[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f84_LB-oldHMA4854rTR9TSCjf1_9OfS05Jxekio9VFg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":85,"crawl_stats":37,"alternatives":93,"analysis":201,"fingerprints":612},"kama-clic-counter","Kama Click Counter","4.1.1","Timur Kamaev","https:\u002F\u002Fprofiles.wordpress.org\u002Ftkama\u002F","\u003Cp>With this plugin, you can gather statistics on clicks for file downloads or any other link across the site.\u003C\u002Fp>\n\u003Cp>To insert a file download block, use the \u003Ccode>[download url=\"any file URL\"]\u003C\u002Fcode> shortcode.\u003C\u002Fp>\n\u003Cp>The plugin does not include additional tools for uploading files. All files must be uploaded using the standard WordPress media uploader. The URLs are then used to create the download block.\u003C\u002Fp>\n\u003Cp>Additionally, the plugin includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A button in the visual editor for quickly inserting the file download block shortcode.\u003C\u002Fli>\n\u003Cli>A customizable widget that allows you to display a list of “Top Downloads” or “Top Link Clicks.”\u003C\u002Fli>\n\u003C\u002Ful>\n","Count clicks on any link across the site. Creates a beautiful file download block in post content. Includes a widget for top downloads.",900,38958,78,9,"2025-10-27T09:53:00.000Z","6.8.5","5.9","7.4",[20,21,22,23],"analytics","count-clicks","counter","statistics","https:\u002F\u002Fwp-kama.com\u002F77","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkama-clic-counter.zip",95,4,0,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32,48,60,74],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-58682","kama-click-counter-authenticated-contributor-stored-cross-site-scripting-2","Kama Click Counter \u003C= 4.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Kama Click Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=4.0.4","4.1.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-10-30 14:07:37",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb913ad87-4d49-4cb6-82f4-5d953cbabd96?source=api-prod",39,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":55,"updated_date":56,"references":57,"days_to_patch":59},"CVE-2025-49861","kama-click-counter-authenticated-contributor-stored-cross-site-scripting","Kama Click Counter \u003C= 4.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Kama Click Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.0.3","4.0.4","2025-06-12 00:00:00","2025-06-17 15:02:47",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb65e3a9f-55b7-458c-81ef-0e29fc8733d9?source=api-prod",6,{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":37,"affected_versions":65,"patched_in_version":66,"severity":40,"cvss_score":67,"cvss_vector":68,"vuln_type":43,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2017-18615","kama-click-counter-cross-site-scripting","Kama Click Counter \u003C= 3.4.9 - Cross-Site Scripting","The Kama Click Counter plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthorized attackers to inject arbitrary web scripts that execute in a victim's browser.","\u003C=3.4.9","3.5.0",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2017-02-27 00:00:00","2024-01-22 19:56:02",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3b6e45ae-650e-45eb-b781-5acec1ba2dde?source=api-prod",2521,{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":37,"affected_versions":65,"patched_in_version":66,"severity":79,"cvss_score":80,"cvss_vector":81,"vuln_type":82,"published_date":69,"updated_date":70,"references":83,"days_to_patch":73},"CVE-2017-18614","kama-click-counter-blind-sql-injection","Kama Click Counter \u003C= 3.4.9 - Blind SQL Injection","The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",[84],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe7837208-97e3-45f9-8f9f-b1906a4fcbcc?source=api-prod",{"slug":86,"display_name":7,"profile_url":8,"plugin_count":87,"total_installs":88,"avg_security_score":89,"avg_patch_time_days":90,"trust_score":91,"computed_at":92},"tkama",5,22200,85,1448,69,"2026-04-05T14:28:05.004Z",[94,118,142,163,182],{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":113,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":28,"last_vuln_date":117,"fetched_at":30},"post-views-counter","Post Views Counter","1.7.8","dFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fdfactory\u002F","\u003Cp>Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostviewscounter.com\u002F\" rel=\"nofollow ugc\">Post Views Counter\u003C\u002Fa> gives you clear, accurate post view stats — right inside WordPress. No external tools. No bloat. Just the numbers you need to see what’s working.