[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faUND3nt8oQSawauPtJpaXL09pN5odGamNFkAnBojJOU":3,"$fGdUtFTwlzIf51G5GzWDJ_CA1f8GIGPaj7PmWufk4ZUw":265,"$fQXufSZyu5SHeAIfBHdcWEK9gTaqlPAdGwfQiAqmzfCE":269},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":137,"fingerprints":249},"drona-call-phone-click-analytics","Drona Call & Phone Click Analytics","1.0.0","Drona Infotech (Kuldeep Kumar)","https:\u002F\u002Fprofiles.wordpress.org\u002Fkuldeep1805\u002F","\u003Cp>Drona Call & Phone Click Analytics is a lightweight and secure WordPress plugin that automatically logs phone number clicks from tel: links on your website.\u003C\u002Fp>\n\u003Cp>It helps you understand how many users are clicking on your phone numbers, from which pages, and from which device types (mobile or desktop).\u003C\u002Fp>\n\u003Cp>The plugin stores click data in a custom database table and displays:\u003C\u002Fp>\n\u003Cp>• Total phone clicks\u003Cbr \u002F>\n• Today’s clicks\u003Cbr \u002F>\n• Mobile clicks\u003Cbr \u002F>\n• Desktop clicks\u003Cbr \u002F>\n• Searchable logs\u003Cbr \u002F>\n• Excel (.xls) export option\u003C\u002Fp>\n\u003Cp>Security & Privacy:\u003C\u002Fp>\n\u003Cp>• Uses nonce verification\u003Cbr \u002F>\n• Input sanitization\u003Cbr \u002F>\n• Prepared SQL statements\u003Cbr \u002F>\n• Proper output escaping\u003Cbr \u002F>\n• Stores IP address for analytics purposes\u003C\u002Fp>\n\u003Cp>Note: If IP-based geolocation is enabled, the plugin may send the visitor IP address to a third-party geolocation API.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>✔ Automatic tracking of tel: links\u003Cbr \u002F>\n✔ AJAX-based logging\u003Cbr \u002F>\n✔ Secure nonce verification\u003Cbr \u002F>\n✔ IP address logging\u003Cbr \u002F>\n✔ Device type detection\u003Cbr \u002F>\n✔ WordPress admin dashboard integration\u003Cbr \u002F>\n✔ Search filter\u003Cbr \u002F>\n✔ Pagination with Screen Options\u003Cbr \u002F>\n✔ Excel export functionality\u003Cbr \u002F>\n✔ Secure & sanitized database queries\u003Cbr \u002F>\n✔ Fully GPL licensed\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Kuldeep Kumar.\u003C\u002Fp>\n","Automatically tracks phone number clicks from tel: links and provides detailed analytics inside the WordPress admin dashboard.",20,293,0,"2026-02-22T13:33:00.000Z","6.9.4","5.8","7.4",[19,20,21,22,23],"analytics","call-tracking","click-tracker","phone","tel-link","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdrona-call-phone-click-analytics.1.0.1.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"kuldeep1805",2,30,94,"2026-05-20T21:26:42.972Z",[38,58,80,98,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":15,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":56,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"clixtell-tracking-dynamic-phones","Clixtell","2.4","clixtell","https:\u002F\u002Fprofiles.wordpress.org\u002Fclixtell\u002F","\u003Cp>\u003Cstrong>Clixtell Tracking & Dynamic Phones\u003C\u002Fstrong> helps businesses protect their advertising budget and improve conversion tracking by integrating Clixtell’s advanced click fraud detection and dynamic call tracking technology into WordPress.\u003C\u002Fp>\n\u003Cp>With this plugin you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detect and block fraudulent clicks\u003C\u002Fli>\n\u003Cli>Track phone calls accurately from paid traffic\u003C\u002Fli>\n\u003Cli>Enable Dynamic Phone Insertion (DNI)\u003C\u002Fli>\n\u003Cli>Integrate seamlessly with your existing Clixtell account\u003C\u002Fli>\n\u003Cli>Avoid complex code changes or manual script insertion\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>An active \u003Cstrong>Clixtell account\u003C\u002Fstrong> is required to use this plugin.\u003C\u002Fp>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fwww.clixtell.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.clixtell.