[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frxZ5rmwmOxwtKJbBG-mVmlcDaXGN9NL-RTqGNTsJAVQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":65,"crawl_stats":38,"alternatives":73,"analysis":170,"fingerprints":665},"koko-analytics","Koko Analytics – Privacy Friendly Statistics for WordPress","2.2.4","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Cp>Koko Analytics provides website analytics and visitor statistics directly inside your WordPress dashboard without relying on external services. It is privacy-friendly, lightweight, open source, and easy to use.\u003C\u002Fp>\n\u003Cp>Fully GDPR, CCPA and PECR compliant by design: no personal data is processed or stored, everything runs on your own server and can be used without cookies.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fkoko-analytics-dashboard\u002F\" rel=\"nofollow ugc\">view a live demo here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Why Koko Analytics\u003C\u002Fh3>\n\u003Cp>Our goal is to provide you with a simple, lightweight and privacy-friendly alternative to Google Analytics for your WordPress statistics.\u003C\u002Fp>\n\u003Ch4>Privacy Friendly Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fprivacy-focused-wordpress-analytics\u002F\" rel=\"nofollow ugc\">privacy friendly analytics\u003C\u002Fa>. No personal data is processed or stored, all measurements are carried out completely anonymously and nothing is ever shared with any third-party service.\u003C\u002Fp>\n\u003Ch4>Lightweight Statistics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Flightweight-wordpress-analytics\u002F\" rel=\"nofollow ugc\">lightweight analytics\u003C\u002Fa>. It adds less than 1 kilobyte of data to your HTML and is fully compatible with pages served from any kind of cache. WordPress is bypassed entirely for its collection endpoint, making the impact on your site’s performance as close to zero as possible. Fact: there is no faster statistics plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>Simple Analytics Dashboard\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fsimple-wordpress-analytics\u002F\" rel=\"nofollow ugc\">simple analytics\u003C\u002Fa>. There are no complicated reports to dig through. A single dashboard page shows you all the important metrics.\u003C\u002Fp>\n\u003Ch4>Open Source Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fopen-source-wordpress-analytics\u002F\" rel=\"nofollow ugc\">open source analytics\u003C\u002Fa>. The source code is released under the GPL license and freely \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fibericode\u002Fkoko-analytics\" rel=\"nofollow ugc\">available on GitHub\u003C\u002Fa>. Anyone can read it, inspect it and review it.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A beautiful analytics dashboard built right into WordPress admin.\u003C\u002Fli>\n\u003Cli>View statistics for your most popular posts and pages.\u003C\u002Fli>\n\u003Cli>See referral statistics showing which sites send you traffic.\u003C\u002Fli>\n\u003Cli>Path-based tracking to see analytics for any URL, including archives and search pages.\u003C\u002Fli>\n\u003Cli>Reliably detect returning visitors without the use of cookies.\u003C\u002Fli>\n\u003Cli>Exclude visits from certain WordPress user roles or IP addresses.\u003C\u002Fli>\n\u003Cli>Import historical statistics from Jetpack Stats, Plausible or Burst Statistics.\u003C\u002Fli>\n\u003Cli>Periodically clean-up historical data older than a specified number of months or years.\u003C\u002Fli>\n\u003Cli>A widget, Gutenberg block or shortcode to show a list of your most visited posts or pages.\u003C\u002Fli>\n\u003Cli>A shortcode or Gutenberg block to show the total number of pageviews to a given page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>See what countries your site is visited from with geo-location statistics.\u003C\u002Fli>\n\u003Cli>See what browsers, operating systems or devices your visitors are using.\u003C\u002Fli>\n\u003Cli>Custom event analytics to track outbound link clicks, contact form submissions, and more.\u003C\u002Fli>\n\u003Cli>Stay up-to-date with periodic analytics reports delivered to your email inbox.\u003C\u002Fli>\n\u003Cli>Be notified immediately whenever your site experiences an unusual traffic spike.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You will have access to all of these benefits and more for a small yearly fee.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">View pricing for Koko Analytics Pro here \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n","Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.",60000,2043562,100,222,"2026-03-12T15:04:00.000Z","6.9.4","6.0","7.4",[20,21,22,23,24],"analytics","google-analytics","privacy","statistics","stats","https:\u002F\u002Fwww.kokoanalytics.com\u002F#utm_source=wp-plugin&utm_medium=koko-analytics&utm_campaign=plugins-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkoko-analytics.2.2.4.zip",96,2,0,"2026-01-20 00:00:00","2026-03-15T15:16:48.613Z",[33,49],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2026-22850","koko-analytics-unauthenticated-sql-injection","Koko Analytics \u003C= 2.1.2 - Unauthenticated SQL Injection","The Koko Analytics plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=2.1.2","2.1.3","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-01-27 19:19:52",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9fad85ef-5ab7-47d9-b4a6-9e1a1f1ff3bb?source=api-prod",8,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":38,"affected_versions":54,"patched_in_version":55,"severity":56,"cvss_score":57,"cvss_vector":58,"vuln_type":59,"published_date":60,"updated_date":61,"references":62,"days_to_patch":64},"CVE-2024-8662","koko-analytics-reflected-cross-site-scripting","Koko Analytics \u003C= 1.3.12 - Reflected Cross-Site Scripting","The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.12. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.3.12","1.3.13","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-09-23 00:00:00","2024-09-24 01:56:49",[63],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fdd15c7c8-6538-4443-a409-0d34ff893963?source=api-prod",1,{"slug":66,"display_name":7,"profile_url":8,"plugin_count":67,"total_installs":68,"avg_security_score":69,"avg_patch_time_days":70,"trust_score":71,"computed_at":72},"dvankooten",9,1105100,97,655,77,"2026-04-04T01:05:17.587Z",[74,95,113,131,152],{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":16,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":91,"download_link":92,"security_score":27,"vuln_count":93,"unpatched_count":29,"last_vuln_date":94,"fetched_at":31},"burst-statistics","Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)","3.2.3","Burst Statistics B.V.","https:\u002F\u002Fprofiles.wordpress.org\u002Fburstbv\u002F","\u003Ch4>Finally, analytics that you’ll actually use.\u003C\u002Fh4>\n\u003Cp>Google Analytics is overkill. Other WordPress statistics plugins are cluttered and confusing. You just want to know what’s happening on your site – without a data science degree.