[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKUfGsUDrDDnnFCoRTfu-V5NPph96xoyXuJ5yQRFzO9s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":121,"fingerprints":377},"google-reader-stats","Google Reader Stats","1.4","moallemi","https:\u002F\u002Fprofiles.wordpress.org\u002Fmoallemi\u002F","\u003Cp>This plugin adds the Google Reader Stats to your blog. GRS measures the +1s and views count of each blog feed item on Google Reader and displays it on your blog . The GRS Widget enables readers to easily see the blog’s best content, with the highest overall +1s or views on Google Reader.\u003C\u002Fp>\n\u003Cp>Put the \u003Ccode>\u003C?php if (function_exists( 'the_grs_plusones' )) the_grs_plusones(); ?>\u003C\u002Fcode> code for post +1s and  \u003Ccode>\u003C?php if (function_exists( 'the_grs_views' )) the_grs_views(); ?>\u003C\u002Fcode> for post views in your template files (index.php, single.php, archive.php) to show +1\u002Fview count.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Persian – \u003Ca href=\"http:\u002F\u002Fwww.moallemi.ir\u002F\" rel=\"nofollow ugc\">Reza Moallemi\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What’s New in version 1.4\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>* Add Support for new google reader interface and fetures\n* Add Support for Google +1\n* Improve Graph performance for viewing feed stats\n\u003C\u002Fcode>\u003C\u002Fpre>\n","This plugin adds the Google Reader Stats (+1 count\u002FView count) to your blog posts.",10,8136,0,"2011-11-04T14:24:00.000Z","3.2.1","2.9","",[19,20,21,22,23],"google","google-reader","stat","statistic","stats","http:\u002F\u002Fwww.moallemi.ir\u002Fen\u002Fblog\u002F2010\u002F06\u002F03\u002Fgoogle-reader-stats-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-reader-stats.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},6,90,88,30,86,"2026-04-05T09:08:04.758Z",[38,64,82,96,106],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":13,"last_vuln_date":63,"fetched_at":28},"koko-analytics","Koko Analytics – Privacy Friendly Statistics for WordPress","2.2.4","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Cp>Koko Analytics provides website analytics and visitor statistics directly inside your WordPress dashboard without relying on external services. It is privacy-friendly, lightweight, open source, and easy to use.\u003C\u002Fp>\n\u003Cp>Fully GDPR, CCPA and PECR compliant by design: no personal data is processed or stored, everything runs on your own server and can be used without cookies.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fkoko-analytics-dashboard\u002F\" rel=\"nofollow ugc\">view a live demo here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Why Koko Analytics\u003C\u002Fh3>\n\u003Cp>Our goal is to provide you with a simple, lightweight and privacy-friendly alternative to Google Analytics for your WordPress statistics.\u003C\u002Fp>\n\u003Ch4>Privacy Friendly Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fprivacy-focused-wordpress-analytics\u002F\" rel=\"nofollow ugc\">privacy friendly analytics\u003C\u002Fa>. No personal data is processed or stored, all measurements are carried out completely anonymously and nothing is ever shared with any third-party service.\u003C\u002Fp>\n\u003Ch4>Lightweight Statistics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Flightweight-wordpress-analytics\u002F\" rel=\"nofollow ugc\">lightweight analytics\u003C\u002Fa>. It adds less than 1 kilobyte of data to your HTML and is fully compatible with pages served from any kind of cache. WordPress is bypassed entirely for its collection endpoint, making the impact on your site’s performance as close to zero as possible. Fact: there is no faster statistics plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>Simple Analytics Dashboard\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fsimple-wordpress-analytics\u002F\" rel=\"nofollow ugc\">simple analytics\u003C\u002Fa>. There are no complicated reports to dig through. A single dashboard page shows you all the important metrics.