[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3l30yc9uv1AJ0Fm6gp9KxRzg9TRyXjdQUQgJXNAikf4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":62,"crawl_stats":38,"alternatives":68,"analysis":164,"fingerprints":264},"fathom-analytics","Fathom Analytics for WP","3.3.1","Conva Ventures","https:\u002F\u002Fprofiles.wordpress.org\u002Fconvaventures\u002F","\u003Cp>The best Google Analytics alternative for WordPress\u003C\u002Fp>\n\u003Cp>Fathom Analytics is a simple-to-use, privacy-focused (GDPR-compliant) website analytics tool for your WordPress site. You don’t have to edit the code in your WordPress template to start using our software.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fapp.usefathom.com\u002Fdemo\" rel=\"nofollow ugc\">Check out our live demo\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fapp.usefathom.com\u002Fregister\" rel=\"nofollow ugc\">sign up for a free 30-day trial\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You’ll need a \u003Ca href=\"https:\u002F\u002Fapp.usefathom.com\u002Fregister\" rel=\"nofollow ugc\">subscription\u003C\u002Fa> to Fathom Analytics to start collecting stats with this plugin, and our pricing starts at just $14\u002Fmonth. Instead of generating revenue from your visitors’ data, we charge a fair and sustainable price for all our plans. Our business model is privacy-first by design.\u003C\u002Fp>\n\u003Ch3>Why use Fathom Analytics?\u003C\u002Fh3>\n\u003Cp>Google Analytics is time-consuming to use and difficult to understand. Google also kills off its popular software far too often (like Universal Analytics). That’s why Fathom Analytics exists: to make website analytics easy and quick to understand.\u003C\u002Fp>\n\u003Cp>Thousands of customers, from governments and banks to small businesses and bloggers, trust their website analytics to Fathom.\u003C\u002Fp>\n\u003Ch3>Import from Google Analytics\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Ffeatures\u002Fga-importer\" rel=\"nofollow ugc\">We’ve got an importer\u003C\u002Fa> to save your UA (Universal Analytics) and GA4 data. Because we’ve got unlimited data retention, you can keep and view your stats forever.\u003C\u002Fp>\n\u003Ch3>Setup in minutes\u003C\u002Fh3>\n\u003Cp>Because Fathom Analytics is a \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fdocs\u002Fscript\u002Fembed\" rel=\"nofollow ugc\">single line of code\u003C\u002Fa>, and our WordPress plugin doesn’t even require any coding, you can go from starting a trial to seeing real-time data within a few minutes. \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fdocs\u002Fintegrations\u002Fwordpress\" rel=\"nofollow ugc\">Learn how to set up our plugin here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Comply with privacy laws\u003C\u002Fh3>\n\u003Cp>The best lawyers and legal minds worldwide regarding digital privacy have ensured that Fathom Analytics is fully compliant with \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fcompliance\" rel=\"nofollow ugc\">GDPR, CCPA, ePrivacy, PECR and more\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>No cookie banners are required\u003C\u002Fh3>\n\u003Cp>We invented the now industry-standard method for anonymizing visitor data without using cookies. That means you don’t have to clutter your site or slow it down with cookie banner plugins or consent notices for your site’s analytics.\u003C\u002Fp>\n\u003Ch3>Email reports\u003C\u002Fh3>\n\u003Cp>Get a snapshot of your website or websites delivered to your inbox so you can see your critical stats without even having to log into Fathom Analytics. These reports can be set up for any dashboard (or all of them) and sent to anyone (at your company, to your clients, whomever you want).\u003C\u002Fp>\n\u003Ch3>Shared or private dashboards\u003C\u002Fh3>\n\u003Cp>Want to grant access to specific website dashboards for particular clients\u002Femployees? Or make your dashboard 100% public? Fathom Analytics lets you create private, public or passworded dashboards without needing an account.\u003C\u002Fp>\n\u003Ch3>More features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple options page within WordPress admin\u003C\u002Fli>\n\u003Cli>Ability to not track yourself or specific user roles with a single click\u003C\u002Fli>\n\u003Cli>Search within dashboard boxes\u003C\u002Fli>\n\u003Cli>Tiny, lightweight script that’s great for your SEO\u003C\u002Fli>\n\u003Cli>Dark mode\u003C\u002Fli>\n\u003Cli>All sites view to see all your sites at a glance\u003C\u002Fli>\n\u003Cli>And much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setup this WordPress plugin\u003C\u002Fh3>\n\u003Cp>To learn how to quickly setup this plugin, \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fdocs\u002Fintegrations\u002Fwordpress\" rel=\"nofollow ugc\">read our support doc\u003C\u002Fa>.\u003C\u002Fp>\n","Fathom is a simple, GDPR compliant Google Analytics alternative.",10000,101515,96,23,"2025-11-18T18:04:00.000Z","6.8.5","4.5","5.4",[20,21,22,23,24],"analytics","google-analytics","privacy","privacy-friendly","stats","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffathom-analytics.3.3.1.zip",99,2,0,"2023-10-25 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"WF-d3343d96-ca52-46a6-b464-cd2e5375d10f-fathom-analytics","fathom-analytics-authenticatedadministrator-stored-cross-site-scripting","Fathom Analytics \u003C= 3.0.7 - Authenticated(Administrator+) Stored Cross-Site Scripting","The Fathom Analytics for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 3.