[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7PTdRDvXywCa6K7s1U9F2SOPtM7L0_91xI5757g2Gts":3},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":143,"fingerprints":196},"crazyegg-heatmap-tracking","Crazy Egg","2.12","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrazyegg\u002F","\u003Cp>Crazy Egg is a free plugin that allows you to painlessly add Crazy Egg’s tracking script to your WordPress site. The tracking script lets Crazy Egg track your visitors.\u003Cbr \u002F>\nThe plugin relies on a 3rd party as a service (www.crazyegg.com) in order to track visitor clicks and mouse movements. Please visit www.crazyegg.com\u002Fterms and www.crazyegg.com\u002Fprivacy to find out more about our policies.\u003C\u002Fp>\n","The easiest, free way to add your Crazy Egg tracking script to your WordPress site. The official Crazy Egg Plugin for WordPress.",7000,260860,76,5,"2024-11-08T16:58:00.000Z","6.7.5","2.0.2","",[19,20,21,22,23],"analytics","click","crazy-egg","crazyegg","heat-maps","http:\u002F\u002Fwww.crazyegg.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrazyegg-heatmap-tracking.2.12.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":22,"display_name":5,"profile_url":7,"plugin_count":32,"total_installs":10,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,88,"2026-04-04T05:26:36.626Z",[37,60,82,101,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"aurora-heatmap","Aurora Heatmap","1.7.1","r3098","https:\u002F\u002Fprofiles.wordpress.org\u002Fr3098\u002F","\u003Cp>Goddess Aurora is said to give light to the user world.\u003Cbr \u002F>\nThe name “Aurora Heatmap” visualizes user behavior with a beautiful heatmap.\u003Cbr \u002F>\nBringing light to the activation and optimization of your website.\u003C\u002Fp>\n\u003Ch4>The most important thing in site management.\u003C\u002Fh4>\n\u003Cp>That is, \u003Cem>Is the user satisfied?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Where do users see and move through the content?\u003C\u002Fli>\n\u003Cli>Whether the user is not confused?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Aurora Heatmap is the \u003Cstrong>strongest tool\u003C\u002Fstrong> for visualizing it.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Are you guiding users well?\u003C\u002Fli>\n\u003Cli>Conversion rate\u003C\u002Fli>\n\u003Cli>Are you missing out on prospects and readers?\u003C\u002Fli>\n\u003Cli>How is it evaluated by Google?\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You will be able to see the points of improvement.\u003C\u002Fp>\n\u003Ch4>Plugin features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>\u003Cem>No Coding\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>\u003Cem>No Setting\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You just install and activate the plugin.\u003Cbr \u002F>\nNo troublesome user registration or setup is required.\u003Cbr \u002F>\nIt works as default in most WordPress environments.\u003Cbr \u002F>\nAnd Aurora Heatmap is \u003Cstrong>complete with just plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The free version can check the click heat map of PC and mobile, and can be used on any number of sites.\u003Cbr \u002F>\nEven if it is free, there is no limit due to the number of PV and analysis pages.\u003C\u002Fp>\n\u003Ch4>Special notes\u003C\u002Fh4>\n\u003Cp>If it does not work well when used with a cache plugin, turn off JavaScript-related optimization, or exclude jQuery and Aurora Heatmap measurement script (reporter.js) from optimization.\u003Cbr \u002F>\nFor more details, please refer to \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap#oc-1\" rel=\"nofollow ugc\">official site description page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Aurora Heatmap can be used with the following cache plugins.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP Rocket\u003C\u002Fli>\n\u003Cli>W3 Total Cache\u003C\u002Fli>\n\u003Cli>WP Super Cache\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage and support\u003C\u002Fh4>\n\u003Cp>More detailed usage and FAQs are provided on the \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap\" rel=\"nofollow ugc\">Aurora Heatmap official site\u003C\u002Fa>.\u003Cbr \u002F>\nIf you can’t find the answer to your question in those documents, use the WordPress.org \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Faurora-heatmap\u002F\" rel=\"ugc\">support forum\u003C\u002Fa>.\u003Cbr \u002F>\nThe premium version has priority email support.