[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f5SF7RjPpuMCe9thOvYx5na4tYqIlbgKENREwKlz9sOo":3,"$f3Vm-0OCCarAYe4RkjQjBPh-iX_BSwbLYSiIDzXmLjHY":207,"$fq1C4njURO0bBlxJdkOvTBtPTTCqjmnZ1rYxTmX4en1s":212},{"slug":4,"name":5,"version":6,"author":5,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":48,"crawl_stats":36,"alternatives":51,"analysis":128,"fingerprints":191},"hotjar","Hotjar","1.0.16","https:\u002F\u002Fprofiles.wordpress.org\u002Fhotjar\u002F","\u003Cp>Hotjar helps you to connect the dots between what your users do and why—so you can confidently create and optimize user experiences that convert. See what your users see, ask how they feel, and connect 1:1, all from one powerful and intuitive platform.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hotjar Observe:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Visualize user behavior\u003C\u002Fstrong> – Heatmaps visually represent where users click, move, and scroll on your site. With this context, you’ll be inspired with simple ways to improve your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Put yourself in their shoes\u003C\u002Fstrong> – Watch recordings of real user behavior on your site. See visitors’ clicks, mouse movements, u-turns, and rage clicks. Learn what frustrates users and resolve issues early.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Measure conversions and learn why users drop off\u003C\u002Fstrong> – Visualize your conversion flows with Funnels, and understand where your users are getting stuck by zooming into relevant recordings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Explore and understand your metrics\u003C\u002Fstrong> – Trends connects the dots between numbers and user behavior insights so you can visualize your most important metrics and find the recordings and heatmaps of the underlying user behavior with a single click.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hotjar Ask:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hear from your users\u003C\u002Fstrong> –  Surveys bring voice-of-customer to your decision-making. Gathering evidence for a landing page or feature? Use a targeted Survey to validate your ideas and better understand your users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Get feedback with context\u003C\u002Fstrong> – A real-time suggestion box on your site, Feedback lets users express frustration or delight about individual parts of your site, right down to the page, form, or image they’re looking at.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hotjar Engage:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Connect with users\u003C\u002Fstrong> – Automate the recruitment, scheduling, and hosting of moderated user interviews, and focus on what matters the most—connecting with users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hotjar Platform:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stay on top of your user metrics\u003C\u002Fstrong> – Use your Dashboard to get a high-level view of user data and spot issues before they become serious, identify trends, and find deeper insights.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrate Hotjar with the tools you love\u003C\u002Fstrong> – Connect Hotjar with thousands of popular apps, so you can automate your work and have more time for what matters most—no code required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin provides a simple installation of Hotjar on your WordPress site. \u003Ca href=\"https:\u002F\u002Finsights.hotjar.com\u002Fregister?utm_source=wordpress&utm_medium=plugin\" rel=\"nofollow ugc\">Sign-up for your free trial today\u003C\u002Fa>!\u003C\u002Fp>\n","The fast & visual way to understand your users.",70000,1087230,58,18,"2023-10-25T07:52:00.000Z","6.0.11","4.6","",[19,4,20,21,22],"heatmaps","insights","recordings","visual","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.16.zip",85,1,0,"2023-10-05 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":27,"updated_date":42,"references":43,"days_to_patch":45,"patch_diff_files":46,"patch_trac_url":36,"research_status":36,"research_verified":47,"research_rounds_completed":26,"research_plan":36,"research_summary":36,"research_vulnerable_code":36,"research_fix_diff":36,"research_exploit_outline":36,"research_model_used":36,"research_started_at":36,"research_completed_at":36,"research_error":36,"poc_status":36,"poc_video_id":36,"poc_summary":36,"poc_steps":36,"poc_tested_at":36,"poc_wp_version":36,"poc_php_version":36,"poc_playwright_script":36,"poc_exploit_code":36,"poc_has_trace":47,"poc_model_used":36,"poc_verification_depth":36},"CVE-2023-1259","hotjar-authenticated-administrator-stored-cross-site-scripting","Hotjar \u003C= 1.0.15 