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy WordPress integration\u003C\u002Fli>\n\u003Cli>Dynamic Phone Insertion (optional toggle)\u003C\u002Fli>\n\u003Cli>Automatic script loading\u003C\u002Fli>\n\u003Cli>Clean and secure WordPress Settings API usage\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003Cli>No theme modification required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Clixtell\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check \u003Cstrong>Activate Dynamic Call Tracking\u003C\u002Fstrong> to enable Dynamic Phone Insertion\u003C\u002Fli>\n\u003Cli>Save changes\u003C\u002Fli>\n\u003Cli>Ensure your Clixtell account is properly configured\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Tracking scripts are automatically injected on the frontend once enabled.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Clixtell Tracking & Dynamic Phones does not store or process personal data locally.\u003Cbr \u002F>\nAll tracking, analytics, and data processing are handled by Clixtell services.\u003Cbr \u002F>\nPlease review Clixtell’s Privacy Policy at:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.clixtell.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For documentation and support:\u003Cbr \u002F>\n* https:\u002F\u002Fsupport.clixtell.com\u003Cbr \u002F>\n* https:\u002F\u002Fwww.clixtell.com\u003C\u002Fp>\n","Clixtell Tracking & Dynamic Phones integrates Clixtell click fraud detection and dynamic phone number insertion into your WordPress site.",1000,8438,"2026-02-07T05:14:00.000Z","5.5","7.2",[20,52,53,54,55],"click-fraud","dynamic-phone","marketing-analytics","tracking","https:\u002F\u002Fwww.clixtell.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclixtell-tracking-dynamic-phones.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":15,"requires_at_least":71,"requires_php":24,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":33,"unpatched_count":13,"last_vuln_date":79,"fetched_at":28},"callrail-phone-call-tracking","CallRail Phone Call Tracking","0.5.3","CallRail","https:\u002F\u002Fprofiles.wordpress.org\u002Fcallrail\u002F","\u003Cp>CallRail is here to bring complete visibility to the marketers who rely on quality inbound leads to measure success. Our customers live in a results-driven world, and giving them a clear view into their digital marketing efforts is a first priority for CallRail. We see the opportunities in surfacing and connecting data from calls, forms, chat and beyond — helping our customers get to better outcomes.\u003C\u002Fp>\n\u003Cp>Our WordPress plugin allows you to learn detailed information about the source and web session of every caller from your website using a process called \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002Fleads\u002Fdynamic-number-insertion-2\u002F\" rel=\"nofollow ugc\">Dynamic Number Insertion\u003C\u002Fa>. It also powers our form tracking tool, which gives you the power to attribute form submissions back to their source and learn about what the user did on your site before submitting the form.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Learn more about \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002F\" rel=\"nofollow ugc\">CallRail\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out our WP plugin \u003Ca href=\"https:\u002F\u002Fsupport.callrail.com\u002Fhc\u002Fen-us\u002Farticles\u002F201011537\" rel=\"nofollow ugc\">support documentation.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.",10000,359187,74,6,"2026-02-11T19:30:00.000Z","3.0",[73,19,20,74,75],"adwords","conversion-tracking","seo","http:\u002F\u002Fwww.callrail.com\u002Fdocs\u002Fweb-integration\u002Fwordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallrail-phone-call-tracking.0.5.3.zip",99,"2023-10-24 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":26,"num_ratings":90,"last_updated":91,"tested_up_to":15,"requires_at_least":71,"requires_php":24,"tags":92,"homepage":96,"download_link":97,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"whatconverts","WhatConverts","1.0.7","whatconverts call tracking and reporting","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhatconverts\u002F","\u003Cp>This plugin adds the required tracking code for WhatConverts.\u003C\u002Fp>\n\u003Cp>For more information visit, \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>WhatConverts plugin uses s.ksrndkehqnwntyxlhgto.com as the path to deliver the script.  The script is included on your site to allow WhatConverts to capture leads from your website.  