[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQ88vOaHsQ9UZhSR1-Fz7aSHfi6cIqY6Wjj3j_4iyL3g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":126,"fingerprints":583},"dm-user-tracking-plugin","DM User Tracking","1.9.1","digmedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigmedia\u002F","\u003Cp>The DM User Tracking plugin is a fully featured, page by page tracking plugin for your blog. Every time a page is visited on your blog, the plugin logs a whole host of information on the person who visited the page.\u003C\u002Fp>\n\u003Cp>The plugin is totally customisable from what you decide to track to what you decide you want to see. There is an optional dashboard widget included for a quick overview of recent visitors as well as a search feature for you to accurately sift through your tracking log and find the results you are looking for.\u003C\u002Fp>\n\u003Cp>\u003Cem>Data that is tracked by default:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP address (including an attempt to locate IP addresses from behind a proxy)\u003C\u002Fli>\n\u003Cli>The HTTP referrer (what page the user was viewing before they clicked)\u003C\u002Fli>\n\u003Cli>The time of the click\u003C\u002Fli>\n\u003Cli>User ID\u003C\u002Fli>\n\u003Cli>User Level (admin, editor, so on)\u003C\u002Fli>\n\u003Cli>Display Name\u003C\u002Fli>\n\u003Cli>Browser\u003C\u002Fli>\n\u003Cli>Operating System\u003C\u002Fli>\n\u003Cli>The page they visited\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Data that is not tracked by default but can be enabled:\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>GET variables\u003C\u002Fli>\n\u003Cli>POST variables\u003C\u002Fli>\n\u003Cli>Cookies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please be sure to read the “Other Notes” section to view your responsibilities\u003Cbr \u002F>\nin using this plugin.\u003C\u002Fp>\n\u003Ch3>Your Responsibility\u003C\u002Fh3>\n\u003Cp>Upon installing this plugin you need to realise that you are potentially logging\u003Cbr \u002F>\na lot of sensitive information on your users. You accept that by installing this\u003Cbr \u002F>\nplugin you are accepting not to misuse or abuse this data in any way. I will not\u003Cbr \u002F>\ntake responsibility of any case of misuse of data caused by this plugin. That is\u003Cbr \u002F>\nthe sole responsibility of the person who installed the plugin..This plugin is currently incompatible with the multi user function of wordpress we are working on updating the plugin to support the multiuser functionality.\u003C\u002Fp>\n\u003Cp>.This plugin does not currently support blocking of ip addresses.\u003C\u002Fp>\n","An extensive, customisable, fully featured user tracking plugin.",10,6372,40,3,"","3.5.3","3.5.1",[19,20,21,22,23],"activity","auditing","dm","logging","tracking","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdm-user-tracking-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdm-user-tracking-plugin.zip",100,0,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,94,"2026-04-04T22:00:39.577Z",[37,61,80,95,109],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":26,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":57,"download_link":58,"security_score":59,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":60},"last-login-tracker-redirect-url","Last Login Tracker & Redirect URL","1.1.0","Khurram Sohail","https:\u002F\u002Fprofiles.wordpress.org\u002Fkhurram50\u002F","\u003Cp>Track the last login time of users and optionally redirect 404 pages to the homepage. Includes an admin settings page.