\u003C\u002Fp>\n\u003Ch4>About privacy\u003C\u002Fh4>\n\u003Cp>This plugin \u003Cstrong>does not\u003C\u002Fstrong> perform the following operations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User tracking\u003C\u002Fli>\n\u003Cli>Send recorded data to external server\u003C\u002Fli>\n\u003Cli>Use of cookies\u003C\u002Fli>\n\u003Cli>Record of personally identifiable data including IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Aurora Heatmap Free version 90 seconds demo\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3W17Gg_vbHg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Beautiful like an aurora! A simple WordPress heatmap that can be completed with just a plugin.",20000,357256,94,7,"2025-04-14T09:25:00.000Z","6.8.0","4.9","7.0",[19,54,20,55,56],"analyze","heatmap","japanese","https:\u002F\u002Fmarket.seous.info\u002Faurora-heatmap","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faurora-heatmap.1.7.1.zip",100,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":80,"download_link":81,"security_score":59,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"clicky-analytics","Clicky Analytics","2.2.4","Alin Marcu","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeconf\u002F","\u003Cp>Using a widget, \u003Ca href=\"https:\u002F\u002Fdeconf.com\u002Fclicky-analytics-dashboard-wordpress\u002F\" rel=\"nofollow ugc\">Clicky Analytics Plugin\u003C\u002Fa> displays detailed info and stats about: online users, number of visits, number of actions, bounce rates, organic searches, time average directly on your Admin Dashboard.\u003C\u002Fp>\n\u003Cp>This plugin automatically inserts \u003Ca href=\"https:\u002F\u002Fclicky.com\u002F66508224\" rel=\"nofollow ugc\">Clicky Web Analytics\u003C\u002Fa> cookieless tracking code in each page of your website.\u003C\u002Fp>\n\u003Ch4>Clicky Admin Dashboard features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>you can access your website’s basic statistics in a widget on your Administration Dashboard\u003C\u002Fli>\n\u003Cli>cache feature, this improves loading speeds\u003C\u002Fli>\n\u003Cli>access level settings\u003C\u002Fli>\n\u003Cli>option to display top 30 pages, referrers and searches (sortable by columns)\u003C\u002Fli>\n\u003Cli>option to display Clicky Analytics statistics on frontend, at the end of each article\u003C\u002Fli>\n\u003Cli>has multilingual support, a POT file is available for translations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Clicky Tracking features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>cookieless tracking\u003C\u002Fli>\n\u003Cli>enable\u002Fdisable Clicky Web Analytics tracking code\u003C\u002Fli>\n\u003Cli>user names tracking feature\u003C\u002Fli>\n\u003Cli>e-mails tracking feature\u003C\u002Fli>\n\u003Cli>video actions tracking for Youtube\u003C\u002Fli>\n\u003Cli>video actions tracking for HTML5\u003C\u002Fli>\n\u003Cli>asynchronously load of Clicky Web Analytics tracking code\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>User privacy oriented features (GDPR and other):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP address anonymization\u003C\u002Fli>\n\u003Cli>global opt-out feature\u003C\u002Fli>\n\u003Cli>tools to comply with GDPR requests from your visitors\u003C\u002Fli>\n\u003Cli>cookie-free\u002Fcookieless tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Clicky Custom Dashboard:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>all clicky stats are available in a custom dashboard, under your blog’s administration panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some features like video analytics and custom data tracking will require a \u003Ca href=\"https:\u002F\u002Fclicky.com\u002F66508224\" rel=\"nofollow ugc\">Clicky Analytics Pro\u003C\u002Fa> account.\u003C\u002Fp>\n\u003Ch4>Further reading\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch-engine-insights\u002F\" rel=\"ugc\">Search Engine Insights\u003C\u002Fa> – The perfect tool for viewing Google Search Console stats in your WordPress dashboard.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanalytics-insights\u002F\" rel=\"ugc\">Analytics Insights\u003C\u002Fa> – Connects Google Analytics with your WordPress site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin it’s released under the GPLv2, you can use it free of charge on your personal or commercial website.\u003C\u002Fp>\n","This plugin will display Clicky Web Analytics data and statistics inside your WordPress Administration Dashboard.",10000,367991,90,25,"2026-01-04T10:46:00.000Z","6.9.4","2.8","5.2.4",[19,77,78,79],"clicky","statistics","stats","https:\u002F\u002Fdeconf.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclicky-analytics.2.2.4.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":59,"num_ratings":32,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":97,"download_link":98,"security_score":99,"vuln_count":32,"unpatched_count":27,"last_vuln_date":100,"fetched_at":29},"userheat","UserHeat Plugin","1.1.11","hayata","https:\u002F\u002Fprofiles.wordpress.org\u002Fhayata\u002F","\u003Cp>UserHeat is free heatmap analytics plugin to visualize user behavior\u003Cbr \u002F>\nboth PC and smartphone.\u003Cbr \u002F>\nIt takes just one step and 30 seconds to start analysis.