[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcgsT8vNViLkXcYtbpjF9cCBLHF-gxjbL8fc670opOiQ":3,"$fYq9ru5M04oeFozfUVQVre9U-IbDuEThcBAkpXmWJhHg":225,"$fH1iwOegy2wFW6bDMBl2oddBV4xATZ6Who4qOfy-kHfk":229},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":19,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"discovery_status":24,"vulnerabilities":25,"developer":26,"crawl_stats":22,"alternatives":34,"analysis":35,"fingerprints":195},"independent-analytics-for-mainwp","Independent Analytics for MainWP","1.4","Ben Sibley","https:\u002F\u002Fprofiles.wordpress.org\u002Fbensibley\u002F","\u003Cp>Independent Analytics for MainWP is a free extension that lets you see stats for all your sites in one place.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to setup this plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To use this plugin, you will install it on your site MainWP dashboard site. Once activated, visit the MainWP overview page, and click the “Sync” button at the top of the page. You will then see the Independent Analytics widget appear at the bottom of the page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How to use this plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once installed, you will find a new Independent Analytics widget available in the Overview menu. It displays a chart and the number of views and visitors from the past 30 days.\u003C\u002Fp>\n\u003Cp>Using the dropdown in the widget, you can quickly switch between each website. This makes it easy to get a look at the performance of many different websites, without visiting each analytics dashboard individually.\u003C\u002Fp>\n\u003Cp>If you want to open the full analytics menu for any particular site, just click the “Open Dashboard” button in the widget.\u003C\u002Fp>\n\u003Cp>A similar widget is available when viewing the MainWP dashboard for any individual site.\u003C\u002Fp>\n","This is a free extension for MainWP that lets you view stats from all of your sites using Independent Analytics in the main Overview menu.",700,3069,0,"2025-06-25T16:44:00.000Z","6.7.5","5.9","7.4",[],"https:\u002F\u002Findependentwp.com\u002Ffeatures\u002Fmainwp-extension\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findependent-analytics-for-mainwp.1.4.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"bensibley",18,121200,93,6,95,"2026-05-20T09:09:54.531Z",[],{"attackSurface":36,"codeSignals":119,"taintFlows":140,"riskAssessment":185,"analyzedAt":194},{"hooks":37,"ajaxHandlers":115,"restRoutes":116,"shortcodes":117,"cronEvents":118,"entryPointCount":13,"unprotectedCount":13},[38,44,48,52,55,58,63,65,68,71,74,77,80,83,86,88,92,96,100,103,107,111],{"type":39,"name":40,"callback":40,"priority":41,"file":42,"line":43},"filter","plugin_row_meta",10,"class\\class-mainwp-iawp-admin.php",30,{"type":45,"name":46,"callback":46,"file":42,"line":47},"action","admin_enqueue_scripts",32,{"type":45,"name":49,"callback":49,"file":50,"line":51},"admin_init","class\\class-mainwp-iawp-ajax.php",45,{"type":45,"name":49,"callback":49,"file":53,"line":54},"class\\class-mainwp-iawp-individual.php",44,{"type":45,"name":49,"callback":49,"file":56,"line":57},"class\\class-mainwp-iawp-overview.php",42,{"type":45,"name":59,"callback":60,"priority":41,"file":61,"line":62},"mainwp_added_new_site","closure","independent-analytics-for-mainwp.php",40,{"type":39,"name":64,"callback":60,"priority":41,"file":61,"line":51},"mainwp_sync_others_data",{"type":45,"name":66,"callback":60,"priority":41,"file":61,"line":67},"mainwp_site_sync",52,{"type":45,"name":69,"callback":60,"priority":41,"file":61,"line":70},"mainwp_pro_reports_showhide_settings",63,{"type":39,"name":72,"callback":60,"priority":41,"file":61,"line":73},"mainwp_pro_reports_save_report_settings",82,{"type":39,"name":75,"callback":60,"priority":41,"file":61,"line":76},"mainwp_pro_reports_parsed_section_tokens",128,{"type":45,"name":78,"callback":60,"priority":41,"file":61,"line":79},"mainwp_pro_reports_agency_template_summary_bottom",162,{"type":45,"name":81,"callback":60,"priority":41,"file":61,"line":82},"mainwp_pro_reports_template_general_bottom",184,{"type":45,"name":84,"callback":60,"priority":41,"file":61,"line":85},"mainwp_pro_reports_template_summary_bottom",204,{"type":45,"name":