[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fNrKDzjJ10wLd_o48fUiA-pdqFeD03tbsT_yExooYk_A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":127,"fingerprints":252},"heurilens-ux-analyzer","Heurilens UX Analyzer","1.0.5","heurilens","https:\u002F\u002Fprofiles.wordpress.org\u002Fheurilens\u002F","\u003Cp>\u003Cstrong>Heurilens UX Analyzer\u003C\u002Fstrong> brings AI-powered usability evaluation directly into your WordPress admin panel. Analyze any page or post in seconds, receive a clear \u003Cstrong>UX Score\u003C\u002Fstrong>, and get actionable recommendations based on established usability principles.\u003C\u002Fp>\n\u003Cp>Instead of guessing what might be wrong with your design, Heurilens highlights real usability issues and shows you where to improve — inside your existing workflow.\u003C\u002Fp>\n\u003Ch4>Why Use Heurilens?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Run instant UX audits without leaving WordPress\u003C\u002Fli>\n\u003Cli>Get a structured UX Score for each page\u003C\u002Fli>\n\u003Cli>Identify usability problems with precise location context\u003C\u002Fli>\n\u003Cli>Receive AI-generated improvement suggestions\u003C\u002Fli>\n\u003Cli>Fix issues based on prioritized recommendations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Designed for site owners, designers, and product teams who want faster UX feedback without manual reviews.\u003C\u002Fp>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Open any page or post in your WordPress admin\u003C\u002Fli>\n\u003Cli>Click “Analyze” to run a UX evaluation\u003C\u002Fli>\n\u003Cli>Review your UX Score and categorized findings\u003C\u002Fli>\n\u003Cli>Improve your page using the provided recommendations\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>No complex setup required.\u003C\u002Fp>\n\u003Ch4>14 UX Heuristics Analyzed\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Foundation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Heading Hierarchy\u003Cbr \u002F>\n– Contrast & Readability\u003Cbr \u002F>\n– Spacing Balance\u003Cbr \u002F>\n– Link Clarity\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Action\u003C\u002Fstrong>\u003Cbr \u002F>\n– CTA Presence\u003Cbr \u002F>\n– CTA Dominance\u003Cbr \u002F>\n– Form UX\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Trust\u003C\u002Fstrong>\u003Cbr \u002F>\n– Social Proof\u003Cbr \u002F>\n– Trust Signals\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Experience\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual\u002FText Balance\u003Cbr \u002F>\n– Cognitive Load\u003Cbr \u002F>\n– Alt Text Coverage\u003Cbr \u002F>\n– Mobile Hints\u003Cbr \u002F>\n– Perceived Performance\u003C\u002Fp>\n\u003Cp>Each issue is grouped and prioritized to help you focus on what matters most.\u003C\u002Fp>\n\u003Ch4>External Service Notice\u003C\u002Fh4>\n\u003Cp>This plugin connects to the \u003Ca href=\"https:\u002F\u002Fheurilens.com\" rel=\"nofollow ugc\">Heurilens\u003C\u002Fa> external service to perform AI-powered UX analysis.\u003Cbr \u002F>\nWhen you click “Analyze”, your page content is securely transmitted to Heurilens servers for processing. The analysis is performed remotely using AI models, and the results are returned to your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>This connection is required because advanced AI processing cannot be executed locally within the plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service URL: \u003Ca href=\"https:\u002F\u002Fheurilens.com\u002Fproduct\u002Fwp-plugin\" rel=\"nofollow ugc\">https:\u002F\u002Fheurilens.com\u002Fproduct\u002Fwp-plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fheurilens.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fheurilens.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A license key can be activated to connect your Heurilens account and enable enhanced service capabilities.\u003C\u002Fp>\n","AI-powered UX analysis for WordPress. Get actionable recommendations to improve user experience on your pages.",0,173,"2026-02-16T10:54:00.000Z","6.9.4","5.6","7.4",[18,19,20,21,22],"accessibility","analysis","usability","user-experience","ux","https:\u002F\u002Fheurilens.com\u002Fproduct\u002Fwp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheurilens-ux-analyzer.1.0.5.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,94,"2026-04-04T05:39:26.630Z",[35,55,73,92,110],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"button-it-up","Button It Up","1","parisvega","https:\u002F\u002Fprofiles.wordpress.org\u002Fparisvega\u002F","\u003Cp>Make clickable things look clickable. Button It Up changes the upload\u002Finsert button style to look like an actual button, making the button more findable for first-time WordPress users.