\u003C\u002Fp>\n\u003Ch4>Open Source Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fopen-source-wordpress-analytics\u002F\" rel=\"nofollow ugc\">open source analytics\u003C\u002Fa>. The source code is released under the GPL license and freely \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fibericode\u002Fkoko-analytics\" rel=\"nofollow ugc\">available on GitHub\u003C\u002Fa>. Anyone can read it, inspect it and review it.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A beautiful analytics dashboard built right into WordPress admin.\u003C\u002Fli>\n\u003Cli>View statistics for your most popular posts and pages.\u003C\u002Fli>\n\u003Cli>See referral statistics showing which sites send you traffic.\u003C\u002Fli>\n\u003Cli>Path-based tracking to see analytics for any URL, including archives and search pages.\u003C\u002Fli>\n\u003Cli>Reliably detect returning visitors without the use of cookies.\u003C\u002Fli>\n\u003Cli>Exclude visits from certain WordPress user roles or IP addresses.\u003C\u002Fli>\n\u003Cli>Import historical statistics from Jetpack Stats, Plausible or Burst Statistics.\u003C\u002Fli>\n\u003Cli>Periodically clean-up historical data older than a specified number of months or years.\u003C\u002Fli>\n\u003Cli>A widget, Gutenberg block or shortcode to show a list of your most visited posts or pages.\u003C\u002Fli>\n\u003Cli>A shortcode or Gutenberg block to show the total number of pageviews to a given page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>See what countries your site is visited from with geo-location statistics.\u003C\u002Fli>\n\u003Cli>See what browsers, operating systems or devices your visitors are using.\u003C\u002Fli>\n\u003Cli>Custom event analytics to track outbound link clicks, contact form submissions, and more.\u003C\u002Fli>\n\u003Cli>Stay up-to-date with periodic analytics reports delivered to your email inbox.\u003C\u002Fli>\n\u003Cli>Be notified immediately whenever your site experiences an unusual traffic spike.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You will have access to all of these benefits and more for a small yearly fee.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">View pricing for Koko Analytics Pro here \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n","Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.",60000,2043562,100,222,"2026-03-12T15:04:00.000Z","6.9.4","6.0","7.4",[55,56,57,58,23],"analytics","google-analytics","privacy","statistics","https:\u002F\u002Fwww.kokoanalytics.com\u002F#utm_source=wp-plugin&utm_medium=koko-analytics&utm_campaign=plugins-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkoko-analytics.2.2.4.zip",96,2,"2026-01-20 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":17,"tags":79,"homepage":80,"download_link":81,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"multi-google-analytics","Multiple Google Analytics Trackers","1.1.2","Ahrengot","https:\u002F\u002Fprofiles.wordpress.org\u002Fahrengot\u002F","\u003Cp>Minimalistic \u003Ca href=\"http:\u002F\u002Fwww.google.com\u002Fanalytics\u002F\" rel=\"nofollow ugc\">Google Analytics\u003C\u002Fa> plugin that lets you add one or more trackers and control exactly how the script is rendered.\u003C\u002Fp>\n\u003Ch4>Rendering the script\u003C\u002Fh4>\n\u003Cp>This plugin lets you control wether the Google Analytics script is printed in the \u003Ccode>\u003Chead>\u003C\u002Fcode>-element, the \u003Ccode>\u003Cbody>\u003C\u002Fcode>-element or using a custom action.\u003C\u002Fp>\n\u003Cp>There’s also a filter available, if you want to completely override the code that prints the analytics code. This way you can use the plugin simply for storing the property ID’s in the database and manually render the analytics script exactly as your want it.