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.0.15","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9c640bcb-b6bf-4865-b713-32ca846e4ed9?source=api-prod",110,[],false,{"slug":4,"display_name":5,"profile_url":7,"plugin_count":25,"total_installs":10,"avg_security_score":24,"avg_patch_time_days":45,"trust_score":49,"computed_at":50},69,"2026-05-19T18:31:59.651Z",[52,68,81,96,114],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":26,"num_ratings":26,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":17,"tags":65,"homepage":17,"download_link":67,"security_score":24,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"advanced-hotjar","Advanced Hotjar","1.0.0","Jerome","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeromepaulos\u002F","\u003Cp>This plugin allows you to selectively load Hotjar in the header of your site. You can choose to prevent Hotjar from being loaded for admins, logged in users, and specific IP addresses.\u003C\u002Fp>\n\u003Cp>Want to contribute? Check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjxxe\u002Fadvanced-hotjar\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Load Hotjar and prevent it from tracking admins, logged-in users, and IP addresses.",40,1848,"2020-05-01T00:36:00.000Z","5.4.19","3.8",[66,19,4,20,21],"analytics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-hotjar.zip",{"slug":69,"name":70,"version":55,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":26,"downloaded":75,"rating":26,"num_ratings":26,"last_updated":76,"tested_up_to":77,"requires_at_least":16,"requires_php":17,"tags":78,"homepage":79,"download_link":80,"security_score":24,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"session-mirror","Session Mirror","oguzcabuk","https:\u002F\u002Fprofiles.wordpress.org\u002Foguzcabuk\u002F","\u003Cp>Session Mirror is the fast way to understand your users.\u003Cbr \u002F>\nThis plugin provides a simple installation of Session Mirror on your WordPress site.\u003C\u002Fp>\n","The fast way to understand your users. Use Session Mirror directly from your Wordpress dashboard. Easy installation and use.",895,"2021-01-05T16:00:00.000Z","5.6.0",[19,20,21,69,22],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsession-mirror","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsession-mirror.1.0.0.zip",{"slug":82,"name":83,"version":55,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":88,"num_ratings":25,"last_updated":90,"tested_up_to":91,"requires_at_least":16,"requires_php":92,"tags":93,"homepage":17,"download_link":94,"security_score":24,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":95},"livesession","LiveSession – Visitor Recording for WordPress","kdrazkiewicz","https:\u002F\u002Fprofiles.wordpress.org\u002Fkdrazkiewicz\u002F","\u003Cp>LiveSession is a session replay tool that will help you learn more about your users. You can watch how they interact with your website. The sessions can be filtered according to different variables, including location, devices, browsers, engagement score,and many more.\u003C\u002Fp>\n\u003Cp>LiveSession is a great solution for UX designers, marketing professionals, customer support teams, and everyone who works with websites.\u003C\u002Fp>\n\u003Cp>This plugin allows you to install LiveSession on your WordPress website.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FWCgDTljLTsQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Always-on session recordings\u003C\u002Fstrong> – The software records everything the visitor does on the website, including mouse movements, scrolls, and clicks. The sessions can be replayed, rewatched, and analyzed later. You can see exactly what your user sees, just like you’re sitting next to them.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Engagement score\u003C\u002Fstrong> – When you record a lot of sessions, it’s time-consuming to go through all of them one by one. Thanks to the engagement score, you can filter the most interesting recordings automatically.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom properties\u003C\u002Fstrong> – Would you like to identify the users you’re watching? It’s possible with custom properties. You can import data from other analytics tools and add more context to your sessions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inspect mode\u003C\u002Fstrong> – Track how users interact with particular elements of your website. Inspect mode allows you to find sessions that contain what you’re looking for.