[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fegxOOXOXj-Qsfm-dKFprI7UbB7BJLUNmem-RR0tsmrU":3,"$ftczBy5hqHw4huNFPdNP7njQoZzAVi-vudok56eVEApc":249,"$f5EFK3h_h_0T6lI67JS5FuWQKxmwTFRJGDSfLUrp9j7c":253},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":51,"analysis":152,"fingerprints":231},"nimbata-call-tracking","Nimbata Call Tracking","1.8.0","nimbata","https:\u002F\u002Fprofiles.wordpress.org\u002Fnimbata\u002F","\u003Cp>This plugin adds the Dynamic Number Insertion (DNI) script for Nimbata’s call tracking service. Discover which sources, marketing activities, keywords and more are driving phone calls and subsequent conversions.\u003C\u002Fp>\n\u003Cp>Our WordPress call tracking plugin can be setup in minutes and allows you to dynamically swap your site’s phone number with one of your private Nimbata tracking numbers. When a visitor calls your tracking number, we’ll correlate the call with the source, session or campaign details you’ve setup in the Nimbata app.\u003C\u002Fp>\n\u003Cp>To get started with Nimbata’s WordPress plugin, you’ll need an active Nimbata account. Learn more about Nimbata at http:\u002F\u002Fwww.nimbata.com.\u003C\u002Fp>\n","Dynamically swap your site's phone number with a nimbata tracking numbers. Track which sources generate phone leads to your business.",400,4665,0,"2026-04-08T16:29:00.000Z","6.9.4","3.0","5.0.2",[19,20,21,22,23],"adwords","analytics","call-tracking","ppc","seo","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnimbata-call-tracking\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.8.0.zip",79,1,"2025-04-09 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":37,"patch_diff_files":46,"patch_trac_url":37,"research_status":37,"research_verified":47,"research_rounds_completed":13,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":47,"poc_model_used":37,"poc_verification_depth":37},"CVE-2025-32616","nimbata-call-tracking-cross-site-request-forgery-to-stored-cross-site-scripting","Nimbata Call Tracking \u003C= 1.7.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Nimbata Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.7.2","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-15 13:48:14",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F59d5e083-ab0d-4046-bcfe-b725e9d0e7c1?source=api-prod",[],false,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":49,"trust_score":26,"computed_at":50},30,"2026-05-20T04:32:19.907Z",[52,73,94,109,131],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":15,"requires_at_least":16,"requires_php":65,"tags":66,"homepage":68,"download_link":69,"security_score":70,"vuln_count":71,"unpatched_count":13,"last_vuln_date":72,"fetched_at":29},"callrail-phone-call-tracking","CallRail Phone Call Tracking","0.5.3","CallRail","https:\u002F\u002Fprofiles.wordpress.org\u002Fcallrail\u002F","\u003Cp>CallRail is here to bring complete visibility to the marketers who rely on quality inbound leads to measure success. Our customers live in a results-driven world, and giving them a clear view into their digital marketing efforts is a first priority for CallRail. We see the opportunities in surfacing and connecting data from calls, forms, chat and beyond — helping our customers get to better outcomes.\u003C\u002Fp>\n\u003Cp>Our WordPress plugin allows you to learn detailed information about the source and web session of every caller from your website using a process called \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002Fleads\u002Fdynamic-number-insertion-2\u002F\" rel=\"nofollow ugc\">Dynamic Number Insertion\u003C\u002Fa>. It also powers our form tracking tool, which gives you the power to attribute form submissions back to their source and learn about what the user did on your site before submitting the form.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Learn more about \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002F\" rel=\"nofollow ugc\">CallRail\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out our WP plugin \u003Ca href=\"https:\u002F\u002Fsupport.callrail.com\u002Fhc\u002Fen-us\u002Farticles\u002F201011537\" rel=\"nofollow ugc\">support documentation.