[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqEYbTnX5hQaoVZ59XMTePXijzUebKgUpchKiCTeSsx4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":73,"crawl_stats":38,"alternatives":78,"analysis":189,"fingerprints":510},"gtmetrix-for-wordpress","GTmetrix for WordPress","0.4.8","GTmetrix","https:\u002F\u002Fprofiles.wordpress.org\u002Fgtmetrix\u002F","\u003Cp>GTmetrix has created GTmetrix for WordPress – a WordPress plugin that actively keeps track of your WP install and sends you alerts if your site falls below certain criteria.\u003C\u002Fp>\n\u003Cp>Run analyses, schedule reports on a daily, weekly or monthly basis, and receive alerts about the status of your site all from within your WordPress Admin!\u003C\u002Fp>\n","GTmetrix can help you develop a faster, more efficient, and all-around improved website experience for your users. Your users will love you for it.",9000,261976,96,14,"2023-08-25T17:47:00.000Z","6.0.11","3.3.1","",[20,21,22,23,24],"analytics","gtmetrix","monitoring","optimization","page-speed","https:\u002F\u002Fgtmetrix.com\u002Fgtmetrix-for-wordpress-plugin.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgtmetrix-for-wordpress.0.4.8.zip",84,3,0,"2023-07-19 00:00:00","2026-03-15T15:16:48.613Z",[33,48,62],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-37996","gtmetrix-for-wordpress-cross-site-request-forgery","GTmetrix for WordPress \u003C= 0.4.7 - Cross-Site Request Forgery","The GTmetrix for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.7. This is due to missing nonce validation on the tests_page() function. This makes it possible for unauthenticated attackers to invoke this function and delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=0.4.7","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9958d7d7-ddeb-42f4-a5bd-6dd55ec9b6e0?source=api-prod",188,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":44,"references":59,"days_to_patch":61},"CVE-2023-32503","gtmetrix-for-wordpress-reflected-cross-site-scripting-via-reportid-and-eventid","GTmetrix for WordPress \u003C= 0.4.6 - Reflected Cross-Site Scripting via 'report_id' and 'event_id'","The GTmetrix for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'report_id' and 'event_id' parameters in versions up to, and including, 0.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=0.4.6","0.4.7",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2023-05-09 00:00:00",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fabe50539-f6a9-476a-a408-4f94f7f31fcc?source=api-prod",259,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":69,"updated_date":44,"references":70,"days_to_patch":72},"CVE-2023-23677","gtmetrix-for-wordpress-reflected-cross-site-scripting-via-url","GTmetrix for WordPress \u003C= 0.4.5 - Reflected Cross-Site Scripting via 'url'","The GTmetrix for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in versions up to, and including, 0.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=0.4.5","0.4.6","2023-03-02 00:00:00",[71],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdcdf22be-8af4-4596-b138-67ebfd04c06d?source=api-prod",327,{"slug":21,"display_name":7,"profile_url":8,"plugin_count":74,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":75,"trust_score":76,"computed_at":77},1,258,68,"2026-04-04T06:06:11.010Z",[79,105,126,148,170],{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":100,"download_link":101,"security_score":102,"vuln_count":103,"unpatched_count":29,"last_vuln_date":104,"fetched_at":31},"fast-velocity-minify","Fast Velocity Minify","3.5.4","Raul P.","https:\u002F\u002Fprofiles.wordpress.org\u002Falignak\u002F","\u003Cp>HTML, CSS & JS optimization plugin for developers and advanced users. Note you need to look into the HELP tab after installing the plugin and manually configure it for your site. Each site is different, so the default recommendations may or may not work for you and you will need to test and find out how to adjust your settings.\u003C\u002Fp>\n\u003Cp>Minification is done on the frontend during the first uncached request. Once the first request is processed, any other pages that require the same set of CSS and JS files will be able to reuse the same generated static CSS or JS file.\u003C\u002Fp>\n\u003Cp>If your cache is growing significantly, this could mean one of your CSS or JS files is dynamic and changes on every pageview. In that case, you would need to add the file to the ignore list, else the cache would grow indefinitely (because obviously the original files themselves are dynamic and when you minify, the plugin sees a different file).