\u003C\u002Fp>\n\u003Cp>The filter for overriding the script code is \u003Ccode>ahr-google-analtyics\u002Fscript_file_path\u003C\u002Fcode> and you’d use it like so:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('ahr-google-analtyics\u002Fscript_file_path', function($default_path){\n    \u002F\u002F return an absolute file path to the file you want to use for rendering the script\n}, 10, 1);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Accessing the property ids via code\u003C\u002Fh4>\n\u003Cp>If you need to manipulate the Google Analytics property ids before they are printed, then use the \u003Ccode>ahr-google-analtyics'\u002Fproperty_ids\u003C\u002Fcode> filter. It’ll pass you an array of property ids as its single argument.\u003C\u002Fp>\n\u003Cp>If you need to pull the ids from the database, in any other context, you can use \u003Ccode>$property_ids = get_option( AhrGoogleAnalytics::OPTION_IDS );\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>This plugin will always give you an array of ids. Even if you just have one.\u003C\u002Fp>\n\u003Ch4>Source code & contributions\u003C\u002Fh4>\n\u003Cp>Please feel free to contribute improvements, report bugs or suggest new features via the GitHub repo\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAhrengot\u002Fmultiple-google-analytics\" rel=\"nofollow ugc\">Github Repo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAhrengot\u002Fmultiple-google-analytics\u002Fissues\" rel=\"nofollow ugc\">Suggest improvements\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAhrengot\u002Fmultiple-google-analytics\u002Fpulls\" rel=\"nofollow ugc\">Open a pull request\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Add one or more Google Analytics trackers to your website.",70,4428,74,3,"2017-09-11T09:34:00.000Z","4.8.28","4.0",[55,19,56,58,23],"https:\u002F\u002Fgithub.com\u002FAhrengot\u002Fmultiple-google-analytics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmulti-google-analytics.1.1.2.zip",{"slug":83,"name":84,"version":85,"author":17,"author_profile":86,"description":87,"short_description":88,"active_installs":11,"downloaded":89,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":90,"requires_at_least":91,"requires_php":17,"tags":92,"homepage":93,"download_link":94,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":95},"on-site-google-analytics","Seoatl On Site Google Analytics","v0.1","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamescharlesworth\u002F","\u003Cp>Google Analytics is a great tool, but requires some technical capabilities to understand it.  This plugin takes some very basic,\u003Cbr \u002F>\nalthough important, data from Google Analytics (using the Google Analytics export API) and displays the information\u003Cbr \u002F>\non the frontend of your blog\u002Fsite to WP administrators.  The data provided by this plugin is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pageviews  \u003C\u002Fli>\n\u003Cli>Average Time On Page  \u003C\u002Fli>\n\u003Cli>Bounce Rate\u003C\u002Fli>\n\u003Cli>Exit Rate\u003C\u002Fli>\n\u003Cli>Referring Sites\u003C\u002Fli>\n\u003Cli>Keywords\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is intended for non-technical users who are not viewing Google Analytics on daily basis or may not\u003Cbr \u002F>\nknow how to get this information from Google Analytics. Please consider donating a link to \u003Ca href=\"http:\u002F\u002Fwww.seoatl.com\u002Fstrategy\" rel=\"nofollow ugc\">SEO Strategy\u003C\u002Fa> if you\u003Cbr \u002F>\nlike this plugin\u003C\u002Fp>\n","This plugin provides WP admin's valuable data from Google Analytics on site without having to login to Google Analytics to get the information.",12183,"3.0.5","2.0.2",[55,19,56,58,23],"http:\u002F\u002Fwww.seoatl.com\u002Ftools\u002Fwordpress\u002Fon-site-google-analytics-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fon-site-google-analytics.zip","2026-03-15T14:44:11.924Z",{"slug":97,"name":84,"version":98,"author":99,"author_profile":100,"description":101,"short_description":88,"active_installs":11,"downloaded":102,"rating":13,"num_ratings":13,"last_updated":103,"tested_up_to":90,"requires_at_least":91,"requires_php":17,"tags":104,"homepage":93,"download_link":105,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"onsite-google-analytics-plugin","v0.4.1","James Charlesworth","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamescharlesworth-1\u002F","\u003Cp>Google Analytics is a great tool, but requires some technical capabilities to understand it.  