[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8gjrO2Ol9hK5PbZfUF69TyJ5IEPvo1EQPMwJT6eYnFY":3,"$f7nUULzk8SK6HgBy24YC88SmmZrxNXZYrF79wBNRg-VE":310,"$fmXGSC5kohwXmdcO-zObhqg_RyimqgsmonNDZfmoKyqQ":313},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":143,"fingerprints":292},"heat-map-graph","Heat Map Graph","1.0.0","Hayan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhmamoun\u002F","\u003Cp>Heat Map Graph lets administrators build data heat maps backed by SQL SELECT queries on WordPress tables. Configure:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Query: a single SELECT statement targeting WP tables\u003C\u002Fli>\n\u003Cli>Field mapping: row, column, and value fields produced by the query\u003C\u002Fli>\n\u003Cli>Color range: hex colors for min and max\u003C\u002Fli>\n\u003Cli>Status: enable\u002Fdisable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the shortcode on pages\u002Fposts:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[heat_map_graph id=\"123\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Security features:\u003Cbr \u002F>\n– Validates SQL is a single SELECT against WP tables only\u003Cbr \u002F>\n– Blocks DML\u002FDDL keywords\u003Cbr \u002F>\n– No multiple statements\u003Cbr \u002F>\n– Admin-only UI with nonces and strict sanitization\u003C\u002Fp>\n\u003Cp>On activation, two sample heat maps are created:\u003Cbr \u002F>\n– Posts per Day per Category (Last 30 Days)\u003Cbr \u002F>\n– Number of Post Tags per Category\u003C\u002Fp>\n","Create and display heat maps from custom SQL queries. Define row, column, and value fields, select color ranges, and render via shortcode.",10,252,0,"2025-08-23T16:12:00.000Z","6.8.5","6.0","",[19,20,21,22,23],"analytics","charts","heatmap","shortcode","sql","https:\u002F\u002Fhayan.mamouns.xyz\u002Fheat-map-graph-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheat-map-graph.1.0.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"hmamoun",3,30,94,"2026-05-19T21:40:20.130Z",[38,60,82,101,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":35,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"aurora-heatmap","Aurora Heatmap","1.7.1","r3098","https:\u002F\u002Fprofiles.wordpress.org\u002Fr3098\u002F","\u003Cp>Goddess Aurora is said to give light to the user world.\u003Cbr \u002F>\nThe name “Aurora Heatmap” visualizes user behavior with a beautiful heatmap.\u003Cbr \u002F>\nBringing light to the activation and optimization of your website.\u003C\u002Fp>\n\u003Ch4>The most important thing in site management.\u003C\u002Fh4>\n\u003Cp>That is, \u003Cem>Is the user satisfied?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Where do users see and move through the content?\u003C\u002Fli>\n\u003Cli>Whether the user is not confused?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Aurora Heatmap is the \u003Cstrong>strongest tool\u003C\u002Fstrong> for visualizing it.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Are you guiding users well?\u003C\u002Fli>\n\u003Cli>Conversion rate\u003C\u002Fli>\n\u003Cli>Are you missing out on prospects and readers?\u003C\u002Fli>\n\u003Cli>How is it evaluated by Google?\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You will be able to see the points of improvement.\u003C\u002Fp>\n\u003Ch4>Plugin features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>\u003Cem>No Coding\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>\u003Cem>No Setting\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You just install and activate the plugin.\u003Cbr \u002F>\nNo troublesome user registration or setup is required.\u003Cbr \u002F>\nIt works as default in most WordPress environments.\u003Cbr \u002F>\nAnd Aurora Heatmap is \u003Cstrong>complete with just plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The free version can check the click heat map of PC and mobile, and can be used on any number of sites.\u003Cbr \u002F>\nEven if it is free, there is no limit due to the number of PV and analysis pages.\u003C\u002Fp>\n\u003Ch4>Special notes\u003C\u002Fh4>\n\u003Cp>If it does not work well when used with a cache plugin, turn off JavaScript-related optimization, or exclude jQuery and Aurora Heatmap measurement script (reporter.js) from optimization.\u003Cbr \u002F>\nFor more details, please refer to \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap#oc-1\" rel=\"nofollow ugc\">official site description page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Aurora Heatmap can be used with the following cache plugins.