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>✅ Tracks user last login\u003Cbr \u002F>\n✅ Displays last login time in WordPress Users list\u003Cbr \u002F>\n✅ Sortable Last Login column\u003Cbr \u002F>\n✅ Enable\u002FDisable login tracking\u003Cbr \u002F>\n✅ Redirect 404 pages to homepage\u003Cbr \u002F>\n✅ Lightweight & optimized\u003C\u002Fp>\n","Tracks user last login and allows redirection of 404 pages to the homepage.",539,2,"2025-03-29T20:06:00.000Z","6.7.5","5.0","7.2",[52,53,54,55,56],"404-redirect","admin-tools","last-login","login-tracking","user-activity","https:\u002F\u002Fkhurram.site\u002Fwordpress-plugins\u002Flast-login-tracker-redirect-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flast-login-tracker-redirect-url.1.1.0.zip",92,"2026-03-15T15:16:48.613Z",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":11,"downloaded":69,"rating":27,"num_ratings":27,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":77,"download_link":78,"security_score":79,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":60},"lyon-site-activity","Lyon Site Activity","2.0.2","Wheaton College","https:\u002F\u002Fprofiles.wordpress.org\u002Fwheatoncollege\u002F","\u003Cp>A simple, lightweight plugin that gives site administrators an at-a-glance view of recent content edits.\u003C\u002Fp>\n\u003Cp>A single screen under the \u003Cstrong>Tools\u003C\u002Fstrong> menu  shows tabular data for the latest created, latest modified, and\u002For latest trashed post, pages, or custom post types.  You can also find the latest created taxonomies and custom taxonomies, along with latest added media elements (currently only PDF application types are supported.)  Dynamic navigation control is found in a sticky element at the top of the page, allowing fast access to special areas of interest.\u003C\u002Fp>\n\u003Cp>A single screen under the \u003Cstrong>Settings\u003C\u002Fstrong> menu will allow you to show only those posts, custom post types, taxonomies, or custom taxonomies that you are interested in seeing.  Please note that while custom post type and custom taxonomies you create will be listed here, it does not mean that they are fully supported at this time.  They should work as desired, but custom post types and custom taxonomies can be tricky.\u003C\u002Fp>\n\u003Ch3>Background\u003C\u002Fh3>\n\u003Cp>This plugin was designed to fulfill a need of Wheaton College, Norton MA. We wanted to track \u003Cem>some\u003C\u002Fem> editor activity without storing records in the database. The guiding principle was that the code would be lightweight and \u003Cem>read only\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>One use case is to review recent edits to ensure user compliance with existing guidelines.\u003C\u002Fp>\n\u003Cp>Another is to review if there have been any recent edits at all.\u003C\u002Fp>\n\u003Cp>This plugin supplements our paid site monitoring software. The idea is to catch issues early, providing a teaching opportunity for web editors that are less experienced.\u003C\u002Fp>\n","A simple, lightweight plugin that gives site administrators an at-a-glance view of recent content edits.",1385,"2020-09-28T17:10:00.000Z","5.3.21","3.5","5.4.0",[75,22,76],"admin","site-activity","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flyon-site-activity\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flyon-site-activity.zip",85,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":27,"num_ratings":27,"last_updated":89,"tested_up_to":48,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":15,"download_link":94,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":60},"user-activity-tracker","User Activity Tracker","1.0.0","whizPlugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhizplugins\u002F","\u003Cp>User Activity Tracker is a lightweight and efficient WordPress plugin that allows you to track and log user activities on your site. Whether you need to monitor login attempts, content updates, or administrative changes, this plugin provides real-time tracking and reporting.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Tracks user logins, post updates, and administrative actions.\u003Cbr \u002F>\n– Displays recent user activity in an easy-to-read format.\u003Cbr \u002F>\n– Secure and optimized for performance.\u003Cbr \u002F>\n– Compatible with the latest version of WordPress.