\u003C\u002Fp>\n\u003Cp>Burst Statistics gives you a clean, intuitive analytics dashboard focused on the metrics that actually matter. \u003Cstrong>No external accounts. No complex setup. Install, activate, and understand your traffic in seconds.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Trusted by \u003Cstrong>200,000+ WordPress sites\u003C\u002Fstrong>. Built by the experienced team behind UpdraftPlus, WP-Optimize, and All-In-One Security.\u003C\u002Fp>\n\u003Ch4>What our users are saying\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Finally, an analytics plugin I can actually explain to clients.”\u003Cbr \u002F>\n  — @anguskeystone on wordpress.org\u003C\u002Fp>\n\u003Cp>“I tried WP Statistics and Independent Analytics, but they’re overloaded and confusing. Burst’s UI is intuitive and focused on what matters to me.”\u003Cbr \u002F>\n  — @vallered on wordpress.org\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Why Burst Statistics?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Designed to be actionable\u003C\u002Fstrong>\u003Cbr \u002F>\nOther analytics plugins throw everything at you. Burst shows what matters — visitors, pageviews, referrers, top pages — in a dashboard you’ll actually use. No overload of data. No confusing menus.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy-first by design\u003C\u002Fstrong>\u003Cbr \u002F>\nAll statistics stay on your server. No external tracking. Your data is yours – we never see it without your explicit permission.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Zero setup friction\u003C\u002Fstrong>\u003Cbr \u002F>\nInstall, activate, done. No Google accounts, no tracking codes, no configuration headaches. Start seeing live visitors immediately.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Built for WordPress\u003C\u002Fstrong>\u003Cbr \u002F>\nNot a port from another platform. Designed specifically for WordPress with native performance and seamless integration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fast and lightweight\u003C\u002Fstrong>\u003Cbr \u002F>\nOptimized database queries, no bloated scripts (\u003C4kb tracking script), no external dependencies slowing down your pages. Designed to track accurately even when using aggressive server-side caching.\u003C\u002Fp>\n\u003Cp>\u003Ch4>Features\u003C\u002Fh4>\n\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Understand your traffic\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View table of top performing pages and posts\u003C\u002Fli>\n\u003Cli>Track key metrics (Visitors, Sessions, Pageviews, Bounce Rate)\u003C\u002Fli>\n\u003Cli>Breakdown of visitors by device (Desktop, Tablet, Mobile)\u003C\u002Fli>\n\u003Cli>Filter data by custom date ranges\u003C\u002Fli>\n\u003Cli>Compare traffic over time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Real-time analytics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Identify the real-time source for live visitors\u003C\u002Fli>\n\u003Cli>View the specific pages users are visiting now\u003C\u002Fli>\n\u003Cli>See a live count of active users on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>See what content performs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Top pages and posts ranked by views\u003C\u002Fli>\n\u003Cli>Compare any date range\u003C\u002Fli>\n\u003Cli>Track individual page performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom conversion tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Track views, clicks and hooks\u003C\u002Fli>\n\u003Cli>Track WooCommerce sales\u003C\u002Fli>\n\u003Cli>Track custom events or hooks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy without compromise\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>100% self-hosted — all statistics stored locally in your WordPress database\u003C\u002Fli>\n\u003Cli>Cookieless tracking option (no consent banner required in some countries)\u003C\u002Fli>\n\u003Cli>Designed to support GDPR, CCPA, DSGVO, AVG, RGPD, and PECR compliance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Stay informed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Weekly or monthly email reports delivered to your inbox\u003C\u002Fli>\n\u003Cli>Compare periods to spot trends\u003C\u002Fli>\n\u003Cli>Get notified when tracking does not work\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>From the creators of UpdraftPlus, WP Optimize and All In One Security\u003C\u002Fh4>\n\u003Cp>Burst Statistics was created by experienced developers who also created:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupdraftplus\u002F\" rel=\"ugc\">UpdraftPlus: WP Backup & Migration Plugin\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F\" rel=\"ugc\">All-In-One Security (AIOS) – Security and Firewall\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-optimize\u002F\" rel=\"ugc\">WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Who is Burst for?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bloggers & content creators\u003C\u002Fstrong> — See which posts resonate with your audience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Small business owners\u003C\u002Fstrong> — Understand your traffic without complexity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> — Track visitor behavior and sales (Burst Pro – Business plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & freelancers\u003C\u002Fstrong> — Manage analytics for your clients (Burst Pro – Agency plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-conscious site owners\u003C\u002Fstrong> — GDPR-compliant stats without consent banners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone tired of Google Analytics\u003C\u002Fstrong> — Get clarity instead of confusion\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Unlock comprehensive insights into your website’s user behaviour with Burst Pro. Benefit from advanced features designed to improve performance, boost engagement, and drive conversions. \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Get Burst Pro now.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Free vs Pro\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Burst Statistics (Free)\u003C\u002Fstrong> includes everything you need to understand your website traffic: visitors, pageviews, referrers, top content, device stats, goal tracking, email reports, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Burst Pro\u003C\u002Fstrong> adds advanced features for businesses and professionals:\u003C\u002Fp>\n\u003Cp>CREATOR PLAN\u003Cbr \u002F>\n* UTM campaign tracking — See which marketing efforts drive results\u003Cbr \u002F>\n* Geographic data — Country and city-level visitor insights\u003Cbr \u002F>\n* Advanced filtering — Segment data by any dimension\u003Cbr \u002F>\n* Data archiving settings — Keep your database lean automatically\u003Cbr \u002F>\n* Priority support — Direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Cp>BUSINESS PLAN\u003Cbr \u002F>\n* Everything in the creator plan +\u003Cbr \u002F>\n* Full sales dashboard — Understand what content brings in the most revenue\u003Cbr \u002F>\n* Revenue attribution — Connect WooCommerce sales to traffic sources\u003C\u002Fp>\n\u003Cp>AGENCY PLAN\u003Cbr \u002F>\n* Everything in the business plan +\u003Cbr \u002F>\n* Reporting — Generate shareable reports\u003C\u002Fp>\n\u003Cp>All Burst Pro plans include \u003Cstrong>priority support\u003C\u002Fstrong>.  