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP Rocket\u003C\u002Fli>\n\u003Cli>W3 Total Cache\u003C\u002Fli>\n\u003Cli>WP Super Cache\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage and support\u003C\u002Fh4>\n\u003Cp>More detailed usage and FAQs are provided on the \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap\" rel=\"nofollow ugc\">Aurora Heatmap official site\u003C\u002Fa>.\u003Cbr \u002F>\nIf you can’t find the answer to your question in those documents, use the WordPress.org \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Faurora-heatmap\u002F\" rel=\"ugc\">support forum\u003C\u002Fa>.\u003Cbr \u002F>\nThe premium version has priority email support.\u003C\u002Fp>\n\u003Ch4>About privacy\u003C\u002Fh4>\n\u003Cp>This plugin \u003Cstrong>does not\u003C\u002Fstrong> perform the following operations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User tracking\u003C\u002Fli>\n\u003Cli>Send recorded data to external server\u003C\u002Fli>\n\u003Cli>Use of cookies\u003C\u002Fli>\n\u003Cli>Record of personally identifiable data including IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Aurora Heatmap Free version 90 seconds demo\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3W17Gg_vbHg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Beautiful like an aurora! A simple WordPress heatmap that can be completed with just a plugin.",20000,358155,7,"2025-04-14T09:25:00.000Z","6.8.0","4.9","7.0",[19,54,55,21,56],"analyze","click","japanese","https:\u002F\u002Fmarket.seous.info\u002Faurora-heatmap","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faurora-heatmap.1.7.1.zip",92,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":79,"download_link":80,"security_score":81,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mouseflow-for-wordpress","Mouseflow for WordPress","5.1.3","mouseflow","https:\u002F\u002Fprofiles.wordpress.org\u002Fmouseflow\u002F","\u003Cp>With Mouseflow for WordPress you can access everything Mouseflow has to offer – directly from your WordPress dashboard! Learn more about your visitors by analyzing heatmaps and recordings of user sessions, including mouse movements, clicks, scroll events and more. The plugin makes it quick and easy to install Mouseflow on your WordPress-site.\u003C\u002Fp>\n","Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess &hellip;",7000,89360,76,6,"2023-09-26T07:43:00.000Z","6.3.8","4.5.0",[19,76,64,77,78],"heatmaps","user-behaviour","ux","https:\u002F\u002Fmouseflow.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmouseflow-for-wordpress.zip",85,{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":26,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":98,"download_link":99,"security_score":81,"vuln_count":92,"unpatched_count":13,"last_vuln_date":100,"fetched_at":28},"userheat","UserHeat Plugin","1.1.11","hayata","https:\u002F\u002Fprofiles.wordpress.org\u002Fhayata\u002F","\u003Cp>UserHeat is free heatmap analytics plugin to visualize user behavior\u003Cbr \u002F>\nboth PC and smartphone.\u003Cbr \u002F>\nIt takes just one step and 30 seconds to start analysis.\u003C\u002Fp>\n\u003Cp>The key features of the plugin are:\u003C\u002Fp>\n\u003Cp>・3 Heatmap(gaze,click,mouse track) reveals see exactly where your\u003Cbr \u002F>\nvisitors click on the page, see how much attention a specific area\u003Cbr \u002F>\ngets by thermography\u003C\u002Fp>\n\u003Cp>・Optimize forms usability to improve submission rates.\u003C\u002Fp>\n\u003Cp>・It is available not only for PC but also smartphones and tablet devices.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fen.userheat.com\" rel=\"nofollow ugc\">userheat\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Free heatmaps plugin for web analytics, on both PC and smartphone.",6000,35705,1,"2024-04-01T07:58:00.000Z","5.6.17","4.2","5.4",[19,54,55,21,56],"http:\u002F\u002Fuserheat.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserheat.1.1.11.zip","2023-11-07 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":50,"requires_at_least":114,"requires_php":17,"tags":115,"homepage":119,"download_link":120,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"lucky-orange","Lucky Orange","2.1.1","luckyorange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrickeys\u002F","\u003Cp>Less time crunching numbers, more time growing your business.