[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZS-jgTnGnS5bRAxbJ5cZyWSv-uWEuBMMNxmo4P0eRR4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":129,"fingerprints":173},"chartlocal","Chartlocal","1.0.0","chartlocalweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fchartlocalweb\u002F","\u003Cp>Chartlocal provides a simple WordPress plugin, enabling you to capture leads, understand your sources of leads, respond to and manage those leads.  The Chartlocal WordPress extension adds the tracking software on all the pages of your website.\u003C\u002Fp>\n\u003Cp>About Chartlocal\u003C\u002Fp>\n\u003Cp>Chartlocal is your secret weapon to help you finally know which of your marketing sources get you customers. Plus, it helps you turn more of your leads into customers with automated reminders and emails, giving you the edge on your competition.\u003C\u002Fp>\n\u003Ch3>API Interaction provided by capture_configs js from the ReachLocal (rlets.com) CDN\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The capture_configs js loads the customer’s configuration data from ReachLocal\u003C\u002Fli>\n\u003Cli>Sends analytics data back to ReachLocal for performance metrics.\u003C\u002Fli>\n\u003Cli>Sends visit & referrer attribution back to ReachLocal for analytics\u003C\u002Fli>\n\u003Cli>Sends visit, email, and form post data back to ReachLocal to provide lead management.\u003C\u002Fli>\n\u003Cli>Email links are replaced with contact forms and the form data and sending of email is offloaded to ReachLocal’s servers.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.reachlocal.com\" rel=\"nofollow ugc\">ReachLocal Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.reachlocal.com\u002Fus\u002Fen\u002Flegal\u002Fterms-and-conditions\u002Ftracking-service-product-terms-0\" rel=\"nofollow ugc\">ReachLocal Terms & Conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.reachlocal.com\u002Fus\u002Fen\u002Flegal\u002Fprivacy-policy\" rel=\"nofollow ugc\">ReachLocal Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Chartlocal offers lead & call tracking, lead notifications & nurturing, ROI reports, analytics & insights, and mobile app & alerts.",0,986,"2019-09-11T19:40:00.000Z","5.0.25","2.7","",[18,4,19,20,21],"call-tracking","form-capture","form-tracking","lead-conversion","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchartlocal.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,84,"2026-04-04T14:08:02.672Z",[33,49,67,87,109],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":11,"num_ratings":11,"last_updated":43,"tested_up_to":44,"requires_at_least":15,"requires_php":16,"tags":45,"homepage":47,"download_link":48,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"reachlocal-convertcontacts","ConvertContacts","1.4.0","REWordPressPlugin","https:\u002F\u002Fprofiles.wordpress.org\u002Frewordpressplugin\u002F","\u003Cp>ConvertContacts provides a simple WordPress plugin, enabling you to capture leads, understand your sources of leads, respond to and manage those leads.  The ConvertContacts WordPress extension adds the tracking software on all the pages of your website.\u003C\u002Fp>\n\u003Cp>About ConvertContacts\u003C\u002Fp>\n\u003Cp>ConvertContacts is your secret weapon to help you finally know which of your marketing sources get you customers. Plus, it helps you turn more of your leads into customers with automated reminders and emails, giving you the edge on your competition.\u003C\u002Fp>\n\u003Ch3>API Interaction provided by capture_configs js from the CDN\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The capture_configs js loads the customer’s configuration data from ConvertContacts\u003C\u002Fli>\n\u003Cli>Sends analytics data back to ConvertContacts for performance metrics.\u003C\u002Fli>\n\u003Cli>Sends visit & referrer attribution back to ConvertContacts for analytics\u003C\u002Fli>\n\u003Cli>Sends visit, email, and form post data back to ConvertContacts to provide lead management.\u003C\u002Fli>\n\u003Cli>Email links are replaced with contact forms and the form data and sending of email is offloaded to ConvertContacts’s servers.\u003C\u002Fli>\n\u003C\u002Fol>\n","ConvertContacts offers lead & call tracking, lead notifications & nurturing, ROI reports, analytics & insights, and mobile app & alerts.",20,1801,"2021-03-30T00:18:00.000Z","5.7.0",[18,46,19,20,21],"convertcontacts","https:\u002F\u002Fgithub.com\u002Freachlocal\u002Fconvert_contacts_wordpress_plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freachlocal-convertcontacts.zip",{"slug":50,"name":51,"version":52,"author":37,"author_profile":38,"description":53,"short_description":54,"active_installs":55,"downloaded":56,"rating":57,"num_ratings":58,"last_updated":59,"tested_up_to":60,"requires_at_least":15,"requires_php":16,"tags":61,"homepage":64,"download_link":65,"security_score":66,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"reachedge","LocaliQ – Tracking Code","1.9.1","\u003Cp>The LocaliQ WordPress plugin adds the tracking code to the WordPress site.  