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, visit the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-activity-tracker\" rel=\"ugc\">plugin support forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Hazrath Ali (https:\u002F\u002Fgithub.com\u002FHazrath15).\u003C\u002Fp>\n","Track and monitor user activity effortlessly with User Activity Tracker. Stay informed about actions taken on your site.",320,"2025-06-12T16:22:00.000Z","5.6","7.4",[93,22,23,56],"custom","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-activity-tracker.zip",{"slug":96,"name":97,"version":83,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":27,"downloaded":102,"rating":27,"num_ratings":27,"last_updated":15,"tested_up_to":48,"requires_at_least":49,"requires_php":91,"tags":103,"homepage":107,"download_link":108,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"logaction","LogAction – Activity Logs for Admin","Sylvanus","https:\u002F\u002Fprofiles.wordpress.org\u002Fgblessylva\u002F","\u003Cp>\u003Cstrong>LogAction – Activity Logs for Admin\u003C\u002Fstrong> is a powerful WordPress plugin that provides a detailed activity logging system for your website. It tracks user actions, changes, and events, allowing site administrators to monitor activity, enhance security, and improve user experience. With an intuitive interface and customizable features, LogAction makes managing your site’s activity a breeze.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Tracks user logins, post updates, plugin activations, and more.\u003C\u002Fli>\n\u003Cli>View logs in an intuitive interface.\u003C\u002Fli>\n\u003Cli>Export logs to CSV for offline analysis or reporting.\u003C\u002Fli>\n\u003Cli>Customize logging preferences to suit your site’s needs.\u003C\u002Fli>\n\u003Cli>Filter logs by date and actions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is essential for administrators aiming to monitor activity, troubleshoot issues, and enhance their site’s security posture.\u003C\u002Fp>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Ensure your PHP version is at least 7.4 for optimal performance.\u003C\u002Fli>\n\u003Cli>Compatible with the latest WordPress version.\u003C\u002Fli>\n\u003C\u002Ful>\n","Track and log WordPress activities to monitor and improve your site's security and administrative tasks.",377,[104,53,22,105,106],"activity-log","security","wordpress","https:\u002F\u002Fgithub.com\u002Fgblessylva\u002FLogAction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogaction.1.0.0.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":27,"downloaded":117,"rating":27,"num_ratings":27,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":50,"tags":121,"homepage":15,"download_link":125,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":60},"order-user-last-viewed","User Who Last Viewed The Order","1.0.3","Dits.Agency","https:\u002F\u002Fprofiles.wordpress.org\u002Fditsagency\u002F","\u003Cp>\u003Cstrong>User Who Last Viewed The Order\u003C\u002Fstrong> is a lightweight admin tool for WooCommerce.\u003C\u002Fp>\n\u003Cp>It adds a “Last viewed” column to the order list in your dashboard.\u003Cbr \u002F>\nThis shows who last opened or previewed each order — including their username and the time they did it.\u003C\u002Fp>\n\u003Cp>Perfect for multi-admin stores or support teams where multiple users process orders.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Adds “Last viewed” column in WooCommerce \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Orders\u003Cbr \u002F>\n– Automatically logs the user and time when the order is opened\u003Cbr \u002F>\n– Works with full order view and popup preview\u003Cbr \u002F>\n– Uses AJAX to update without page reload\u003Cbr \u002F>\n– Fully translatable (.pot\u002F.po\u002F.mo files included)\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect or store any personal data.