\u003C\u002Fp>\n\u003Cp>Kindly read the HELP section after installing the plugin, about possible issues and how to solve them.\u003C\u002Fp>\n\u003Ch4>Additional Optimization\u003C\u002Fh4>\n\u003Cp>I can offer you additional \u003Ccode>custom made\u003C\u002Fcode> optimization on top of this plugin. If you would like to hire me, please visit my profile links for further information.\u003C\u002Fp>\n\u003Ch4>WP-CLI Commands\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Purge all caches: \u003Ccode>wp fvm purge\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Purge all caches on a network site: \u003Ccode>wp --url=blog.example.com fvm purge\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Purge all caches on the entire network (linux): \u003Ccode>wp site list --field=url | xargs -n1 -I % wp --url=% fvm purge\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to customize the cache path ?\u003C\u002Fh4>\n\u003Cp>You need a public directory to store and serve minified cache files. If you need to customize the path and url, you need to edit your \u003Ccode>wp-config.php\u003C\u002Fcode> and add both \u003Ccode>define('FVM_CACHE_DIR', '\u002Fabsolute\u002Fpath\u002Fto\u002Fexample.com\u002Fyour\u002Fpublic\u002Fdirectory');\u003C\u002Fcode> and \u003Ccode>define('FVM_CACHE_URL', 'https:\u002F\u002Fexample.com\u002Fyour\u002Fpublic\u002Fdirectory');\u003C\u002Fcode> .\u003C\u002Fp>\n","Maximize GTmetrix, PageSpeed and enhance Web Vitals by minifying CSS\u002FJS, lazy loading scripts, optimizing images, and improving load speed overall.",40000,3514771,92,194,"2025-11-04T02:41:00.000Z","6.8.5","5.6","7.2",[21,96,97,98,99],"lighthouse","pagespeed","speed-optimization","web-vitals","https:\u002F\u002Ffastvelocity.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast-velocity-minify.3.5.4.zip",98,2,"2025-10-24 18:28:09",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":102,"num_ratings":115,"last_updated":116,"tested_up_to":92,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":18,"download_link":123,"security_score":124,"vuln_count":103,"unpatched_count":29,"last_vuln_date":125,"fetched_at":31},"phastpress","PhastPress","3.9","Albert Peschar","https:\u002F\u002Fprofiles.wordpress.org\u002Fkiboit\u002F","\u003Cp>PhastPress uses advanced techniques to manipulate your pages, scripts, stylesheets and images to significantly improve load times. It’s designed to conform to Google PageSpeed Insights and GTmetrix recommendations and can improve your site’s score dramatically.\u003C\u002Fp>\n\u003Cp>PhastPress’ motto is \u003Cem>no configuration\u003C\u002Fem>.  Install, activate and go!\u003C\u002Fp>\n\u003Cp>PhastPress has the Phast web page optimisation engine by \u003Ca href=\"https:\u002F\u002Fkiboit.com\u002F\" rel=\"nofollow ugc\">Albert Peschar\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fmkosturkov\" rel=\"nofollow ugc\">Milko Kosturkov\u003C\u002Fa> at its core.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Image optimization:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Phast optimizes images using PNG quantization (\u003Ca href=\"https:\u002F\u002Fpngquant.org\u002F\" rel=\"nofollow ugc\">pngquant\u003C\u002Fa>) and JPEG recoding (\u003Ca href=\"https:\u002F\u002Flibjpeg-turbo.org\u002F\" rel=\"nofollow ugc\">libjpeg-turbo\u003C\u002Fa>).\u003C\u002Fli>\n\u003Cli>Phast inlines small images (\u003C 512 bytes) in the page.\u003C\u002Fli>\n\u003Cli>Phast converts JPEG images into WebP for supporting browsers.\u003C\u002Fli>\n\u003Cli>Phast enables \u003Ca href=\"https:\u002F\u002Fweb.dev\u002Fnative-lazy-loading\u002F\" rel=\"nofollow ugc\">native lazy loading\u003C\u002Fa> to speed up page loading and save bandwidth.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Asynchronous scripts and stylesheets:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Phast loads all scripts on your page asynchronously and in a single request, while maintaining full compatibility with legacy scripts, due to our custom script loader.\u003C\u002Fli>\n\u003Cli>Phast proxies external scripts to extend their cache lifetime.\u003C\u002Fli>\n\u003Cli>Phast inlines critical CSS automatically by comparing the rules in your stylesheets with the elements on your page.\u003C\u002Fli>\n\u003Cli>Phast loads non-critical CSS asynchronously and in a single request.\u003C\u002Fli>\n\u003Cli>Phast inlines Google Fonts CSS.\u003C\u002Fli>\n\u003Cli>Phast lazily loads IFrames to prioritize the main page load.