This plugin adds the required javascript code on all pages in order to track analytics and enable other features for the \u003Ca href=\"https:\u002F\u002Flocaliq.com\" rel=\"nofollow ugc\">LocaliQ\u003C\u002Fa> products and other digital marketing solutions.\u003C\u002Fp>\n\u003Cp>The required javascript is loaded from a CDN at cdn.rlets.com\u002Fcapture_static\u002Fmms\u002Fmms.js. This file is under continuing development to provide the best performance and stability across all browser and OS combinations.\u003C\u002Fp>\n\u003Cp>As new features and functionality are added to LocaliQ Tracking, those updates will be rolled out through the mms.js file, and no updates of this plugin will be required.\u003C\u002Fp>\n\u003Cp>For more information, visit https:\u002F\u002Flocaliq.com.\u003C\u002Fp>\n\u003Ch3>API Interaction provided by capture_configs js from the CDN\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The capture_configs js loads the customer’s configuration data from LocaliQ\u003C\u002Fli>\n\u003Cli>Sends analytics data back to LocaliQ for performance metrics.\u003C\u002Fli>\n\u003Cli>Sends visit & referrer attribution back to LocaliQ for analytics\u003C\u002Fli>\n\u003Cli>Sends visit, email, and form post data back to LocaliQ to provide lead management.\u003C\u002Fli>\n\u003Cli>Email links are replaced with contact forms and the form data and sending of email is offloaded to LocaliQ’s servers.\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds LocaliQ's tracking code on all pages.",2000,27704,60,2,"2024-05-20T17:09:00.000Z","6.4.8",[18,62,20,21,63],"email-tracking","localiq","https:\u002F\u002Fgithub.com\u002Freachlocal\u002Flocaliq-wordpress-4x-tracking-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freachedge.1.9.1.zip",92,{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":78,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":16,"tags":82,"homepage":85,"download_link":86,"security_score":77,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"whatconverts","WhatConverts","1.0.7","whatconverts call tracking and reporting","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhatconverts\u002F","\u003Cp>This plugin adds the required tracking code for WhatConverts.\u003C\u002Fp>\n\u003Cp>For more information visit, \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>WhatConverts plugin uses s.ksrndkehqnwntyxlhgto.com as the path to deliver the script.  The script is included on your site to allow WhatConverts to capture leads from your website.  s.ksrndkehqnwntyxlhgto.com is owned and operated by \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.  For more information visit our \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> for more information on WhatConverts.\u003C\u002Fp>\n","Enables WhatConverts on all pages.",7000,31411,100,3,"2025-12-01T13:06:00.000Z","6.9.4","3.0",[83,18,20,84,68],"analytics-call-tracking","goal-tracking","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwhatconverts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhatconverts.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":97,"num_ratings":98,"last_updated":99,"tested_up_to":80,"requires_at_least":81,"requires_php":16,"tags":100,"homepage":105,"download_link":106,"security_score":107,"vuln_count":58,"unpatched_count":11,"last_vuln_date":108,"fetched_at":25},"callrail-phone-call-tracking","CallRail Phone Call Tracking","0.5.3","CallRail","https:\u002F\u002Fprofiles.wordpress.org\u002Fcallrail\u002F","\u003Cp>CallRail is here to bring complete visibility to the marketers who rely on quality inbound leads to measure success. Our customers live in a results-driven world, and giving them a clear view into their digital marketing efforts is a first priority for CallRail. We see the opportunities in surfacing and connecting data from calls, forms, chat and beyond — helping our customers get to better outcomes.\u003C\u002Fp>\n\u003Cp>Our WordPress plugin allows you to learn detailed information about the source and web session of every caller from your website using a process called \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002Fleads\u002Fdynamic-number-insertion-2\u002F\" rel=\"nofollow ugc\">Dynamic Number Insertion\u003C\u002Fa>. It also powers our form tracking tool, which gives you the power to attribute form submissions back to their source and learn about what the user did on your site before submitting the form.