s.ksrndkehqnwntyxlhgto.com is owned and operated by \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.  For more information visit our \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> for more information on WhatConverts.\u003C\u002Fp>\n","Enables WhatConverts on all pages.",7000,31979,3,"2025-12-01T13:06:00.000Z",[93,20,94,95,81],"analytics-call-tracking","form-tracking","goal-tracking","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwhatconverts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhatconverts.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":68,"num_ratings":90,"last_updated":108,"tested_up_to":15,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":116,"download_link":117,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"call-tracking-metrics","CallTrackingMetrics","2.1.8","taf2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaf2\u002F","\u003Cp>CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.\u003C\u002Fp>\n","CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.",3000,129535,"2026-02-16T14:22:00.000Z","6.5","8.2",[112,20,113,114,115],"advertising","conversation-analytics","google-ads","marketing-attribution","https:\u002F\u002Fcalltrackingmetrics.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-tracking-metrics.2.1.8.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":13,"num_ratings":13,"last_updated":128,"tested_up_to":15,"requires_at_least":71,"requires_php":129,"tags":130,"homepage":132,"download_link":133,"security_score":134,"vuln_count":135,"unpatched_count":135,"last_vuln_date":136,"fetched_at":28},"nimbata-call-tracking","Nimbata Call Tracking","1.8.0","nimbata","https:\u002F\u002Fprofiles.wordpress.org\u002Fnimbata\u002F","\u003Cp>This plugin adds the Dynamic Number Insertion (DNI) script for Nimbata’s call tracking service. Discover which sources, marketing activities, keywords and more are driving phone calls and subsequent conversions.\u003C\u002Fp>\n\u003Cp>Our WordPress call tracking plugin can be setup in minutes and allows you to dynamically swap your site’s phone number with one of your private Nimbata tracking numbers. When a visitor calls your tracking number, we’ll correlate the call with the source, session or campaign details you’ve setup in the Nimbata app.\u003C\u002Fp>\n\u003Cp>To get started with Nimbata’s WordPress plugin, you’ll need an active Nimbata account. Learn more about Nimbata at http:\u002F\u002Fwww.nimbata.com.\u003C\u002Fp>\n","Dynamically swap your site's phone number with a nimbata tracking numbers. Track which sources generate phone leads to your business.",400,4665,"2026-04-08T16:29:00.000Z","5.0.2",[73,19,20,131,75],"ppc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnimbata-call-tracking\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.8.0.zip",79,1,"2025-04-09 00:00:00",{"attackSurface":138,"codeSignals":170,"taintFlows":191,"riskAssessment":240,"analyzedAt":248},{"hooks":139,"ajaxHandlers":158,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":33,"unprotectedCount":13},[140,146,149,154],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","wp_enqueue_scripts","closure","drona-call-phone-click-analytics.php",115,{"type":141,"name":147,"callback":143,"file":144,"line":148},"admin_menu",134,{"type":150,"name":151,"callback":143,"priority":152,"file":144,"line":153},"filter","set-screen-option",10,156,{"type":141,"name":155,"callback":156,"file":144,"line":157},"admin_init","pht_export_excel",369,[159,165],{"action":160,"nopriv":161,"callback":162,"hasNonce":163,"hasCapCheck":161,"file":144,"line":164},"log_phone_click",false,"pht_log_phone_click",true,60,{"action":160,"nopriv":163,"callback":162,"hasNonce":163,"hasCapCheck":161,"file":144,"line":166},61,[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":187,"fileOperations":13,"externalRequests":135,"nonceChecks":33,"capabilityChecks":33,"bundledLibraries":190},[],{"prepared":173,"raw":174,"locations":175},12,4,[176,179,182,184],{"file":144,"line":177,"context":178},53,"$wpdb->query() with variable interpolation",{"file":144,"line":180,"context":181},175,"$wpdb->get_var() with variable interpolation",{"file":144,"line":183,"context":181},177,{"file":144,"line":185,"context":186},388,"$wpdb->get_results() with