\u003C\u002Fp>\n\u003Ch4>Key Benefits\u003C\u002Fh4>\n\u003Cp>Clarity, speed, and control:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Clear, Focused Metrics\u003C\u002Fstrong> — You get a clear picture of how your posts are performing.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Made for WordPress\u003C\u002Fstrong> — Runs entirely in your site. No GA, no third-party pipes; accurate counts in your Dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-first\u003C\u002Fstrong> — Data lives on your server, with controls that respect visitors’ rights and privacy regulations.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works at scale\u003C\u002Fstrong> — Minimal overhead, no external scripts, Multisite-ready.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display anywhere\u003C\u002Fstrong> — Automatically show counts, or place them exactly where you want via blocks or shortcode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Practical features that matter:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Count & display views for \u003Cstrong>any post type\u003C\u002Fstrong> you select.\u003C\u002Fli>\n\u003Cli>Three counting modes: \u003Cstrong>PHP, JavaScript, REST API\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Dashboard post views \u003Cstrong>stats widget\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Sortable Post Views \u003Cstrong>admin column\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Exclude bots, logged-in users, specific roles, or IPs\u003C\u002Fli>\n\u003Cli>Manually adjust a post’s views when needed.\u003C\u002Fli>\n\u003Cli>Query and \u003Cstrong>order content by views\u003C\u002Fstrong> (developer-friendly)\u003C\u002Fli>\n\u003Cli>Custom REST API endpoints\u003C\u002Fli>\n\u003Cli>Option to set count interval\u003C\u002Fli>\n\u003Cli>One-click data import from \u003Cstrong>WP-PostViews\u003C\u002Fstrong>, \u003Cstrong>Statify\u003C\u002Fstrong> and \u003Cstrong>Page Views Count\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Post views \u003Cstrong>display position\u003C\u002Fstrong>, automatic or manual via shortcode\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite\u003C\u002Fstrong> compatibile\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WPML\u002FPolylang\u003C\u002Fstrong> compatible; translation-ready (.pot)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Post Views Counter Pro\u003C\u002Fh4>\n\u003Cp>More capability without extra complexity:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fast AJAX counting\u003C\u002Fstrong> for more accurate data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching optimization\u003C\u002Fstrong> that guarantees performance even under heavy traffic.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Reports\u003C\u002Fstrong>: Views by Date, Post, Author to spot winners, trends, and top contributors.\u003C\u002Fli>\n\u003Cli>Customizable \u003Cstrong>Views Period\u003C\u002Fstrong> (e.g., last 7\u002F30 days) to control the views count timeframe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export to CSV\u002FXML\u003C\u002Fstrong> to download and share data.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrations\u003C\u002Fstrong> for ordering by views in popular builders (e.g., \u003Cstrong>Elementor Pro, Divi, GenerateBlocks\u003C\u002Fstrong>).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpostviewscounter.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Learn more about Pro \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n","Post Views Counter allows you to collect and display how many times a post, page, or other content has been viewed in a simple, fast and reliable way.",200000,5127428,98,1194,"2026-03-10T10:56:00.000Z","6.9.4","6.3.0","7.0",[20,22,111,112,23],"pageviews","postviews","https:\u002F\u002Fpostviewscounter.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-views-counter.1.7.8.zip",99,2,"2024-04-05 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":107,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":132,"download_link":138,"security_score":139,"vuln_count":140,"unpatched_count":28,"last_vuln_date":141,"fetched_at":30},"visitors-traffic-real-time-statistics","Visitor Traffic Real Time Statistics","8.5","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>\u003Cstrong>Visitor Traffic Real-Time Statistics for WordPress\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Unlock powerful insights into your website traffic with\u003Cstrong>Visitor Traffic Real-Time Statistics\u003C\u002Fstrong>, the ultimate WordPress plugin for tracking visitors, visits, browsers, operating systems, and more — all in one intuitive dashboard.