\u003C\u002Fp>\n\u003Cp>The key features of the plugin are:\u003C\u002Fp>\n\u003Cp>・3 Heatmap(gaze,click,mouse track) reveals see exactly where your\u003Cbr \u002F>\nvisitors click on the page, see how much attention a specific area\u003Cbr \u002F>\ngets by thermography\u003C\u002Fp>\n\u003Cp>・Optimize forms usability to improve submission rates.\u003C\u002Fp>\n\u003Cp>・It is available not only for PC but also smartphones and tablet devices.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fen.userheat.com\" rel=\"nofollow ugc\">userheat\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Free heatmaps plugin for web analytics, on both PC and smartphone.",6000,35492,"2024-04-01T07:58:00.000Z","5.6.17","4.2","5.4",[19,54,20,55,56],"http:\u002F\u002Fuserheat.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserheat.1.1.11.zip",85,"2023-11-07 00:00:00",{"slug":77,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":99,"vuln_count":32,"unpatched_count":27,"last_vuln_date":121,"fetched_at":29},"Clicky by Yoast","2.0","Joost de Valk","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoostdevalk\u002F","\u003Cp>Integrates the \u003Ca href=\"http:\u002F\u002Fclicky.com\u002F145844\" rel=\"nofollow ugc\">Clicky web analytics\u003C\u002Fa> service into your blog.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically adding your Clicky tracking code everywhere.\u003C\u002Fli>\n\u003Cli>Option to ignore admins.\u003C\u002Fli>\n\u003Cli>Option to store names of commenters.\u003C\u002Fli>\n\u003Cli>Option to disable the use of cookies.\u003C\u002Fli>\n\u003Cli>Stores comments as an action using the Clicky \u003Ca href=\"https:\u002F\u002Fsecure.getclicky.com\u002Fhelp\u002Fcustomization\u002Fmanual#internal\" rel=\"nofollow ugc\">internal data logging API\u003C\u002Fa>. This requires a \u003Ca href=\"http:\u002F\u002Fclicky.com\u002F145844\" rel=\"nofollow ugc\">pro account\u003C\u002Fa> to work.\u003C\u002Fli>\n\u003Cli>Option to track posts & pages as goals and assign a revenue to that page or post.\u003C\u002Fli>\n\u003Cli>An overview of your site’s statistics on your dashboard.\u003C\u002Fli>\n\u003Cli>Easily add outbound link pattern matching for affiliate links etc.\u003C\u002Fli>\n\u003Cli>Adds a small stats indicator of visitors in the last 48 to the WordPress toolbar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Read the authors \u003Ca href=\"https:\u002F\u002Fyoast.com\u002Fclicky-analytics-review\u002F\" rel=\"nofollow ugc\">review of Clicky Analytics\u003C\u002Fa> if you want to see a bit more of the cool integration this plugin provides.\u003C\u002Fp>\n\u003Ch3>Have you found an issue?\u003C\u002Fh3>\n\u003Cp>If you have bugs to report, please go to \u003Ca href=\"\u002F\u002Fgithub.com\u002Fjdevalk\u002Fclicky\" rel=\"nofollow ugc\">the plugin’s GitHub repository\u003C\u002Fa>. For security issues, please use our \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fclicky\" rel=\"nofollow ugc\">vulnerability disclosure program\u003C\u002Fa>, which is managed by PatchStack. They will assist you with verification, CVE assignment, and, of course, notify us.\u003C\u002Fp>\n","Integrates the Clicky web analytics service into your blog and adds features for comment tracking & more.",4000,352613,96,11,"2023-04-06T13:32:00.000Z","6.1.10","5.9","5.6",[117,19,77,118,78],"affiliate","getclicky","https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002Fclicky\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclicky.2.0.zip","2016-07-27 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":27,"num_ratings":27,"last_updated":132,"tested_up_to":73,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":141,"download_link":142,"security_score":59,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"clixtell-tracking-dynamic-phones","Clixtell","2.4","clixtell","https:\u002F\u002Fprofiles.wordpress.org\u002Fclixtell\u002F","\u003Cp>\u003Cstrong>Clixtell Tracking & Dynamic Phones\u003C\u002Fstrong> helps businesses protect their advertising budget and improve conversion tracking by integrating Clixtell’s advanced click fraud detection and dynamic call tracking technology into WordPress.\u003C\u002Fp>\n\u003Cp>With this plugin you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detect and block fraudulent clicks\u003C\u002Fli>\n\u003Cli>Track phone calls accurately from paid traffic\u003C\u002Fli>\n\u003Cli>Enable Dynamic Phone Insertion (DNI)\u003C\u002Fli>\n\u003Cli>Integrate seamlessly with your existing Clixtell account\u003C\u002Fli>\n\u003Cli>Avoid complex code changes or manual script insertion\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>An active \u003Cstrong>Clixtell account\u003C\u002Fstrong> is required to use this plugin.\u003C\u002Fp>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fwww.clixtell.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.clixtell.