[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$folnQkqDt5AylNUzlONNz1WlTbz9r5jGCeb5YANOpHgg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":119,"fingerprints":177},"click-fraud-free","ClickFraudFree","1.0.0","cffjerson","https:\u002F\u002Fprofiles.wordpress.org\u002Fcffjerson\u002F","\u003Cp>ClickFraudFree is a \u003Cstrong>service-based plugin\u003C\u002Fstrong> that helps website owners protect their traffic and advertising campaigns from fraudulent clicks, bots, and malicious users.\u003C\u002Fp>\n\u003Cp>This plugin connects your WordPress site to the \u003Cstrong>ClickFraudFree external service\u003C\u002Fstrong>, which analyzes traffic patterns and detects invalid or fraudulent activity in real time.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Important:\u003C\u002Fstrong>\u003Cbr \u002F>\nThis plugin relies on a \u003Cstrong>remote service\u003C\u002Fstrong> and does not function without an active ClickFraudFree account.\u003C\u002Fp>\n\u003Ch3>How the service works\u003C\u002Fh3>\n\u003Cp>When enabled, the plugin sends limited traffic-related data to the ClickFraudFree servers for analysis. This allows the service to detect and prevent click fraud and invalid traffic.\u003C\u002Fp>\n\u003Cp>The plugin may communicate with the following external server:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>https:\u002F\u002Fclickfraudfree.com\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Data sent to the service\u003C\u002Fh3>\n\u003Cp>Depending on your configuration, the plugin may transmit the following data to the ClickFraudFree service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Client ID (provided by the ClickFraudFree account)\u003C\u002Fli>\n\u003Cli>Visitor IP address\u003C\u002Fli>\n\u003Cli>HTTP referrer URL\u003C\u002Fli>\n\u003Cli>Timestamp of the visit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No personally identifiable user data is collected intentionally beyond what is required for fraud detection.\u003C\u002Fp>\n\u003Ch3>Why this data is needed\u003C\u002Fh3>\n\u003Cp>This information is required to:\u003Cbr \u002F>\n* Identify repeat or automated traffic\u003Cbr \u002F>\n* Detect bot activity and click farms\u003Cbr \u002F>\n* Prevent competitors from generating invalid ad clicks\u003Cbr \u002F>\n* Protect advertising budgets and analytics accuracy\u003C\u002Fp>\n\u003Ch3>Account requirement\u003C\u002Fh3>\n\u003Cp>An active ClickFraudFree account is required to use this plugin.\u003Cbr \u002F>\nYou must sign up at \u003Cstrong>https:\u002F\u002Fclickfraudfree.com\u003C\u002Fstrong> and obtain a Client ID.\u003C\u002Fp>\n","Protects websites and ad campaigns from bots, competitors, and invalid traffic using a remote click fraud detection service.",40,155,0,"2026-01-26T12:20:00.000Z","6.9.4","6.0","7.4",[19,20,21,22,23],"ad-fraud","bot-protection","click-fraud","fraud-protection","website-protection","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclick-fraud-free.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,94,"2026-04-04T00:42:24.291Z",[36,57,69,85,103],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":50,"tags":51,"homepage":24,"download_link":53,"security_score":54,"vuln_count":55,"unpatched_count":13,"last_vuln_date":56,"fetched_at":28},"clickcease-click-fraud-protection","ClickCease Click Fraud Protection","3.2.13","eranfl","https:\u002F\u002Fprofiles.wordpress.org\u002Feranfl\u002F","\u003Cp>Bots and invalid traffic can reach your site through paid, organic, and direct traffic, resulting in a wasted ad budget and disrupted marketing funnels.\u003C\u002Fp>\n\u003Cp>Prevent bots, competitors, and malicious users from damaging your marketing performance with ClickCease, the industry-leading service that keeps your website and ads safe from fraud. Quick installation and real-time protection for all your website’s incoming traffic.\u003C\u002Fp>\n\u003Cp>ClickCease protects you from invalid traffic by monitoring and protecting your:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Paid traffic (Google, Facebook, & Microsoft)\u003C\u002Fli>\n\u003Cli>Organic traffic\u003C\u002Fli>\n\u003Cli>Direct traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Put a stop to ad and click fraud on your website with our market-leading AI software. Allow yourself to fully focus on growing your business without having online fraud distract you.\u003C\u002Fp>\n\u003Cp>You will need an active ClickCease subscription to use this WordPress plugin.