\u003C\u002Fp>\n\u003Cp>With real-time data and easy-to-use shortcodes, you’ll get a complete picture of your site’s performance without the complexity. Whether you’re a blogger, business owner, or marketer, this plugin gives you the tools to understand your audience better and make smarter decisions.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Why Choose Visitor Traffic Real-Time Statistics?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-Time Visitor Tracking:\u003C\u002Fstrong> See who’s visiting your site and when — in real-time.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly Dashboard:\u003C\u002Fstrong> All your key insights are displayed on a single, easy-to-navigate dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Analytics:\u003C\u002Fstrong> Track visitors by country, device, browser, operating system, referrer, and more.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Integration:\u003C\u002Fstrong> Display visitor stats anywhere on your site with simple shortcodes.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Insights:\u003C\u002Fstrong> Monitor keywords, search engine referrals, and traffic sources to improve your SEO performance.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Available Shortcodes (Simple & Flexible)\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Add these shortcodes to any post, page, or widget to showcase your traffic stats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[ahc_stats_widget]\u003C\u002Fcode> – Display a site-wide statistics widget on the front end.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_stats_widget title=\"Your Title\" fontsize=\"16\" display_today_visitors=true display_total_visitors=true]\u003C\u002Fcode> – Customize the widget with your own parameters.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_today_visitors]\u003C\u002Fcode> – Display today’s visitors.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_today_visits]\u003C\u002Fcode> – Display today’s page views.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_total_visitors]\u003C\u002Fcode> – Show your all-time visitor count.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_total_visits]\u003C\u002Fcode> – Display total visits to your site.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Free Version Features:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Real-time visitor tracking and stats.  \u003C\u002Fli>\n\u003Cli>Insights into browsers, countries, hits, referrals, and searches.  \u003C\u002Fli>\n\u003Cli>Track daily, weekly, and monthly visitor trends.  \u003C\u002Fli>\n\u003Cli>Shortcodes to display key stats on your site.  \u003C\u002Fli>\n\u003Cli>Track top referring websites and keywords.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Upgrade to Pro for Even More Power!\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Take your analytics to the next level with\u003Cstrong>Visitor Traffic Real-Time Statistics Pro\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multisite Support:\u003C\u002Fstrong> Track traffic across multiple sites in one place.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live User Tracking:\u003C\u002Fstrong> See how many people are online right now.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Interactive Google Maps:\u003C\u002Fstrong> Visualize visitor locations globally.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Page Tracking:\u003C\u002Fstrong> Identify your most popular posts and pages.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Visit Graphs:\u003C\u002Fstrong> Analyze visitor activity by the hour.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced SEO Insights:\u003C\u002Fstrong> Discover the keywords driving traffic to your site.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Reports:\u003C\u002Fstrong> Get actionable insights with easy-to-read reports.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Who Can Benefit?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bloggers who want to track reader engagement.  \u003C\u002Fli>\n\u003Cli>E-commerce store owners looking to understand customer behavior.  \u003C\u002Fli>\n\u003Cli>Marketers seeking to optimize SEO strategies.  \u003C\u002Fli>\n\u003Cli>Website administrators who need detailed traffic analysis.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Get Started Today!\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Install the plugin now\u003C\u002Fstrong> to gain valuable insights into your site traffic and grow your online presence.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fproduct\u002Fvisitors-traffic-real-time-statistics-pro\u002F#gopro\" rel=\"nofollow ugc\">Go PRO Now\u003C\u002Fa>\u003C\u002Fstrong> to unlock all premium features and maximize your analytics potential!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fsupport-center\u002F\" rel=\"nofollow ugc\">Visit Our Support Center\u003C\u002Fa>\u003C\u002Fstrong> for any assistance.\u003C\u002Fp>\n\u003Cp>Your website is getting visitors. Don’t miss out on the insights that can help your business grow.\u003C\u002Fp>\n","This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.",40000,1832736,84,233,"2026-02-21T04:42:00.000Z","3.0.1","",[134,23,135,136,137],"hits-counter","stats-analytics","traffic","visitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisitors-traffic-real-time-statistics.8.5.zip",90,8,"2026-04-03 22:10:48",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":150,"downloaded":151,"rating":152,"num_ratings":27,"last_updated":153,"tested_up_to":154,"requires_at_least":155,"requires_php":132,"tags":156,"homepage":158,"download_link":159,"security_score":160,"vuln_count":161,"unpatched_count":28,"last_vuln_date":162,"fetched_at":30},"wp-post-real-time-statistics","WP Post Statistics (Visitors & Visits Counter)","2.9","osama.esh","https:\u002F\u002Fprofiles.wordpress.org\u002Fosamaesh\u002F","\u003Cp>a simple tool to know your post statistics (With GEO locations)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Single Post Statistics includes: \u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Comprehensive overview page (Dashboard), including country stats, cities, visitors, visits\u003C\u002Fli>\n\u003Cli>compatible with any post type\u003C\u002Fli>\n\u003Cli>Visits & Visitors, see how many hits your site get in any period\u003C\u002Fli>\n\u003Cli>see how many people are viewing your site posts by weekly statistics\u003C\u002Fli>\n\u003Cli>GEO locations\u003C\u002Fli>\n\u003C\u002Ful>\n","a simple tool to know your post statistics",2000,29400,96,"2025-03-08T20:43:00.000Z","6.7.5","4.1",[22,157,23,135,136],"hits","https:\u002F\u002Fwww.plugins-market.com\u002Fproduct\u002Fvisitor-statistics-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-post-real-time-statistics.2.9.zip",91,1,"2022-05-27 00:00:00",{"slug":164,"name":165,"version":166,"author":167,"author_profile":168,"description":169,"short_description":170,"active_installs":171,"downloaded":172,"rating":173,"num_ratings":174,"last_updated":175,"tested_up_to":176,"requires_at_least":132,"requires_php":132,"tags":177,"homepage":180,"download_link":181,"security_score":89,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"extrawatch","ExtraWatch (Live Stats, Realtime tracking, Visits on a map and more)","4.0.53","matto3c","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatto3c\u002F","\u003Cp>See what’s going on on your website in real time. See who’s browsing which pages, information about his country, city, device. This is a great way how to see how your website is being used by the users.\u003Cbr \u002F>\nSee most recent visits on a map, most popular pages, visits from search engines and where your visitors came from. In this version, data are stored in the cloud, and script is loaded asynchronously, so there is no performance impact on your website.\u003Cbr \u002F>\nIf you’re using static plugins like WP Slimstat, this plugin will give you completely different real time experience.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Support\u003C\u002Fstrong>\u003Cbr \u002F>\n  The ExtraWatch team does not provide support for the plugin on the WordPress.org forums.