variable interpolation",{"escaped":188,"rawEcho":13,"locations":189},23,[],[],[192,228],{"entryPoint":193,"graph":194,"unsanitizedCount":13,"severity":227},"\u003Cdrona-call-phone-click-analytics> (drona-call-phone-click-analytics.php:0)",{"nodes":195,"edges":223},[196,201,207,209,214,218],{"id":197,"type":198,"label":199,"file":144,"line":200},"n0","source","$_REQUEST",266,{"id":202,"type":203,"label":204,"file":144,"line":205,"wp_function":206},"n1","sink","get_var() [SQLi]",272,"get_var",{"id":208,"type":198,"label":199,"file":144,"line":200},"n2",{"id":210,"type":203,"label":211,"file":144,"line":212,"wp_function":213},"n3","get_results() [SQLi]",280,"get_results",{"id":215,"type":198,"label":216,"file":144,"line":217},"n4","$_SERVER",90,{"id":219,"type":203,"label":220,"file":144,"line":221,"wp_function":222},"n5","wp_remote_get() [SSRF]",345,"wp_remote_get",[224,225,226],{"from":197,"to":202,"sanitized":163},{"from":208,"to":210,"sanitized":163},{"from":215,"to":219,"sanitized":163},"low",{"entryPoint":229,"graph":230,"unsanitizedCount":33,"severity":239},"prepare_items (drona-call-phone-click-analytics.php:254)",{"nodes":231,"edges":236},[232,233,234,235],{"id":197,"type":198,"label":199,"file":144,"line":200},{"id":202,"type":203,"label":204,"file":144,"line":205,"wp_function":206},{"id":208,"type":198,"label":199,"file":144,"line":200},{"id":210,"type":203,"label":211,"file":144,"line":212,"wp_function":213},[237,238],{"from":197,"to":202,"sanitized":161},{"from":208,"to":210,"sanitized":161},"high",{"summary":241,"deductions":242},"The \"drona-call-phone-click-analytics\" plugin, v1.0.0, exhibits a generally good security posture, with no recorded vulnerabilities and strong adherence to basic security practices like output escaping, nonce checks, and capability checks on its identified entry points. The static analysis indicates all identified AJAX handlers and REST API routes (though none exist in this case) have proper authentication checks. This demonstrates a developer's awareness of common WordPress security pitfalls.\n\nHowever, the taint analysis reveals one flow with an unsanitized path and a high severity. This is a significant concern as it suggests a potential for a security vulnerability, even if not yet exploited or publicly known. The presence of external HTTP requests also warrants careful review to ensure these are made securely and do not introduce further risks. While the plugin has no historical vulnerabilities, the single high-severity taint flow indicates a specific area of weakness that needs immediate attention.\n\nIn conclusion, the plugin has strong foundational security practices. The primary weakness lies in the identified high-severity taint flow, which overshadows the otherwise positive security indicators. Addressing this specific taint flow is crucial to maintaining a secure profile. The lack of historical vulnerabilities is positive, but the current taint analysis finding necessitates vigilance.",[243,246],{"reason":244,"points":245},"High severity taint flow with unsanitized path",15,{"reason":247,"points":90},"External HTTP request","2026-03-17T07:23:28.179Z",{"wat":250,"direct":257},{"assetPaths":251,"generatorPatterns":253,"scriptPaths":254,"versionParams":255},[252],"\u002Fwp-content\u002Fplugins\u002Fdrona-call-phone-click-analytics\u002Fassets\u002Ftracker.js",[],[252],[256],"drona-call-phone-click-analytics\u002Fassets\u002Ftracker.js?ver=1.0",{"cssClasses":258,"htmlComments":259,"htmlAttributes":260,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":264},[],[],[],[],[263],"pht_ajax",[],{"error":163,"url":266,"statusCode":267,"statusMessage":268,"message":268},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdrona-call-phone-click-analytics\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":135,"versions":270},[271],{"version":272,"download_url":25,"svn_tag_url":273,"released_at":27,"has_diff":161,"diff_files_changed":274,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":275,"is_current":161},"1.0.1","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdrona-call-phone-click-analytics\u002Ftags\u002F1.0.1\u002F",[],[]]