\u003C\u002Fp>\n","Displays the user who last viewed a WooCommerce order in the admin panel, with timestamp.",274,"2026-03-04T03:19:00.000Z","6.9.4","5.5",[75,122,123,56,124],"order-tracking","orders","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Forder-user-last-viewed.1.0.3.zip",{"attackSurface":127,"codeSignals":178,"taintFlows":433,"riskAssessment":567,"analyzedAt":582},{"hooks":128,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":27,"unprotectedCount":27},[129,135,140,144,148,152,155,159,162,164],{"type":130,"name":131,"callback":132,"file":133,"line":134},"filter","cron_schedules","lbakut_cron_schedules","lbak_user_tracking.php",75,{"type":136,"name":137,"callback":138,"file":133,"line":139},"action","wp_dashboard_setup","lbakut_dashboard_setup",81,{"type":136,"name":141,"callback":142,"file":133,"line":143},"wp_loaded","lbakut_log_activity_start",82,{"type":136,"name":145,"callback":146,"file":133,"line":147},"admin_menu","lbakut_admin_menu",83,{"type":136,"name":149,"callback":150,"file":133,"line":151},"admin_head","lbakut_add_admin_header",84,{"type":130,"name":153,"callback":154,"file":133,"line":79},"the_content","lbakut_parse_shortcode",{"type":136,"name":156,"callback":157,"file":133,"line":158},"admin_print_scripts-index.php","lbakut_add_scripts",86,{"type":136,"name":160,"callback":160,"file":133,"line":161},"lbakut_update_browscap",99,{"type":136,"name":163,"callback":163,"file":133,"line":26},"lbakut_do_cache_and_stats",{"type":136,"name":165,"callback":165,"file":133,"line":166},"lbakut_database_management_cron",101,[],[],[],[171,174,176],{"hook":160,"callback":160,"file":172,"line":173},"php_includes\\housekeeping.php",354,{"hook":163,"callback":163,"file":172,"line":175},360,{"hook":165,"callback":165,"file":172,"line":177},366,{"dangerousFunctions":179,"sqlUsage":201,"outputEscaping":283,"fileOperations":14,"externalRequests":32,"nonceChecks":206,"capabilityChecks":46,"bundledLibraries":432},[180,185,188,191,195,198],{"fn":181,"file":182,"line":183,"context":184},"unserialize","php_includes\\stats.php",329,"if (unserialize($curr[$k]) != false) {",{"fn":181,"file":182,"line":186,"context":187},330,"$curr[$k] = unserialize($curr[$k]);",{"fn":181,"file":182,"line":189,"context":190},410,"$script_names = unserialize($row[0]);",{"fn":181,"file":192,"line":193,"context":194},"php_includes\\visual.php",814,"$users = unserialize($row->user_ids);",{"fn":181,"file":192,"line":196,"context":197},825,"$pages = unserialize($row->page_views);",{"fn":181,"file":192,"line":199,"context":200},834,"$user_agents = unserialize($row->user_agents);",{"prepared":27,"raw":202,"locations":203},39,[204,208,210,212,213,215,217,219,221,223,226,228,230,232,234,236,237,239,240,242,245,247,249,251,253,255,257,259,261,263,265,267,269,271,274,276,277,279,281],{"file":205,"line":206,"context":207},"php_includes\\admin\\dbmanagement.php",8,"$wpdb->query() with variable interpolation",{"file":205,"line":209,"context":207},12,{"file":205,"line":211,"context":207},18,{"file":205,"line":33,"context":207},{"file":205,"line":214,"context":207},42,{"file":205,"line":216,"context":207},52,{"file":205,"line":218,"context":207},61,{"file":205,"line":220,"context":207},65,{"file":205,"line":222,"context":207},69,{"file":224,"line":33,"context":225},"php_includes\\admin\\search.php","$wpdb->get_results() with variable interpolation",{"file":172,"line":227,"context":207},289,{"file":172,"line":229,"context":207},290,{"file":172,"line":231,"context":207},291,{"file":172,"line":233,"context":207},382,{"file":172,"line":235,"context":207},385,{"file":182,"line":11,"context":225},{"file":182,"line":238,"context":225},15,{"file":182,"line":202,"context":225},{"file":182,"line":220,"context":241},"$wpdb->get_row() with variable interpolation",{"file":182,"line":243,"context":244},77,"$wpdb->get_var() with variable