1.0","5.4",[20,107,108,109,110],"custom-campaign","ecommerce-tracking","utm-parameters","utm-url-builder","http:\u002F\u002Fwww.AtlasGondal.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-utm-builder.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":101,"downloaded":121,"rating":83,"num_ratings":13,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":129,"download_link":130,"security_score":83,"vuln_count":71,"unpatched_count":71,"last_vuln_date":34,"fetched_at":27},"utm-dot-codes","utm.codes","1.9.1","Chris Carlevato","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrislarrycarl\u002F","\u003Cp>It’s time to ditch the spreadsheets for a better way to create and manage your campaign marketing links.\u003C\u002Fp>\n\u003Cp>utm.codes turns your WordPress admin into a link building powerhouse by making it easier to create, organize, and use your links.\u003C\u002Fp>\n\u003Cp>For more information, videos, and helpful tips \u003Ca href=\"https:\u002F\u002Futm.codes\" rel=\"nofollow ugc\">visit the utm.codes website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily create campaign marketing links with UTM codes for better campaign analytics\u003C\u002Fli>\n\u003Cli>Automatically format links in lowercase, remove spaces, and remove non alphanumeric characters for more consistent reporting\u003C\u002Fli>\n\u003Cli>Batch create links for all your social networks with just a click\u003C\u002Fli>\n\u003Cli>Search, filter, and easily find existing links using familiar WordPress admin controls\u003C\u002Fli>\n\u003Cli>Automatically detect url error responses to prevent creating bad links\u003C\u002Fli>\n\u003Cli>One click link shortening with Bitly or Rebrandly for easier link sharing\u003C\u002Fli>\n\u003Cli>Save notes with link for team communication, usage context, future reference, and more\u003C\u002Fli>\n\u003Cli>Link element API filter for custom utm code formatting\u003C\u002Fli>\n\u003Cli>Social network options API filter for custom batch link options\u003C\u002Fli>\n\u003Cli>Shortener API filter for custom link shortening\u003C\u002Fli>\n\u003Cli>Supports adding additional custom parameters to links for improved versatility\u003C\u002Fli>\n\u003Cli>Multi-user access within WordPress to share creation and management responsibilities\u003C\u002Fli>\n\u003Cli>See your current link count in the admin dashboard “At a Glance”\u003C\u002Fli>\n\u003Cli>Tested with WordPress 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8\u003C\u002Fli>\n\u003Cli>Tested with PHP 7.1, 7.2, 7.3, 7.4, 8.0, 8.1, 8.2, 8.3\u003C\u002Fli>\n\u003Cli>Tested with MySQL 5.6, 5.7, 8.0, 8.4\u003C\u002Fli>\n\u003Cli>100% Free and Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Cp>Upload the utm.codes plugin to your WordPress site, activate it, and start creating your links.\u003C\u002Fp>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>Configure your formatting preferences, targeted social networks, link notes, and shortening preferences, under Settings \u002F utm.codes to enable batch creation and shorten when saving links.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>For additional details about installing, configuring, customizing, and using utm.codes \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fasdfdotdev\u002Futm.codes\u002Fwiki\" rel=\"nofollow ugc\">visit our GitHub wiki\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Development Resources\u003C\u002Fh4>\n\u003Cp>utm.codes is built using development code not included in the WordPress.org download because it isn’t required for use. This code includes the webpack build used to create our minified CSS and JavaScript as well as PHPUnit tests to ensure support of new WordPress releases.