This plugin takes some very basic,\u003Cbr \u002F>\nalthough important, data from Google Analytics (using the Google Analytics export API) and displays the information\u003Cbr \u002F>\non your blog\u002Fsite to WP administrators or users if you assign them privileges to see it.  The data provided by this plugin is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pageviews  \u003C\u002Fli>\n\u003Cli>Average Time On Page  \u003C\u002Fli>\n\u003Cli>Bounce Rate\u003C\u002Fli>\n\u003Cli>Exit Rate\u003C\u002Fli>\n\u003Cli>Referring Sites\u003C\u002Fli>\n\u003Cli>Keywords\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Advanced form tracking capabilities include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Monitor your forms more closely\u003C\u002Fli>\n\u003Cli>See how long visitors are taking each step of your form\u003C\u002Fli>\n\u003Cli>See what visitors input into each form regardless of hitting submit\u003C\u002Fli>\n\u003Cli>Better understand form abandonment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This feature uses Google Analytics Event Tracking to store and retrieve data.\u003C\u002Fp>\n\u003Cp>Please consider donating a link to \u003Ca href=\"http:\u002F\u002Fwww.jamescharlesworth.com\u002Fstrategy\" rel=\"nofollow ugc\">SEO Strategy\u003C\u002Fa> or \u003Ca href=\"http:\u002F\u002Fwww.jamescharlesworth.com\" rel=\"nofollow ugc\">Atlanta SEO\u003C\u002Fa> if you\u003Cbr \u002F>\nlike this plugin.\u003C\u002Fp>\n\u003Cp>NOTE: This plugin does not install the default Google Analytics code on your site, you should already have that installed for this to work.\u003C\u002Fp>\n",6056,"2011-02-06T02:32:00.000Z",[55,19,56,58,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fonsite-google-analytics-plugin.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":11,"downloaded":114,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":115,"requires_at_least":116,"requires_php":17,"tags":117,"homepage":118,"download_link":119,"security_score":48,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":120},"pagerank","PageRank","0.4","tomknows","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomknows\u002F","\u003Cp>Displays Google PageRank in the sidebar of your blog via widget interfacce or anywhere else via function call. The Plugin comes with 3 different layouts.\u003C\u002Fp>\n","Displays Google PageRank in the sidebar of your blog via widget interface or anywhere else via function call.",5794,"4.0.38","2.5",[19,107,58,23],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpagerank\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpagerank.0.4.zip","2026-03-15T10:48:56.248Z",{"attackSurface":122,"codeSignals":160,"taintFlows":326,"riskAssessment":362,"analyzedAt":376},{"hooks":123,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":13,"unprotectedCount":13},[124,130,134,140,144,148,152],{"type":125,"name":126,"callback":127,"file":128,"line":129},"action","admin_menu","google_reader_stats_menu","google-reader-stats.php",16,{"type":125,"name":131,"callback":132,"file":128,"line":133},"wp_footer","grs_check_for_update",56,{"type":135,"name":136,"callback":137,"priority":138,"file":128,"line":139},"filter","the_content","grs_add_counter_to_feed",10000,69,{"type":135,"name":141,"callback":142,"file":128,"line":143},"manage_posts_columns","grs_manage_posts_columns",72,{"type":125,"name":145,"callback":146,"file":128