\u003Cbr \u002F>\n  Please use \u003Ca href=\"https:\u002F\u002Fwww.extrawatch.com\u002Fticket\" rel=\"nofollow ugc\">ExtraWatch support\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>features:\u003C\u002Fh4>\n\u003Ch4>Monitor User activity\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>check who’s browsing your website in real time, export visitors of your website in CSV format, see bots and spiders\u003C\u002Fli>\n\u003Cli>traffic sources with graphs (google, facebook, twitter, instagram, youtube, linkedin)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Click Heatmap\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>displays visitor’s mouse clicks, you can see most popular areas of your website\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Map\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>allows you to watch visits on a map in real time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Stats\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>unique visitors, page load stats\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Organic traffic\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>see which pages are visited from google and other search engines\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Popular pages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>most popular pages for selected day\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Referrers\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>where most of the visits came from\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information and demos please visit: https:\u002F\u002Fwww.extrawatch.com\u002Fdemos\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","See visits and clicks on your website in realtime!",100,64924,68,7,"2021-02-03T06:17:00.000Z","5.6.17",[20,22,178,23,179],"ip","stats","http:\u002F\u002Fwww.extrawatch.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextrawatch.zip",{"slug":183,"name":184,"version":185,"author":186,"author_profile":187,"description":188,"short_description":189,"active_installs":190,"downloaded":191,"rating":28,"num_ratings":28,"last_updated":192,"tested_up_to":154,"requires_at_least":132,"requires_php":193,"tags":194,"homepage":197,"download_link":198,"security_score":199,"vuln_count":116,"unpatched_count":161,"last_vuln_date":200,"fetched_at":30},"download-counter","Download Counter","1.4","Anatoly","https:\u002F\u002Fprofiles.wordpress.org\u002Fanatolyk\u002F","\u003Cp>Using this plugin, you will get file download statistics.\u003C\u002Fp>\n\u003Cp>Use the shortcode \u003Ccode>[download_counter_url name='file_name']\u003C\u002Fcode> – to get the link.\u003C\u002Fp>\n\u003Cp>Use the shortcode \u003Ccode>[download_counter_count name='file_name']\u003C\u002Fcode> – to get the number of downloads.\u003C\u002Fp>\n\u003Cp>Use the shortcode \u003Ccode>[download_counter_size name='file_name']\u003C\u002Fcode> – to get the size.\u003C\u002Fp>\n\u003Cp>Use the shortcode \u003Ccode>[download_counter_date name='file_name' format='date_format']\u003C\u002Fcode> – to get the date of the last download.\u003C\u002Fp>\n\u003Cp>Visit the plugin settings to specify the path to the directory with files.\u003C\u002Fp>\n\u003Cp>Then use the shortcode to display the download link or the shortcode to display the number of downloads in any post or page.\u003C\u002Fp>\n\u003Cp>The plugin will then count each successful download and display the statistics in the plugin settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple counter of successful downloads\u003C\u002Fli>\n\u003Cli>Recording statistics to a local database\u003C\u002Fli>\n\u003Cli>Path to the directory with files – anywhere on the server\u003C\u002Fli>\n\u003Cli>Output of download statistics in the settings\u003C\u002Fli>\n\u003Cli>Lightweight – the entire plugin size is \u003C 100 KB\u003C\u002Fli>\n\u003Cli>Super fast and designed for optimal performance\u003C\u002Fli>\n\u003Cli>Clean code\u003C\u002Fli>\n\u003C\u002Ful>\n","Counts the number of downloads for files and displays a table with the results.",30,1057,"2025-08-04T12:32:00.000Z","5.6.8",[20,195,22,196,23],"count-downloads","statistic-downloads","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdownload-counter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-counter.1.4.zip",74,"2025-08-04 18:57:59",{"attackSurface":202,"codeSignals":280,"taintFlows":455,"riskAssessment":595,"analyzedAt":611},{"hooks":203,"ajaxHandlers":272,"restRoutes":273,"shortcodes":274,"cronEvents":279,"entryPointCount":161,"unprotectedCount":28},[204,210,215,219,223,228,234,238,241,247,251,256,261,265,269],{"type":205,"name":206,"callback":207,"file":208,"line":209},"action","after_setup_theme","init","kama_click_counter.php",32,{"type":205,"name":211,"callback":212,"file":213,"line":214},"delete_attachment","_delete_link_by_attach_id","src\\Admin.php",22,{"type":205,"name":216,"callback":217,"file":213,"line":218},"edit_attachment","_update_link_with_attach",23,{"type":205,"name":220,"callback":221,"file":213,"line":222},"wp_loaded","_upgrade",25,{"type":205,"name":224,"callback