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C3.1.0","3.1.0","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd3343d96-ca52-46a6-b464-cd2e5375d10f?source=api-prod",90,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":41,"cvss_score":56,"cvss_vector":57,"vuln_type":44,"published_date":58,"updated_date":45,"references":59,"days_to_patch":61},"CVE-2021-41836","fathom-analytics-stored-cross-site-scripting","Fathom Analytics \u003C= 3.0.4 - Stored Cross-Site Scripting","The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~\u002Ffathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.0.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.","\u003C=3.0.4","3.0.5",4.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2021-12-08 13:23:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F728cec6e-a246-4e2c-a906-750518bae0a4?source=api-prod",775,{"slug":63,"display_name":7,"profile_url":8,"plugin_count":64,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":65,"trust_score":66,"computed_at":67},"convaventures",1,433,78,"2026-04-03T21:27:14.547Z",[69,90,110,127,142],{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":87,"download_link":88,"security_score":13,"vuln_count":28,"unpatched_count":29,"last_vuln_date":89,"fetched_at":31},"koko-analytics","Koko Analytics – Privacy Friendly Statistics for WordPress","2.2.4","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Cp>Koko Analytics provides website analytics and visitor statistics directly inside your WordPress dashboard without relying on external services. It is privacy-friendly, lightweight, open source, and easy to use.\u003C\u002Fp>\n\u003Cp>Fully GDPR, CCPA and PECR compliant by design: no personal data is processed or stored, everything runs on your own server and can be used without cookies.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fkoko-analytics-dashboard\u002F\" rel=\"nofollow ugc\">view a live demo here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Why Koko Analytics\u003C\u002Fh3>\n\u003Cp>Our goal is to provide you with a simple, lightweight and privacy-friendly alternative to Google Analytics for your WordPress statistics.\u003C\u002Fp>\n\u003Ch4>Privacy Friendly Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fprivacy-focused-wordpress-analytics\u002F\" rel=\"nofollow ugc\">privacy friendly analytics\u003C\u002Fa>. No personal data is processed or stored, all measurements are carried out completely anonymously and nothing is ever shared with any third-party service.\u003C\u002Fp>\n\u003Ch4>Lightweight Statistics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Flightweight-wordpress-analytics\u002F\" rel=\"nofollow ugc\">lightweight analytics\u003C\u002Fa>. It adds less than 1 kilobyte of data to your HTML and is fully compatible with pages served from any kind of cache. WordPress is bypassed entirely for its collection endpoint, making the impact on your site’s performance as close to zero as possible. Fact: there is no faster statistics plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>Simple Analytics Dashboard\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fsimple-wordpress-analytics\u002F\" rel=\"nofollow ugc\">simple analytics\u003C\u002Fa>. There are no complicated reports to dig through. A single dashboard page shows you all the important metrics.\u003C\u002Fp>\n\u003Ch4>Open Source Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fopen-source-wordpress-analytics\u002F\" rel=\"nofollow ugc\">open source analytics\u003C\u002Fa>. The source code is released under the GPL license and freely \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fibericode\u002Fkoko-analytics\" rel=\"nofollow ugc\">available on GitHub\u003C\u002Fa>. Anyone can read it, inspect it and review it.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A beautiful analytics dashboard built right into WordPress admin.\u003C\u002Fli>\n\u003Cli>View statistics for your most popular posts and pages.\u003C\u002Fli>\n\u003Cli>See referral statistics showing which sites send you traffic.\u003C\u002Fli>\n\u003Cli>Path-based tracking to see analytics for any URL, including archives and search pages.\u003C\u002Fli>\n\u003Cli>Reliably detect returning visitors without the use of cookies.\u003C\u002Fli>\n\u003Cli>Exclude visits from certain WordPress user roles or IP addresses.\u003C\u002Fli>\n\u003Cli>Import historical statistics from Jetpack Stats, Plausible or Burst Statistics.\u003C\u002Fli>\n\u003Cli>Periodically clean-up historical data older than a specified number of months or years.\u003C\u002Fli>\n\u003Cli>A widget, Gutenberg block or shortcode to show a list of your most visited posts or pages.\u003C\u002Fli>\n\u003Cli>A shortcode or Gutenberg block to show the total number of pageviews to a given page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>See what countries your site is visited from with geo-location statistics.\u003C\u002Fli>\n\u003Cli>See what browsers, operating systems or devices your visitors are using.\u003C\u002Fli>\n\u003Cli>Custom event analytics to track outbound link clicks, contact form submissions, and more.\u003C\u002Fli>\n\u003Cli>Stay up-to-date with periodic analytics reports delivered to your email inbox.\u003C\u002Fli>\n\u003Cli>Be notified immediately whenever your site experiences an unusual traffic spike.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You will have access to all of these benefits and more for a small yearly fee.