\u003C\u002Fp>\n\u003Cp>Read more about the reasoning behind this simple UI change and the beneifits to the end user: http:\u002F\u002Fwww.parisvega.com\u002Fif-ya-wanna-click-it-ya-better-put-a-button-it\u002F\u003C\u002Fp>\n","Button It Up changes the upload\u002Finsert button style to look like an actual button.",10,3457,"2012-06-21T10:32:00.000Z","3.4.2","3.0","",[50,20,21,51,22],"ui","user-interface","http:\u002F\u002Fwww.parisvega.com\u002Fif-ya-wanna-click-it-ya-better-put-a-button-it\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbutton-it-up.1.2.zip",85,{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":25,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":48,"tags":69,"homepage":48,"download_link":72,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"gravity-forms-wcag-20-form-fields","WCAG 2.0 form fields for Gravity Forms","1.7.2","ovann86","https:\u002F\u002Fprofiles.wordpress.org\u002Fovann86\u002F","\u003Cblockquote>\n\u003Cp>This plugin is an add-on for the Gravity Forms plugin. If you don’t yet own a license for Gravity Forms – \u003Ca href=\"https:\u002F\u002Frocketgenius.pxf.io\u002FdbOK\" rel=\"nofollow ugc\">buy one now\u003C\u002Fa>! (affiliate link)\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>What does this plugin do?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Wraps radio, checkbox and list (repeater) fields in a fieldset.\u003C\u002Fli>\n\u003Cli>Improves form validation by displaying an on-page message that describes how many errors there were in the page. The message contains a list of the form fields with the errors, a description of the error and a link to the field.\u003C\u002Fli>\n\u003Cli>Adds aria-describedby attributes for date and website fields – providing clear instructions for screen reader users of what format is required for the field.\u003C\u002Fli>\n\u003Cli>Adds aria-describedby attributes for fields that have failed validation – providing clear instructions for screen reader users of what the field error is. Description used is the default validation message for the field, or if set, the validation message for the field.\u003C\u002Fli>\n\u003Cli>Disables the Gravity Forms configured tabindex – this stops users from being able to tab between fields and on-page links.\u003C\u002Fli>\n\u003Cli>Changes links in the form body, such as field descriptions or HTML fields, so they open in a new window. A title is added or appended to any existing title for screen reader users which reads ‘this link will open in a new window’.\u003C\u002Fli>\n\u003Cli>Improved file upload field – wrapped in field set, clearly identifies to screen reader users if any file size of file type restrictions have been set of the field.\u003C\u002Fli>\n\u003Cli>Improved field instructions – if a description has been provided for the field, the field is ‘described by’ the description, using the aria-describedby attribute\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>See a demo of this plugin at \u003Ca href=\"http:\u002F\u002Fdemo.itsupportguides.com\u002Fgravity-forms-wcag-20-form-fields\u002F\" title=\"demo website\" rel=\"nofollow ugc\">demo.itsupportguides.com\u002Fgravity-forms-wcag-20-form-fields\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>How to I use the plugin?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Simply install and activate the plugin – no configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Have a suggestion, comment or request?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please leave a detailed message on the support tab.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Let me know what you think\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please take the time to review the plugin. Your feedback shows the need for Gravity Forms to meet the WCAG 2.0 requirements natively, and will help me understand the value of this plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please note:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Accessibility is a complicated topic and sometimes there are different opinions on how to best achieve an accessible website. Accessible forms are even harder to achieve, with many different approaches. If you have a suggestion, comment or request please leave a detailed message on the support tab.\u003C\u002Fli>\n\u003Cli>This plugin does not cover other aspects of accessibility, such as content order, clear instructions, colour contrast etc.\u003C\u002Fli>\n\u003Cli>You will need to ensure that your websites theme is accessible. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Disclaimer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cem>Gravity Forms is a trademark of Rocketgenius, Inc.