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Learn more about \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002F\" rel=\"nofollow ugc\">CallRail\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out our WP plugin \u003Ca href=\"https:\u002F\u002Fsupport.callrail.com\u002Fhc\u002Fen-us\u002Farticles\u002F201011537\" rel=\"nofollow ugc\">support documentation.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.",10000,358191,74,6,"2026-02-11T19:30:00.000Z",[101,102,18,103,104],"adwords","analytics","conversion-tracking","seo","http:\u002F\u002Fwww.callrail.com\u002Fdocs\u002Fweb-integration\u002Fwordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallrail-phone-call-tracking.0.5.3.zip",99,"2023-10-24 00:00:00",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":97,"num_ratings":78,"last_updated":119,"tested_up_to":80,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":127,"download_link":128,"security_score":77,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"call-tracking-metrics","CallTrackingMetrics","2.1.8","taf2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaf2\u002F","\u003Cp>CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.\u003C\u002Fp>\n","CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.",3000,125043,"2026-02-16T14:22:00.000Z","6.5","8.2",[123,18,124,125,126],"advertising","conversation-analytics","google-ads","marketing-attribution","https:\u002F\u002Fcalltrackingmetrics.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-tracking-metrics.2.1.8.zip",{"attackSurface":130,"codeSignals":157,"taintFlows":164,"riskAssessment":165,"analyzedAt":172},{"hooks":131,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":156,"entryPointCount":11,"unprotectedCount":11},[132,137,141,148],{"type":133,"name":134,"callback":135,"file":136,"line":78},"action","admin_menu","clt_add_admin_menu","chartlocal-tracking-settings.php",{"type":133,"name":138,"callback":139,"file":136,"line":140},"admin_init","clt_settings_init",4,{"type":142,"name":143,"callback":144,"priority":145,"file":146,"line":147},"filter","clean_url","clt_async_scripts",11,"chartlocal-tracking.php",33,{"type":133,"name":149,"callback":150,"priority":151,"file":146,"line":152},"wp_enqueue_scripts","clt_tracking_plugin",5,45,[],[],[],[],{"dangerousFunctions":158,"sqlUsage":159,"outputEscaping":161,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":163},[],{"prepared":11,"raw":11,"locations":160},[],{"escaped":28,"rawEcho":11,"locations":162},[],[],[],{"summary":166,"deductions":167},"The \"chartlocal\" v1.0.0 plugin demonstrates a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code exhibits excellent practices regarding SQL queries, utilizing prepared statements exclusively, and ensuring all output is properly escaped. The lack of dangerous functions, file operations, external HTTP requests, and the absence of taint analysis findings further bolster its security. The plugin also has no recorded vulnerability history, indicating a sustained commitment to security or a lack of past exposure.\n\nHowever, a notable concern is the complete absence of nonce checks and capability checks. While the current analysis shows zero entry points that require these, it suggests a potential vulnerability if new features are added or if the attack surface analysis is incomplete. If any of the entry points were to become accessible without proper authorization checks, this would represent a significant security gap. The plugin's strengths lie in its clean code and lack of known vulnerabilities, but the absence of authorization controls on any potential future entry points is a weakness that warrants attention for future development.\n\nIn conclusion, \"chartlocal\" v1.0.0 appears to be a very secure plugin in its current state. The developers have adhered to best practices for SQL and output sanitization. The absence of historical vulnerabilities is a positive sign. The primary area for improvement and vigilance is the implementation of robust authorization checks (nonces and capabilities) should the plugin's functionality expand to include any form of user interaction or data processing.",[168,170],{"reason":169,"points":151},"Missing nonce checks",{"reason":171,"points":151},"Missing capability checks","2026-03-17T07:22:54.739Z",{"wat":174,"direct":180},{"assetPaths":175,"generatorPatterns":176,"scriptPaths":177,"versionParams":179},[],[],[178],"\u002Fwp-content\u002Fplugins\u002Fchartlocal\u002Fchartlocal-tracking.php",[],{"cssClasses":181,"htmlComments":182,"htmlAttributes":183,"restEndpoints":184,"jsGlobals":185,"shortcodeOutput":186},[],[],[],[],[],[]]