You’ll have direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Ch4>Learn More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fburst-statistics-vs-google-analytics\u002F\" rel=\"nofollow ugc\">Burst Statistics vs Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fwhy-is-burst-privacy-friendly\u002F\" rel=\"nofollow ugc\">Privacy & GDPR Compliance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Burst Pro Pricing\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy and Data Sharing\u003C\u002Fh4>\n\u003Cp>Burst Statistics includes an \u003Cstrong>optional\u003C\u002Fstrong> data sharing program. It is disabled by default. You can enable it under Burst Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Data Sharing, and you can turn it off again at any time from the same location.\u003Cbr \u002F>\nWhen enabled, the plugin sends a small set of aggregated, anonymized metrics to Burst Statistics’ servers once per month. This includes traffic statistics (visitors, pageviews, bounce rate, session duration), database row counts and query performance timings. No personal data, IP addresses, domain names, or visitor information is ever transmitted. All data is aggregated on your server before it leaves, making it impossible to trace back to your website or any individual user.\u003C\u002Fp>\n\u003Cp>We use this data to:\u003Cbr \u002F>\n* build anonymous industry benchmarks so you can compare your site’s performance against peers;\u003Cbr \u002F>\n* understand which features are most used, so we can prioritize development effectively;\u003Cbr \u002F>\n* know which WordPress and PHP versions are in active use, so we can make informed support decisions;\u003Cbr \u002F>\n* identify slow database queries across real-world installs, so we can improve plugin performance for everyone.\u003C\u002Fp>\n\u003Cp>For the complete list of data fields collected and full details on how the data is used, please read our \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fhow-we-handle-anonymous-usage-data\u002F\" rel=\"nofollow ugc\">Data Sharing Policy\u003C\u002Fa>.\u003Cbr \u002F>\nThis feature connects to: https:\u002F\u002Fapi.burst-statistics.com\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003C\u002Fstrong> in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Search for \u003Cstrong>Burst\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Install Now\u003C\u002Fstrong>, then \u003Cstrong>Activate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Visit \u003Cstrong>Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Dashboard\u003C\u002Fstrong> to see your analytics\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>That’s it. No external accounts. No tracking codes to paste. Burst starts collecting statistics immediately.\u003C\u002Fp>\n","Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.",200000,7013207,98,173,"2026-03-12T07:52:00.000Z","6.4","8.0",[20,90,22,23,24],"gdpr","https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Fburst-statistics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fburst-statistics.3.2.3.zip",3,"2025-06-27 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":27,"num_ratings":105,"last_updated":106,"tested_up_to":16,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":111,"download_link":112,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"statify","Statify","1.8.5","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Statify provides a straightforward and compact access to the number of site views. It is privacy-friendly as it uses neither cookies nor a third party.\u003C\u002Fp>\n\u003Cp>An interactive chart is followed by lists of the most common reference sources and target pages. The period of statistics and length of lists can be set directly in the dashboard widget.\u003C\u002Fp>\n\u003Ch3>Data Privacy\u003C\u002Fh3>\n\u003Cp>In direct comparison to statistics services such as \u003Cem>Google Analytics\u003C\u002Fem>, \u003Cem>WordPress.com Stats\u003C\u002Fem> and \u003Cem>Matomo (Piwik)\u003C\u002Fem> \u003Cem>Statify\u003C\u002Fem> doesn’t process and store personal data as e.g. IP addresses – \u003Cem>Statify\u003C\u002Fem> counts site views, not visitors.\u003C\u002Fp>\n\u003Cp>Absolute privacy compliance coupled with transparent procedures: A locally in WordPress created database table consists of only four fields (ID, date, source, target) and can be viewed at any time, cleaned up and cleared by the administrator.\u003C\u002Fp>\n\u003Cp>Due to this tracking approach, Statify is 100% compliant with GDPR and serves as an lightweight alternative to other tracking services.\u003C\u002Fp>\n\u003Ch3>Display of the widget\u003C\u002Fh3>\n\u003Cp>The plugin configuration can be changed directly in the \u003Cem>Statify\u003C\u002Fem> Widget on the dashboard by clicking the \u003Cem>Configure\u003C\u002Fem> link.\u003C\u002Fp>\n\u003Cp>The amount of links shown in the \u003Cem>Statify\u003C\u002Fem> Widget can be set as well as the option to only count views from today. Of course, older entries are not deleted when changing this setting.\u003C\u002Fp>\n\u003Cp>The statistics for the dashboard widget are cached for four minutes.\u003C\u002Fp>\n\u003Ch3>Period of data saving\u003C\u002Fh3>\n\u003Cp>\u003Cem>Statify\u003C\u002Fem> stores the data only for a limited period (default: two weeks), longer intervals can be selected as option in the widget. Data which is older than the selected period is deleted by a daily cron job.\u003C\u002Fp>\n\u003Cp>An increase in the database volume can be expected because all statistic values are collected and managed in the local WordPress database (especially if you increase the period of data saving).\u003C\u002Fp>\n\u003Ch3>JavaScript tracking for caching compatibility\u003C\u002Fh3>\n\u003Cp>For compatibility with caching plugins like \u003Ca href=\"http:\u002F\u002Fcachify.de\" rel=\"nofollow ugc\">Cachify\u003C\u002Fa> \u003Cem>Statify\u003C\u002Fem> offers an optional switchable tracking via JavaScript. This function allows reliable count of cached blog pages.\u003C\u002Fp>\n\u003Cp>For this to work correctly, the active theme has to call \u003Ccode>wp_footer()\u003C\u002Fcode>, typically in a file named \u003Ccode>footer.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch3>Skip tracking for spam referrers\u003C\u002Fh3>\n\u003Cp>The comment blacklist can be enabled to skip tracking for views with a referrer URL listed in comment blacklist, i. e. which considered as spam.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you’ve problems or think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstatify\" rel=\"ugc\">support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fstatify\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fstatify\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.",100000,2377836,50,"2025-12-21T16:02:00.000Z","4.7","5.2",[20,110,22,23,24],"pageviews","https:\u002F\u002Fstatify.pluginkollektiv.