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cem>This plugins is provided “as is” without warranty of any kind, expressed or implied. The author shall not be liable for any damages, including but not limited to, direct, indirect, special, incidental or consequential damages or losses that occur out of the use or inability to use the plugin.\u003C\u002Fem>\u003C\u002Fp>\n","Modifies Gravity Forms form fields and improves validation so that forms meet WCAG 2.0 accessibility requirements.",5000,98347,11,"2019-04-24T01:14:00.000Z","5.1.22","5.0",[18,70,20,71],"gravity-forms","wcag","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgravity-forms-wcag-20-form-fields.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":48,"tags":88,"homepage":48,"download_link":91,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"tada","Tada: Instant Webpage Loading, Fast Website Browsing","1.2","binarymoon","https:\u002F\u002Fprofiles.wordpress.org\u002Fbinarymoon\u002F","\u003Cp>Make browsing your website a more pleasant experience.\u003C\u002Fp>\n\u003Cp>Uses the \u003Ca href=\"https:\u002F\u002Finstant.page\u002F\" rel=\"nofollow ugc\">Instant.Page\u003C\u002Fa> script to make browsing between pages on your website super fast.\u003C\u002Fp>\n\u003Cp>The Instant.Page script prefetches pages that are about to be clicked on so that they start loading whilst you are on the current page. By the time you click on the link a lot of the loading process has happened and so the page appears to load much more quickly.\u003C\u002Fp>\n\u003Cp>Increased website speed (even just the appearance of increased speed) improves user experience, and conversion rates, and stickiness, and all the good things that make users love you.\u003C\u002Fp>\n","Make your website load more quickly.",500,7814,80,6,"2024-01-30T10:28:00.000Z","6.5.0","4.0",[89,90,21,22],"optimization","speed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftada.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":11,"num_ratings":11,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":48,"tags":105,"homepage":108,"download_link":109,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"focusable","Focusable – Focus Ring On Any Element","2.0.0","Khizar Hasan","https:\u002F\u002Fprofiles.wordpress.org\u002Fzarhasan\u002F","\u003Cp>Focusable is a lightweight, plug-and-play WordPress plugin that displays a beautiful, customizable focus ring around interactive elements as users navigate with the keyboard. Many themes remove or hide the default focus outline, making it difficult for keyboard and assistive technology users to know where they are on the page. Focusable solves this problem in seconds—no coding required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Benefits:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Instantly improves accessibility and meets WCAG guidelines.\u003Cbr \u002F>\n– Helps users with disabilities, power users, and anyone who prefers keyboard navigation.\u003Cbr \u002F>\n– Works with any theme, even if the default focus outline is removed.\u003Cbr \u002F>\n– Customizable transition and appearance via plugin settings.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Adds a visible focus ring to all focusable elements (links, buttons, form fields, etc.)\u003C\u002Fli>\n\u003Cli>Keyboard navigation support out of the box\u003C\u002Fli>\n\u003Cli>Customizable ring style and transition\u003C\u002Fli>\n\u003Cli>Lightweight and fast—no bloat\u003C\u002Fli>\n\u003Cli>Compatible with all major browsers and themes\u003C\u002Fli>\n\u003Cli>Developer-friendly: extend or style as needed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Khizar Hasan. Inspired by the need for a more accessible web.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Make your website instantly more accessible! Focusable restores and enhances the visible focus ring for keyboard users, ensuring everyone can navigate &hellip;",40,1277,"2025-06-04T11:23:00.000Z","6.8.5","5.0.0",[18,106,107,20,71],"focus-outline","keyboard-navigation","https:\u002F\u002Fredoxbird.com\u002Fproducts\u002Ffocusable","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffocusable.2.0.0.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":31,"downloaded":118,"rating":11,"num_ratings":11,"last_updated":119,"tested_up_to":14,"requires_at_least":120,"requires_php":15,"tags":121,"homepage":125,"download_link":126,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"site-accessibility","SiteEase Accessibility Pro","1.1.4","iflairwebtechnologies","https:\u002F\u002Fprofiles.wordpress.org\u002Fiflairwebtechnologies\u002F","\u003Cp>\u003Cstrong>SiteEase Accessibility Pro\u003C\u002Fstrong> is a WordPress plugin that adds a set of front-end accessibility and usability tools, enabling visitors to customize how content appears on your website according to their individual needs.