84,"callback":60,"priority":41,"file":61,"line":87},228,{"type":39,"name":89,"callback":90,"file":61,"line":91},"mainwp_getextensions","get_this_extension",278,{"type":39,"name":93,"callback":94,"priority":41,"file":61,"line":95},"mainwp_log_specific_actions","hook_log_specific",279,{"type":45,"name":97,"callback":98,"file":61,"line":99},"mainwp_activated","activate_this_plugin",289,{"type":45,"name":101,"callback":101,"file":61,"line":102},"admin_notices",292,{"type":39,"name":104,"callback":105,"priority":41,"file":61,"line":106},"mainwp_getsubpages_sites","hook_managesites_subpage",373,{"type":39,"name":108,"callback":109,"file":61,"line":110},"mainwp_getmetaboxes","hook_get_metaboxes",374,{"type":39,"name":112,"callback":113,"priority":41,"file":61,"line":114},"mainwp_widgets_screen_options","widgets_screen_options",375,[],[],[],[],{"dangerousFunctions":120,"sqlUsage":121,"outputEscaping":123,"fileOperations":13,"externalRequests":13,"nonceChecks":138,"capabilityChecks":13,"bundledLibraries":139},[],{"prepared":13,"raw":13,"locations":122},[],{"escaped":124,"rawEcho":125,"locations":126},73,5,[127,130,132,134,136],{"file":61,"line":128,"context":129},67,"raw output",{"file":61,"line":131,"context":129},70,{"file":61,"line":133,"context":129},71,{"file":61,"line":135,"context":129},72,{"file":61,"line":137,"context":129},415,1,[],[141,166],{"entryPoint":142,"graph":143,"unsanitizedCount":138,"severity":165},"render_metabox (class\\class-mainwp-iawp-widget.php:31)",{"nodes":144,"edges":161},[145,151,155],{"id":146,"type":147,"label":148,"file":149,"line":150},"n0","source","$_GET","class\\class-mainwp-iawp-widget.php",46,{"id":152,"type":153,"label":154,"file":149,"line":150},"n1","transform","→ render_single_site_widget()",{"id":156,"type":157,"label":158,"file":149,"line":159,"wp_function":160},"n2","sink","echo() [XSS]",243,"echo",[162,164],{"from":146,"to":152,"sanitized":163},false,{"from":152,"to":156,"sanitized":163},"medium",{"entryPoint":167,"graph":168,"unsanitizedCount":138,"severity":165},"\u003Cclass-mainwp-iawp-widget> (class\\class-mainwp-iawp-widget.php:0)",{"nodes":169,"edges":180},[170,173,175,176,178],{"id":146,"type":147,"label":171,"file":149,"line":172},"$_GET (x16)",37,{"id":152,"type":157,"label":158,"file":149,"line":174,"wp_function":160},142,{"id":156,"type":147,"label":148,"file":149,"line":150},{"id":177,"type":153,"label":154,"file":149,"line":150},"n3",{"id":179,"type":157,"label":158,"file":149,"line":159,"wp_function":160},"n4",[181,183,184],{"from":146,"to":152,"sanitized":182},true,{"from":156,"to":177,"sanitized":163},{"from":177,"to":179,"sanitized":163},{"summary":186,"deductions":187},"Based on the static analysis and vulnerability history, the 'independent-analytics-for-mainwp' plugin version 1.4 exhibits a generally strong security posture. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping the vast majority of its output. The presence of a nonce check and the lack of file operations or external HTTP requests further bolster its security.  \n\nHowever, two flows with unsanitized paths identified during the taint analysis, while not classified as critical or high severity, warrant attention. These represent potential avenues for unexpected behavior or data manipulation if an attacker could trigger these specific code paths. The complete lack of recorded vulnerabilities in its history is a positive indicator, suggesting a mature and well-maintained codebase, but it doesn't entirely negate the risks identified in the static analysis.\n\nIn conclusion, this plugin appears to be built with security in mind, demonstrating solid coding practices. The main area of concern lies in the two identified unsanitized paths, which should ideally be addressed to eliminate any potential for exploitation. While the plugin has no known vulnerabilities, proactive code review to address the taint analysis findings is recommended for a truly robust security profile.",[188,191],{"reason":189,"points":190},"Flows with unsanitized paths",8,{"reason":192,"points":193},"Outputs not properly