interpolation",{"file":182,"line":246,"context":225},80,{"file":182,"line":248,"context":225},209,{"file":182,"line":250,"context":241},233,{"file":182,"line":252,"context":225},268,{"file":182,"line":254,"context":241},273,{"file":182,"line":256,"context":241},276,{"file":182,"line":258,"context":225},279,{"file":182,"line":260,"context":225},283,{"file":182,"line":262,"context":225},288,{"file":182,"line":264,"context":244},322,{"file":182,"line":266,"context":241},326,{"file":182,"line":268,"context":241},439,{"file":182,"line":270,"context":244},448,{"file":272,"line":273,"context":207},"php_includes\\upgrades.php",53,{"file":272,"line":275,"context":207},76,{"file":272,"line":243,"context":207},{"file":192,"line":278,"context":244},589,{"file":192,"line":280,"context":225},593,{"file":192,"line":282,"context":241},809,{"escaped":211,"rawEcho":139,"locations":284},[285,288,289,290,292,294,296,299,301,303,305,307,309,311,314,317,319,321,323,325,327,329,331,333,335,337,339,341,343,344,346,347,348,350,351,353,355,357,358,360,362,364,366,368,369,371,373,375,377,379,381,383,385,387,389,391,393,395,398,399,400,402,404,406,407,409,411,412,414,415,416,417,419,421,424,425,426,427,428,429,430],{"file":205,"line":286,"context":287},79,"raw output",{"file":205,"line":151,"context":287},{"file":205,"line":161,"context":287},{"file":205,"line":291,"context":287},129,{"file":205,"line":293,"context":287},321,{"file":205,"line":295,"context":287},352,{"file":297,"line":298,"context":287},"php_includes\\admin\\displaysettings.php",31,{"file":297,"line":300,"context":287},44,{"file":297,"line":302,"context":287},56,{"file":304,"line":238,"context":287},"php_includes\\admin\\filemanagement.php",{"file":304,"line":306,"context":287},20,{"file":304,"line":308,"context":287},71,{"file":304,"line":310,"context":287},72,{"file":312,"line":313,"context":287},"php_includes\\admin\\log.php",11,{"file":315,"line":316,"context":287},"php_includes\\admin\\mainsettings.php",121,{"file":315,"line":318,"context":287},127,{"file":315,"line":320,"context":287},147,{"file":315,"line":322,"context":287},228,{"file":315,"line":324,"context":287},263,{"file":315,"line":326,"context":287},286,{"file":315,"line":328,"context":287},302,{"file":315,"line":330,"context":287},323,{"file":315,"line":332,"context":287},356,{"file":315,"line":334,"context":287},365,{"file":315,"line":336,"context":287},396,{"file":315,"line":338,"context":287},409,{"file":315,"line":340,"context":287},442,{"file":315,"line":342,"context":287},485,{"file":224,"line":214,"context":287},{"file":224,"line":345,"context":287},64,{"file":224,"line":308,"context":287},{"file":224,"line":134,"context":287},{"file":224,"line":349,"context":287},78,{"file":224,"line":151,"context":287},{"file":224,"line":352,"context":287},88,{"file":224,"line":354,"context":287},91,{"file":224,"line":356,"context":287},97,{"file":224,"line":166,"context":287},{"file":224,"line":359,"context":287},104,{"file":224,"line":361,"context":287},110,{"file":224,"line":363,"context":287},114,{"file":224,"line":365,"context":287},117,{"file":224,"line":367,"context":287},123,{"file":224,"line":318,"context":287},{"file":224,"line":370,"context":287},130,{"file":224,"line":372,"context":287},136,{"file":224,"line":374,"context":287},140,{"file":224,"line":376,"context":287},143,{"file":224,"line":378,"context":287},148,{"file":224,"line":380,"context":287},153,{"file":224,"line":382,"context":287},154,{"file":224,"line":384,"context":287},155,{"file":224,"line":386,"context":287},158,{"file":224,"line":388,"context":287},159,{"file":224,"line":390,"context":287},160,{"file":224,"line":392,"context":287},185,{"file":224,"line":394,"context":287},208,{"file":396,"line":397,"context":287},"php_includes\\admin\\stats.php",28,{"file":396,"line":33,"context":287},{"file":396,"line":298,"context":287},{"file":396,"line":401,"context":287},32,{"file":396,"line":403,"context":287},50,{"file":396,"line":405,"context":287},67,{"file":396,"line":151,"context":287},{"file":396,"line":408,"context":287},95,{"file":396,"line":410,"context":287},96,