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rage clicks and error clicks\u003C\u002Fstrong> – Rage clicks detect JavaScript errors, while error clicks are recorded when the user clicks on something very fast and repeatedly. These two features will help you spot points of frustration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clickmaps\u003C\u002Fstrong> – Clickmap allows you to see what elements of your website were clicked and how many times in a retroactive fashion. You can view aggregated click values from multiple sessions for a given section during session playbacks. With engagement heatmaps, you see the most frequently interacted elements of your web page from all sessions. This in turn helps the user refine their websites and CTAs for better conversion rates and lead generation, boosting company growth and success through optimized user experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DevTools\u003C\u002Fstrong> – See all console logs in one view or by a severity level – info, warn and error. Debug your website or web application with ease and shorten the time needed to provide superb customer support.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Funnels (NEW)\u003C\u002Fstrong> – analyze your visitors’ paths and boost conversion rates by eliminating obstacles that prevent your customers from buying. Use LiveSession Funnels to add another dimension to your UX research.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use cases\u003C\u002Fh3>\n\u003Cp>LiveSession can be used by professionals from different fields:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>UX\u002FProduct\u003C\u002Fstrong>\u003Cbr \u002F>\nUse session recordings as a usability testing method. Research your design decisions, see what works and what can be improved.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Marketing\u003C\u002Fstrong>\u003Cbr \u002F>\nFilter sessions by UTM tags and track the effectiveness of your campaigns. See how visitors interact with the website and find new marketing opportunities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customer support\u003C\u002Fstrong>\u003Cbr \u002F>\nLiveSession can be integrated with the most popular help center tools (more details below). What’s more, you can assign support tiers to particular recordings. This will help you deliver the best service possible.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>UX\u002FProduct\u003C\u002Fstrong>\u003Cbr \u002F>\nUse session recordings as a usability testing method. Research your design\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Software development\u003C\u002Fstrong>\u003Cbr \u002F>\nThanks to in-depth qualitative analysis, as well as automatic rage clicks and error clicks detection, you’re able to debug your web application faster.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Wide range of integrations\u003C\u002Fh3>\n\u003Cp>LiveSession can be integrated with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>other analytics stacks\u003C\u002Fstrong>, such as Google Analytics, Google Tag Manager,and Segment\u003C\u002Fli>\n\u003Cli>\u003Cstrong>help center tools\u003C\u002Fstrong>, including Intercom, LiveChat, HelpScout, Drift, Crisp,and Olark\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-commerce software\u003C\u002Fstrong>, e.g. Shopify, BigCommerce,and Wix\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The full list of integrations is available \u003Ca href=\"https:\u002F\u002Flivesession.io\u002Fintegrations?utm_source=wordpress.org&utm_medium=integration&utm_campaign=WordpressIntegration\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Testimonials\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>We tried almost every recording tool out there. LiveSessions was the best in relation to price\u002Fquality. The recordings are perfect and the app is loading fast. The support is super fast & friendly!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cem>Gasper Vidovic, Databox\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>––––\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I believe that LiveSession is a must if you have a website, blog, online store, app. Seeing what users really do on your website, where they click, what they don’t click etc. will be the best what can happen to you that will help you design UI\u002FUX that converts better. We noticed 110% increase in sign-ups, over 40% increase in paid subscriptions for our service and we have reduced churn by 40%.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cem>Wojciech Jasnos, RocketLink\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>If you have any other questions, please get in touch via hello@livesession.io\u003C\u002Fp>\n","LiveSession is a session replay tool that will help you learn more about your users. You can watch how they interact with your website.",100,70145,"2021-07-19T13:08:00.000Z","5.7.15","5.6",[66,19,20,82,21],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flivesession.1.0.0.zip","2026-04-06T09:54:40.288Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":26,"num_ratings":26,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":112,"download_link":113,"security_score":24,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"session-rewind","Session Rewind","1.1.1","yairsr","https:\u002F\u002Fprofiles.wordpress.org\u002Fyairsr\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fsessionrewind.com\" rel=\"nofollow ugc\">Session Rewind\u003C\u002Fa> offers a simple and affordable way to understand your users’ behavior.