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Get the full power of Phast for your website by installing PhastPress now.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fkiboit.com\u002Fphastpress-support\" rel=\"nofollow ugc\">\u003Cstrong>For commercial support and bug reports, click here.\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n","PhastPress automatically optimizes your site for the best possible performance.",10000,500723,99,"2026-02-11T11:47:00.000Z","6.2","7.3",[120,23,24,121,122],"optimisation","pagespeed-insights","speed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphastpress.3.9.zip",93,"2025-12-22 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":136,"num_ratings":137,"last_updated":138,"tested_up_to":139,"requires_at_least":140,"requires_php":141,"tags":142,"homepage":146,"download_link":147,"security_score":136,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"machete","Machete","5.1","Nilo Velez","https:\u002F\u002Fprofiles.wordpress.org\u002Fnilovelez\u002F","\u003Cp>Machete is a simple suite of tools that solves common WordPress annoyances using as few resources as possible. Machete doesn’t cover every single use case, but there is a huge amount of sites that would require less plugins if they used Machete.\u003C\u002Fp>\n\u003Cp>All Machete tools have two things in common: they solve problems faced by many web developers and they do it using as few server resources as possible.\u003C\u002Fp>\n\u003Cp>So far, Machete includes the following tools:\u003C\u002Fp>\n\u003Ch4>WordPress Optimization\u003C\u002Fh4>\n\u003Cp>WordPress places a lot of code inside the \u003Ccode>\u003Chead>\u003C\u002Fcode> tag just to keep backward compatibility or to enable optional features. You can disable most of it and save some time from each page request while making your installation safer.\u003C\u002Fp>\n\u003Ch4>Cookies & GDPR Warning\u003C\u002Fh4>\n\u003Cp>We know you hate cookie warning bars. Well, this is the least hateable cookie bar you’ll find. It is really light, doesn’t affect your PageSpeed score and plays well with static cache plugins.\u003C\u002Fp>\n\u003Ch4>Analytics and custom code\u003C\u002Fh4>\n\u003Cp>You don’t need a zillion plugins to perform easy tasks like inserting a verification meta tag (Google Search Console, Bing, Pinterest), a json-ld snippet or a custom stylesheet (Google Fonts, Print Styles, accessibility tweaks…).\u003C\u002Fp>\n\u003Cp>The Google Analytics and Google Tag Manager tracking codes are PageSpeed optimized, GPDR friendly.\u003C\u002Fp>\n\u003Ch4>Maintenance mode\u003C\u002Fh4>\n\u003Cp>The maintenance mode that ships with WordPress is just a basic lock-down that is activated whenever you do a major update. With machete Maintenance Mode you can hide your unfinished page from visitors and search engines, give your clients a secure temporary access and lock your site without affecting your SEO.\u003C\u002Fp>\n\u003Ch4>Post & Page cloner\u003C\u002Fh4>\n\u003Cp>Adds a “duplicate” link to post, page and most post types lists. Also adds “copy to new draft” function to the post editor.\u003C\u002Fp>\n\u003Ch4>Social Sharing Buttons\u003C\u002Fh4>\n\u003Cp>Social sharing done the Machete way. The icons are made as a custom webfont embedded in a minified CSS file that only weighs 5.8KB. The sharing actions use each platform’s native share URL.\u003C\u002Fp>\n\u003Ch4>WooCommerce Utils\u003C\u002Fh4>\n\u003Cp>WooCommerce was designed to work for every possible use case, but that often leads to unexpected behavior. These simple fixes can improve the WooCommerce user experience by making it behave as clients expect.\u003C\u002Fp>\n","Machete is a lean and simple suite of tools that solve common WordPress annoyances: cookie bar, tracking codes, header cleanup, social sharing",7000,83440,100,52,"2026-02-05T09:26:00.000Z","6.9.4","4.6","7.4",[20,143,144,145,23],"clone","cookies","maintenance","https:\u002F\u002Fmachetewp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmachete.5.1.zip",{"slug":149,"name":150,"version":151,"author":152,"author_profile":153,"description":154,"short_description":155,"active_installs":156,"downloaded":157,"rating":158,"num_ratings":159,"last_updated":160,"tested_up_to":161,"requires_at_least":162,"requires_php":18,"tags":163,"homepage":168,"download_link":169,"security_score":136,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"lucky-orange","Lucky Orange","2.1.1","luckyorange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrickeys\u002F","\u003Cp>Less time crunching numbers, more time growing your business.