{"file":396,"line":356,"context":287},{"file":396,"line":413,"context":287},98,{"file":396,"line":161,"context":287},{"file":396,"line":26,"context":287},{"file":396,"line":166,"context":287},{"file":396,"line":418,"context":287},102,{"file":396,"line":420,"context":287},103,{"file":422,"line":423,"context":287},"php_includes\\admin\\userstats.php",14,{"file":422,"line":403,"context":287},{"file":422,"line":302,"context":287},{"file":172,"line":293,"context":287},{"file":192,"line":214,"context":287},{"file":192,"line":273,"context":287},{"file":192,"line":345,"context":287},{"file":192,"line":431,"context":287},125,[],[434,460,469,478,487,541],{"entryPoint":435,"graph":436,"unsanitizedCount":27,"severity":459},"\u003Cdbmanagement> (php_includes\\admin\\dbmanagement.php:0)",{"nodes":437,"edges":455},[438,443,448,451],{"id":439,"type":440,"label":441,"file":205,"line":442},"n0","source","$_POST",41,{"id":444,"type":445,"label":446,"file":205,"line":214,"wp_function":447},"n1","sink","query() [SQLi]","query",{"id":449,"type":440,"label":450,"file":205,"line":291},"n2","$_SERVER['PHP_SELF'] (x2)",{"id":452,"type":445,"label":453,"file":205,"line":291,"wp_function":454},"n3","echo() [XSS]","echo",[456,458],{"from":439,"to":444,"sanitized":457},true,{"from":449,"to":452,"sanitized":457},"low",{"entryPoint":461,"graph":462,"unsanitizedCount":27,"severity":459},"\u003Cdisplaysettings> (php_includes\\admin\\displaysettings.php:0)",{"nodes":463,"edges":467},[464,466],{"id":439,"type":440,"label":465,"file":297,"line":300},"$_SERVER['PHP_SELF']",{"id":444,"type":445,"label":453,"file":297,"line":300,"wp_function":454},[468],{"from":439,"to":444,"sanitized":457},{"entryPoint":470,"graph":471,"unsanitizedCount":32,"severity":459},"\u003Cfilemanagement> (php_includes\\admin\\filemanagement.php:0)",{"nodes":472,"edges":475},[473,474],{"id":439,"type":440,"label":465,"file":304,"line":308},{"id":444,"type":445,"label":453,"file":304,"line":308,"wp_function":454},[476],{"from":439,"to":444,"sanitized":477},false,{"entryPoint":479,"graph":480,"unsanitizedCount":27,"severity":459},"\u003Cmainsettings> (php_includes\\admin\\mainsettings.php:0)",{"nodes":481,"edges":485},[482,484],{"id":439,"type":440,"label":483,"file":315,"line":318},"$_SERVER['PHP_SELF'] (x5)",{"id":444,"type":445,"label":453,"file":315,"line":318,"wp_function":454},[486],{"from":439,"to":444,"sanitized":457},{"entryPoint":488,"graph":489,"unsanitizedCount":11,"severity":459},"\u003Csearch> (php_includes\\admin\\search.php:0)",{"nodes":490,"edges":531},[491,492,493,495,496,499,501,504,506,509,511,514,516,519,521,524,526,529],{"id":439,"type":440,"label":450,"file":224,"line":345},{"id":444,"type":445,"label":453,"file":224,"line":345,"wp_function":454},{"id":449,"type":440,"label":494,"file":224,"line":349},"$_GET['display_name']",{"id":452,"type":445,"label":453,"file":224,"line":349,"wp_function":454},{"id":497,"type":440,"label":498,"file":224,"line":354},"n4","$_GET['user_id']",{"id":500,"type":445,"label":453,"file":224,"line":354,"wp_function":454},"n5",{"id":502,"type":440,"label":503,"file":224,"line":359},"n6","$_GET['user_level']",{"id":505,"type":445,"label":453,"file":224,"line":359,"wp_function":454},"n7",{"id":507,"type":440,"label":508,"file":224,"line":365},"n8","$_GET['ip_address']",{"id":510,"type":445,"label":453,"file":224,"line":365,"wp_function":454},"n9",{"id":512,"type":440,"label":513,"file":224,"line":370},"n10","$_GET['real_ip_address']",{"id":515,"type":445,"label":453,"file":224,"line":370,"wp_function":454},"n11",{"id":517,"type":440,"label":518,"file":224,"line":376},"n12","$_GET['page_name']",{"id":520,"type":445,"label":453,"file":224,"line":376,"wp_function":454},"n13",{"id":522,"type":440,"label":523,"file":224,"line":380},"n14","$_GET['time_first']",{"id":525,"type":445,"label":453,"file":224,"line":380,"wp_function":454},"n15",{"id":527,"type":440,"label":528,"file":224,"line":386},"n16","$_GET['time_second']",