\u003C\u002Fp>\n\u003Cp>We offer:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Session Playback\u003C\u002Fstrong>: Watch what happens when you really watch what happens. See exactly what your users saw. Save the most insightful sessions and share them with your teammates.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Notifications\u003C\u002Fstrong>: Get alerted whenever a user session meets pre-specified criteria, or as part of a daily rollup.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Heatmaps\u003C\u002Fstrong>: Quickly identify where your users are spending the most time and attention.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin makes installation of Session Rewind on your WordPress site a breeze.\u003C\u002Fp>\n\u003Cp>Please note that an active account and API key with Session Rewind is required to enable this plugin on your site.\u003C\u002Fp>\n","Optimize your web experience with video recordings of user behavior.",80,2349,"2024-01-12T20:00:00.000Z","6.4.8","2.7","5.2.4",[19,20,21,111],"session-recording","https:\u002F\u002Fsessionrewind.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsession-rewind.1.1.1.zip",{"slug":115,"name":116,"version":117,"author":116,"author_profile":118,"description":119,"short_description":120,"active_installs":26,"downloaded":121,"rating":26,"num_ratings":26,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":17,"tags":125,"homepage":126,"download_link":127,"security_score":88,"vuln_count":26,"unpatched_count":26,"last_vuln_date":36,"fetched_at":28},"allsource","Allsource","1.1.4","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaximiz\u002F","\u003Cp>If you have any questions or concerns about this external dependency, please contact our support team for clarification.\u003C\u002Fp>\n\u003Cp>Allsource empowers you to understand user actions and motivations, helping you create better user experiences that drive conversions. With Allsource, you can:\u003C\u002Fp>\n\u003Ch3>Visualize User Behavior\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use heatmaps to see where users click, scroll, and move on your site. This visual data helps you make actionable improvements.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Experience User Journeys\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Watch recordings of real user interactions to analyze clicks and navigation patterns, identifying pain points and optimizing user flow.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Analyze Conversions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use funnels to visualize conversion paths and pinpoint where users drop off. Review relevant recordings to understand obstacles in the user journey.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Explore Key Metrics\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Connect numerical data with user behavior insights, easily visualizing important metrics and accessing corresponding recordings and heatmaps.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Gather User Feedback\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Listen to Your Users\u003C\u002Fstrong>: Conduct targeted surveys to gather valuable feedback directly from users, helping you validate ideas and understand their needs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Contextual Feedback\u003C\u002Fstrong>: Implement a real-time feedback tool on your site, allowing users to express their thoughts about specific elements, such as pages or forms.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Engage with Users\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>User Interviews Made Easy\u003C\u002Fstrong>: Automate the process of recruiting, scheduling, and conducting moderated user interviews, allowing you to focus on meaningful interactions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Allsource Platform\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Monitor User Metrics\u003C\u002Fstrong>: Use the Dashboard for a comprehensive overview of user data, helping you identify trends and potential issues before they escalate.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Seamless Integrations\u003C\u002Fstrong>: Connect Allsource with your favorite tools to automate workflows and save time—no coding required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin provides a straightforward installation of Allsource on your WordPress site. Sign up for your free trial today!\u003C\u002Fp>\n","The intuitive way to gain insights into user behavior.",563,"2026-01-21T14:04:00.000Z","6.9.4","5.0",[115,20,21,22],"https:\u002F\u002Fallsourcedata.