\u003C\u002Fp>\n\u003Ch3>Understand your visitors. Improve your website. Increase your sales.\u003C\u002Fh3>\n\u003Cp>If your WordPress site is getting traffic but not conversions, Lucky Orange shows you why. With one-click install and a free plan to get started, you can uncover where visitors struggle, what’s stopping them from buying, and how to turn browsers into customers.\u003Cbr \u002F>\nFrom session recordings to heatmaps, live chat to Page Insights, Lucky Orange helps you optimize every part of your customer journey with clear, visual data.\u003C\u002Fp>\n\u003Ch3>Dynamic Heatmaps\u003C\u002Fh3>\n\u003Cp>Discover where people click, scroll, and hover—including dynamic content like popups, dropdowns, and forms. Works seamlessly with SPAs and AJAX-loaded pages.\u003C\u002Fp>\n\u003Ch3>Session Recordings\u003C\u002Fh3>\n\u003Cp>Replay real visitor sessions to see how people navigate your site, where they abandon, and what’s preventing conversions.\u003C\u002Fp>\n\u003Ch3>Conversion Funnels\u003C\u002Fh3>\n\u003Cp>Visualize each step of your funnel to find out which pages drive success—and where people are dropping off.\u003C\u002Fp>\n\u003Ch3>Visitor Profiles\u003C\u002Fh3>\n\u003Cp>See each visitor’s journey in a single view, including traffic source, cart value, and all sessions tied to that individual.\u003C\u002Fp>\n\u003Ch3>Live Chat\u003C\u002Fh3>\n\u003Cp>Engage visitors in real time based on behavior triggers. Answer questions and recover abandoned conversions before they’re lost.\u003C\u002Fp>\n\u003Ch3>Live View\u003C\u002Fh3>\n\u003Cp>See what your visitors are doing right now on your site—every movement, scroll, and click in real time.\u003C\u002Fp>\n\u003Ch3>Page Insights\u003C\u002Fh3>\n\u003Cp>Instantly surface key performance stats: top-clicked elements, frustration signals, engagement trends, and activity snapshots—all tied to specific pages.\u003C\u002Fp>\n\u003Ch3>Surveys\u003C\u002Fh3>\n\u003Cp>Ask the right questions at the right time—like what visitors are looking for, what’s missing, or why they didn’t convert.\u003C\u002Fp>\n\u003Ch3>Announcements\u003C\u002Fh3>\n\u003Cp>Target visitors with personalized messages, discount offers, or key updates based on device, behavior, or source.\u003C\u002Fp>\n\u003Ch3>Discovery\u003C\u002Fh3>\n\u003Cp>Uncover Optimization Opportunities based on specific parts of the customer journey. Know where to focus, and what changes can move the needle.\u003C\u002Fp>\n","Less time crunching numbers, more time growing your business.",2000,70312,86,24,"2025-04-14T15:38:00.000Z","6.8.0","2.0.3",[20,164,165,166,167],"conversion-rate-optimization","heatmaps","session-recordings","surveys","https:\u002F\u002Fwww.luckyorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flucky-orange.2.2.11.zip",{"slug":171,"name":172,"version":173,"author":174,"author_profile":175,"description":176,"short_description":177,"active_installs":178,"downloaded":179,"rating":102,"num_ratings":180,"last_updated":181,"tested_up_to":139,"requires_at_least":182,"requires_php":141,"tags":183,"homepage":187,"download_link":188,"security_score":136,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"seo-engine","SEO Engine","0.6.3","Jordy Meow","https:\u002F\u002Fprofiles.wordpress.org\u002Ftigroumeow\u002F","\u003Cp>\u003Cstrong>SEO Engine is the lightweight, intelligent SEO solution for WordPress.\u003C\u002Fstrong> Built from scratch for modern websites, it combines powerful AI with clean code to help you rank better without slowing down your site.\u003C\u002Fp>\n\u003Cp>Stop fighting bloated SEO plugins that promise everything while turning your WordPress into a slower experience! 😘\u003C\u002Fp>\n\u003Cp>SEO Engine focuses on what actually matters: \u003Cstrong>Content Quality\u003C\u002Fstrong> and \u003Cstrong>Technical Excellence\u003C\u002Fstrong>. It implements AI in its free version and provides full MCP support. Explore \u003Ca href=\"https:\u002F\u002Fmeowapps.com\u002Fseo-engine\" rel=\"nofollow ugc\">our official site\u003C\u002Fa> and check out \u003Ca href=\"https:\u002F\u002Fseo.thehiddendocs.com\u002F\" rel=\"nofollow ugc\">the docs\u003C\u002Fa> to get started.\u003C\u002Fp>\n\u003Ch3>Core Modules\u003C\u002Fh3>\n\u003Cp>🏝️ \u003Cstrong>Content SEO\u003C\u002Fstrong>\u003Cbr \u002F>\nAnalyze and optimize your content with AI-powered insights. Get real-time scores, actionable suggestions, and automated fixes—all from one clean dashboard.