\u003C\u002Fp>\n","Protect your website and ad campaigns from bots, competitors, and click fraud with ClickCease's advanced fraud prevention and real-time monitoring.",10000,261207,66,7,"2025-07-21T15:27:00.000Z","6.6.5","5.6",[20,21,52,22,23],"clickcease","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclickcease-click-fraud-protection.zip",99,2,"2024-05-06 00:00:00",{"slug":58,"name":59,"version":60,"author":40,"author_profile":41,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":49,"requires_at_least":50,"requires_php":50,"tags":66,"homepage":24,"download_link":68,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"cheq-essentials-go-to-market-security","CHEQ Essentials","1.13","\u003Cp>As a website owner, one of the biggest challenges you face is dealing with invalid traffic. Invalid traffic (27% of direct and organic traffic on average in 2022) refers to any non-human or fraudulent activity, such as bots, click farms, and other forms of automated traffic. This can not only damage your site’s reputation but also result in lost revenue, slow performance, and skewed data that damage your decision-making.\u003C\u002Fp>\n\u003Cp>CHEQ Essentials is here to help. We use advanced algorithms and machine learning techniques to analyze user behavior and distinguish between legitimate and invalid traffic.\u003C\u002Fp>\n\u003Cp>With this plugin, you can automatically monitor your website traffic in real time and identify any suspicious patterns or behavior. The plugin also provides detailed reports and analytics that can help you better understand your traffic and identify any potential issues.\u003C\u002Fp>\n\u003Cp>Once the plugin detects invalid traffic, it can take immediate action to prevent further damage. This may include blocking IP addresses on Google Ads, redirecting traffic to a 403 page, or implementing other measures to prevent bots and other automated traffic from accessing your site.\u003C\u002Fp>\n\u003Cp>Overall, this is an essential tool for any website owner who wants to secure and protect their site from fraudulent activity and ensure a safe and reliable user experience. With CHEQ Essentials, you can rest assured that your site is protected from invalid traffic and other forms of online fraud.\u003C\u002Fp>\n\u003Cp>You will need an active CHEQ Essentials subscription to use this WordPress plugin.\u003C\u002Fp>\n","Protect, analyze & block threats in real time your website from bots, click fraud, and invalid traffic with CHEQ Essentials.",700,6693,"2025-07-21T15:20:00.000Z",[20,21,22,67,23],"spam-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcheq-essentials-go-to-market-security.zip",{"slug":70,"name":71,"version":6,"author":72,"author_profile":73,"description":74,"short_description":75,"active_installs":13,"downloaded":76,"rating":13,"num_ratings":13,"last_updated":24,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":77,"homepage":24,"download_link":83,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":84},"campaign-ai","Campaign AI","campaignai2026","https:\u002F\u002Fprofiles.wordpress.org\u002Fcampaignai2026\u002F","\u003Cp>Campaign AI is a \u003Cstrong>service-connected WordPress plugin\u003C\u002Fstrong> that integrates your website with the Campaign AI fraud prevention platform.\u003C\u002Fp>\n\u003Cp>The plugin enables your site to communicate with Campaign AI’s remote analysis system, allowing traffic activity to be evaluated for signs of automated behavior, malicious access, or advertising abuse.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Notice:\u003C\u002Fstrong>\u003Cbr \u002F>\nCampaign AI requires an \u003Cstrong>active external account\u003C\u002Fstrong>. The plugin alone does not provide fraud detection without a valid Campaign AI integration code.\u003C\u002Fp>\n\u003Ch3>How Campaign AI works\u003C\u002Fh3>\n\u003Cp>Once configured, Campaign AI observes incoming visits and sends limited technical data to its remote service.\u003Cbr \u002F>\nThis information is processed to help identify patterns commonly associated with click fraud, bots, and invalid traffic sources.\u003C\u002Fp>\n\u003Cp>The plugin communicates with the following external service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>https:\u002F\u002Fcronjob.campaign-ai.com\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Information transmitted\u003C\u002Fh3>\n\u003Cp>To function correctly, Campaign AI may transmit the following data elements to its service endpoint:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Campaign AI integration code\u003C\u002Fli>\n\u003Cli>Visitor IP address\u003C\u002Fli>\n\u003Cli>Referrer URL (if available)\u003C\u002Fli>\n\u003Cli>Time of the request\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used strictly for traffic evaluation and fraud detection purposes.