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstatify.1.8.5.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":16,"requires_at_least":107,"requires_php":126,"tags":127,"homepage":128,"download_link":129,"security_score":13,"vuln_count":64,"unpatched_count":29,"last_vuln_date":130,"fetched_at":31},"extended-evaluation-for-statify","Statify – Extended Evaluation","2.6.5","Patrick Robrecht","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatrickrobrecht\u002F","\u003Cp>This plugin evaluates the data collected with the privacy-friendly \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fstatify\u002F\" rel=\"ugc\">Statify\u003C\u002Fa> Plugin which is only saving date, referrer and target url for every page view.\u003C\u002Fp>\n\u003Cp>The plugin creates evaluations for the following criteria:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>views per year \u002F month \u002F day\u003C\u002Fli>\n\u003Cli>most popular content\u003C\u002Fli>\n\u003Cli>views per post\u003C\u002Fli>\n\u003Cli>views per referrer\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The results are shown in data tables and diagrams. The evaluation results can be downloaded as CSV files (for an import into LibreOffice Calc or Microsoft Excel).\u003C\u002Fp>\n","This plugin evaluates the data collected with the privacy-friendly Statify Plugin (data tables and diagrams). The evaluation can be downloaded as csv.",20000,142195,92,11,"2026-02-22T19:31:00.000Z","5.6",[20,22,23,24],"https:\u002F\u002Fpatrick-robrecht.de\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextended-evaluation-for-statify.2.6.5.zip","2023-09-18 00:00:00",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":27,"num_ratings":141,"last_updated":142,"tested_up_to":143,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":148,"download_link":149,"security_score":150,"vuln_count":28,"unpatched_count":29,"last_vuln_date":151,"fetched_at":31},"fathom-analytics","Fathom Analytics for WP","3.3.1","Conva Ventures","https:\u002F\u002Fprofiles.wordpress.org\u002Fconvaventures\u002F","\u003Cp>The best Google Analytics alternative for WordPress\u003C\u002Fp>\n\u003Cp>Fathom Analytics is a simple-to-use, privacy-focused (GDPR-compliant) website analytics tool for your WordPress site. You don’t have to edit the code in your WordPress template to start using our software.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fapp.usefathom.com\u002Fdemo\" rel=\"nofollow ugc\">Check out our live demo\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fapp.usefathom.com\u002Fregister\" rel=\"nofollow ugc\">sign up for a free 30-day trial\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>You’ll need a \u003Ca href=\"https:\u002F\u002Fapp.usefathom.com\u002Fregister\" rel=\"nofollow ugc\">subscription\u003C\u002Fa> to Fathom Analytics to start collecting stats with this plugin, and our pricing starts at just $14\u002Fmonth. Instead of generating revenue from your visitors’ data, we charge a fair and sustainable price for all our plans. Our business model is privacy-first by design.\u003C\u002Fp>\n\u003Ch3>Why use Fathom Analytics?\u003C\u002Fh3>\n\u003Cp>Google Analytics is time-consuming to use and difficult to understand. Google also kills off its popular software far too often (like Universal Analytics). That’s why Fathom Analytics exists: to make website analytics easy and quick to understand.\u003C\u002Fp>\n\u003Cp>Thousands of customers, from governments and banks to small businesses and bloggers, trust their website analytics to Fathom.\u003C\u002Fp>\n\u003Ch3>Import from Google Analytics\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Ffeatures\u002Fga-importer\" rel=\"nofollow ugc\">We’ve got an importer\u003C\u002Fa> to save your UA (Universal Analytics) and GA4 data. Because we’ve got unlimited data retention, you can keep and view your stats forever.\u003C\u002Fp>\n\u003Ch3>Setup in minutes\u003C\u002Fh3>\n\u003Cp>Because Fathom Analytics is a \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fdocs\u002Fscript\u002Fembed\" rel=\"nofollow ugc\">single line of code\u003C\u002Fa>, and our WordPress plugin doesn’t even require any coding, you can go from starting a trial to seeing real-time data within a few minutes. \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fdocs\u002Fintegrations\u002Fwordpress\" rel=\"nofollow ugc\">Learn how to set up our plugin here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Comply with privacy laws\u003C\u002Fh3>\n\u003Cp>The best lawyers and legal minds worldwide regarding digital privacy have ensured that Fathom Analytics is fully compliant with \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fcompliance\" rel=\"nofollow ugc\">GDPR, CCPA, ePrivacy, PECR and more\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>No cookie banners are required\u003C\u002Fh3>\n\u003Cp>We invented the now industry-standard method for anonymizing visitor data without using cookies. That means you don’t have to clutter your site or slow it down with cookie banner plugins or consent notices for your site’s analytics.\u003C\u002Fp>\n\u003Ch3>Email reports\u003C\u002Fh3>\n\u003Cp>Get a snapshot of your website or websites delivered to your inbox so you can see your critical stats without even having to log into Fathom Analytics. These reports can be set up for any dashboard (or all of them) and sent to anyone (at your company, to your clients, whomever you want).\u003C\u002Fp>\n\u003Ch3>Shared or private dashboards\u003C\u002Fh3>\n\u003Cp>Want to grant access to specific website dashboards for particular clients\u002Femployees? Or make your dashboard 100% public? Fathom Analytics lets you create private, public or passworded dashboards without needing an account.\u003C\u002Fp>\n\u003Ch3>More features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Simple options page within WordPress admin\u003C\u002Fli>\n\u003Cli>Ability to not track yourself or specific user roles with a single click\u003C\u002Fli>\n\u003Cli>Search within dashboard boxes\u003C\u002Fli>\n\u003Cli>Tiny, lightweight script that’s great for your SEO\u003C\u002Fli>\n\u003Cli>Dark mode\u003C\u002Fli>\n\u003Cli>All sites view to see all your sites at a glance\u003C\u002Fli>\n\u003Cli>And much more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setup this WordPress plugin\u003C\u002Fh3>\n\u003Cp>To learn how to quickly setup this plugin, \u003Ca href=\"https:\u002F\u002Fusefathom.com\u002Fdocs\u002Fintegrations\u002Fwordpress\" rel=\"nofollow ugc\">read our support doc\u003C\u002Fa>.