\u003C\u002Fp>\n\u003Cp>🛠️ \u003Cstrong>Technical SEO\u003C\u002Fstrong>\u003Cbr \u002F>\nAll the SEO basics, straight to the point. No endless settings for features you don’t need—just what actually matters.\u003C\u002Fp>\n\u003Cp>🧠 \u003Cstrong>Intelligence Features\u003C\u002Fstrong>\u003Cbr \u002F>\nFull MCP support means your entire site’s SEO data is queryable via ChatGPT or Claude. Ask anything, get insights, automate workflows. That’s all in the free version.\u003C\u002Fp>\n\u003Cp>🎯 \u003Cstrong>Analytics & Tracking\u003C\u002Fstrong>\u003Cbr \u002F>\nConnect to Google Analytics, Plausible Analytics, or use built-in privacy-friendly tracking. Monitor AI bot visits, Core Web Vitals, and performance, all in one place.\u003C\u002Fp>\n\u003Ch3>🏝️ Content SEO\u003C\u002Fh3>\n\u003Cp>Your content is your SEO foundation. SEO Engine helps you write better, rank higher, and engage readers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart Analysis:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AI-Powered Scoring\u003C\u002Fli>\n\u003Cli>Readability Checks\u003C\u002Fli>\n\u003Cli>Topic Completeness\u003C\u002Fli>\n\u003Cli>Structure Quality\u003C\u002Fli>\n\u003Cli>Originality & Personality\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Bulk Operations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Analyze hundreds of posts at once\u003C\u002Fli>\n\u003Cli>Filter by score, status, or post type\u003C\u002Fli>\n\u003Cli>Export reports for team collaboration\u003C\u002Fli>\n\u003Cli>Import from Yoast or RankMath seamlessly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Multi-Language:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works with Polylang and WPML\u003C\u002Fli>\n\u003Cli>Automatic language detection for AI suggestions\u003C\u002Fli>\n\u003Cli>Per-language SEO optimization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Magic Fix:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Generate optimized titles and meta descriptions\u003C\u002Fli>\n\u003Cli>Fix grammar and typos with HTML-aware context\u003C\u002Fli>\n\u003Cli>Add internal links with smart suggestions\u003C\u002Fli>\n\u003Cli>Optimize ALT text for images\u003C\u002Fli>\n\u003Cli>Improve readability and structure\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🛠️ Technical SEO\u003C\u002Fh3>\n\u003Cp>All the basics you need, without the bloat. Most SEO plugins bury essential features under endless settings. SEO Engine gets straight to the point—giving you settings only for what actually matters.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Smart Sitemaps\u003C\u002Fli>\n\u003Cli>Robots.txt Editor\u003C\u002Fli>\n\u003Cli>Canonical URLs\u003C\u002Fli>\n\u003Cli>Meta Tags\u003C\u002Fli>\n\u003Cli>Structured Data\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🧠 Intelligence Features\u003C\u002Fh3>\n\u003Cp>The entire SEO Engine has full MCP (Model Context Protocol) support, so everything can be queried via ChatGPT or Claude. Intelligence features are included in the Free version.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What You Can Do:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Get automated daily summaries\u003C\u002Fli>\n\u003Cli>Generate meta descriptions automatically\u003C\u002Fli>\n\u003Cli>Suggest relevant keywords\u003C\u002Fli>\n\u003Cli>Rewrite content for better readability\u003C\u002Fli>\n\u003Cli>Bulk-optimize your entire site\u003C\u002Fli>\n\u003Cli>Multi-language content generation\u003C\u002Fli>\n\u003Cli>Query your SEO data via ChatGPT or Claude using MCP\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Analytics & Tracking\u003C\u002Fh3>\n\u003Cp>Understand your traffic, monitor performance, all from your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Multiple Data Sources:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google Analytics: Connect directly via Google Cloud\u003C\u002Fli>\n\u003Cli>Plausible Analytics: Privacy-friendly alternative\u003C\u002Fli>\n\u003Cli>Private Analytics: Built-in tracking with full data ownership\u003C\u002Fli>\n\u003Cli>Switch between sources or… combine them!