":225,"file":226,"line":227},"admin_menu","_add_options_page","src\\Admin_Page.php",13,{"type":229,"name":230,"callback":231,"file":232,"line":233},"filter","the_content","modify_links","src\\Content_Replacer.php",15,{"type":205,"name":235,"callback":236,"priority":115,"file":237,"line":218},"wp_footer","_footer_js","src\\Counter.php",{"type":205,"name":207,"callback":239,"priority":28,"file":237,"line":240},"_redirect",24,{"type":205,"name":242,"callback":243,"priority":244,"file":245,"line":246},"wp_head","head_tpl_styles",999,"src\\Download_Shortcode.php",12,{"type":205,"name":248,"callback":249,"file":250,"line":246},"admin_notices","closure","src\\Helpers.php",{"type":205,"name":252,"callback":253,"priority":139,"file":254,"line":255},"admin_bar_menu","_add_toolbar_menu","src\\Plugin.php",73,{"type":229,"name":257,"callback":258,"file":259,"line":260},"mce_buttons_2","register_buttons","src\\TinyMCE.php",16,{"type":229,"name":262,"callback":263,"file":259,"line":264},"mce_external_plugins","mce_js",17,{"type":229,"name":266,"callback":267,"file":259,"line":268},"wp_mce_translation","l10n",18,{"type":205,"name":270,"callback":249,"file":271,"line":214},"widgets_init","src\\Widget.php",[],[],[275],{"tag":276,"callback":277,"file":245,"line":278},"download","download_shortcode",11,[],{"dangerousFunctions":281,"sqlUsage":282,"outputEscaping":309,"fileOperations":450,"externalRequests":116,"nonceChecks":87,"capabilityChecks":116,"bundledLibraries":451},[],{"prepared":214,"raw":278,"locations":283},[284,287,290,292,294,297,300,301,303,305,307],{"file":226,"line":285,"context":286},165,"$wpdb->query() with variable interpolation",{"file":237,"line":288,"context":289},240,"$wpdb->get_results() with variable interpolation",{"file":237,"line":291,"context":286},265,{"file":237,"line":293,"context":286},271,{"file":237,"line":295,"context":296},695,"$wpdb->get_row() with variable interpolation",{"file":298,"line":190,"context":299},"src\\Upgrader_Methods.php","$wpdb->get_var() with variable interpolation",{"file":298,"line":209,"context":286},{"file":298,"line":302,"context":286},45,{"file":298,"line":304,"context":286},46,{"file":306,"line":260,"context":289},"src\\Upgrader_Methods_Abstract.php",{"file":308,"line":190,"context":286},"uninstall.php",{"escaped":310,"rawEcho":311,"locations":312},128,75,[313,316,318,320,321,323,325,327,329,331,333,335,337,339,341,342,344,346,348,350,351,353,355,357,359,361,363,364,366,368,370,372,374,376,377,379,381,382,384,386,387,389,391,393,395,397,399,401,402,403,405,407,409,411,412,414,416,418,420,422,424,426,427,429,431,433,435,437,438,439,440,442,444,446,448],{"file":314,"line":278,"context":315},"admin\\pages\\admin-page.php","raw output",{"file":314,"line":317,"context":315},19,{"file":319,"line":214,"context":315},"admin\\pages\\_admin-menu.php",{"file":319,"line":222,"context":315},{"file":319,"line":322,"context":315},26,{"file":319,"line":324,"context":315},29,{"file":326,"line":233,"context":315},"admin\\pages\\_edit-link.php",{"file":326,"line":328,"context":315},37,{"file":326,"line":330,"context":315},50,{"file":326,"line":332,"context":315},55,{"file":326,"line":334,"context":315},60,{"file":326,"line":336,"context":315},64,{"file":326,"line":338,"context":315},67,{"file":326,"line":340,"context":315},70,{"file":326,"line":255,"context":315},{"file":326,"line":343,"context":315},76,{"file":326,"line":345,"context":315},86,{"file":326,"line":347,"context":315},88,{"file":326,"line":349,"context":315},93,{"file":326,"line":26,"context":315},{"file":326,"line":352,"context":315},102,{"file":326,"line":354,"context":315},104,{"file":326,"line":356,"context":315},120,{"file":326,"line":358,"context":315},123,{"file":326,"line":360,"context":315},124,{"file":362,"line":218,"context":315},"admin\\pages\\_options.php",{"file":362,"line":324,"context":315},{"file":362,"line":365,"context":315},113,{"file":362,"line":367,"context":315},114,{"file":369,"line":128,"context":315},"admin\\pages\\_table.php",{"file":369,"line":371,"context":315},87,{"file":369,"line":373,"context":315},118,{"file":369,"line":375,"context":315},119,{"file":369,"line":356,"context":315},{"file":369,"line":378,"context":315},121,{"file":369,"line":380,"context":315},122,{"file":369,"line":358,"context":315},{"file":369,"line":383,"context":315},125,{"file":369,"line":385,"context":315},127,{"file":369,"line":310,"context":315},{"file":369,"line":388,"context":315},129,{"file":369,"line":390,"context":315},130,{"file":369,"line":392,"context":315},163,{"file":369,"line