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">View pricing for Koko Analytics Pro here \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n","Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.",60000,2043562,100,222,"2026-03-12T15:04:00.000Z","6.9.4","6.0","7.4",[20,21,22,86,24],"statistics","https:\u002F\u002Fwww.kokoanalytics.com\u002F#utm_source=wp-plugin&utm_medium=koko-analytics&utm_campaign=plugins-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkoko-analytics.2.2.4.zip","2026-01-20 00:00:00",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":11,"downloaded":98,"rating":99,"num_ratings":100,"last_updated":101,"tested_up_to":82,"requires_at_least":102,"requires_php":103,"tags":104,"homepage":106,"download_link":107,"security_score":27,"vuln_count":108,"unpatched_count":29,"last_vuln_date":109,"fetched_at":31},"plausible-analytics","Plausible Analytics","2.5.6","Plausible Insights OÜ","https:\u002F\u002Fprofiles.wordpress.org\u002Fplausible\u002F","\u003Cp>Plausible Analytics is an easy-to-use, open source, lightweight and privacy-friendly web analytics alternative to Google Analytics.\u003C\u002Fp>\n\u003Cp>Plausible Analytics doesn’t use cookies and is fully compliant with GDPR, CCPA and PECR. Made and hosted in the EU, powered by European-owned cloud infrastructure 🇪🇺.\u003C\u002Fp>\n\u003Cp>Take a look at \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fplausible.io\" rel=\"nofollow ugc\">the live demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You need a subscription to Plausible Analytics to track your stats. There’s a free 30-day trial with no credit card required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We’re completely independent, self-funded, bootstrapped and debt-free. We’re not interested in raising funds or taking investment. We choose the subscription business model rather than surveillance capitalism. We’re operating a sustainable project funded solely by the fees that our subscribers pay us.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fplausible.io\u002F\" rel=\"nofollow ugc\">Visit our website\u003C\u002Fa> for full details.\u003C\u002Fp>\n\u003Ch3>Why use Plausible?\u003C\u002Fh3>\n\u003Cp>Google Analytics is frustrating to use, difficult to understand, slow to load and privacy-invasive. That’s why we built Plausible Analytics, a simple but powerful, lightweight, open source and privacy-friendly alternative.\u003C\u002Fp>\n\u003Cp>Here’s what makes Plausible a great Google Analytics alternative and why over 16,000 paying subscribers trust us with their website and business insights:\u003C\u002Fp>\n\u003Ch3>Smooth transition from Google Analytics\u003C\u002Fh3>\n\u003Cp>Plausible features a realtime dashboard, entry pages report and integration with Search Console. You can track your paid campaigns and conversions. You can invite team members. You can even \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fgoogle-analytics-import\" rel=\"nofollow ugc\">import your historical stats from Google Analytics\u003C\u002Fa>. Learn how to get the most out of \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fyour-plausible-experience\" rel=\"nofollow ugc\">your Plausible experience\u003C\u002Fa> and join thousands who have already migrated from Google Analytics.\u003C\u002Fp>\n\u003Ch3>Simple analytics at a glance\u003C\u002Fh3>\n\u003Cp>Plausible is simple analytics. It is easy to understand and it cuts through the noise. Check your site traffic and get all the essential insights on one page in one minute. There are no layers of menus, there is no need for you to build custom reports, custom dashboards or PowerPoint documents.\u003C\u002Fp>\n\u003Ch3>Lightweight script that keeps your site speed fast\u003C\u002Fh3>\n\u003Cp>Plausible is lightweight analytics. Our script is 75 times smaller than Google Analytics. Your page weight will be cut down, your site will load faster and you’ll reduce your carbon footprint for a greener and more sustainable web. A site with 100,000 monthly visitors can save 8.2 kg of CO2 emissions per year by switching.\u003C\u002Fp>\n\u003Ch3>No need for cookie banners or GDPR consent\u003C\u002Fh3>\n\u003Cp>Plausible is privacy-friendly analytics. All the site measurement is carried out absolutely anonymously. Cookies are not used and no personal data is collected. There are no persistent identifiers. No cross-site or cross-device tracking either. Your site data is not used for any other purposes. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.\u003C\u002Fp>\n\u003Ch3>Track events and marketing campaigns\u003C\u002Fh3>\n\u003Cp>Plausible is useful. Segment your audience by any metric you click on. Answer the important questions about your visitors, content and referral sources. Analyze paid campaigns using UTM parameters. Track scroll depth, site search terms, outbound link clicks, cloaked affiliate link clicks, file downloads, form completions, 404 error pages, post authors, post categories and custom taxonomies without manually configuring anything or writing any code.\u003C\u002Fp>\n\u003Ch3>Built-in WooCommerce and Easy Digital Downloads analytics\u003C\u002Fh3>\n\u003Cp>Plausible provides automated WooCommerce and Easy Digital Downloads analytics solutions to track conversions, revenue and attribution. Activities tracked include adding to cart, removing from cart, entering checkout and completing a purchase. A purchase funnel looking at the user journey from viewing a product to making a purchase is enabled to help you see the drop-off rates between the different steps, understand your cart abandonment rate and increase your conversions.\u003C\u002Fp>\n\u003Ch3>Invite team members and share your dashboard\u003C\u002Fh3>\n\u003Cp>Plausible is shareable. Your stats are private by default but you can choose to be transparent and make them public so anyone with your custom link can view them. You can also share your stats privately by generating a secure link. This link is impossible to guess but you can add password protection for extra security. You can invite team members and assign user roles too.