\u003C\u002Fp>\n\u003Ch3>Understand your visitors. Improve your website. Increase your sales.\u003C\u002Fh3>\n\u003Cp>If your WordPress site is getting traffic but not conversions, Lucky Orange shows you why. With one-click install and a free plan to get started, you can uncover where visitors struggle, what’s stopping them from buying, and how to turn browsers into customers.\u003Cbr \u002F>\nFrom session recordings to heatmaps, live chat to Page Insights, Lucky Orange helps you optimize every part of your customer journey with clear, visual data.\u003C\u002Fp>\n\u003Ch3>Dynamic Heatmaps\u003C\u002Fh3>\n\u003Cp>Discover where people click, scroll, and hover—including dynamic content like popups, dropdowns, and forms. Works seamlessly with SPAs and AJAX-loaded pages.\u003C\u002Fp>\n\u003Ch3>Session Recordings\u003C\u002Fh3>\n\u003Cp>Replay real visitor sessions to see how people navigate your site, where they abandon, and what’s preventing conversions.\u003C\u002Fp>\n\u003Ch3>Conversion Funnels\u003C\u002Fh3>\n\u003Cp>Visualize each step of your funnel to find out which pages drive success—and where people are dropping off.\u003C\u002Fp>\n\u003Ch3>Visitor Profiles\u003C\u002Fh3>\n\u003Cp>See each visitor’s journey in a single view, including traffic source, cart value, and all sessions tied to that individual.\u003C\u002Fp>\n\u003Ch3>Live Chat\u003C\u002Fh3>\n\u003Cp>Engage visitors in real time based on behavior triggers. Answer questions and recover abandoned conversions before they’re lost.\u003C\u002Fp>\n\u003Ch3>Live View\u003C\u002Fh3>\n\u003Cp>See what your visitors are doing right now on your site—every movement, scroll, and click in real time.\u003C\u002Fp>\n\u003Ch3>Page Insights\u003C\u002Fh3>\n\u003Cp>Instantly surface key performance stats: top-clicked elements, frustration signals, engagement trends, and activity snapshots—all tied to specific pages.\u003C\u002Fp>\n\u003Ch3>Surveys\u003C\u002Fh3>\n\u003Cp>Ask the right questions at the right time—like what visitors are looking for, what’s missing, or why they didn’t convert.\u003C\u002Fp>\n\u003Ch3>Announcements\u003C\u002Fh3>\n\u003Cp>Target visitors with personalized messages, discount offers, or key updates based on device, behavior, or source.\u003C\u002Fp>\n\u003Ch3>Discovery\u003C\u002Fh3>\n\u003Cp>Uncover Optimization Opportunities based on specific parts of the customer journey. Know where to focus, and what changes can move the needle.\u003C\u002Fp>\n","Less time crunching numbers, more time growing your business.",2000,70614,86,24,"2025-04-14T15:38:00.000Z","2.0.3",[19,116,76,117,118],"conversion-rate-optimization","session-recordings","surveys","https:\u002F\u002Fwww.luckyorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flucky-orange.2.2.11.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":109,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":52,"tags":135,"homepage":139,"download_link":140,"security_score":141,"vuln_count":92,"unpatched_count":13,"last_vuln_date":142,"fetched_at":28},"qa-heatmap-analytics","QA Assistants – Driven by data","5.1.4.1","QuarkA","https:\u002F\u002Fprofiles.wordpress.org\u002Fquarka\u002F","\u003Cp>QA Assistants goes beyond analytics — it’s a companion that helps your data speak, with Assistants that reveal insights you can act on.\u003C\u002Fp>\n\u003Cp>Each Assistant offers a unique way to look at your site — from quick overviews to social trends and growth insights.\u003Cbr \u002F>\nYou can still explore familiar tools like heatmaps, session replays, and reports — and Assistants will gradually bring more context to them.\u003C\u002Fp>\n\u003Cp>No complex setup or technical skills needed.\u003Cbr \u002F>\nQA Assistants makes discovering your site’s stories simple, visual, and a little fun too.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch3>Assistants — your data-driven companions to explore your site\u003C\u002Fh3>\n\u003Cp>Each Assistant offers a unique way to understand your site.\u003Cbr \u002F>\nFrom traffic overviews to social engagement or content insights, they highlight what truly matters — in plain words you can grasp.\u003Cbr \u002F>\nMore Assistants will keep joining, each bringing a new perspective to your data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New:\u003C\u002Fstrong> The built-in \u003Cstrong>Page Analysis Assistant\u003C\u002Fstrong> lets you view pageviews, key metrics, and device-specific heatmaps directly from the page you’re browsing — a lightweight, chatbot-style helper for logged-in admins.