\u003C\u002Fp>\n\u003Ch3>Purpose of data processing\u003C\u002Fh3>\n\u003Cp>The transmitted information allows Campaign AI to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detect automated or scripted traffic\u003C\u002Fli>\n\u003Cli>Identify suspicious click behavior\u003C\u002Fli>\n\u003Cli>Reduce waste from invalid advertising interactions\u003C\u002Fli>\n\u003Cli>Improve campaign performance insights\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Campaign AI does \u003Cstrong>not intentionally collect personal user information\u003C\u002Fstrong> beyond what is technically necessary to perform fraud analysis.\u003C\u002Fp>\n\u003Ch3>Account requirement\u003C\u002Fh3>\n\u003Cp>An active Campaign AI account is required to use this plugin.\u003Cbr \u002F>\nYou can register and obtain an integration code at:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>https:\u002F\u002Fwww.campaign-ai.com\u003C\u002Fstrong>\u003C\u002Fp>\n","Campaign AI integration plugin that protects websites and ad campaigns from bots and invalid traffic using real-time click fraud detection.",118,[78,79,80,81,82],"ad-fraud-protection","ads-security","bot-detection","click-fraud-prevention","invalid-traffic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcampaign-ai.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":13,"num_ratings":13,"last_updated":95,"tested_up_to":15,"requires_at_least":96,"requires_php":17,"tags":97,"homepage":101,"download_link":102,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"anura-io","Anura.io","3.0.2","anurasupport","https:\u002F\u002Fprofiles.wordpress.org\u002Fanurasupport\u002F","\u003Cp>Anura is an enterprise class platform focused on fraud identification and mitigation. The solution uses comprehensive algorithms and machine learning techniques to analyze traffic and detect various forms of fraud, such as bot traffic, click fraud, and other forms of invalid traffic, including residential proxy attacks, regardless of your vertical. Anura aims to help businesses ensure their advertising efforts are reaching genuine users, thereby maximizing the return on investment and maintaining the integrity of their digital marketing campaigns. On top of our industry-leading accuracy, Anura provides a highly detailed analytics dashboard to verify instances of fraud. Leveraging a combination of machine learning and the expertise of seasoned engineers, Anura is capable of detecting even the most advanced fraud techniques in real-time.\u003C\u002Fp>\n","Anura aims to help businesses ensure their advertising efforts are reaching genuine users, thereby maximizing the return on investment and maintaining &hellip;",10,2174,"2025-12-03T15:01:00.000Z","5.3",[19,98,99,21,100],"adfraud","affiliate-fraud-detection","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanura-io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanura-io.3.0.2.zip",{"slug":104,"name":105,"version":6,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":13,"downloaded":109,"rating":13,"num_ratings":13,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":116,"download_link":117,"security_score":118,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bluefield-identity","Bluefield Identity","https:\u002F\u002Fprofiles.wordpress.org\u002Fbluefieldidentity\u002F","\u003Ch3>If you’re using paid search advertising, want to prevent click fraud and preserve your ad budgets, you need Bluefield Identity.\u003C\u002Fh3>\n\u003Cp>Screen \u003Cstrong>ALL\u003C\u002Fstrong> incoming traffic to your site blocking click fraud, web scraping and other destructive actions with the most effective service in the industry. Give us a try with our 30 day free trial and see what partnering with Bluefield Identity can do for you.\u003C\u002Fp>\n\u003Cp>Quick and easy installation provides immediate real-time protection for ALL your site’s incoming traffic.\u003C\u002Fp>\n\u003Cp>When we say \u003Cstrong>“risk free”\u003C\u002Fstrong> we mean mean exactly that. Install Bluefield Identity and try us for 30 days. At the end of the month you’ll get an invoice and a performance report. Compare that against your own analytics and data and \u003Cstrong>YOU\u003C\u002Fstrong> decide. If you want to continue denying bad traffic that doesn’t convert, pay the invoice (Bluefield Identity costs \u003Cstrong>$30USD per month for 6000 clicks and $10 for each additional 2000 clicks\u003C\u002Fstrong>) and we keep screening your site visitors and protecting your ad budgets. If not…don’t pay the bill. The trial ends, we close your account and we thank you for giving us a try and you owe us nothing.