{"id":530,"type":445,"label":453,"file":224,"line":386,"wp_function":454},"n17",[532,533,534,535,536,537,538,539,540],{"from":439,"to":444,"sanitized":477},{"from":449,"to":452,"sanitized":477},{"from":497,"to":500,"sanitized":477},{"from":502,"to":505,"sanitized":477},{"from":507,"to":510,"sanitized":477},{"from":512,"to":515,"sanitized":477},{"from":517,"to":520,"sanitized":477},{"from":522,"to":525,"sanitized":477},{"from":527,"to":530,"sanitized":477},{"entryPoint":542,"graph":543,"unsanitizedCount":14,"severity":566},"\u003Cuserstats> (php_includes\\admin\\userstats.php:0)",{"nodes":544,"edges":560},[545,546,547,549,552,553,555,557],{"id":439,"type":440,"label":441,"file":422,"line":306},{"id":444,"type":445,"label":453,"file":422,"line":403,"wp_function":454},{"id":449,"type":440,"label":441,"file":422,"line":548},23,{"id":452,"type":550,"label":551,"file":422,"line":548},"transform","→ lbakut_generate_user_login_csv()",{"id":497,"type":445,"label":453,"file":422,"line":423,"wp_function":454},{"id":500,"type":440,"label":441,"file":422,"line":554},26,{"id":502,"type":550,"label":556,"file":422,"line":554},"→ lbakut_get_users_since()",{"id":505,"type":445,"label":558,"file":182,"line":238,"wp_function":559},"get_results() [SQLi]","get_results",[561,562,563,564,565],{"from":439,"to":444,"sanitized":477},{"from":449,"to":452,"sanitized":477},{"from":452,"to":497,"sanitized":477},{"from":500,"to":502,"sanitized":477},{"from":502,"to":505,"sanitized":477},"high",{"summary":568,"deductions":569},"The dm-user-tracking-plugin v1.9.1 presents a mixed security posture.  While the plugin exhibits a strong attack surface management with no apparent unprotected entry points (AJAX, REST API, shortcodes), several concerning code signals emerge. The significant use of the `unserialize` function, coupled with a high percentage of SQL queries not using prepared statements, introduces potential risks for arbitrary code execution and SQL injection vulnerabilities.  Furthermore, the low percentage of properly escaped output indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website.\n\nThe taint analysis reveals a high-severity flow with unsanitized paths, which could be exploited to achieve critical security outcomes.  The absence of any recorded vulnerabilities in its history might suggest a lack of past exploitation or thorough security auditing, but it does not guarantee future security.  The plugin's reliance on potentially unsafe functions and improper data handling practices, despite a seemingly secure attack surface, warrants careful consideration and mitigation efforts.",[570,572,574,576,578,580],{"reason":571,"points":306},"High number of SQL queries without prepared statements",{"reason":573,"points":238},"High-severity taint flow with unsanitized path",{"reason":575,"points":11},"Dangerous function: unserialize used",{"reason":577,"points":11},"Low percentage of properly escaped output",{"reason":579,"points":14},"File operations present",{"reason":581,"points":46},"External HTTP requests present","2026-03-16T23:12:06.724Z",{"wat":584,"direct":594},{"assetPaths":585,"generatorPatterns":588,"scriptPaths":589,"versionParams":591},[586,587],"\u002Fwp-content\u002Fplugins\u002Fdm-user-tracking-plugin\u002Fjs\u002Fdm_user_tracking.js","\u002Fwp-content\u002Fplugins\u002Fdm-user-tracking-plugin\u002Fcss\u002Fdm_user_tracking.css",[],[590],"js\u002Fdm_user_tracking.js",[592,593],"dm-user-tracking-plugin\u002Fjs\u002Fdm_user_tracking.js?ver=","dm-user-tracking-plugin\u002Fcss\u002Fdm_user_tracking.css?ver=",{"cssClasses":595,"htmlComments":597,"htmlAttributes":599,"restEndpoints":600,"jsGlobals":601,"shortcodeOutput":603},[596],"dm-user-tracking-dashboard-widget",[598],"\u003C!-- DM User Tracking -->",[],[],[602],"dm_user_tracking_obj",[604,605,606,607,608],"[dm_user_tracking_visitors]","[dm_user_tracking_browsers]","[dm_user_tracking_platforms]","[dm_user_tracking_pages]","[dm_user_tracking_referrers]"]