\u003C\u002Fp>\n\u003Ch3>Heatmaps & Session Replays — see how visitors behave\u003C\u002Fh3>\n\u003Cp>Visualize how people interact with your site: where they click, scroll, and pause.\u003Cbr \u002F>\nSession Replays let you follow their real journeys, helping you discover friction points and hidden opportunities.\u003C\u002Fp>\n\u003Ch3>Reports & Trends — your site at a glance\u003C\u002Fh3>\n\u003Cp>Access clear, intuitive charts and summaries that show what’s working and where to improve.\u003Cbr \u002F>\nSwitch to \u003Cstrong>Advanced Mode\u003C\u002Fstrong> to unlock detailed metrics and comparison tools.\u003C\u002Fp>\n\u003Ch3>Cookie-less Tracking — privacy made simple\u003C\u002Fh3>\n\u003Cp>Track user behavior responsibly.\u003Cbr \u002F>\nQA Assistants includes a cookie-less tracking mode, so you can comply with privacy rules without losing insight.\u003C\u002Fp>\n\u003Ch3>Built for WordPress — light, secure, and extendable\u003C\u002Fh3>\n\u003Cp>Designed to blend seamlessly with your dashboard.\u003Cbr \u002F>\nQA Assistants follows WordPress coding standards, loads only what’s needed, and supports modular extensions for future Assistants.\u003Cbr \u002F>\nAll of these features are completely free — just install and start exploring.\u003C\u002Fp>\n\u003Ch3>Important Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>QA Assistants collects data in real time, but analytical reports are processed overnight.\u003Cbr \u002F>\nYou can see live visit counts immediately, while detailed insights (used by Assistants) become available the following day.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Please do not compress or minify JavaScript used by QA Assistants or WordPress.\u003Cbr \u002F>\nSome optimization plugins may interfere with tracking; exclude QA Assistants–related scripts if needed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Make sure your PHP memory limit is sufficient for data processing.\u003Cbr \u002F>\nIf your server uses a very low limit (for example, 256 MB or less), some processes may fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For detailed technical guidance or troubleshooting steps,\u003Cbr \u002F>\nplease see the \u003Ca href=\"https:\u002F\u002Fdocs.quarka.org\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Let your data speak — assistants with different perspectives help you understand your site, alongside heatmaps and replays.",52021,90,8,"2026-03-26T03:51:00.000Z","6.9.4","5.9",[19,136,21,137,138],"assistants","insights","privacy-friendly","https:\u002F\u002Fquarka.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqa-heatmap-analytics.5.1.4.1.zip",99,"2024-10-09 00:00:00",{"attackSurface":144,"codeSignals":168,"taintFlows":178,"riskAssessment":286,"analyzedAt":291},{"hooks":145,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":167,"entryPointCount":92,"unprotectedCount":13},[146,152,156],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","admin_menu","register_admin_menu","heat-map-graph.php",31,{"type":147,"name":153,"callback":154,"file":150,"line":155},"admin_init","handle_admin_actions",32,{"type":147,"name":157,"callback":158,"file":150,"line":159},"admin_enqueue_scripts","enqueue_admin_assets",33,[],[],[163],{"tag":164,"callback":165,"file":150,"line":166},"heat_map_graph","shortcode_handler",34,[],{"dangerousFunctions":169,"sqlUsage":170,"outputEscaping":173,"fileOperations":13,"externalRequests":13,"nonceChecks":33,"capabilityChecks":176,"bundledLibraries":177},[],{"prepared":171,"raw":13,"locations":172},16,[],{"escaped":174,"rawEcho":13,"locations":175},60,[],2,[],[179,198,218],{"entryPoint":180,"graph":181,"unsanitizedCount":13,"severity":197},"render_admin_page (heat-map-graph.php:419)",{"nodes":182,"edges":194},[183,188],{"id":184,"type":185,"label":186,"file":150,"line":187},"n0","source","$_GET",424,{"id":189,"type":190,"label":191,"file":150,"line":192,"wp_function":193},"n1","sink","get_row() [SQLi]",429,"get_row",[195],{"from":184,"to":189,"sanitized":196},true,"low",{"entryPoint":199,"graph":200,"unsanitizedCount":176,"severity":217},"save_heatmap_from_post (heat-map-graph.php:228)",{"nodes":201,"edges":213},[202,205,208],{"id":184,"type":185,"label":203,"file":150,"line":204},"$_POST (x2)",258,{"id":189,"type":206,"label":207,"file":150,"line":204},"transform","→ validate_sql_query()",{"id":209,"type":190,"label":210,"file":150,"line":211,"wp_function":212},"n2","prepare() [SQLi]",385,"prepare",[214,216],{"from":184,"to":189,"sanitized":215},false,{"from":189,"to":209,"sanitized":215},"high",{"entryPoint":219,"graph":220,"unsanitizedCount":285,"severity":217},"\u003Cheat-map-graph> (heat-map-graph.php:0)",{"nodes":221,"edges":274},[222,224,225,226,230,234,239,241,243,246,251,253,258,261,263,265,268,271],{"id":184,"type":185,"label":203,"file":150,"line":223},237,{"id":189,"type":190,"label":191,"file":150,"line":211,"wp_function":193},{"id":209,"type":185,"label":203,"file":150,"line":223},{"id":227,"type":190,"label":228,"file":150,"line":211,"wp_function":229},"n3","prepare (format string)() [SQLi]","prepare (format string)",{"id":231,"type":185,"label":232,"file":150,"line":233},"n4","$_POST",238,{"id":235,"type":190,"label":236,"file":150,"line":237,"wp_function":238},"n5","query() [SQLi]",404,"query",{"id":240,"type":185,"label":186,"file":150,"line":187},"n6",{"id":242,"type":190,"label":191,"file":150,"line":192,"wp_function":193},"n7",{"id":244,"type":185,"label":232,"file":150,"line":245},"n8",301,{"id":247,"type":190,"label":248,"file":150,"line":249,"wp_function":250},"n9","get_results() [SQLi]",600,"get_results",{"id":252,"type":185,"label":203,"file":150,"line":245},"n10",{"id":254,"type":190,"label":255,"file":150,"line":256,"wp_function":257},"n11","echo() [XSS]",669,"echo",{"id":259,"type":185,"label":260,"file":150,"line":204},"n12","$_POST (x4)",{"id":262,"type":206,"label":207,"file":150,"line":204},"n13",{"id":264,"type":190,"label":210,"file":150,"line":211,"wp_function":212},"n14",{"id":266,"type":185,"label":232,"file":150,"line":267},"n15",574,{"id":269,"type":206,"label":270,"file":150,"line":267},"n16","→ render_heatmap_html()",{"id":272,"type":190,"label":255,"file":150,"line":273,"wp_function":257},"n17",672,[275,276,277,278,279,280,281,282,283,284],{"from":184,"to":189,"sanitized":196},{"from":209,"to":227,"sanitized":196},{"from":231,"to":235,"sanitized":196},{"from":240,"to":242,"sanitized":196},{"from":244,"to":247,"sanitized":196},{"from":252,"to":254,"sanitized":196},{"from":259,"to":262,"sanitized":215},{"from":262,"to":264,"sanitized":215},{"from":266,"to":269,"sanitized":215},{"from":269,"to":272,"sanitized":215},5,{"summary":287,"deductions":288},"The \"heat-map-graph\" v1.0.0 plugin exhibits a generally good security posture, with strong adherence to secure coding practices. The absence of dangerous functions, 100% use of prepared statements for SQL queries, and complete output escaping are commendable.  Furthermore, the plugin demonstrates a low attack surface with no AJAX handlers or REST API routes directly exposed without proper checks. The presence of nonce and capability checks further strengthens its security. However, the taint analysis reveals two flows with unsanitized paths, which, while not classified as critical or high severity in the provided data, represent a potential area of concern that warrants further investigation.  The plugin's complete lack of recorded vulnerabilities in its history is a significant positive indicator, suggesting a well-developed and maintained codebase. Overall, while the plugin has a strong foundation, the identified unsanitized paths are the primary weakness that could be exploited if not addressed.  The absence of past vulnerabilities is encouraging, but the taint analysis highlights a need for vigilance.",[289],{"reason":290,"points":11},"Flows with unsanitized paths found","2026-04-16T12:03:53.525Z",{"wat":293,"direct":300},{"assetPaths":294,"generatorPatterns":296,"scriptPaths":297,"versionParams":298},[295],"\u002Fwp-content\u002Fplugins\u002Fheat-map-graph\u002Fassets\u002Fcss\u002Fheatmap.css",[],[],[299],"heat-map-graph\u002Fassets\u002Fcss\u002Fheatmap.css?ver=1.0.0",{"cssClasses":301,"htmlComments":303,"htmlAttributes":304,"restEndpoints":306,"jsGlobals":307,"shortcodeOutput":309},[302],"exaig-color-field",[],[305],"data-default-color",[],[308],"jQuery",[],{"error":196,"url":311,"statusCode":237,"statusMessage":312,"message":312},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fheat-map-graph\u002Fbundle","no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":92,"versions":314},[315],{"version":6,"download_url":25,"svn_tag_url":316,"released_at":27,"has_diff":215,"diff_files_changed":317,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":318,"is_current":196},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fheat-map-graph\u002Ftags\u002F1.0.0\u002F",[],[]]