\u003C\u002Fp>\n\u003Ch3>Transparent and open source software\u003C\u002Fh3>\n\u003Cp>Plausible is open source analytics. Our source code is available and accessible on GitHub so anyone can read it, inspect it and review it to verify that our actions match with our words. We welcome feedback and have a public roadmap. If you’re happy to manage your own infrastructure, you can self-host Plausible too.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Our product is updated several times per week and with our WordPress plugin you always have access to all the latest features\u003C\u002Fli>\n\u003Cli>Automatically includes tracking code in the header of your site\u003C\u002Fli>\n\u003Cli>Simple plugin settings page with easy options and an onboarding guide \u003C\u002Fli>\n\u003Cli>Get more accurate stats and count those who use adblockers by running the Plausible script as a first-party connection from your domain name\u003C\u002Fli>\n\u003Cli>View your Plausible stats directly in your WordPress dashboard (you can grant access to other user roles too)\u003C\u002Fli>\n\u003Cli>Tracking of admin users is disabled by default (you can also disable tracking of other user roles)\u003C\u002Fli>\n\u003Cli>Enable WooCommerce or Easy Digital Downloads revenue tracking\u003C\u002Fli>\n\u003Cli>Enable file downloads, external link clicks, cloaked affiliate link clicks, site search terms, form completions and 404 error pages tracking \u003C\u002Fli>\n\u003Cli>Enable automated tracking of post authors, post categories and custom taxonomies for better content analysis\u003C\u002Fli>\n\u003Cli>Custom events and custom dimensions can be setup using CSS class names directly in the WordPress editor, no JS knowledge needed\u003C\u002Fli>\n\u003Cli>Integrate with Google Search Console so you can see search queries people use to find your site in Google’s search results\u003C\u002Fli>\n\u003Cli>Import your historical Google Analytics stats\u003C\u002Fli>\n\u003Cli>Keep an eye on your traffic with weekly and\u002For monthly email and Slack reports\u003C\u002Fli>\n\u003Cli>Get traffic spike notifications via email or Slack so you don’t miss being on the Hacker News\u003C\u002Fli>\n\u003Cli>Tag your paid ads, emails and social media posts with UTM tags and analyze your ecommerce and marketing campaigns from click to conversion using marketing funnels \u003C\u002Fli>\n\u003Cli>Filter the dashboard by any metric that you click on to get further insights. Mix and match filters too\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information: \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fwordpress-analytics-plugin\" rel=\"nofollow ugc\">How to setup Plausible Analytics WordPress plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Plausible Analytics is a privacy-friendly web analytics plugin for WordPress that is an easy-to-use, lightweight and more accurate  alternative to Goo &hellip;",343380,98,30,"2026-02-17T10:56:00.000Z","5.9","7.2",[20,21,22,24,105],"web-analytics","https:\u002F\u002Fplausible.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplausible-analytics.2.5.6.zip",3,"2023-08-16 00:00:00",{"slug":111,"name":112,"version":113,"author":111,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":79,"num_ratings":108,"last_updated":119,"tested_up_to":16,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":124,"download_link":125,"security_score":27,"vuln_count":64,"unpatched_count":29,"last_vuln_date":126,"fetched_at":31},"usermaven","Usermaven","1.2.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fusermaven\u002F","\u003Cp>Usermaven helps marketing and product teams turn more visitors into customers, get more people to use the product, and keep them coming back. No more guessing or relying on intuition – let data drive your success.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Effortless, no-code event tracking: Unlike other tools, Usermaven eliminates dependence on developers for tracking key actions performed by users on your website or app, including comprehensive WooCommerce store analytics.\u003C\u002Fli>\n\u003Cli>Analyze your marketing channels to increase ROI. See which traffic sources or campaigns are bringing in the most conversions and sales.\u003C\u002Fli>\n\u003Cli>Track and compare the performance of your marketing campaigns with UTMs.\u003C\u002Fli>\n\u003Cli>Track individual user behavior to understand their interests. See what they’re paying attention to, and make informed decisions.\u003C\u002Fli>\n\u003Cli>Get accurate stats with Adblocker bypassing and cookie-less tracking.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce Integration\u003C\u002Fh4>\n\u003Cp>Usermaven automatically tracks all essential WooCommerce events to give you deep insights into your store’s performance:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Product Views: Track when customers view product pages\u003C\u002Fli>\n\u003Cli>Cart Actions: Monitor add-to-cart, remove-from-cart, and cart updates\u003C\u002Fli>\n\u003Cli>Checkout Process: Follow users through each step of your checkout funnel\u003C\u002Fli>\n\u003Cli>Purchase Events: Capture successful purchases with complete order details\u003C\u002Fli>\n\u003Cli>Product Categories: Understand which product categories drive the most interest\u003C\u002Fli>\n\u003Cli>Revenue Analytics: Get detailed revenue reports and purchase patterns\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Usermaven?\u003C\u002Fh4>\n\u003Cp>Most firms try to use complex and expensive analytics platforms like Mixpanel or Amplitude but never get around to properly configuring them to get meaningful insights. You need a product analytics solution that’s easy to setup and has ready-made templates to generate actionable insights for making data-backed growth decisions.