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What You Can Track:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Visits, unique visitors, bounce rates\u003C\u002Fli>\n\u003Cli>Top performing posts and pages\u003C\u002Fli>\n\u003Cli>Traffic by country and source\u003C\u002Fli>\n\u003Cli>Core Web Vitals from PageSpeed Insights\u003C\u002Fli>\n\u003Cli>Real-time performance monitoring\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>AI Bot Tracking:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>OpenAI (GPTBot, ChatGPT)\u003C\u002Fli>\n\u003Cli>Anthropic (Claude)\u003C\u002Fli>\n\u003Cli>Google (Gemini)\u003C\u002Fli>\n\u003Cli>Perplexity, Meta, Microsoft, and more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Magic Fix\u003C\u002Fli>\n\u003Cli>WooCommerce AI\u003C\u002Fli>\n\u003Cli>Search Engine Ranking\u003C\u002Fli>\n\u003Cli>Advanced Analytics\u003C\u002Fli>\n\u003Cli>Priority Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why SEO Engine?\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Performance First\u003C\u002Fstrong>\u003Cbr \u002F>\nBuilt from the ground up with modern code. No legacy bloat, no unnecessary features. Just clean, fast SEO, with a modern UI.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AI-Powered\u003C\u002Fstrong>\u003Cbr \u002F>\nSmart suggestions that actually help. Not “AI” slapped on as marketing, genuinely useful automation.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy-Friendly\u003C\u002Fstrong>\u003Cbr \u002F>\nChoose between Google Analytics, Plausible, or fully private tracking. You control your data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>\u003Cbr \u002F>\nClean APIs, WordPress hooks. Extend it your way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Constantly Evolving\u003C\u002Fstrong>\u003Cbr \u002F>\nWeekly updates based on real user feedback. We listen, we improve.\u003C\u002Fp>\n","Made it through the SEO plugin wasteland? You've earned a coffee ☺️ Quietly powerful AI SEO that actually works. No bloat, just results. Enjoy! 💕",1000,47494,41,"2026-03-10T02:31:00.000Z","6.0",[184,20,185,23,186],"ai","google","seo","https:\u002F\u002Fmeowapps.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseo-engine.0.6.3.zip",{"attackSurface":190,"codeSignals":301,"taintFlows":425,"riskAssessment":495,"analyzedAt":509},{"hooks":191,"ajaxHandlers":254,"restRoutes":289,"shortcodes":290,"cronEvents":291,"entryPointCount":300,"unprotectedCount":28},[192,198,202,205,209,213,216,221,225,229,232,234,237,241,245,250],{"type":193,"name":194,"callback":195,"file":196,"line":197},"action","init","register_post_types","gtmetrix-for-wordpress.php",31,{"type":193,"name":199,"callback":200,"file":196,"line":201},"admin_init","register_settings",32,{"type":193,"name":199,"callback":203,"priority":29,"file":196,"line":204},"system_check",33,{"type":193,"name":206,"callback":207,"file":196,"line":208},"admin_menu","add_menu_items",34,{"type":193,"name":210,"callback":211,"file":196,"line":212},"admin_print_styles","admin_styles",35,{"type":193,"name":214,"callback":214,"file":196,"line":215},"admin_notices",36,{"type":193,"name":217,"callback":218,"priority":219,"file":196,"line":220},"admin_bar_menu","add_to_toolbar",999,37,{"type":193,"name":222,"callback":223,"file":196,"line":224},"wp_dashboard_setup","add_dashboard_widget",38,{"type":193,"name":226,"callback":227,"file":196,"line":228},"gfw_hourly_event","scheduled_events",39,{"type":193,"name":230,"callback":227,"file":196,"line":231},"gfw_daily_event",40,{"type":193,"name":233,"callback":227,"file":196,"line":180},"gfw_weekly_event",{"type":193,"name":235,"callback":227,"file":196,"line":236},"gfw_monthly_event",42,{"type":193,"name":238,"callback":239,"file":196,"line":240},"widgets_init","gfw_widget_init",51,{"type":242,"name":243,"callback":244,"file":196,"line":137},"filter","cron_schedules","add_intervals",{"type":242,"name":246,"callback":247,"priority":248,"file":196,"line":249},"plugin_row_meta","plugin_links",10,53,{"type":242,"name":251,"callback":252,"file":196,"line":253},"wp_mail_content_type","anonymous",279,[255,260,265,269,273,277,281,285],{"action":256,"nopriv":257,"callback":258,"hasNonce":257,"hasCapCheck":257,"file":196,"line":259},"autocomplete",false,"autocomplete_callback",43,{"action":261,"nopriv":257,"callback":262,"hasNonce":263,"hasCapCheck":257,"file":196,"line":264},"save_report","save_report_callback",true,44,{"action":266,"nopriv":257,"callback":267,"hasNonce":263,"hasCapCheck":257,"file":196,"line":268},"delete_report","delete_report_callback",45,{"action":270,"nopriv":257,"callback":271,"hasNonce":263,"hasCapCheck":257,"file":196,"line":272},"delete_event","delete_event_callback",46,{"action":274,"nopriv":257,"callback":275,"hasNonce":263,"hasCapCheck":257,"file":196,"line":276},"pause_event","pause_event_callback",47,{"action":278,"nopriv":257,"callback":279,"hasNonce":257,"hasCapCheck":257,"file":196,"line":280},"expand_report","expand_report_callback",48,{"action":282,"nopriv":257,"callback":283,"hasNonce":257,"hasCapCheck":257,"file":196,"line":284},"report_graph","report_graph_callback",49,{"action":286,"nopriv":257,"callback":287,"hasNonce":263,"hasCapCheck":257,"file":196,"line":288},"reset","reset_callback",50,[],[],[292,294,296,298],{"hook":226,"callback":226,"file":196,"line":293},87,{"hook":230,"callback":230,"file":196,"line":295},88,{"hook":233,"callback":233,"file":196,"line":297},89,{"hook":235,"callback":235,"file":196,"line":299},90,8,{"dangerousFunctions":302,"sqlUsage":313,"outputEscaping":315,"fileOperations":29,"externalRequests":103,"nonceChecks":423,"capabilityChecks":103,"bundledLibraries":424},[303,307,310],{"fn":304,"file":196,"line":305,"context":306},"unserialize",193,"foreach ( unserialize( $event_custom['gfw_notifications'][0] ) as $key => $value ) {",{"fn":308,"file":196,"line":253,"context":309},"create_function","add_filter( 'wp_mail_content_type', create_function( '', 'return \"text\u002Fhtml\";' ) );",{"fn":304,"file":196,"line":311,"context":312},1356,"$notifications = unserialize( $custom_fields['gfw_notifications'][0] );",{"prepared":74,"raw":29,"locations":314},[],{"escaped":316,"rawEcho":317,"locations":318},141,54,[319,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,387,389,390,392,394,396,398,400,402,404,406,408,410,412,414,416,417,419,421,422],{"file":196,"line":320,"context":321},315,"raw output",{"file":196,"line":323,"context":321},320,{"file":196,"line":325,"context":321},363,{"file":196,"line":327,"context":321},372,{"file":196,"line":329,"context":321},380,{"file":196,"line":331,"context":321},387,{"file":196,"line":333,"context":321},393,{"file":196,"line":335,"context":321},400,{"file":196,"line":337,"context":321},413,{"file":196,"line":339,"context":321},419,{"file":196,"line":341,"context":321},425,{"file":196,"line":343,"context":321},431,{"file":196,"line":345,"context":321},437,{"file":196,"line":347,"context":321},829,{"file":196,"line":349,"context":321},849,{"file":196,"line":351,"context":321},882,{"file":196,"line":353,"context":321},897,{"file":196,"line":355,"context":321},913,{"file":196,"line":357,"context":321},918,{"file":196,"line":359,"context":321},924,{"file":196,"line":361,"context":321},934,{"file":196,"line":363,"context":321},1098,{"file":196,"line":365,"context":321},1149,{"file":196,"line":367,"context":321},1180,{"file":196,"line":369,"context":321},1234,{"file":196,"line":371,"context":321},1239,{"file":196,"line":373,"context":321},1245,{"file":196,"line":375,"context":321},1256,{"file":196,"line":377,"context":321},1262,{"file":196,"line":379,"context":321},1283,{"file":196,"line":381,"context":321},1297,{"file":196,"line":383,"context":321},1348,{"file":196,"line":385,"context":321},1384,{"file":196,"line":385,"context":321},{"file":196,"line":388,"context":321},1386,{"file":196,"line":388,"context":321},{"file":196,"line":391,"context":321},1395,{"file":196,"line":393,"context":321},1399,{"file":196,"line":395,"context":321},1402,{"file":196,"line":397,"context":321},1406,{"file":196,"line":399,"context":321},1409,{"file":196,"line":401,"context":321},1413,{"file":196,"line":403,"context":321},1416,{"file":196,"line":405,"context":321},1420,{"file":196,"line":407,"context":321},1423,{"file":196,"line":409,"context":321},1445,{"file":196,"line":411,"context":321},1510,{"file":196,"line":413,"context":321},1586,{"file":415,"line":259,"context":321},"widget.php",{"file":415,"line":268,"context":321},{"file":415,"line":418,"context":321},66,{"file":415,"line":420,"context":321},79,{"file":415,"line":420,"context":321},{"file":415,"line":420,"context":321},5,[],[426,457,467,479],{"entryPoint":427,"graph":428,"unsanitizedCount":456,"severity":40},"expand_report_callback (gtmetrix-for-wordpress.php:938)",{"nodes":429,"edges":452},[430,435,441,445,447,449],{"id":431,"type":432,"label":433,"file":196,"line":434},"n0","source","$_POST",940,{"id":436,"type":437,"label":438,"file":196,"line":439,"wp_function":440},"n1","sink","echo() [XSS]",987,"echo",{"id":442,"type":432,"label":443,"file":196,"line":444},"n2","$_POST['id'] (x3)",1020,{"id":446,"type":437,"label":438,"file":196,"line":444,"wp_function":440},"n3",{"id":448,"type":432,"label":433,"file":196,"line":434},"n4",{"id":450,"type":437,"label":438,"file":196,"line":451,"wp_function":440},"n5",1027,[453,454,455],{"from":431,"to":436,"sanitized":263},{"from":442,"to":446,"sanitized":257},{"from":448,"to":450,"sanitized":257},4,{"entryPoint":458,"graph":459,"unsanitizedCount":74,"severity":40},"test_meta_box (gtmetrix-for-wordpress.php:1270)",{"nodes":460,"edges":465},[461,464],{"id":431,"type":432,"label":462,"file":196,"line":463},"$_GET",1271,{"id":436,"type":437,"label":438,"file":196,"line":379,"wp_function":440},[466],{"from":431,"to":436,"sanitized":257},{"entryPoint":468,"graph":469,"unsanitizedCount":29,"severity":478},"schedule_meta_box (gtmetrix-for-wordpress.php:1319)",{"nodes":470,"edges":476},[471,474],{"id":431,"type":432,"label":472,"file":196,"line":473},"$_GET (x2)",1321,{"id":436,"type":437,"label":438,"file":196,"line":475,"wp_function":440},1333,[477],{"from":431,"to":436,"sanitized":263},"low",{"entryPoint":480,"graph":481,"unsanitizedCount":29,"severity":478},"\u003Cgtmetrix-for-wordpress> (gtmetrix-for-wordpress.php:0)",{"nodes":482,"edges":491},[483,485,486,487,488,490],{"id":431,"type":432,"label":484,"file":196,"line":434},"$_POST (x2)",{"id":436,"type":437,"label":438,"file":196,"line":439,"wp_function":440},{"id":442,"type":432,"label":443,"file":196,"line":444},{"id":446,"type":437,"label":438,"file":196,"line":444,"wp_function":440},{"id":448,"type":432,"label":489,"file":196,"line":463},"$_GET (x3)",{"id":450,"type":437,"label":438,"file":196,"line":379,"wp_function":440},[492,493,494],{"from":431,"to":436,"sanitized":263},{"from":442,"to":446,"sanitized":263},{"from":448,"to":450,"sanitized":263},{"summary":496,"deductions":497},"The gtmetrix-for-wordpress plugin version 0.4.8 presents a mixed security posture. On the positive side, it demonstrates good practices such as using prepared statements for all SQL queries and a reasonable percentage of properly escaped outputs. The absence of critical or high severity vulnerabilities in its history, and no currently unpatched CVEs, are also encouraging signs. However, several areas raise significant concerns. The presence of 3 AJAX handlers without authentication checks creates a direct attack vector, allowing unauthorized users to potentially trigger plugin functionalities. Furthermore, the use of dangerous functions like `unserialize` and `create_function` indicates potential vulnerabilities if inputs are not meticulously sanitized, as hinted by the taint analysis showing flows with unsanitized paths. While the historical medium severity vulnerabilities (CSRF and XSS) are patched, their recurrence pattern suggests that the plugin might have underlying architectural weaknesses that need constant vigilance and patching.",[498,501,503,505,507],{"reason":499,"points":500},"3 AJAX handlers without auth checks",15,{"reason":502,"points":248},"2 flows with unsanitized paths",{"reason":504,"points":300},"Dangerous functions: unserialize, create_function",{"reason":506,"points":423},"72% output properly escaped (below 90%)",{"reason":508,"points":103},"2 external HTTP requests","2026-03-16T17:54:10.500Z",{"wat":511,"direct":526},{"assetPaths":512,"generatorPatterns":518,"scriptPaths":519,"versionParams":520},[513,514,515,516,517],"\u002Fwp-content\u002Fplugins\u002Fgtmetrix-for-wordpress\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fgtmetrix-for-wordpress\u002Fcss\u002Fdashboard.css","\u002Fwp-content\u002Fplugins\u002Fgtmetrix-for-wordpress\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fgtmetrix-for-wordpress\u002Fjs\u002Fdashboard.js","\u002Fwp-content\u002Fplugins\u002Fgtmetrix-for-wordpress\u002Fjs\u002Fgtmetrix.js",[],[515,516,517],[521,522,523,524,525],"gtmetrix-for-wordpress\u002Fcss\u002Fadmin.css?ver=","gtmetrix-for-wordpress\u002Fcss\u002Fdashboard.css?ver=","gtmetrix-for-wordpress\u002Fjs\u002Fadmin.js?ver=","gtmetrix-for-wordpress\u002Fjs\u002Fdashboard.js?ver=","gtmetrix-for-wordpress\u002Fjs\u002Fgtmetrix.js?ver=",{"cssClasses":527,"htmlComments":531,"htmlAttributes":533,"restEndpoints":536,"jsGlobals":539,"shortcodeOutput":553},[528,529,530],"gfw-widget-title","gtmetrix-report-link","gtmetrix-report-details",[5,532],"Plugin Name: GTmetrix for WordPress",[534,535],"data-gfw-url","data-gfw-api-key",[537,538],"\u002Fwp-json\u002Fgtmetrix\u002Fv1\u002Ftest","\u002Fwp-json\u002Fgtmetrix\u002Fv1\u002Freports",[540,541,542,543,544,545,546,547,548,549,550,551,552],"gfw_ajax_object","GFW_WP_VERSION","GFW_VERSION","GFW_USER_AGENT","GFW_TIMEZONE","GFW_AUTHORIZED","GFW_URL","GFW_TESTS","GFW_SETTINGS","GFW_SCHEDULE","GFW_TRIES","GFW_FRONT","GFW_GA_CAMPAIGN",[554,555],"[gtmetrix_report]","[gtmetrix_score]"]