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fallsource.1.1.4.zip",{"attackSurface":129,"codeSignals":158,"taintFlows":179,"riskAssessment":180,"analyzedAt":190},{"hooks":130,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":26,"unprotectedCount":26},[131,137,141,146,150],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","plugins_loaded","hotjar_plugin_init","hotjar.php",19,{"type":132,"name":138,"callback":139,"file":135,"line":140},"admin_init","install",57,{"type":132,"name":142,"callback":143,"file":144,"line":145},"admin_menu","create_nav_page","includes\\class-hotjar.php",22,{"type":132,"name":147,"callback":148,"file":144,"line":149},"wp_head","hotjar_script",68,{"type":132,"name":151,"callback":152,"file":144,"line":153},"admin_enqueue_scripts","hotjar_admin_styles",72,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":178},[],{"prepared":26,"raw":26,"locations":161},[],{"escaped":163,"rawEcho":164,"locations":165},4,6,[166,170,172,174,175,176],{"file":167,"line":168,"context":169},"admin\\views\\settings.php",16,"raw output",{"file":167,"line":171,"context":169},26,{"file":167,"line":173,"context":169},27,{"file":167,"line":173,"context":169},{"file":167,"line":60,"context":169},{"file":144,"line":177,"context":169},53,[],[],{"summary":181,"deductions":182},"The Hotjar plugin version 1.0.16 presents a generally positive security posture based on the static analysis provided. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant strength, indicating a limited attack surface. The use of prepared statements for all SQL queries and the absence of file operations and external HTTP requests are also good security practices. However, the static analysis also reveals a concerning weakness: 60% of output escaping is missing. This means that a significant portion of data being displayed to users may not be properly sanitized, creating a potential vulnerability for Cross-Site Scripting (XSS) attacks.\n\nThe plugin's vulnerability history, while showing only one medium-severity CVE, is still a point of concern. The common vulnerability type listed is 'Cross-site Scripting', which directly aligns with the observed unescaped output in the static analysis. The fact that this vulnerability was relatively recent (October 2023) and was a medium severity suggests that while the developers are addressing vulnerabilities, there's an ongoing risk related to input handling and output sanitization. The lack of critical or high severity CVEs is a positive sign, but the pattern of XSS vulnerabilities warrants attention.\n\nIn conclusion, the Hotjar plugin exhibits strengths in its limited attack surface and secure database practices. However, the significant percentage of unescaped output and the historical pattern of XSS vulnerabilities are notable weaknesses that elevate the risk. While there are no unpatched CVEs currently, the identified code signals and historical data suggest a need for further review and improvement in output sanitization to mitigate potential XSS risks.",[183,185,188],{"reason":184,"points":164},"Significant unescaped output (60%)",{"reason":186,"points":187},"1 medium severity CVE in history",5,{"reason":189,"points":163},"Vulnerability history indicates XSS risk","2026-03-16T17:12:53.024Z",{"wat":192,"direct":198},{"assetPaths":193,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[194],"\u002Fwp-content\u002Fplugins\u002Fhotjar\u002Fadmin\u002Fstatic\u002Fhotjar-admin.css",[],[],[],{"cssClasses":199,"htmlComments":200,"htmlAttributes":201,"restEndpoints":202,"jsGlobals":203,"shortcodeOutput":206},[],[],[],[],[204,205],"hj","_hjSettings",[],{"error":208,"url":209,"statusCode":210,"statusMessage":211,"message":211},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhotjar\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":168,"versions":213},[214,219,227,235,243,251,259,267,275,283,291,299,307,315,323,331],{"version":6,"download_url":23,"svn_tag_url":215,"released_at":36,"has_diff":47,"diff_files_changed":216,"diff_lines":36,"trac_diff_url":217,"vulnerabilities":218,"is_current":208},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.16\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.15&new_path=%2Fhotjar%2Ftags%2F1.0.16",[],{"version":220,"download_url":221,"svn_tag_url":222,"released_at":36,"has_diff":47,"diff_files_changed":223,"diff_lines":36,"trac_diff_url":224,"vulnerabilities":225,"is_current":47},"1.0.15","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.15.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.15\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.14&new_path=%2Fhotjar%2Ftags%2F1.0.15",[226],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":228,"download_url":229,"svn_tag_url":230,"released_at":36,"has_diff":47,"diff_files_changed":231,"diff_lines":36,"trac_diff_url":232,"vulnerabilities":233,"is_current":47},"1.0.14","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.14.