":394,"context":315},168,{"file":369,"line":396,"context":315},174,{"file":369,"line":398,"context":315},177,{"file":369,"line":400,"context":315},181,{"file":369,"line":400,"context":315},{"file":369,"line":400,"context":315},{"file":369,"line":404,"context":315},183,{"file":369,"line":406,"context":315},185,{"file":369,"line":408,"context":315},189,{"file":237,"line":410,"context":315},42,{"file":245,"line":268,"context":315},{"file":271,"line":413,"context":315},77,{"file":271,"line":415,"context":315},116,{"file":271,"line":417,"context":315},152,{"file":271,"line":419,"context":315},153,{"file":271,"line":421,"context":315},160,{"file":271,"line":423,"context":315},162,{"file":271,"line":425,"context":315},167,{"file":271,"line":394,"context":315},{"file":271,"line":428,"context":315},169,{"file":271,"line":430,"context":315},170,{"file":271,"line":432,"context":315},176,{"file":271,"line":434,"context":315},178,{"file":271,"line":436,"context":315},184,{"file":271,"line":436,"context":315},{"file":271,"line":408,"context":315},{"file":271,"line":408,"context":315},{"file":271,"line":441,"context":315},194,{"file":271,"line":443,"context":315},195,{"file":271,"line":445,"context":315},196,{"file":271,"line":447,"context":315},200,{"file":271,"line":449,"context":315},201,3,[452],{"name":453,"version":37,"knownCves":454},"TinyMCE",[],[456,483,510,520,533,558,580],{"entryPoint":457,"graph":458,"unsanitizedCount":161,"severity":40},"_redirect (src\\Counter.php:379)",{"nodes":459,"edges":478},[460,465,471,473],{"id":461,"type":462,"label":463,"file":237,"line":464},"n0","source","$_SERVER",395,{"id":466,"type":467,"label":468,"file":237,"line":469,"wp_function":470},"n1","sink","echo() [XSS]",439,"echo",{"id":472,"type":462,"label":463,"file":237,"line":464},"n2",{"id":474,"type":467,"label":475,"file":237,"line":476,"wp_function":477},"n3","wp_redirect() [Open Redirect]",444,"wp_redirect",[479,481],{"from":461,"to":466,"sanitized":480},false,{"from":472,"to":474,"sanitized":482},true,{"entryPoint":484,"graph":485,"unsanitizedCount":450,"severity":40},"\u003CCounter> (src\\Counter.php:0)",{"nodes":486,"edges":505},[487,488,489,490,491,493,498,500],{"id":461,"type":462,"label":463,"file":237,"line":464},{"id":466,"type":467,"label":468,"file":237,"line":469,"wp_function":470},{"id":472,"type":462,"label":463,"file":237,"line":464},{"id":474,"type":467,"label":475,"file":237,"line":476,"wp_function":477},{"id":492,"type":462,"label":463,"file":237,"line":464},"n4",{"id":494,"type":467,"label":495,"file":237,"line":496,"wp_function":497},"n5","wp_remote_get() [SSRF]",551,"wp_remote_get",{"id":499,"type":462,"label":463,"file":237,"line":464},"n6",{"id":501,"type":467,"label":502,"file":237,"line":503,"wp_function":504},"n7","file_get_contents() [SSRF\u002FLFI]",553,"file_get_contents",[506,507,508,509],{"from":461,"to":466,"sanitized":480},{"from":472,"to":474,"sanitized":482},{"from":492,"to":494,"sanitized":480},{"from":499,"to":501,"sanitized":480},{"entryPoint":511,"graph":512,"unsanitizedCount":161,"severity":519},"\u003C_admin-menu> (admin\\pages\\_admin-menu.php:0)",{"nodes":513,"edges":517},[514,516],{"id":461,"type":462,"label":515,"file":319,"line":174},"$_GET",{"id":466,"type":467,"label":468,"file":319,"line":324,"wp_function":470},[518],{"from":461,"to":466,"sanitized":480},"low",{"entryPoint":521,"graph":522,"unsanitizedCount":161,"severity":519},"\u003C_edit-link> (admin\\pages\\_edit-link.php:0)",{"nodes":523,"edges":530},[524,526,527,528],{"id":461,"type":462,"label":463,"file":326,"line":525},31,{"id":466,"type":467,"label":468,"file":326,"line":328,"wp_function":470},{"id":472,"type":462,"label":463,"file":326,"line":525},{"id":474,"type":467,"label":468,"file":326,"line":529,"wp_function":470},44,[531,532],{"from":461,"to":466,"sanitized":480},{"from":472,"to":474,"sanitized":482},{"entryPoint":534,"graph":535,"unsanitizedCount":116,"severity":519},"\u003C_table> (admin\\pages\\_table.php:0)",{"nodes":536,"edges":553},[537,539,542,543,547,548,549,552],{"id":461,"type":462,"label":515,"file":369,"line":538},28,{"id":466,"type":467,"label":540,"file":369,"line":330,"wp_function":541},"get_results() [SQLi]","get_results",{"id":472,"type":462,"label":515,"file":369,"line":538},{"id":474,"type":467,"label":544,"file":369,"line":545,"wp_function":546},"get_var() [SQLi]",59,"get_var",{"id":492,"type":462,"label":515,"file":369,"line":538},{"id":494,"type":467,"label":468,"file":369,"line":311,"wp_function":470},{"id":499,"type":462,"label":550,"file":369,"line":551},"$_SERVER (x2)",81,{"id":501,"type":467,"label":468,"file":369,"line":128,"wp_function":470},[554,555,556,557],{"from":461,"to":466,"sanitized":482},{"from":472,"to":474,"sanitized":482},{"from":492,"to":494,"sanitized":482},{"from":499,"to":501,"sanitized":480},{"entryPoint":559,"graph":560,"unsanitizedCount":116,"severity":79},"_on_admin_page_load (src\\Admin_Page.php:34)",{"nodes":561,"edges":575},[562,565,568,571,573,574],{"id":461,"type":462,"label":563,"file":226,"line":564},"$_POST['delete_link_ids']",65,{"id":466,"type":566,"label":567,"file":226,"line":564},"transform","→ delete_links()",{"id":472,"type":467,"label":569,"file":226,"line":285,"wp_function":570},"query() [SQLi]","query",{"id":474,"type":462,"label":572,"file":226,"line":343},"$_GET['delete_link']",{"id":492,"type":566,"label":567,"file":226,"line":343},{"id":494,"type":467,"label":569,"file":226,"line":285,"wp_function":570},[576,577,578,579],{"from":461,"to":466,"sanitized":480},{"from":466,"to":472,"sanitized":480},{"from":474,"to":492,"sanitized":480},{"from":492,"to":494,"sanitized":480},{"entryPoint":581,"graph":582,"unsanitizedCount":116,"severity":79},"\u003CAdmin_Page> (src\\Admin_Page.php:0)",{"nodes":583,"edges":590},[584,585,586,587,588,589],{"id":461,"type":462,"label":563,"file":226,"line":564},{"id":466,"type":566,"label":567,"file":226,"line":564},{"id":472,"type":467,"label":569,"file":226,"line":285,"wp_function":570},{"id":474,"type":462,"label":572,"file":226,"line":343},{"id":492,"type":566,"label":567,"file":226,"line":343},{"id":494,"type":467,"label":569,"file":226,"line":285,"wp_function":570},[591,592,593,594],{"from":461,"to":466,"sanitized":480},{"from":466,"to":472,"sanitized":480},{"from":474,"to":492,"sanitized":480},{"from":492,"to":494,"sanitized":480},{"summary":596,"deductions":597},"The kama-clic-counter plugin, version 4.1.1, presents a mixed security posture. While it demonstrates some good practices like utilizing prepared statements for a majority of SQL queries and having a relatively small attack surface with no directly unprotected entry points, several areas raise concerns.  The presence of 7 taint flows with unsanitized paths, including two of high severity, is a significant red flag, indicating potential vulnerabilities if these flows are not handled correctly by downstream sanitization or escaping.\n\nThe vulnerability history of this plugin is also a point of concern. With a total of 4 known CVEs, and a history of both Cross-Site Scripting and SQL Injection vulnerabilities, it suggests a pattern of input validation and output escaping weaknesses. Although there are currently no unpatched vulnerabilities, the recurring nature of these exploit types implies that developers should be extra vigilant about the handling of user-supplied data. The plugin's strengths lie in its limited attack surface and efforts towards secure SQL querying, but the identified taint flows and past vulnerabilities require careful consideration and robust security practices.\n\nIn conclusion, while not exhibiting critical immediate threats based on the static analysis of this version, the plugin's history of critical vulnerability types and the presence of high-severity taint flows warrant attention. The developers should prioritize thorough review and remediation of any code paths that could lead to the identified unsanitized flows, and a proactive approach to security testing is recommended to prevent future occurrences of common vulnerability types.",[598,600,603,605,607,609],{"reason":599,"points":246},"High severity taint flows found (2)",{"reason":601,"points":602},"Unsanitized paths in taint flows (7)",10,{"reason":604,"points":140},"SQL queries not using prepared statements (33% raw)",{"reason":606,"points":59},"Output not properly escaped (37%)",{"reason":608,"points":87},"Vulnerability history of XSS and SQLi",{"reason":610,"points":450},"Bundled library (TinyMCE)","2026-03-16T19:11:15.605Z",{"wat":613,"direct":621},{"assetPaths":614,"generatorPatterns":616,"scriptPaths":617,"versionParams":618},[615],"\u002Fwp-content\u002Fplugins\u002Fkama-clic-counter\u002Fassets\u002Fcounter.min.js",[],[],[619,620],"kama-clic-counter\u002Fstyle.css?ver=","kama-clic-counter\u002Fscript.js?ver=",{"cssClasses":622,"htmlComments":625,"htmlAttributes":627,"restEndpoints":629,"jsGlobals":630,"shortcodeOutput":632},[623,624],"kama-click-counter","kcc-download-btn",[626],"\u003C!-- Kama Click Counter settings -->",[628],"data-kcc-id",[],[631],"kama_click_counter",[633],"[download url="]