[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqVhkKWlETN4sn80VlFl7Au3zAad1pZ4AAGdEdZffZGo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":35,"fingerprints":94},"easy-hotjar","Easy Hotjar WordPress","1.0","jokiruiz","https:\u002F\u002Fprofiles.wordpress.org\u002Fjokioki\u002F","\u003Cp>Set up hotjar on your site in a matter of seconds. The Easy hotjar WordPress plugin helps you to set up hotjar on your site.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Open hotjar configuration page\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Enter your hotjar site id\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>That’s it! 🙂\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Do you use WordPress admin with an iPad? Don´t worry, this plugin is fully\u003Cbr \u002F>\nadapted for tablets and smartphones.\u003C\u002Fp>\n\u003Cp>\u003Cem>Thank you for downloading! your feedback is well appreciated!\u003C\u002Fem>\u003C\u002Fp>\n","Set up hotjar on your site in a matter of seconds",100,11990,1,"2016-05-12T14:28:00.000Z","4.5.33","3.0.1","",[19],"hotjar-wordpress-plugin-javascript-social","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-hotjar-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-hotjar.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":22,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"jokioki",5,780,30,84,"2026-04-04T11:07:07.750Z",[],{"attackSurface":36,"codeSignals":57,"taintFlows":86,"riskAssessment":87,"analyzedAt":93},{"hooks":37,"ajaxHandlers":53,"restRoutes":54,"shortcodes":55,"cronEvents":56,"entryPointCount":23,"unprotectedCount":23},[38,44,47,50],{"type":39,"name":40,"callback":41,"file":42,"line":43},"action","admin_enqueue_scripts","anonymous","includes\\class-easy-hotjar-wordpress.php",93,{"type":39,"name":45,"callback":41,"file":42,"line":46},"admin_menu",95,{"type":39,"name":48,"callback":41,"file":42,"line":49},"admin_init",96,{"type":39,"name":51,"callback":41,"file":42,"line":52},"wp_head",98,[],[],[],[],{"dangerousFunctions":58,"sqlUsage":59,"outputEscaping":61,"fileOperations":23,"externalRequests":23,"nonceChecks":23,"capabilityChecks":23,"bundledLibraries":85},[],{"prepared":23,"raw":23,"locations":60},[],{"escaped":23,"rawEcho":62,"locations":63},9,[64,68,71,73,75,77,79,81,83],{"file":65,"line":66,"context":67},"admin\\class-easy-hotjar-wordpress-admin.php",75,"raw output",{"file":69,"line":70,"context":67},"admin\\partials\\easy-hotjar-wordpress.php",86,{"file":69,"line":72,"context":67},87,{"file":69,"line":74,"context":67},88,{"file":69,"line":76,"context":67},115,{"file":69,"line":78,"context":67},120,{"file":69,"line":80,"context":67},125,{"file":69,"line":82,"context":67},133,{"file":69,"line":84,"context":67},148,[],[],{"summary":88,"deductions":89},"The \"easy-hotjar\" plugin v1.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any detected dangerous functions, SQL injection vulnerabilities, or direct file operations is commendable.  Furthermore, the plugin has no recorded vulnerability history, indicating a clean track record.  However, a significant concern is the complete lack of output escaping for all identified output points. This suggests that user-supplied data, if present in any of the output, could be vulnerable to cross-site scripting (XSS) attacks, potentially leading to unauthorized actions or data theft within the user's browser session.\n\nDespite the zero-day potential and the clean vulnerability history, the 0% output escaping is a critical weakness. The lack of capability checks and nonce checks, while not directly exploitable due to the absence of other entry points like AJAX or REST APIs, still represents a potential gap in secure coding practices that could become problematic if future versions introduce new entry points without proper security. The overall security is good in terms of avoiding common plugin vulnerabilities, but the unescaped output is a major blind spot.",[90],{"reason":91,"points":92},"All output is unescaped",8,"2026-03-16T20:57:53.249Z",{"wat":95,"direct":102},{"assetPaths":96,"generatorPatterns":98,"scriptPaths":99,"versionParams":100},[97],"\u002Fwp-content\u002Fplugins\u002Feasy-hotjar\u002Fadmin\u002Fcss\u002Fbootstrap.min.css",[],[],[101],"easy-hotjar\u002Fadmin\u002Fcss\u002Fbootstrap.min.css?ver=",{"cssClasses":103,"htmlComments":104,"htmlAttributes":107,"restEndpoints":108,"jsGlobals":109,"shortcodeOutput":111},[],[105,106],"\u003C!-- Begins Hotjar Tracking Code Using Easy Hotjar WordPress Plugin -->","\u003C!-- Ends Hotjar Tracking Code Using Easy Hotjar WordPress Plugin -->",[],[],[110],"window.hj",[]]