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.14\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.13&new_path=%2Fhotjar%2Ftags%2F1.0.14",[234],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":236,"download_url":237,"svn_tag_url":238,"released_at":36,"has_diff":47,"diff_files_changed":239,"diff_lines":36,"trac_diff_url":240,"vulnerabilities":241,"is_current":47},"1.0.13","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.13.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.13\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.12&new_path=%2Fhotjar%2Ftags%2F1.0.13",[242],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":244,"download_url":245,"svn_tag_url":246,"released_at":36,"has_diff":47,"diff_files_changed":247,"diff_lines":36,"trac_diff_url":248,"vulnerabilities":249,"is_current":47},"1.0.12","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.12.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.12\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.10&new_path=%2Fhotjar%2Ftags%2F1.0.12",[250],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":252,"download_url":253,"svn_tag_url":254,"released_at":36,"has_diff":47,"diff_files_changed":255,"diff_lines":36,"trac_diff_url":256,"vulnerabilities":257,"is_current":47},"1.0.10","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.10.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.10\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.9&new_path=%2Fhotjar%2Ftags%2F1.0.10",[258],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":260,"download_url":261,"svn_tag_url":262,"released_at":36,"has_diff":47,"diff_files_changed":263,"diff_lines":36,"trac_diff_url":264,"vulnerabilities":265,"is_current":47},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.8&new_path=%2Fhotjar%2Ftags%2F1.0.9",[266],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":268,"download_url":269,"svn_tag_url":270,"released_at":36,"has_diff":47,"diff_files_changed":271,"diff_lines":36,"trac_diff_url":272,"vulnerabilities":273,"is_current":47},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.7&new_path=%2Fhotjar%2Ftags%2F1.0.8",[274],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":276,"download_url":277,"svn_tag_url":278,"released_at":36,"has_diff":47,"diff_files_changed":279,"diff_lines":36,"trac_diff_url":280,"vulnerabilities":281,"is_current":47},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.6&new_path=%2Fhotjar%2Ftags%2F1.0.7",[282],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":284,"download_url":285,"svn_tag_url":286,"released_at":36,"has_diff":47,"diff_files_changed":287,"diff_lines":36,"trac_diff_url":288,"vulnerabilities":289,"is_current":47},"1.0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.5&new_path=%2Fhotjar%2Ftags%2F1.0.6",[290],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":292,"download_url":293,"svn_tag_url":294,"released_at":36,"has_diff":47,"diff_files_changed":295,"diff_lines":36,"trac_diff_url":296,"vulnerabilities":297,"is_current":47},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.4&new_path=%2Fhotjar%2Ftags%2F1.0.5",[298],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":300,"download_url":301,"svn_tag_url":302,"released_at":36,"has_diff":47,"diff_files_changed":303,"diff_lines":36,"trac_diff_url":304,"vulnerabilities":305,"is_current":47},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.3&new_path=%2Fhotjar%2Ftags%2F1.0.4",[306],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":308,"download_url":309,"svn_tag_url":310,"released_at":36,"has_diff":47,"diff_files_changed":311,"diff_lines":36,"trac_diff_url":312,"vulnerabilities":313,"is_current":47},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.2&new_path=%2Fhotjar%2Ftags%2F1.0.3",[314],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":316,"download_url":317,"svn_tag_url":318,"released_at":36,"has_diff":47,"diff_files_changed":319,"diff_lines":36,"trac_diff_url":320,"vulnerabilities":321,"is_current":47},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.1&new_path=%2Fhotjar%2Ftags%2F1.0.2",[322],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":324,"download_url":325,"svn_tag_url":326,"released_at":36,"has_diff":47,"diff_files_changed":327,"diff_lines":36,"trac_diff_url":328,"vulnerabilities":329,"is_current":47},"1.0.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fhotjar%2Ftags%2F1.0.0&new_path=%2Fhotjar%2Ftags%2F1.0.1",[330],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6},{"version":55,"download_url":332,"svn_tag_url":333,"released_at":36,"has_diff":47,"diff_files_changed":334,"diff_lines":36,"trac_diff_url":36,"vulnerabilities":335,"is_current":47},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhotjar\u002Ftags\u002F1.0.0\u002F",[],[336],{"id":32,"url_slug":33,"title":34,"severity":38,"cvss_score":39,"vuln_type":41,"patched_in_version":6}]