\u003C\u002Fp>\n\u003Cp>That’s why we built Usermaven, the new data scientist in your team. We are making product analytics affordable, easy to setup and simple to maintain.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Super Simple – Designed to be simple and intuitive in every way, without complexity or clutter to distract you. WooCommerce events are tracked automatically with zero configuration needed.\u003C\u002Fli>\n\u003Cli>Privacy Compliance – We’ve designed Usermaven to comply with GDPR and CCPA regulations from day one.\u003C\u002Fli>\n\u003Cli>System Security – We apply the latest security standards and take measures to ensure your data is safe with us.\u003C\u002Fli>\n\u003C\u002Ful>\n","Usermaven's web analytics product is a Google Analytics alternative that provides a real-time view of your website traffic metrics.",1000,13296,"2026-01-14T09:30:00.000Z","3.0.1","5.6",[20,123,22,24,105],"google-analytics-alternative","https:\u002F\u002Fgithub.com\u002Fusermaven\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusermaven.1.2.7.zip","2025-03-28 00:00:00",{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":29,"num_ratings":29,"last_updated":137,"tested_up_to":16,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":25,"download_link":141,"security_score":79,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"trackboxx-analytics","Trackboxx Analytics","1.4.0","Christian","https:\u002F\u002Fprofiles.wordpress.org\u002Ffastwpde\u002F","\u003Cp>\u003Cstrong>\u003Cem>GDPR-compliant web analytics without cookies!\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\nAnalyze and evaluate the visitor statistics of your website – simply and 100% GDPR compliant.\u003Cbr \u002F>\nTrackboxx – Visitor tracking Made in Germany.\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fapp.trackboxx.com\u002Fpublic\u002Fshare\u002FBOxLaq5ByROPchnQlkzoXASgHWPCH8ZgwzEZbX7a\" rel=\"nofollow ugc\">Check out our live demo\u003C\u002Fa> OR \u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002F\" rel=\"nofollow ugc\">sign up for a free 30-day trial\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You need a subscription to Trackboxx Analytics to track your stats. There’s a free 30-day trial with no credit card required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Note: With our “Free Plan,” you can use Trackboxx 100% free – up to 2,500 pageviews a month with limited features. Our paid plans start at €5\u002Fmonth. Use the 30-day free trial with unlimited usage without the need for a credit card.\u003C\u002Fp>\n\u003Ch3>Why Use Trackboxx?\u003C\u002Fh3>\n\u003Cp>Navigating Google Analytics can be cumbersome, perplexing, laggy, and invasive in terms of privacy. Here’s where Trackboxx Analytics steps in – a streamlined, potent, feather-light, open-source, and privacy-conscious solution. Here’s why Trackboxx stands out as an outstanding alternative to Google Analytics:\u003C\u002Fp>\n\u003Ch3>Third-Party Service Terms\u003C\u002Fh3>\n\u003Cp>Before using this plugin, it is recommended to review the terms of use and privacy policies of the Trackboxx service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">Trackboxx Terms of Use\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Trackboxx Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using this plugin, you acknowledge and agree to the terms and policies of the third-party service.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This documentation is provided for legal protection, ensuring that users are informed about the integration with third-party services. Please keep this information up to date to reflect any changes in service usage or associated terms.\u003C\u002Fp>\n\u003Ch3>Why Trackboxx\u003C\u002Fh3>\n\u003Cp>Privacy-first analytics for WordPress site owners and shop operators. 100% SaaS (not self-hosted) with a quick setup via plugin or code snippet. Start on the free plan or use our 30-day Trial with no credt Card required. Upgrade anytime for advanced features.\u003C\u002Fp>\n\u003Ch3>Simple Insights, Not Overwhelm\u003C\u002Fh3>\n\u003Cp>Clear live dashboard with page and landing-page reports—no complex menus or custom report building required.\u003C\u002Fp>\n\u003Ch3>E-Commerce Tracking\u003C\u002Fh3>\n\u003Cp>Full online shop analytics: sales, orders, revenue, average order value, and conversion rates. Track cart and checkout funnels, including cart abandonment. Works great with WooCommerce; more platforms via integrations.\u003C\u002Fp>\n\u003Ch3>Privacy & Compliance\u003C\u002Fh3>\n\u003Cp>Anonymous measurement by design—no cookies and no consent banners required. GDPR-friendly data handling with data minimization.\u003C\u002Fp>\n\u003Ch3>Performance\u003C\u002Fh3>\n\u003Cp>Lightweight tracking script that keeps your site fast and responsive.\u003C\u002Fp>\n\u003Ch3>Campaigns, Goals & Segments\u003C\u002Fh3>\n\u003Cp>Set up goals in minutes and track marketing campaigns (e.g., UTM). Break down performance by traffic sources, content, device, and more.\u003C\u002Fp>\n\u003Ch3>Team & Sharing\u003C\u002Fh3>\n\u003Cp>Invite team members, assign user roles, and share read-only views securely.\u003C\u002Fp>\n\u003Ch3>WordPress Integration\u003C\u002Fh3>\n\u003Cp>Automatic insertion of the tracking code in your site’s header. Clean settings page with clear options. View Trackboxx stats directly in your WordPress dashboard. Opt-out option for visitors included.\u003C\u002Fp>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Cp>Install the plugin, connect your Trackboxx site ID, and you’re ready to go—start free, upgrade when you need more.