escaped",2,"2026-03-16T19:23:46.128Z",{"wat":196,"direct":207},{"assetPaths":197,"generatorPatterns":202,"scriptPaths":203,"versionParams":204},[198,199,200,201],"\u002Fwp-content\u002Fplugins\u002Findependent-analytics-for-mainwp\u002Fvendor\u002Fmainwp\u002Fmainwp-pro-reports-extension\u002Fincludes\u002Fadmin\u002Fcss\u002Fmainwp-pro-reports-extension-admin.css","\u002Fwp-content\u002Fplugins\u002Findependent-analytics-for-mainwp\u002Fvendor\u002Fmainwp\u002Fmainwp-pro-reports-extension\u002Fincludes\u002Fadmin\u002Fjs\u002Fmainwp-pro-reports-extension-admin.js","\u002Fwp-content\u002Fplugins\u002Findependent-analytics-for-mainwp\u002Fvendor\u002Fmainwp\u002Fmainwp-pro-reports-extension\u002Fincludes\u002Fadmin\u002Fcss\u002Fmainwp-pro-reports-extension-admin.css.map","\u002Fwp-content\u002Fplugins\u002Findependent-analytics-for-mainwp\u002Fvendor\u002Fmainwp\u002Fmainwp-pro-reports-extension\u002Fincludes\u002Fadmin\u002Fjs\u002Fmainwp-pro-reports-extension-admin.js.map",[],[199],[205,206],"independent-analytics-for-mainwp\u002Fvendor\u002Fmainwp\u002Fmainwp-pro-reports-extension\u002Fincludes\u002Fadmin\u002Fcss\u002Fmainwp-pro-reports-extension-admin.css?ver=","independent-analytics-for-mainwp\u002Fvendor\u002Fmainwp\u002Fmainwp-pro-reports-extension\u002Fincludes\u002Fadmin\u002Fjs\u002Fmainwp-pro-reports-extension-admin.js?ver=",{"cssClasses":208,"htmlComments":211,"htmlAttributes":214,"restEndpoints":216,"jsGlobals":217,"shortcodeOutput":218},[209,210,209],"mainwp-report-column-2","mainwp-report-list",[212,213],"\u003C!-- Render for pro-report-agency.php and pro-report-agency-dark.php -->","\u003C!-- Render for pro-report-default.php -->",[215,215,215,215,215,215,215,215,215,215,215,215],"name=\"pro-report-showhide-sections[iawp-show-in-report]\"",[],[],[219,220,221,222,223,224,219,220,221,222,223,224],"[config-section-data]","[config-section-extra max-empty=\"3\" \u002F]","[hide-if-empty]","[iawp.views]","[iawp.visitors]","[iawp.sessions]",{"error":182,"url":226,"statusCode":227,"statusMessage":228,"message":228},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Findependent-analytics-for-mainwp\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":125,"versions":230},[231,236,243,250,257],{"version":6,"download_url":20,"svn_tag_url":232,"released_at":22,"has_diff":163,"diff_files_changed":233,"diff_lines":22,"trac_diff_url":234,"vulnerabilities":235,"is_current":182},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Findependent-analytics-for-mainwp\u002Ftags\u002F1.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.3&new_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.4",[],{"version":237,"download_url":238,"svn_tag_url":239,"released_at":22,"has_diff":163,"diff_files_changed":240,"diff_lines":22,"trac_diff_url":241,"vulnerabilities":242,"is_current":163},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findependent-analytics-for-mainwp.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Findependent-analytics-for-mainwp\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.2&new_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.3",[],{"version":244,"download_url":245,"svn_tag_url":246,"released_at":22,"has_diff":163,"diff_files_changed":247,"diff_lines":22,"trac_diff_url":248,"vulnerabilities":249,"is_current":163},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findependent-analytics-for-mainwp.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Findependent-analytics-for-mainwp\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.1&new_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.2",[],{"version":251,"download_url":252,"svn_tag_url":253,"released_at":22,"has_diff":163,"diff_files_changed":254,"diff_lines":22,"trac_diff_url":255,"vulnerabilities":256,"is_current":163},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findependent-analytics-for-mainwp.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Findependent-analytics-for-mainwp\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.0&new_path=%2Findependent-analytics-for-mainwp%2Ftags%2F1.1",[],{"version":258,"download_url":259,"svn_tag_url":260,"released_at":22,"has_diff":163,"diff_files_changed":261,"diff_lines":22,"trac_diff_url":22,"vulnerabilities":262,"is_current":163},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findependent-analytics-for-mainwp.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Findependent-analytics-for-mainwp\u002Ftags\u002F1.0\u002F",[],[]]