\u003C\u002Fp>\n\u003Cp>It’s that simple. No gimmicks and no strings attached. We believe in our service and will prove it to you.\u003C\u002Fp>\n\u003Cp>Cancel anytime by simply not paying the last invoice because there are no contracts. If you choose to come back later, simply pay the unpaid invoice and we’re partners again.\u003C\u002Fp>\n\u003Ch4>Why is Bluefield Identity better?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Bluefield Identity screens ALL traffic, paid and organic and we screen for \u003Cstrong>ALL paid traffic sources\u003C\u002Fstrong>, not just Google, Meta and Microsoft.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bluefield Identity works on YOUR website and we don’t require access to your paid ads accounts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Bluefield Identity allows you to refine what traffic you allow by configuring your own filters (as of September 2024, we use 17 different filters). Create geofences, set click rate limits (3 separate tiers), deny access from proxy sources and much more. Bluefield Identity is a web application firewall designed from the ground up to defeat click fraud and other malicious activity.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Block click fraud, web scraping and other destructive actions with the most effective web application firewall in the industry.",917,"2024-09-30T21:40:00.000Z","6.5.8","5.0","5.6.20",[104,20,21,115],"paid-click","https:\u002F\u002Fgithub.com\u002FBluefield-Identity\u002Fwp-bluefield","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbluefield-identity.1.0.0.zip",92,{"attackSurface":120,"codeSignals":145,"taintFlows":167,"riskAssessment":168,"analyzedAt":176},{"hooks":121,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":13,"unprotectedCount":13},[122,128,132,136],{"type":123,"name":124,"callback":125,"file":126,"line":127},"action","admin_init","cff_handle_form_submission","click-fraud-free.php",27,{"type":123,"name":129,"callback":130,"file":126,"line":131},"pre_get_posts","exclude_post_from_admin",80,{"type":123,"name":133,"callback":134,"file":126,"line":135},"wp_footer","cff_Add_Text",90,{"type":123,"name":137,"callback":138,"file":139,"line":140},"admin_menu","cff_Add_My_Admin_Link","includes\\cff-functions.php",12,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":13,"externalRequests":13,"nonceChecks":31,"capabilityChecks":13,"bundledLibraries":166},[],{"prepared":13,"raw":13,"locations":148},[],{"escaped":150,"rawEcho":151,"locations":152},15,6,[153,156,158,160,162,164],{"file":139,"line":154,"context":155},42,"raw output",{"file":139,"line":157,"context":155},77,{"file":139,"line":159,"context":155},82,{"file":139,"line":161,"context":155},88,{"file":139,"line":163,"context":155},98,{"file":139,"line":165,"context":155},108,[],[],{"summary":169,"deductions":170},"The plugin \"click-fraud-free\" v1.0.0 demonstrates a strong security posture based on the provided static analysis and vulnerability history.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points indicates a minimal attack surface. Furthermore, the code shows good practices by exclusively using prepared statements for SQL queries and only one recorded nonce check, suggesting a cautious approach to handling user input for critical operations. The lack of any file operations or external HTTP requests also reduces potential vectors for compromise. The vulnerability history is entirely clear, with no known CVEs, which is a significant positive indicator of the plugin's security. However, a notable concern is the relatively low percentage of properly escaped output (71%). While not indicative of a critical vulnerability on its own, this leaves a small window for potential cross-site scripting (XSS) vulnerabilities if the unescaped outputs are user-controllable. The lack of capability checks on any potential entry points is also a weakness, as it means that even if an entry point were discovered, there's no granular control over which user roles can access it.",[171,174],{"reason":172,"points":173},"Low output escaping percentage",5,{"reason":175,"points":173},"No capability checks on entry points","2026-03-16T22:20:18.635Z",{"wat":178,"direct":183},{"assetPaths":179,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[],[],[],[],{"cssClasses":184,"htmlComments":186,"htmlAttributes":187,"restEndpoints":191,"jsGlobals":192,"shortcodeOutput":193},[185],"wrap",[],[188,189,190],"id=\"cff_code\"","name=\"cff_code\"","name=\"cff-custom-message\"",[],[],[]]