,"line":147},"manage_posts_custom_column","grs_manage_posts_custom_column",73,{"type":125,"name":149,"callback":150,"file":128,"line":151},"widgets_init","widget_grs_init",649,{"type":125,"name":153,"callback":154,"file":128,"line":155},"admin_head-edit.php","grs_admin_head",827,[],[],[],[],{"dangerousFunctions":161,"sqlUsage":162,"outputEscaping":188,"fileOperations":62,"externalRequests":62,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":325},[],{"prepared":163,"raw":164,"locations":165},1,9,[166,169,172,174,177,179,181,183,185],{"file":128,"line":167,"context":168},83,"$wpdb->get_var() with variable interpolation",{"file":128,"line":170,"context":171},662,"$wpdb->get_results() with variable interpolation",{"file":128,"line":173,"context":171},703,{"file":175,"line":176,"context":171},"google-reader-view-stats.php",8,{"file":175,"line":178,"context":171},53,{"file":175,"line":180,"context":171},59,{"file":175,"line":182,"context":171},252,{"file":175,"line":184,"context":171},253,{"file":186,"line":187,"context":168},"google-reader-view.php",20,{"escaped":189,"rawEcho":147,"locations":190},22,[191,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,235,236,237,239,241,242,244,245,246,247,249,250,251,252,254,255,257,259,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,293,295,297,299,301,303,305,307,309,311,312,314,316,318,320,321,323],{"file":128,"line":192,"context":193},188,"raw output",{"file":128,"line":195,"context":193},218,{"file":128,"line":197,"context":193},223,{"file":128,"line":199,"context":193},227,{"file":128,"line":201,"context":193},233,{"file":128,"line":203,"context":193},271,{"file":128,"line":205,"context":193},280,{"file":128,"line":207,"context":193},294,{"file":128,"line":209,"context":193},311,{"file":128,"line":211,"context":193},322,{"file":128,"line":213,"context":193},339,{"file":128,"line":215,"context":193},387,{"file":128,"line":217,"context":193},394,{"file":128,"line":219,"context":193},397,{"file":128,"line":221,"context":193},400,{"file":128,"line":223,"context":193},485,{"file":128,"line":225,"context":193},496,{"file":128,"line":227,"context":193},507,{"file":128,"line":229,"context":193},582,{"file":128,"line":231,"context":193},593,{"file":128,"line":233,"context":193},617,{"file":128,"line":233,"context":193},{"file":128,"line":233,"context":193},{"file":128,"line":233,"context":193},{"file":128,"line":238,"context":193},620,{"file":128,"line":240,"context":193},621,{"file":128,"line":240,"context":193},{"file":128,"line":243,"context":193},628,{"file":128,"line":243,"context":193},{"file":128,"line":243,"context":193},{"file":128,"line":243,"context":193},{"file":128,"line":248,"context":193},631,{"file":128,"line":248,"context":193},{"file":128,"line":248,"context":193},{"file":128,"line":248,"context":193},{"file":128,"line":253,"context":193},634,{"file":128,"line":253,"context":193},{"file":128,"line":256,"context":193},692,{"file":128,"line":258,"context":193},732,{"file":260,"line":261,"context":193},"google-reader-stdm.php",105,{"file":260,"line":263,"context":193},113,{"file":175,"line":265,"context":193},11,{"file":175,"line":267,"context":193},31,{"file":175,"line":269,"context":193},32,{"file":175,"line":271,"context":193},33,{"file":175,"line":273,"context":193},34,{"file":175,"line":275,"context":193},42,{"file":175,"line":277,"context":193},45,{"file":175,"line":279,"context":193},136,{"file":175,"line":281,"context":193},137,{"file":175,"line":283,"context":193},144,{"file":175,"line":285,"context":193},147,{"file":175,"line":287,"context":193},152,{"file":175,"line":289,"context":193},157,{"file":175,"line":291,"context":193},210,{"file":175,"line":201,"context":193},{"file":175,"line":294,"context":193},235,{"file":175,"line":296,"context":193},237,{"file":175,"line":298,"context":193},262,{"file":175,"line":300,"context":193},263,{"file":175,"line":302,"context":193},276,{"file":175,"line":304,"context":193},277,{"file":175,"line":306,"context":193},278,{"file":175,"line":308,"context":193},279,{"file":175,"line":310,"context":193},284,{"file":175,"line":207,"context":193},{"file":175,"line":313,"context":193},295,{"file":175,"line":315,"context":193},308,{"file":175,"line":317,"context":193},309,{"file":175,"line":319,"context":193},310,{"file":175,"line":209,"context":193},{"file":175,"line":322,"context":193},316,{"file":186,"line":324,"context":193},47,[],[327,344,353],{"entryPoint":328,"graph":329,"unsanitizedCount":163,"severity":343},"google_reader_stats_options (google-reader-stats.php:133)",{"nodes":330,"edges":340},[331,335],{"id":332,"type":333,"label":334,"file":128,"line":192},"n0","source","$_SERVER['REQUEST_URI']",{"id":336,"type":337,"label":338,"file":128,"line":192,"wp_function":339},"n1","sink","echo() [XSS]","echo",[341],{"from":332,"to":336,"sanitized":342},false,"medium",{"entryPoint":345,"graph":346,"unsanitizedCount":163,"severity":352},"\u003Cgoogle-reader-stats> (google-reader-stats.php:0)",{"nodes":347,"edges":350},[348,349],{"id":332,"type":333,"label":334,"file":128,"line":192},{"id":336,"type":337,"label":338,"file":128,"line":192,"wp_function":339},[351],{"from":332,"to":336,"sanitized":342},"low",{"entryPoint":354,"graph":355,"unsanitizedCount":163,"severity":352},"\u003Cgoogle-reader-view-stats> (google-reader-view-stats.php:0)",{"nodes":356,"edges":360},[357,359],{"id":332,"type":333,"label":358,"file":175,"line":265},"$_GET['date']",{"id":336,"type":337,"label":338,"file":175,"line":265,"wp_function":339},[361],{"from":332,"to":336,"sanitized":342},{"summary":363,"deductions":364},"The \"google-reader-stats\" plugin v1.4 exhibits a mixed security posture.  While the absence of known CVEs and a lack of critical or high-severity taint flows are positive indicators, several code signals raise concerns.  The extremely low percentage of properly escaped output (23%) suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data is likely being rendered without adequate sanitization. Furthermore, the complete absence of capability checks and nonce checks, combined with a significant number of SQL queries (10) where only 10% use prepared statements, points to potential SQL injection risks and privilege escalation vulnerabilities. The presence of file operations and external HTTP requests without proper authentication or sanitization also increases the attack surface.  Despite the clean vulnerability history, the internal code analysis reveals significant potential weaknesses that could be exploited if an attacker can find an entry point.  The plugin's strengths lie in its limited attack surface through traditional WordPress entry points, but its internal coding practices present substantial security risks.",[365,368,370,372,374],{"reason":366,"points":367},"Low output escaping percentage",15,{"reason":369,"points":11},"Low percentage of prepared statements for SQL",{"reason":371,"points":11},"No capability checks",{"reason":373,"points":176},"No nonce checks",{"reason":375,"points":31},"Unsanitized paths in taint analysis","2026-03-17T00:48:10.003Z",{"wat":378,"direct":387},{"assetPaths":379,"generatorPatterns":382,"scriptPaths":383,"versionParams":384},[380,381],"\u002Fwp-content\u002Fplugins\u002Fgoogle-reader-stats\u002Fgrs_plusone_small.png","\u002Fwp-content\u002Fplugins\u002Fgoogle-reader-stats\u002Fgrs_view_small.png",[],[],[385,386],"google-reader-stats\u002Fstyle.css?ver=","google-reader-stats\u002Fscript.js?ver=",{"cssClasses":388,"htmlComments":391,"htmlAttributes":394,"restEndpoints":398,"jsGlobals":399,"shortcodeOutput":402},[389,390,4],"grs-plusone","grs-views",[392,393],"\u003C!-- Google Reader Stats -->","\u003C!-- End Google Reader Stats -->",[395,396,397],"data-grs-post-id","data-grs-plusone-count","data-grs-views-count",[],[400,401],"googleReaderStats","grs_update_options",[403,404],"\u003Cspan class=\"grs-plusone\">","\u003Cspan class=\"grs-views\">"]