\u003C\u002Fp>\n","Fathom is a simple, GDPR compliant Google Analytics alternative.",10000,101515,23,"2025-11-18T18:04:00.000Z","6.8.5","4.5","5.4",[20,21,22,147,24],"privacy-friendly","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffathom-analytics.3.3.1.zip",99,"2023-10-25 00:00:00",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":139,"downloaded":160,"rating":84,"num_ratings":161,"last_updated":162,"tested_up_to":16,"requires_at_least":163,"requires_php":164,"tags":165,"homepage":167,"download_link":168,"security_score":150,"vuln_count":93,"unpatched_count":29,"last_vuln_date":169,"fetched_at":31},"plausible-analytics","Plausible Analytics","2.5.6","Plausible Insights OÜ","https:\u002F\u002Fprofiles.wordpress.org\u002Fplausible\u002F","\u003Cp>Plausible Analytics is an easy-to-use, open source, lightweight and privacy-friendly web analytics alternative to Google Analytics.\u003C\u002Fp>\n\u003Cp>Plausible Analytics doesn’t use cookies and is fully compliant with GDPR, CCPA and PECR. Made and hosted in the EU, powered by European-owned cloud infrastructure 🇪🇺.\u003C\u002Fp>\n\u003Cp>Take a look at \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fplausible.io\" rel=\"nofollow ugc\">the live demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You need a subscription to Plausible Analytics to track your stats. There’s a free 30-day trial with no credit card required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We’re completely independent, self-funded, bootstrapped and debt-free. We’re not interested in raising funds or taking investment. We choose the subscription business model rather than surveillance capitalism. We’re operating a sustainable project funded solely by the fees that our subscribers pay us.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fplausible.io\u002F\" rel=\"nofollow ugc\">Visit our website\u003C\u002Fa> for full details.\u003C\u002Fp>\n\u003Ch3>Why use Plausible?\u003C\u002Fh3>\n\u003Cp>Google Analytics is frustrating to use, difficult to understand, slow to load and privacy-invasive. That’s why we built Plausible Analytics, a simple but powerful, lightweight, open source and privacy-friendly alternative.\u003C\u002Fp>\n\u003Cp>Here’s what makes Plausible a great Google Analytics alternative and why over 16,000 paying subscribers trust us with their website and business insights:\u003C\u002Fp>\n\u003Ch3>Smooth transition from Google Analytics\u003C\u002Fh3>\n\u003Cp>Plausible features a realtime dashboard, entry pages report and integration with Search Console. You can track your paid campaigns and conversions. You can invite team members. You can even \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fgoogle-analytics-import\" rel=\"nofollow ugc\">import your historical stats from Google Analytics\u003C\u002Fa>. Learn how to get the most out of \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fyour-plausible-experience\" rel=\"nofollow ugc\">your Plausible experience\u003C\u002Fa> and join thousands who have already migrated from Google Analytics.\u003C\u002Fp>\n\u003Ch3>Simple analytics at a glance\u003C\u002Fh3>\n\u003Cp>Plausible is simple analytics. It is easy to understand and it cuts through the noise. Check your site traffic and get all the essential insights on one page in one minute. There are no layers of menus, there is no need for you to build custom reports, custom dashboards or PowerPoint documents.\u003C\u002Fp>\n\u003Ch3>Lightweight script that keeps your site speed fast\u003C\u002Fh3>\n\u003Cp>Plausible is lightweight analytics. Our script is 75 times smaller than Google Analytics. Your page weight will be cut down, your site will load faster and you’ll reduce your carbon footprint for a greener and more sustainable web. A site with 100,000 monthly visitors can save 8.2 kg of CO2 emissions per year by switching.\u003C\u002Fp>\n\u003Ch3>No need for cookie banners or GDPR consent\u003C\u002Fh3>\n\u003Cp>Plausible is privacy-friendly analytics. All the site measurement is carried out absolutely anonymously. Cookies are not used and no personal data is collected. There are no persistent identifiers. No cross-site or cross-device tracking either. Your site data is not used for any other purposes. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.\u003C\u002Fp>\n\u003Ch3>Track events and marketing campaigns\u003C\u002Fh3>\n\u003Cp>Plausible is useful. Segment your audience by any metric you click on. Answer the important questions about your visitors, content and referral sources. Analyze paid campaigns using UTM parameters. Track scroll depth, site search terms, outbound link clicks, cloaked affiliate link clicks, file downloads, form completions, 404 error pages, post authors, post categories and custom taxonomies without manually configuring anything or writing any code.\u003C\u002Fp>\n\u003Ch3>Built-in WooCommerce and Easy Digital Downloads analytics\u003C\u002Fh3>\n\u003Cp>Plausible provides automated WooCommerce and Easy Digital Downloads analytics solutions to track conversions, revenue and attribution. Activities tracked include adding to cart, removing from cart, entering checkout and completing a purchase. A purchase funnel looking at the user journey from viewing a product to making a purchase is enabled to help you see the drop-off rates between the different steps, understand your cart abandonment rate and increase your conversions.\u003C\u002Fp>\n\u003Ch3>Invite team members and share your dashboard\u003C\u002Fh3>\n\u003Cp>Plausible is shareable. Your stats are private by default but you can choose to be transparent and make them public so anyone with your custom link can view them. You can also share your stats privately by generating a secure link. This link is impossible to guess but you can add password protection for extra security. You can invite team members and assign user roles too.\u003C\u002Fp>\n\u003Ch3>Transparent and open source software\u003C\u002Fh3>\n\u003Cp>Plausible is open source analytics. Our source code is available and accessible on GitHub so anyone can read it, inspect it and review it to verify that our actions match with our words. We welcome feedback and have a public roadmap. If you’re happy to manage your own infrastructure, you can self-host Plausible too.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Our product is updated several times per week and with our WordPress plugin you always have access to all the latest features\u003C\u002Fli>\n\u003Cli>Automatically includes tracking code in the header of your site\u003C\u002Fli>\n\u003Cli>Simple plugin settings page with easy options and an onboarding guide \u003C\u002Fli>\n\u003Cli>Get more accurate stats and count those who use adblockers by running the Plausible script as a first-party connection from your domain name\u003C\u002Fli>\n\u003Cli>View your Plausible stats directly in your WordPress dashboard (you can grant access to other user roles too)\u003C\u002Fli>\n\u003Cli>Tracking of admin users is disabled by default (you can also disable tracking of other user roles)\u003C\u002Fli>\n\u003Cli>Enable WooCommerce or Easy Digital Downloads revenue tracking\u003C\u002Fli>\n\u003Cli>Enable file downloads, external link clicks, cloaked affiliate link clicks, site search terms, form completions and 404 error pages tracking \u003C\u002Fli>\n\u003Cli>Enable automated tracking of post authors, post