\u003C\u002Fp>\n\u003Cp>The plugin focuses on \u003Cstrong>visual accessibility and user comfort\u003C\u002Fstrong>, offering features such as font size adjustment, color customization, link highlighting, image and text magnifiers, and cursor enhancements. These tools help users with visual strain, low vision, or specific readability preferences interact with content more comfortably.\u003C\u002Fp>\n\u003Cp>All features can be enabled, disabled, and configured from a dedicated \u003Cstrong>admin settings page\u003C\u002Fstrong>, making the plugin easy to set up with no coding knowledge required.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This plugin provides accessibility enhancements but does not claim full WCAG compliance.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Font Size Adjustment\u003C\u002Fstrong>\u003Cbr \u002F>\nAllows users to increase or decrease text size for improved readability.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Text Color Customization\u003C\u002Fstrong>\u003Cbr \u002F>\nEnables users to change font colors to improve contrast and visibility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Underline Links\u003C\u002Fstrong>\u003Cbr \u002F>\nAdds underlines to links to make them easier to identify.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlight Links\u003C\u002Fstrong>\u003Cbr \u002F>\nVisually highlights clickable links to improve navigation clarity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Light Theme Mode\u003C\u002Fstrong>\u003Cbr \u002F>\nProvides a light display mode for better readability in various environments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Grayscale Images\u003C\u002Fstrong>\u003Cbr \u002F>\nDisplays images in grayscale to reduce visual distractions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Image Magnifier\u003C\u002Fstrong>\u003Cbr \u002F>\nAllows users to zoom in on images for improved visibility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Text Magnifier\u003C\u002Fstrong>\u003Cbr \u002F>\nEnables magnification of specific text areas for easier reading.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disability Mode\u003C\u002Fstrong>\u003Cbr \u002F>\nAdds visual emphasis to important elements such as headings and links.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cursor Zoom\u003C\u002Fstrong>\u003Cbr \u002F>\nIncreases cursor size to improve visibility and pointer accuracy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlight Headings\u003C\u002Fstrong>\u003Cbr \u002F>\nAdds borders around headings to help users quickly identify content sections.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Page Title Color Control\u003C\u002Fstrong>\u003Cbr \u002F>\nAllows customization of page title colors for improved contrast.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Reset Settings Button\u003C\u002Fstrong>\u003Cbr \u002F>\nAllows users to reset all accessibility settings to their default values at any time.\u003C\u002Fp>\n","SiteEase Accessibility Pro improves website readability and usability by allowing users to adjust font size, colors, and other visual settings.",1209,"2026-01-26T13:15:00.000Z","4.7",[18,122,123,20,124],"color-contrast","font-size","visual-aids","https:\u002F\u002Fwww.iflair.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-accessibility.1.1.4.zip",{"attackSurface":128,"codeSignals":171,"taintFlows":180,"riskAssessment":243,"analyzedAt":251},{"hooks":129,"ajaxHandlers":145,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":170,"unprotectedCount":170},[130,136,140],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_menu","add_menu","admin\\class-heurilens-admin.php",16,{"type":131,"name":137,"callback":138,"file":134,"line":139},"admin_enqueue_scripts","enqueue_scripts",17,{"type":131,"name":141,"callback":142,"file":143,"line":144},"plugins_loaded","heurilens_init","heurilens.php",38,[146,152,156,160,164],{"action":147,"nopriv":148,"callback":149,"hasNonce":148,"hasCapCheck":148,"file":150,"line":151},"heurilens_activate_license",false,"ajax_activate","includes\\class-heurilens-core.php",26,{"action":153,"nopriv":148,"callback":154,"hasNonce":148,"hasCapCheck":148,"file":150,"line":155},"heurilens_deactivate_license","ajax_deactivate",27,{"action":157,"nopriv":148,"callback":158,"hasNonce":148,"hasCapCheck":148,"file":150,"line":159},"heurilens_analyze_page","ajax_analyze",28,{"action":161,"nopriv":148,"callback":162,"hasNonce":148,"hasCapCheck":148,"file":150,"line":163},"heurilens_get_pages","ajax_get_pages",29,{"action":165,"nopriv":148,"callback":166,"hasNonce":148,"hasCapCheck":148,"file":150,"line":31},"heurilens_get_analysis","ajax_get_analysis",[],[],[],5,{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":30,"externalRequests":84,"nonceChecks":170,"capabilityChecks":178,"bundledLibraries":179},[],{"prepared":11,"raw":11,"locations":174},[],{"escaped":176,"rawEcho":11,"locations":177},22,[],4,[],[181,205,221,235],{"entryPoint":182,"graph":183,"unsanitizedCount":30,"severity":204},"ajax_analyze (includes\\class-heurilens-analyzer.php:18)",{"nodes":184,"edges":201},[185,191,195],{"id":186,"type":187,"label":188,"file":189,"line":190},"n0","source","$_POST","includes\\class-heurilens-analyzer.php",44,{"id":192,"type":193,"label":194,"file":189,"line":190},"n1","transform","→ get_rendered_content()",{"id":196,"type":197,"label":198,"file":189,"line":199,"wp_function":200},"n2","sink","wp_remote_get() [SSRF]",81,"wp_remote_get",[202,203],{"from":186,"to":192,"sanitized":148},{"from":192,"to":196,"sanitized":148},"medium",{"entryPoint":206,"graph":207,"unsanitizedCount":30,"severity":204},"\u003Cclass-heurilens-analyzer> (includes\\class-heurilens-analyzer.php:0)",{"nodes":208,"edges":216},[209,210,211,212,214],{"id":186,"type":187,"label":188,"file":189,"line":163},{"id":192,"type":197,"label":198,"file":189,"line":199,"wp_function":200},{"id":196,"type":187,"label":188,"file":189,"line":190},{"id":213,"type":193,"label":194,"file":189,"line":190},"n3",{"id":215,"type":197,"label":198,"file":189,"line":199,"wp_function":200},"n4",[217,219,220],{"from":186,"to":192,"sanitized":218},true,{"from":196,"to":213,"sanitized":148},{"from":213,"to":215,"sanitized":148},{"entryPoint":222,"graph":223,"unsanitizedCount":11,"severity":234},"ajax_activate (includes\\class-heurilens-license.php:41)",{"nodes":224,"edges":232},[225,228],{"id":186,"type":187,"label":188,"file":226,"line":227},"includes\\class-heurilens-license.php",52,{"id":192,"type":197,"label":229,"file":226,"line":230,"wp_function":231},"update_option() [Settings Manipulation]",71,"update_option",[233],{"from":186,"to":192,"sanitized":218},"low",{"entryPoint":236,"graph":237,"unsanitizedCount":11,"severity":234},"\u003Cclass-heurilens-license> (includes\\class-heurilens-license.php:0)",{"nodes":238,"edges":241},[239,240],{"id":186,"type":187,"label":188,"file":226,"line":227},{"id":192,"type":197,"label":229,"file":226,"line":230,"wp_function":231},[242],{"from":186,"to":192,"sanitized":218},{"summary":244,"deductions":245},"The heurilens-ux-analyzer plugin version 1.0.5 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in areas like SQL query handling, with 100% of queries using prepared statements, and proper output escaping for all outputs. It also has a clean vulnerability history with no known CVEs, suggesting a history of secure development or prompt patching.\n\nHowever, a significant concern lies within its attack surface. The plugin exposes 5 AJAX handlers, all of which lack authentication checks. This means any unauthenticated user could potentially trigger these actions, posing a considerable risk. While taint analysis did not reveal critical or high severity flows, the presence of 2 flows with unsanitized paths, even if low severity, warrants attention, especially when combined with unprotected entry points. The plugin also includes 5 nonce checks and 4 capability checks, which is a good start, but these are undermined by the fact that all AJAX handlers are missing these crucial security layers.\n\nIn conclusion, while the plugin's internal code quality regarding SQL and output is strong, the unprotected AJAX endpoints represent a serious weakness. The lack of authentication on these handlers is the most prominent security concern and a primary target for potential exploitation. The vulnerability history being clean is positive but doesn't negate the current risks posed by the code's structure.",[246,249],{"reason":247,"points":248},"5 AJAX handlers without auth checks",20,{"reason":250,"points":43},"2 flows with unsanitized paths","2026-03-17T06:53:57.378Z",{"wat":253,"direct":262},{"assetPaths":254,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[255,256],"\u002Fwp-content\u002Fplugins\u002Fheurilens-ux-analyzer\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fheurilens-ux-analyzer\u002Fadmin\u002Fjs\u002Fadmin.js",[],[256],[260,261],"heurilens-ux-analyzer\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","heurilens-ux-analyzer\u002Fadmin\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":263,"htmlComments":264,"htmlAttributes":265,"restEndpoints":267,"jsGlobals":269,"shortcodeOutput":270},[],[],[266],"data-heurilens-analyzer-target",[268],"\u002Fwp-json\u002Fheurilens\u002Fv1\u002Fanalyze",[7],[]]