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy WordPress integration\u003C\u002Fli>\n\u003Cli>Dynamic Phone Insertion (optional toggle)\u003C\u002Fli>\n\u003Cli>Automatic script loading\u003C\u002Fli>\n\u003Cli>Clean and secure WordPress Settings API usage\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003Cli>No theme modification required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Clixtell\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check \u003Cstrong>Activate Dynamic Call Tracking\u003C\u002Fstrong> to enable Dynamic Phone Insertion\u003C\u002Fli>\n\u003Cli>Save changes\u003C\u002Fli>\n\u003Cli>Ensure your Clixtell account is properly configured\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Tracking scripts are automatically injected on the frontend once enabled.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Clixtell Tracking & Dynamic Phones does not store or process personal data locally.\u003Cbr \u002F>\nAll tracking, analytics, and data processing are handled by Clixtell services.\u003Cbr \u002F>\nPlease review Clixtell’s Privacy Policy at:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.clixtell.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For documentation and support:\u003Cbr \u002F>\n* https:\u002F\u002Fsupport.clixtell.com\u003Cbr \u002F>\n* https:\u002F\u002Fwww.clixtell.com\u003C\u002Fp>\n","Clixtell Tracking & Dynamic Phones integrates Clixtell click fraud detection and dynamic phone number insertion into your WordPress site.",1000,8147,"2026-02-07T05:14:00.000Z","5.5","7.2",[136,137,138,139,140],"call-tracking","click-fraud","dynamic-phone","marketing-analytics","tracking","https:\u002F\u002Fwww.clixtell.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclixtell-tracking-dynamic-phones.zip",{"attackSurface":144,"codeSignals":172,"taintFlows":183,"riskAssessment":184,"analyzedAt":195},{"hooks":145,"ajaxHandlers":168,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":27,"unprotectedCount":27},[146,152,156,160,164],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","wp_head","add_script","crazyegg-heatmap-tracking.php",19,{"type":147,"name":153,"callback":154,"file":150,"line":155},"admin_menu","admin_menu_page",21,{"type":147,"name":157,"callback":158,"file":150,"line":159},"admin_init","register_settings",22,{"type":147,"name":161,"callback":162,"file":150,"line":163},"wp_loaded","migration_check",24,{"type":147,"name":165,"callback":166,"file":150,"line":167},"init","CrazyEggForWordPress",83,[],[],[],[],{"dangerousFunctions":173,"sqlUsage":174,"outputEscaping":176,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":182},[],{"prepared":27,"raw":27,"locations":175},[],{"escaped":177,"rawEcho":32,"locations":178},2,[179],{"file":150,"line":180,"context":181},33,"raw output",[],[],{"summary":185,"deductions":186},"The 'crazyegg-heatmap-tracking' plugin, version 2.12, presents a generally strong security posture based on the provided static analysis. There are no identified vulnerabilities in its history, and the static analysis reveals a clean bill of health regarding dangerous functions, SQL injection risks (all queries use prepared statements), file operations, and external HTTP requests. The absence of any identified CVEs further reinforces this positive outlook.  \n\nHowever, a notable concern is the complete lack of capability checks and nonce checks across all potential entry points. While the plugin currently reports zero entry points, this is a significant architectural weakness. Should any entry points be introduced or discovered in future updates or through interactions with other plugins\u002Fthemes, the absence of these fundamental security mechanisms would create an immediate and severe risk of unauthorized access and action. The low percentage of properly escaped output (67%) also indicates a potential for cross-site scripting (XSS) vulnerabilities, though the limited number of outputs might mitigate the immediate impact.\n\nIn conclusion, the plugin demonstrates good development practices by avoiding common pitfalls like raw SQL and dangerous functions. The vulnerability history is excellent. The primary weakness lies in the complete absence of authorization and integrity checks, which, while not currently exploitable due to a zero attack surface, represents a critical potential vulnerability that needs to be addressed proactively.",[187,190,192],{"reason":188,"points":189},"No capability checks found",10,{"reason":191,"points":189},"No nonce checks found",{"reason":193,"points":194},"Only 67% of outputs properly escaped",4,"2026-03-16T17:58:22.794Z",{"wat":197,"direct":204},{"assetPaths":198,"generatorPatterns":199,"scriptPaths":200,"versionParams":202},[],[],[201],"\u002Fwp-content\u002Fplugins\u002Fcrazyegg-heatmap-tracking\u002Fjs\u002Fcrazyegg-heatmap-tracking.js",[203],"crazyegg-heatmap-tracking\u002Fjs\u002Fcrazyegg-heatmap-tracking.js?ver=",{"cssClasses":205,"htmlComments":206,"htmlAttributes":207,"restEndpoints":209,"jsGlobals":210,"shortcodeOutput":212},[],[],[208],"data-crazyegg-tracking-id",[],[211,166],"CrazyEgg",[]]