\u003C\u002Fp>\n\u003Ch3>Additional Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy onboarding\u003C\u002Fli>\n\u003Cli>Automatically includes tracking code in the header of your site\u003C\u002Fli>\n\u003Cli>Simple plugin settings page with clear options\u003C\u002Fli>\n\u003Cli>View your Trackboxx stats directly in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>OptOut Option\u003C\u002Fli>\n\u003Cli>Activation of e-commerce options (coming soon)\u003C\u002Fli>\n\u003Cli>Set up goals\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setting up this WordPress Plugin\u003C\u002Fh3>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin communicates with two external domains operated by Trackboxx:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Script loading (\u003Ccode>cdn.trackboxx.info\u003C\u002Fcode>)\u003C\u002Fstrong> – When a page on your site loads, the Trackboxx tracking script is downloaded from \u003Ccode>https:\u002F\u002Fcdn.trackboxx.info\u002Fp\u002Ftracker.js\u003C\u002Fcode>. This request retrieves the JavaScript file and does not transmit any visitor data beyond the standard HTTP request for the script.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Event endpoint (\u003Ccode>hit.trackboxx.info\u003C\u002Fcode>)\u003C\u002Fstrong> – After the script is loaded, anonymised visit data and e‑commerce events are sent to \u003Ccode>https:\u002F\u002Fhit.trackboxx.info\u002Fhit-action\u003C\u002Fcode>. The payload includes the current page URL, referrer, your Trackboxx site ID and any WooCommerce events (product names, values, coupons, etc.). IP addresses are anonymised before being transmitted. This endpoint is contacted on each page view and whenever tracked WooCommerce events occur.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">Trackboxx Terms of Use\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Trackboxx Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","A simple, GDPR compliant Google Analytics alternative.",70,643,"2026-02-03T11:59:00.000Z","4.8","8.0",[20,21,22,24,105],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrackboxx-analytics.zip",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":153,"last_updated":154,"tested_up_to":82,"requires_at_least":155,"requires_php":84,"tags":156,"homepage":159,"download_link":160,"security_score":161,"vuln_count":162,"unpatched_count":29,"last_vuln_date":163,"fetched_at":31},"wp-statistics","WP Statistics – Simple, privacy-friendly Google Analytics alternative","14.16.3","VeronaLabs","https:\u002F\u002Fprofiles.wordpress.org\u002Fveronalabs\u002F","\u003Cp>Discover GDPR-compliant analytics with \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002F?utm_source=wporg&utm_medium=link&utm_campaign=website\" rel=\"nofollow ugc\">WP Statistics\u003C\u002Fa>, the top choice for WordPress users seeking an alternative to Google Analytics. No external accounts, unlimited visitor tracking, and full data ownership—all stored directly in your WordPress database.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fdemo\" rel=\"nofollow ugc\">Checkout Demo\u003C\u002Fa> | \u003Ca href=\"#screenshots\" rel=\"nofollow ugc\">View Screenshots\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>GDPR Compliant (Data Privacy)\u003C\u002Fh4>\n\u003Cp>WP Statistics is GDPR, CCPA, PECR, and cookie compliance by default.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>We do not use cookies\u003C\u002Fli>\n\u003Cli>We do not store personally identifiable information (PII) by default\u003C\u002Fli>\n\u003Cli>100% data ownership. Data is entirely created and stored on your server\u003C\u002Fli>\n\u003Cli>Enhance IP Hashing with Random Daily Salt Mechanism\u003C\u002Fli>\n\u003Cli>Features to export and delete data for GDPR\u003C\u002Fli>\n\u003Cli>Respect for User Privacy with Do Not Track (DNT)\u003C\u002Fli>\n\u003Cli>Privacy Audit Tool for compliance with privacy laws\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your site won’t need to have a cookie popup since WP Statistics uses \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fresources\u002Fcounting-unique-visitors-without-cookies\u002F?utm_source=wporg&utm_medium=link&utm_campaign=doc\" rel=\"nofollow ugc\">cookie-less tracking\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can find more information in “\u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fresources\u002Fwhat-we-collect\u002F?utm_source=wporg&utm_medium=link&utm_campaign=doc\" rel=\"nofollow ugc\">What we collect\u003C\u002Fa>“.\u003C\u002Fp>\n\u003Ch4>Top Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fully integrate with your WordPress and your content structure and you have the all reports all in your WP dashboard\u003C\u002Fli>\n\u003Cli>Content and Category Analytics: Track performance based on your site’s content and categories.\u003C\u002Fli>\n\u003Cli>Simple analytics dashboard\u003C\u002Fli>\n\u003Cli>Super easy to install. No coding or technical knowledge needed\u003C\u002Fli>\n\u003Cli>Advanced data privacy settings that are customizable to fit your needs, in compliance with diverse data protection laws\u003C\u002Fli>\n\u003Cli>Track URL parameters, including UTMs, for campaign analysis\u003C\u002Fli>\n\u003Cli>With configurable settings, manage large amounts of data on high-traffic websites\u003C\u002Fli>\n\u003Cli>Monitor live online user traffic in real-time\u003C\u002Fli>\n\u003Cli>Fully customized overview dashboard page\u003C\u002Fli>\n\u003Cli>Shows your most popular posts and pages\u003C\u002Fli>\n\u003Cli>Referrals Tracking: Track and analyze referrals with five reports: Referred Visitors, Referrers, Search Engines, Social Media, and Source Categories. The new Source Categories report includes support for Organic Search, Paid Search, Organic Social, Paid Social, and more.