\u003C\u002Fp>\n\u003Cp>All source code associated with utm.codes is open source, free to use for any purpose, and released under the GPL v2.0 license. Development code, including instructions for running both the build and tests, is available at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fasdfdotdev\u002Futm.codes\" rel=\"nofollow ugc\">utm.codes GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can also \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fasdfdotdev\u002Futm.codes\u002Factions\" rel=\"nofollow ugc\">browse our build history at GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","A WordPress plugin that makes building analytics friendly links quick and easy.",11088,"2025-06-17T10:48:00.000Z","6.8.5","5.1.0","7.1.0",[20,127,88,128],"campaign-marketing","utm-codes","https:\u002F\u002Futm.codes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Futm-dot-codes.zip",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":83,"num_ratings":141,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":86,"tags":145,"homepage":149,"download_link":150,"security_score":151,"vuln_count":71,"unpatched_count":71,"last_vuln_date":34,"fetched_at":27},"amp-google-analytics-4-support","AMP Google Analytics 4 Support","1.1.6","Roland","https:\u002F\u002Fprofiles.wordpress.org\u002Frolandfarkas\u002F","\u003Cp>This is a simple plugin to add GA4 support to AMP and insert GA4 tags into your AMP WordPress pages or posts.\u003C\u002Fp>\n\u003Ch4>Description\u003C\u002Fh4>\n\u003Cp>This is a simple plugin to add GA4 support to AMP and insert GA4 tags into your AMP WordPress pages or posts.\u003C\u002Fp>\n\u003Cp>*Requires the AMP Plugin\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Roland Farkas – https:\u002F\u002Fgithub.com\u002FrolandfarkasCOM\u003Cbr \u002F>\nDavid Vallejo – https:\u002F\u002Fgithub.com\u002Fthyngster – https:\u002F\u002Fgithub.com\u002Fanalytics-debugger\u002Fgoogle-analytics-4-for-amp\u002Fblob\u002Fmain\u002Fga4.json\u003C\u002Fp>\n","A WordPress plugin to add GA4 - Google Analytics 4 Support to AMP - Accelerated Mobile Pages.",200,4561,4,"2024-05-29T17:30:00.000Z","6.5.8","4.9",[19,146,147,148],"amp-ga4-support","ga4","google-analytics-4","https:\u002F\u002Fgithub.com\u002FrolandfarkasCOM\u002Fampanalyticssupport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Famp-google-analytics-4-support.1.1.6.zip",92,{"attackSurface":153,"codeSignals":225,"taintFlows":253,"riskAssessment":290,"analyzedAt":296},{"hooks":154,"ajaxHandlers":213,"restRoutes":222,"shortcodes":223,"cronEvents":224,"entryPointCount":13,"unprotectedCount":71},[155,161,165,169,174,178,182,186,190,193,197,202,205,209],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","admin_menu","chartbeat_menu","chartbeat.php",31,{"type":156,"name":162,"callback":163,"file":159,"line":164},"admin_notices","display_chartbeat_accountid_error",35,{"type":156,"name":166,"callback":167,"priority":25,"file":159,"line":168},"admin_init","check_chartbeat_accountid_error",46,{"type":170,"name":171,"callback":172,"file":159,"line":173},"filter","amp_post_template_analytics","chartbeat_amp_add_analytics",420,{"type":156,"name":175,"callback":176,"file":159,"line":177},"instant_articles_article_header","chartbeat_fbia_analytics",442,{"type":156,"name":179,"callback":180,"file":159,"line":181},"widgets_init","chartbeat_widget_init",509,{"type":170,"name":183,"callback":184,"file":159,"line":185},"posts_where","chartbeat_filter_where_last_three_days",544,{"type":156,"name":187,"callback":188,"file":159,"line":189},"wp_dashboard_setup","chartbeat_add_dashboard_widgets",627,{"type":156,"name":166,"callback":191,"file":159,"line":192},"chartbeat_plugin_admin_init",628,{"type":170,"name":194,"callback":195,"file":159,"line":196},"manage_posts_columns","chartbeat_columns",631,{"type":156,"name":198,"callback":199,"priority":200,"file":159,"line":201},"manage_posts_custom_column","chartbeat_custom_columns",10,639,{"type":156,"name":166,"callback":203,"file":159,"line":204},"chartbeat_register_settings",673,{"type":156,"name":206,"callback":207,"file":159,"line":208},"wp_head","add_chartbeat_head",675,{"type":156,"name":210,"callback":211,"file":159,"line":212},"wp_footer","add_chartbeat_footer",676,[214,220],{"action":215,"nopriv":216,"callback":217,"hasNonce":216,"hasCapCheck":218,"file":159,"line":219},"cbproxy-submit",true,"cbproxy_submit",false,476,{"action":215,"nopriv":218,"callback":217,"hasNonce":216,"hasCapCheck":218,"file":159,"line":221},477,[],[],[],{"dangerousFunctions":226,"sqlUsage":227,"outputEscaping":229,"fileOperations":71,"externalRequests":25,"nonceChecks":25,"capabilityChecks":141,"bundledLibraries":252},[],{"prepared":25,"raw":71,"locations":228},[],{"escaped":24,"rawEcho":200,"locations":230},[231,234,236,238,240,242,244,246,248,250],{"file":159,"line":232,"context":233},161,"raw