categories and custom taxonomies for better content analysis\u003C\u002Fli>\n\u003Cli>Custom events and custom dimensions can be setup using CSS class names directly in the WordPress editor, no JS knowledge needed\u003C\u002Fli>\n\u003Cli>Integrate with Google Search Console so you can see search queries people use to find your site in Google’s search results\u003C\u002Fli>\n\u003Cli>Import your historical Google Analytics stats\u003C\u002Fli>\n\u003Cli>Keep an eye on your traffic with weekly and\u002For monthly email and Slack reports\u003C\u002Fli>\n\u003Cli>Get traffic spike notifications via email or Slack so you don’t miss being on the Hacker News\u003C\u002Fli>\n\u003Cli>Tag your paid ads, emails and social media posts with UTM tags and analyze your ecommerce and marketing campaigns from click to conversion using marketing funnels \u003C\u002Fli>\n\u003Cli>Filter the dashboard by any metric that you click on to get further insights. Mix and match filters too\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information: \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fwordpress-analytics-plugin\" rel=\"nofollow ugc\">How to setup Plausible Analytics WordPress plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Plausible Analytics is a privacy-friendly web analytics plugin for WordPress that is an easy-to-use, lightweight and more accurate  alternative to Goo &hellip;",343380,30,"2026-02-17T10:56:00.000Z","5.9","7.2",[20,21,22,24,166],"web-analytics","https:\u002F\u002Fplausible.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplausible-analytics.2.5.6.zip","2023-08-16 00:00:00",{"attackSurface":171,"codeSignals":292,"taintFlows":582,"riskAssessment":653,"analyzedAt":664},{"hooks":172,"ajaxHandlers":271,"restRoutes":272,"shortcodes":273,"cronEvents":280,"entryPointCount":28,"unprotectedCount":29},[173,180,186,190,194,198,201,205,209,214,218,221,224,226,230,233,236,238,240,242,245,248,253,256,259,261,265,268],{"type":174,"name":175,"callback":176,"priority":177,"file":178,"line":179},"filter","cron_schedules","closure",10,"migrations\\1.6.3-schedule-aggregate-event.php",7,{"type":181,"name":182,"callback":183,"priority":177,"file":184,"line":185},"action","wp_loaded","action_wp_loaded","src\\Admin\\Controller.php",19,{"type":181,"name":187,"callback":188,"priority":177,"file":184,"line":189},"wp_dashboard_setup","action_wp_dashboard_setup",20,{"type":181,"name":191,"callback":192,"priority":177,"file":184,"line":193},"admin_notices","action_admin_notices",21,{"type":181,"name":195,"callback":196,"priority":177,"file":184,"line":197},"admin_menu","action_admin_menu",22,{"type":181,"name":199,"callback":200,"priority":177,"file":184,"line":141},"admin_enqueue_scripts","action_admin_enqueue_scripts",{"type":174,"name":202,"callback":203,"priority":177,"file":184,"line":204},"plugin_action_links","filter_plugin_action_links",28,{"type":174,"name":206,"callback":207,"priority":177,"file":184,"line":208},"plugin_row_meta","filter_plugin_row_meta",29,{"type":181,"name":210,"callback":211,"priority":177,"file":212,"line":213},"init","action_init","src\\Blocks.php",12,{"type":174,"name":215,"callback":216,"priority":177,"file":212,"line":217},"pre_render_block","filter_pre_render_block",13,{"type":174,"name":219,"callback":220,"priority":177,"file":212,"line":105},"query_loop_block_query_vars","filter_query_loop_block_query_vars",{"type":181,"name":210,"callback":211,"priority":29,"file":222,"line":223},"src\\Controller.php",14,{"type":181,"name":182,"callback":183,"priority":177,"file":222,"line":225},15,{"type":181,"name":227,"callback":228,"priority":177,"file":222,"line":229},"wp","action_wp",16,{"type":174,"name":175,"callback":231,"priority":177,"file":222,"line":232},"filter_cron_schedules",18,{"type":181,"name":234,"callback":235,"priority":177,"file":222,"line":185},"rest_api_init","anonymous",{"type":181,"name":237,"callback":235,"priority":177,"file":222,"line":193},"koko_analytics_aggregate_stats",{"type":181,"name":239,"callback":235,"priority":177,"file":222,"line":197},"koko_analytics_prune_data",{"type":181,"name":241,"callback":235,"priority":177,"file":222,"line":141},"koko_analytics_rotate_fingerprint_seed",{"type":181,"name":243,"callback":235,"priority":177,"file":222,"line":244},"koko_analytics_test_custom_endpoint",24,{"type":181,"name":246,"callback":235,"priority":177,"file":222,"line":247},"koko_analytics_update_custom_endpoint",25,{"type":181,"name":249,"callback":250,"priority":251,"file":222,"line":252},"admin_bar_menu","action_admin_bar_menu",40,60,{"type":174,"name":254,"callback":176,"file":255,"line":93},"koko_analytics_settings","src\\Resources\\backwards-compat.php",{"type":181,"name":257,"callback":176,"priority":13,"file":258,"line":93},"koko_analytics_output_dashboard_settings","src\\Resources\\views\\settings\\dashboard.php",{"type":181,"name":257,"callback":176,"priority":260,"file":258,"line":232},200,{"type":181,"name":262,"callback":263,"priority":64,"file":264,"line":141},"wp_head","print_js_object","src\\Script_Loader.php",{"type":181,"name":266,"callback":267,"priority":177,"file":264,"line":244},"wp_footer","maybe_print_script",{"type":181,"name":269,"callback":270,"priority":177,"file":264,"line":247},"amp_print_analytics","print_amp_analytics_tag",[],[],[274,277],{"tag":275,"callback":235,"file":222,"line":276},"koko_analytics_most_viewed_posts",43,{"tag":278,"callback":235,"file":222,"line":279},"koko_analytics_counter",44,[281,282,285,287,288,289],{"hook":237,"callback":237,"file":178,"line":229},{"hook":237,"callback":237,"file":283,"line":284},"src\\Admin\\Pages.php",108,{"hook":237,"callback":237,"file":286,"line":177},"src\\Cron.php",{"hook":239,"callback":239,"file":286,"line":223},{"hook":241,"callback":241,"file":286,"line":185},{"hook":243,"callback":243,"file":290,"line":291},"src\\Endpoint_Installer.php",90,{"dangerousFunctions":293,"sqlUsage":294,"outputEscaping":386,"fileOperations":394,"externalRequests":93,"nonceChecks":179,"capabilityChecks":189,"bundledLibraries":581},[],{"prepared":295,"raw":296,"locations":297},83,46,[298,301,302,304,306,308,309,311,312,313,315,316,317,319,321,323,325,327,329,333,335,337,339,341,343,345,347,349,351,354,356,358,359,361,363,365,367,369,371,373,374,375,377,378,381,383],{"file":299,"line":48,"context":300},"migrations\\1.0.0-initial-schema.php","$wpdb->query() with variable interpolation",{"file":299,"line":229,"context":300},{"file":299,"line":303,"context":300},26,{"file":299,"line":305,"context":300},36,{"file":307,"line":48,"context":300},"migrations\\1.1.1-create-dates-table.php",{"file":307,"line":124,"context":300},{"file":310,"line":177,"context":300},"migrations\\1.9.991-prepare-post-stats-table.php",{"file":310,"line":185,"context":300},{"file":310,"line":189,"context":300},{"file":310,"line":197,"context":314},"$wpdb->get_var() with variable