\u003C\u002Fli>\n\u003Cli>Lists your top referral sources such as search engines\u003C\u002Fli>\n\u003Cli>Author Analytics: Measures author performance.\u003C\u002Fli>\n\u003Cli>Geographic Reports: Location-based analytics, including countries, cities, European countries, US states, and regions within your country.\u003C\u002Fli>\n\u003Cli>Devices Report: Detailed device-specific analytics covering browsers, operating systems, device categories and device models.\u003C\u002Fli>\n\u003Cli>Bypass Ad Blockers: Dynamically load the tracking script with a unique name and address to bypass ad blockers.\u003C\u002Fli>\n\u003Cli>Integrate with WP Consent API: Ensures compatibility with consent plugins like Complianz and Cookiebot.\u003C\u002Fli>\n\u003Cli>Email reports with customizable content\u003C\u002Fli>\n\u003Cli>Customize role-based access to view analytics and modify settings.\u003C\u002Fli>\n\u003Cli>Advanced Filtering & Exceptions: By user roles, IPs, countries, URLs, and more.\u003C\u002Fli>\n\u003Cli>Premium Add-on: \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fproduct\u002Fwp-statistics-data-plus?utm_source=wporg&utm_medium=link&utm_campaign=dp\" rel=\"nofollow ugc\">Data Plus\u003C\u002Fa>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom Post Type Tracking\u003C\u002Fstrong>: DataPlus extends WP Statistics’ tracking to include all custom post types in addition to Posts and Pages.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Taxonomy Analytics\u003C\u002Fstrong>: In addition to monitoring default taxonomies like Categories and Tags, DataPlus also tracks custom taxonomies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Link Tracker\u003C\u002Fstrong>: Find out which outbound links your audience clicks on, giving you insights into their preferences and behaviors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Download Tracker\u003C\u002Fstrong>: Keep track of what’s being downloaded, who’s downloading it, and when.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Individual Author Performance\u003C\u002Fstrong>: Detailed metrics on the performance of individual authors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Analytics for Each Country\u003C\u002Fstrong>: In-depth analytics for each country to enhance geographical reporting.\u003C\u002Fli>\n\u003Cli>And more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Premium Add-on: \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fproduct\u002Fwp-statistics-marketing\u002F?utm_source=wporg&utm_medium=link&utm_campaign=marketing\" rel=\"nofollow ugc\">Marketing\u003C\u002Fa>\n\u003Cul>\n\u003Cli>\u003Cstrong>Campaign Analytics\u003C\u002Fstrong>: Track UTM-tagged links and see which campaigns drive the most visitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Search Console Integration\u003C\u002Fstrong>: Monitor impressions, clicks, and queries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Event Tracking\u003C\u002Fstrong>: Create goals based on clicks, pageviews, or events and monitor conversions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in UTM Link Builder\u003C\u002Fstrong>: Generate and validate campaign URLs inside your dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get the most out of your website analytics by using WP Statistics Premium Add-ons\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrade your analytics toolkit with our range of premium add-ons, including \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fproduct\u002Fwp-statistics-data-plus?utm_source=wporg&utm_medium=link&utm_campaign=dp\" rel=\"nofollow ugc\">Data Plus\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fproduct\u002Fwp-statistics-advanced-reporting\u002F?utm_source=wporg&utm_medium=link&utm_campaign=adv-report\" rel=\"nofollow ugc\">Advanced Reporting\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fproduct\u002Fwp-statistics-realtime-stats\u002F?utm_source=wporg&utm_medium=link&utm_campaign=realtime\" rel=\"nofollow ugc\">Real-Time Stats\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fproduct\u002Fwp-statistics-mini-chart\u002F?utm_source=wporg&utm_medium=link&utm_campaign=mini-chart\" rel=\"nofollow ugc\">Mini Chart\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fproduct\u002Fwp-statistics-marketing\u002F?utm_source=wporg&utm_medium=link&utm_campaign=marketing\" rel=\"nofollow ugc\">Marketing\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fadd-ons\u002F?utm_source=wporg&utm_medium=link&utm_campaign=add-ons\" rel=\"nofollow ugc\">more\u003C\u002Fa>. Making informed decisions is easier with these powerful tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Special Offer:\u003C\u002Fstrong> Save up to 60% on all premium features when you purchase \u003Ca href=\"https:\u002F\u002Fwp-statistics.com\u002Fpricing\u002F?utm_source=wporg&utm_medium=link&utm_campaign=premium\" rel=\"nofollow ugc\">WP Statistics Premium\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Report Bugs\u003C\u002Fh4>\n\u003Cp>Having trouble with a bug? Please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-statistics\u002Fwp-statistics\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">create an issue\u003C\u002Fa> on GitHub. Kindly note that \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-statistics\u002Fwp-statistics\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> is exclusively for bug reports; other inquiries will be closed.\u003C\u002Fp>\n\u003Cp>For security vulnerabilities, please report them through the \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fwordpress\u002Fplugin\u002Fwp-statistics\u002Fvdp\" rel=\"nofollow ugc\">Patchstack Vulnerability Disclosure Program\u003C\u002Fa>. The Patchstack team will validate, triage, and handle any security issues.