output",{"file":159,"line":235,"context":233},365,{"file":159,"line":237,"context":233},375,{"file":159,"line":239,"context":233},432,{"file":159,"line":241,"context":233},458,{"file":159,"line":243,"context":233},467,{"file":159,"line":245,"context":233},471,{"file":159,"line":247,"context":233},500,{"file":159,"line":249,"context":233},563,{"file":159,"line":251,"context":233},585,[],[254,279],{"entryPoint":255,"graph":256,"unsanitizedCount":71,"severity":278},"cbproxy_submit (chartbeat.php:479)",{"nodes":257,"edges":275},[258,263,269,271],{"id":259,"type":260,"label":261,"file":159,"line":262},"n0","source","$_GET",485,{"id":264,"type":265,"label":266,"file":159,"line":267,"wp_function":268},"n1","sink","wp_remote_get() [SSRF]",491,"wp_remote_get",{"id":270,"type":260,"label":261,"file":159,"line":262},"n2",{"id":272,"type":265,"label":273,"file":159,"line":247,"wp_function":274},"n3","echo() [XSS]","echo",[276,277],{"from":259,"to":264,"sanitized":216},{"from":270,"to":272,"sanitized":216},"low",{"entryPoint":280,"graph":281,"unsanitizedCount":71,"severity":278},"\u003Cchartbeat> (chartbeat.php:0)",{"nodes":282,"edges":287},[283,284,285,286],{"id":259,"type":260,"label":261,"file":159,"line":262},{"id":264,"type":265,"label":266,"file":159,"line":267,"wp_function":268},{"id":270,"type":260,"label":261,"file":159,"line":262},{"id":272,"type":265,"label":273,"file":159,"line":247,"wp_function":274},[288,289],{"from":259,"to":264,"sanitized":216},{"from":270,"to":272,"sanitized":216},{"summary":291,"deductions":292},"The Chartbeat plugin v2.0.7 demonstrates several good security practices, including the absence of dangerous functions, all SQL queries utilizing prepared statements, and a low number of entry points with none currently unprotected.  The plugin also implements nonce and capability checks, which are crucial for securing its limited attack surface. However, a significant concern arises from its vulnerability history, specifically a known medium-severity Server-Side Request Forgery (SSRF) vulnerability that remains unpatched. The presence of an unpatched CVE, especially one related to SSRF, introduces a direct and exploitable risk to the WordPress site.\n\nWhile the static analysis shows a relatively clean codebase with no critical or high-severity taint flows and proper output escaping for the majority of outputs, the unpatched SSRF vulnerability overshadows these strengths. The plugin's reliance on external HTTP requests, though only one is noted, could be a vector for such an SSRF if not handled with extreme care and proper validation, which is unfortunately not guaranteed given the past vulnerability. The overall security posture is mixed; strong internal code practices are undermined by a critical external threat in the form of an unpatched vulnerability.",[293],{"reason":294,"points":295},"Unpatched CVE (Medium severity)",15,"2026-03-16T19:06:10.268Z",{"wat":298,"direct":310},{"assetPaths":299,"generatorPatterns":302,"scriptPaths":303,"versionParams":309},[300,301],"\u002Fwp-content\u002Fplugins\u002Fchartbeat\u002Fmedia\u002Fchartbeat.png","\u002Fwp-content\u002Fplugins\u002Fchartbeat\u002Fmedia\u002Ftopwidget.compiled.js",[],[304,305,306,307,308],"\u002F\u002Fchartbeat.com\u002Fwordpress\u002F?site=","\u002F\u002Fchartbeat.com\u002Fdashboard\u002F","\u002F\u002Fchartbeat.com\u002Fpublishing\u002Fdashboard\u002F","\u002F\u002Fchartbeat.com\u002Fapikeys\u002F","https:\u002F\u002Fchartbeat.com\u002Fpublishing\u002Fheadline-optimization\u002F",[],{"cssClasses":311,"htmlComments":312,"htmlAttributes":313,"restEndpoints":315,"jsGlobals":316,"shortcodeOutput":318},[],[],[314],"id=\"chartbeat-iframe\"",[],[317],"CBTopPagesWidget",[]]