interpolation",{"file":310,"line":303,"context":300},{"file":310,"line":208,"context":300},{"file":318,"line":177,"context":314},"migrations\\1.9.992-maybe-migrate-post-stats.php",{"file":320,"line":177,"context":314},"migrations\\1.9.993-maybe-migrate-referrer-stats.php",{"file":322,"line":124,"context":300},"migrations\\2.0.11-set-paths-table-collation.php",{"file":324,"line":177,"context":314},"migrations\\2.0.12-fix-incorrect-post-paths.php",{"file":326,"line":48,"context":300},"migrations\\2.0.13-fix-post-id-column-type.php",{"file":328,"line":48,"context":300},"migrations\\2.0.20-drop-temporary-post-stats-table.php",{"file":330,"line":331,"context":332},"src\\Admin\\Actions.php",126,"$wpdb->get_results() with variable interpolation",{"file":330,"line":334,"context":300},149,{"file":330,"line":336,"context":300},150,{"file":330,"line":338,"context":300},152,{"file":330,"line":340,"context":300},161,{"file":330,"line":342,"context":300},163,{"file":330,"line":344,"context":300},177,{"file":330,"line":346,"context":332},180,{"file":184,"line":348,"context":314},118,{"file":184,"line":350,"context":314},137,{"file":352,"line":353,"context":314},"src\\Admin\\Data_Export.php",71,{"file":352,"line":355,"context":332},76,{"file":352,"line":357,"context":314},95,{"file":352,"line":13,"context":332},{"file":352,"line":360,"context":314},119,{"file":352,"line":362,"context":332},124,{"file":352,"line":364,"context":314},143,{"file":352,"line":366,"context":332},148,{"file":352,"line":368,"context":314},167,{"file":352,"line":370,"context":332},172,{"file":372,"line":244,"context":300},"src\\Admin\\Data_Reset.php",{"file":372,"line":247,"context":300},{"file":372,"line":303,"context":300},{"file":372,"line":376,"context":300},27,{"file":372,"line":204,"context":300},{"file":379,"line":380,"context":332},"src\\Pruner.php",41,{"file":379,"line":382,"context":332},55,{"file":384,"line":229,"context":385},"src\\Stats.php","$wpdb->get_row() with variable interpolation",{"escaped":364,"rawEcho":362,"locations":387},[388,390,392,395,397,398,399,401,402,403,405,407,408,410,411,413,415,416,418,419,421,422,423,424,426,427,429,430,432,433,436,438,441,442,444,447,448,449,450,451,452,453,455,457,459,461,462,464,466,467,468,470,472,474,476,478,480,481,483,485,487,489,491,493,494,496,498,500,502,504,505,506,507,508,509,510,512,513,514,516,517,520,521,522,523,525,526,527,530,532,534,535,537,539,540,541,542,543,545,546,548,549,550,552,553,554,555,557,559,560,561,562,563,565,566,568,570,572,573,575,576,577,578,579],{"file":283,"line":208,"context":389},"raw output",{"file":283,"line":391,"context":389},31,{"file":393,"line":394,"context":389},"src\\Chart_View.php",47,{"file":393,"line":396,"context":389},48,{"file":393,"line":396,"context":389},{"file":393,"line":396,"context":389},{"file":393,"line":400,"context":389},49,{"file":393,"line":105,"context":389},{"file":393,"line":105,"context":389},{"file":393,"line":404,"context":389},51,{"file":393,"line":406,"context":389},52,{"file":393,"line":406,"context":389},{"file":393,"line":409,"context":389},53,{"file":393,"line":409,"context":389},{"file":393,"line":412,"context":389},56,{"file":393,"line":414,"context":389},57,{"file":393,"line":414,"context":389},{"file":393,"line":417,"context":389},58,{"file":393,"line":252,"context":389},{"file":393,"line":420,"context":389},66,{"file":393,"line":420,"context":389},{"file":393,"line":420,"context":389},{"file":393,"line":420,"context":389},{"file":393,"line":425,"context":389},67,{"file":393,"line":425,"context":389},{"file":393,"line":428,"context":389},68,{"file":393,"line":428,"context":389},{"file":393,"line":431,"context":389},69,{"file":393,"line":431,"context":389},{"file":434,"line":435,"context":389},"src\\Dashboard.php",136,{"file":434,"line":437,"context":389},139,{"file":439,"line":440,"context":389},"src\\Notice_Pro.php",80,{"file":439,"line":295,"context":389},{"file":439,"line":443,"context":389},84,{"file":445,"line":446,"context":389},"src\\Resources\\views\\dashboard-page.php",38,{"file":445,"line":446,"context":389},{"file":445,"line":105,"context":389},{"file":445,"line":105,"context":389},{"file":445,"line":252,"context":389},{"file":445,"line":431,"context":389},{"file":445,"line":355,"context":389},{"file":445,"line":454,"context":389},81,{"file":445,"line":456,"context":389},114,{"file":445,"line":458,"context":389},116,{"file":445,"line":460,"context":389},122,{"file":445,"line":331,"context":389},{"file":445,"line":463,"context":389},129,{"file":445,"line":465,"context":389},141,{"file":445,"line":364,"context":389},{"file":445,"line":334,"context":389},{"file":445,"line":469,"context":389},153,{"file":445,"line":471,"context":389},156,{"file":445,"line":473,"context":389},162,{"file":445,"line":475,"context":389},188,{"file":445,"line":477,"context":389},189,{"file":445,"line":479,"context":389},195,{"file":445,"line":479,"context":389},{"file":445,"line":482,"context":389},196,{"file":445,"line":484,"context":389},198,{"file":445,"line":486,"context":389},199,{"file":445,"line":488,"context":389},230,{"file":445,"line":490,"context":389},231,{"file":445,"line":492,"context":389},237,{"file":445,"line":492,"context":389},{"file":445,"line":495,"context":389},238,{"file":445,"line":497,"context":389},239,{"file":445,"line":499,"context":389},240,{"file":445,"line":501,"context":389},241,{"file":503,"line":177,"context":389},"src\\Resources\\views\\dashboard-public.php",{"file":503,"line":124,"context":389},{"file":503,"line":232,"context":389},{"file":503,"line":185,"context":389},{"file":503,"line":189,"context":389},{"file":503,"line":193,"context":389},{"file":503,"line":161,"context":389},{"file":511,"line":185,"context":389},"src\\Resources\\views\\dashboard-widget.php",{"file":511,"line":189,"context":389},{"file":511,"line":105,"context":389},{"file":511,"line":515,"context":389},65,{"file":511,"line":420,"context":389},{"file":518,"line":519,"context":389},"src\\Resources\\views\\nav.php",5,{"file":258,"line":303,"context":389},{"file":258,"line":305,"context":389},{"file":258,"line":396,"context":389},{"file":524,"line":64,"context":389},"src\\Resources\\views\\settings\\data.php",{"file":524,"line":217,"context":389},{"file":524,"line":305,"context":389},{"file":528,"line":529,"context":389},"src\\Resources\\views\\settings\\emails.php",4,{"file":531,"line":28,"context":389},"src\\Resources\\views\\settings\\help.php",{"file":531,"line":533,"context":389},42,{"file":531,"line":406,"context":389},{"file":536,"line":48,"context":389},"src\\Resources\\views\\settings\\performance.php",{"file":538,"line":64,"context":389},"src\\Resources\\views\\settings\\tracking.php",{"file":538,"line":391,"context":389},{"file":538,"line":305,"context":389},{"file":538,"line":276,"context":389},{"file":538,"line":412,"context":389},{"file":538,"line":544,"context":389},74,{"file":538,"line":440,"context":389},{"file":547,"line":529,"context":389},"src\\Resources\\views\\settings-page.php",{"file":547,"line":519,"context":389},{"file":264,"line":360,"context":389},{"file":551,"line":382,"context":389},"src\\Widgets\\Most_Viewed_Posts_Widget.php",{"file":551,"line":414,"context":389},{"file":551,"line":414,"context":389},{"file":551,"line":414,"context":389},{"file":551,"line":556,"context":389},61,{"file":551,"line":558,"context":389},62,{"file":551,"line":357,"context":389},{"file":551,"line":27,"context":389},{"file":551,"line":27,"context":389},{"file":551,"line":13,"context":389},{"file":551,"line":564,"context":389},101,{"file":551,"line":564,"context":389},{"file":551,"line":567,"context":389},105,{"file":551,"line":569,"context":389},112,{"file":551,"line":571,"context":389},113,{"file":551,"line":571,"context":389},{"file":551,"line":574,"context":389},117,{"file":551,"line":348,"context":389},{"file":551,"line":348,"context":389},{"file":551,"line":460,"context":389},{"file":551,"line":460,"context":389},{"file":551,"line":580,"context":389},123,[],[583,601,609,619,627,638],{"entryPoint":584,"graph":585,"unsanitizedCount":29,"severity":600},"save_settings (src\\Admin\\Actions.php:80)",{"nodes":586,"edges":597},[587,592],{"id":588,"type":589,"label":590,"file":330,"line":591},"n0","source","$_POST",87,{"id":593,"type":594,"label":595,"file":330,"line":69,"wp_function":596},"n1","sink","update_option() [Settings Manipulation]","update_option",[598],{"from":588,"to":593,"sanitized":599},true,"low",{"entryPoint":602,"graph":603,"unsanitizedCount":29,"severity":600},"\u003CActions> (src\\Admin\\Actions.php:0)",{"nodes":604,"edges":607},[605,606],{"id":588,"type":589,"label":590,"file":330,"line":591},{"id":593,"type":594,"label":595,"file":330,"line":69,"wp_function":596},[608],{"from":588,"to":593,"sanitized":599},{"entryPoint":610,"graph":611,"unsanitizedCount":29,"severity":600},"start_import (src\\Import\\Jetpack_Importer.php:23)",{"nodes":612,"edges":617},[613,616],{"id":588,"type":589,"label":590,"file":614,"line":615},"src\\Import\\Jetpack_Importer.php",35,{"id":593,"type":594,"label":595,"file":614,"line":382,"wp_function":596},[618],{"from":588,"to":593,"sanitized":599},{"entryPoint":620,"graph":621,"unsanitizedCount":29,"severity":600},"\u003CJetpack_Importer> (src\\Import\\Jetpack_Importer.php:0)",{"nodes":622,"edges":625},[623,624],{"id":588,"type":589,"label":590,"file":614,"line":615},{"id":593,"type":594,"label":595,"file":614,"line":382,"wp_function":596},[626],{"from":588,"to":593,"sanitized":599},{"entryPoint":628,"graph":629,"unsanitizedCount":29,"severity":600},"\u003Cdashboard-page> (src\\Resources\\views\\dashboard-page.php:0)",{"nodes":630,"edges":636},[631,633],{"id":588,"type":589,"label":632,"file":445,"line":252},"$_GET[$key]",{"id":593,"type":594,"label":634,"file":445,"line":252,"wp_function":635},"echo() [XSS]","echo",[637],{"from":588,"to":593,"sanitized":599},{"entryPoint":639,"graph":640,"unsanitizedCount":29,"severity":600},"\u003Csettings-page> (src\\Resources\\views\\settings-page.php:0)",{"nodes":641,"edges":650},[642,644,645,648],{"id":588,"type":589,"label":643,"file":547,"line":141},"$_GET['error']",{"id":593,"type":594,"label":634,"file":547,"line":141,"wp_function":635},{"id":646,"type":589,"label":647,"file":547,"line":391},"n2","$_GET['message']",{"id":649,"type":594,"label":634,"file":547,"line":391,"wp_function":635},"n3",[651,652],{"from":588,"to":593,"sanitized":599},{"from":646,"to":649,"sanitized":599},{"summary":654,"deductions":655},"Koko Analytics v2.2.4 exhibits a mixed security posture. While the plugin demonstrates good practices by implementing numerous capability checks (20) and including nonce checks (7), the significant number of SQL queries (129 total) with a notable portion not using prepared statements (36%) raises a concern for potential SQL injection vulnerabilities.  The output escaping also falls short, with only 54% of outputs being properly escaped, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities. The vulnerability history, although no longer unpatched, shows a past of high and medium severity issues, including SQL Injection and XSS. This pattern suggests that while past vulnerabilities have been addressed, the underlying code practices might still be susceptible to similar issues if not continuously monitored and refactored.\n\nThe static analysis reveals no critical or high severity taint flows, which is positive. However, the 46% of SQL queries not using prepared statements is a significant area for improvement. Coupled with the low percentage of properly escaped outputs, these factors suggest a considerable risk of vulnerabilities that could be exploited. The vulnerability history, with past high severity SQL injection and XSS, reinforces these concerns. Despite the presence of security checks, the identified code signals indicate that the plugin's developers should prioritize more robust input validation and output sanitization to mitigate the risks of common web vulnerabilities.",[656,658,660,662],{"reason":657,"points":177},"SQL queries not using prepared statements",{"reason":659,"points":48},"Output escaping is not properly implemented",{"reason":661,"points":225},"Past high severity vulnerability (SQLi)",{"reason":663,"points":177},"Past medium severity vulnerability (XSS)","2026-03-16T17:16:50.582Z",{"wat":666,"direct":675},{"assetPaths":667,"generatorPatterns":670,"scriptPaths":671,"versionParams":672},[668,669],"\u002Fwp-content\u002Fplugins\u002Fkoko-analytics\u002Fassets\u002Fdist\u002Fcss\u002Fdashboard-2.css","\u002Fwp-content\u002Fplugins\u002Fkoko-analytics\u002Fassets\u002Fdist\u002Fjs\u002Fdashboard.js",[],[669],[673,674],"koko-analytics\u002Fassets\u002Fdist\u002Fcss\u002Fdashboard-2.css?ver=","koko-analytics\u002Fassets\u002Fdist\u002Fjs\u002Fdashboard.js?ver=",{"cssClasses":676,"htmlComments":682,"htmlAttributes":703,"restEndpoints":709,"jsGlobals":710,"shortcodeOutput":712},[677,678,679,680,681],"koko-analytics-dashboard-header","koko-analytics-dashboard-content","koko-analytics-dashboard-chart","koko-analytics-dashboard-table","koko-analytics-dashboard-filters",[683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702],"Koko Analytics - website analytics plugin for WordPress","Copyright (C) 2019 - 2026, Danny van Kooten, hi@dannyvankooten.com","This program is free software: you can redistribute it and\u002For modify","This program is distributed in the hope that it will be useful,","WITHOUT ANY WARRANTY; without even the implied warranty of","You should have received a copy of the GNU General Public License","phpcs:disable PSR1.Files.SideEffects","don't run if PHP version is lower than 7.4","prevent direct file access","Main hooks (global)","Block related hooks","Admin hooks (admin only)","WP CLI command","add links to documentation","add link to Pro version, unless already running it","Koko Analytics needs to migrate your page stats to a new storage format.","Click the button below to proceed with the database migration, this can take some time if you have a large site.","We recommend making a back-up of your Koko Analytics database tables before running the migration.","You can also run the migration using WP CLI: ","Koko Analytics needs to mig",[704,705,706,707,708],"data-koko-analytics-chart","data-koko-analytics-table","data-koko-analytics-filters","name=\"koko_analytics_action\"","value=\"migrate_post_stats_to_v2\"",[],[711],"window.kokoAnalyticsDashboard",[]]