\u003C\u002Fp>\n","Get website traffic insights with GDPR\u002FCCPA compliant, privacy-friendly analytics. Includes visitor data, stunning graphs, and no data sharing.",600000,34815131,82,750,"2026-02-23T15:26:00.000Z","6.6",[20,21,157,158,24],"insights","site-visitors","https:\u002F\u002Fwp-statistics.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-statistics.14.16.3.zip",81,35,"2025-09-26 16:25:11",{"attackSurface":165,"codeSignals":217,"taintFlows":254,"riskAssessment":255,"analyzedAt":263},{"hooks":166,"ajaxHandlers":213,"restRoutes":214,"shortcodes":215,"cronEvents":216,"entryPointCount":29,"unprotectedCount":29},[167,173,179,183,186,190,194,198,202,205,209],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","wp_enqueue_scripts","fathom_enqueue_js_snippet","fathom-analytics.php",324,{"type":174,"name":175,"callback":176,"priority":177,"file":171,"line":178},"filter","script_loader_tag","fathom_add_data_attributes_to_js_script",10,325,{"type":168,"name":180,"callback":181,"file":171,"line":182},"admin_menu","fathom_register_settings",331,{"type":168,"name":180,"callback":184,"file":171,"line":185},"fathom_stats_page",334,{"type":174,"name":187,"callback":188,"priority":177,"file":171,"line":189},"plugin_action_links","add_plugin_action_links",392,{"type":174,"name":191,"callback":192,"file":171,"line":193},"rocket_minify_excluded_external_js","fathom_exclude_from_wp_rocket_minify",408,{"type":174,"name":195,"callback":196,"file":171,"line":197},"sgo_javascript_combine_excluded_external_paths","fathom_exclude_from_sg_optimizer_minify",424,{"type":174,"name":199,"callback":200,"priority":177,"file":171,"line":201},"wphb_minify_resource","fathom_exclude_from_wphb",446,{"type":174,"name":203,"callback":200,"priority":177,"file":171,"line":204},"wphb_combine_resource",447,{"type":174,"name":206,"callback":207,"file":171,"line":208},"litespeed_optimize_js_excludes","fathom_exclude_from_litespeed",464,{"type":174,"name":210,"callback":211,"priority":177,"file":171,"line":212},"op3_script_is_allowed_in_blank_template","allow_fathom_script",484,[],[],[],[],{"dangerousFunctions":218,"sqlUsage":219,"outputEscaping":221,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":253},[],{"prepared":29,"raw":29,"locations":220},[],{"escaped":177,"rawEcho":222,"locations":223},14,[224,227,229,231,233,235,237,239,241,243,245,247,249,251],{"file":171,"line":225,"context":226},169,"raw output",{"file":171,"line":228,"context":226},231,{"file":171,"line":230,"context":226},240,{"file":171,"line":232,"context":226},254,{"file":171,"line":234,"context":226},255,{"file":171,"line":236,"context":226},270,{"file":171,"line":238,"context":226},271,{"file":171,"line":240,"context":226},281,{"file":171,"line":242,"context":226},282,{"file":171,"line":244,"context":226},305,{"file":171,"line":246,"context":226},306,{"file":171,"line":248,"context":226},310,{"file":171,"line":250,"context":226},320,{"file":171,"line":252,"context":226},321,[],[],{"summary":256,"deductions":257},"The Fathom Analytics plugin version 3.3.1 presents a generally good security posture with no identified entry points in the static analysis, meaning there are no direct paths for unauthenticated or unauthorized access through AJAX, REST API, shortcodes, or cron jobs. The code also demonstrates strong practices by exclusively using prepared statements for SQL queries and having no file operations or external HTTP requests, which significantly reduces the risk of common web vulnerabilities. The absence of critical or high-severity taint flows further reinforces its current security. However, a notable concern is the 42% rate of proper output escaping. While not critically low, this suggests a potential for Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not consistently neutralized before being displayed in the browser.\n\nThe vulnerability history reveals two past medium-severity Cross-Site Scripting vulnerabilities, with the last one occurring in October 2023. While there are currently no unpatched vulnerabilities, the pattern of past XSS issues, coupled with the imperfect output escaping identified in the static analysis, indicates a persistent area of risk. This suggests that although the developers have addressed past vulnerabilities, the implementation of output sanitization might require further attention and rigorous testing to ensure all user-generated content is safely rendered.\n\nIn conclusion, Fathom Analytics v3.3.1 has a strong foundation with no direct attack surface and secure database interactions. The primary weakness lies in the incomplete output escaping, which, combined with its history of XSS vulnerabilities, warrants careful monitoring and potential updates. Users should ensure they are running the latest version and that the developers continue to prioritize robust input sanitization and output escaping.",[258,261],{"reason":259,"points":260},"Output escaping is not consistently proper",5,{"reason":262,"points":177},"Past medium severity XSS vulnerabilities","2026-03-16T17:51:03.805Z",{"wat":265,"direct":273},{"assetPaths":266,"generatorPatterns":269,"scriptPaths":270,"versionParams":272},[267,268],"\u002Fwp-content\u002Fplugins\u002Ffathom-analytics\u002Ffathom-stats-iframe.js","\u002Fwp-content\u002Fplugins\u002Ffathom-analytics\u002FiframeResizer.min.js",[],[271],"https:\u002F\u002Fcdn.usefathom.com\u002Fscript.js",[],{"cssClasses":274,"htmlComments":275,"htmlAttributes":276,"restEndpoints":280,"jsGlobals":281,"shortcodeOutput":282},[],[],[277,278,279],"data-site","data-canonical","data-no-minify",[],[],[]]