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.",10000,359187,74,6,"2026-02-11T19:30:00.000Z","",[19,20,21,67,23],"conversion-tracking","http:\u002F\u002Fwww.callrail.com\u002Fdocs\u002Fweb-integration\u002Fwordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallrail-phone-call-tracking.0.5.3.zip",99,2,"2023-10-24 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":27,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":90,"download_link":91,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":93},"calltracker","CallTracker","1.5","Call Tracker","https:\u002F\u002Fprofiles.wordpress.org\u002Fcalltracker\u002F","\u003Cp>Call Tracker makes it radically simple to setup tracking numbers and get analytics data you need\u003Cbr \u002F>\nso you can focus on what’s working and stop spending on what’s not. This plugin makes it easy to integrate Call Tracker Dynamic Number Insertion (DNI) with your WordPress site.\u003C\u002Fp>\n\u003Cp>With our DNI integration setup on your website, you’ll be able to harness the full power of our call tracking to target visitors based on different traffic sources, landing pages, campaigns, and also keywords with our number pools.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>To get started with the Call Tracker plugin, you’ll need an active Call Tracker Account which are \u003Cstrong>Free to Setup\u003C\u002Fstrong>, you’ll only pay for what you use. Tracking numbers cost $4 per month and 4&cent; per minute for calls.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Benefits of Dynamic Number Insertion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Hassel Free Call Tracking\u003C\u002Fstrong> – DNI drastically simplifies managing tracking numbers shown on your website allowing you to manage them from your Call Tracker Account and not on your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Target Source Channels\u003C\u002Fstrong> – Specific visitor targeting based on search engine, organic or paid search, referring domain, campaign parameters, landing page, and direct visitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Adwords Integration\u003C\u002Fstrong> – Our Google Adwords integration is built on top of our DNI to work seemlessly together.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Learn more about Call Tracker – https:\u002F\u002Fcalltracker.io\u003C\u002Fli>\n\u003Cli>Questions about getting start? Email our team at help@calltracker.io\u003C\u002Fli>\n\u003C\u002Ful>\n","Elegantly simple call tracking for your business.",10,1999,100,"2024-01-21T08:00:00.000Z","6.4.8","3.0.1","5.2.4",[19,21,74,89,22],"calltrackerio","https:\u002F\u002Fcalltracker.io\u002Fintegrations\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcalltracker.zip",85,"2026-04-06T09:54:40.288Z",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":81,"downloaded":102,"rating":83,"num_ratings":27,"last_updated":103,"tested_up_to":104,"requires_at_least":16,"requires_php":65,"tags":105,"homepage":107,"download_link":108,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"freespee-call-tracking","Freespee Call Tracking","1.0","Tobias Lindgren","https:\u002F\u002Fprofiles.wordpress.org\u002Feffeks\u002F","\u003Cp>The Freespee Call Tracking plugin dynamically displays a phone number on your WordPress site. Every phone call made by your visitors is turned into useful data. With the flip of a switch you deliver this phone call data to your Google Analytics account to see what keyword and Ad that drove the phone call.\u003C\u002Fp>\n\u003Cp>Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Link phone calls made by your online visitors to their source (Google SEM, Facebook, etc).\u003C\u002Fli>\n\u003Cli>View the full online user journey including phone calls.\u003C\u002Fli>\n\u003Cli>Feed call data into 3rd party platforms, like Google Analytics or Google AdWords. \u003Ca href=\"http:\u002F\u002Ffreespee.com\u002Fplugin-gallery\" rel=\"nofollow ugc\">Full list here!\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>For more information please visit \u003Ca href=\"http:\u002F\u002Ffreespee.com\u002F\" rel=\"nofollow ugc\">Freespee.com\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin works in USA, Canada and Europe.\u003C\u002Fp>\n\u003Cp>PS: You will need an \u003Ca href=\"http:\u002F\u002Ffreespee.com\u002Fsign-up\u002Fbasic\" rel=\"nofollow ugc\">Freespee.com customer ID\u003C\u002Fa> to use this plugin. Sign up for free!\u003C\u002Fp>\n","See which visitors ended up calling you, no coding required. Automated delivery of phone call data to your Google Analytics account.",1732,"2015-04-21T13:44:00.000Z","4.2.39",[19,20,21,67,106],"freespee","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffreespee-call-tracking\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffreespee-call-tracking.1.0.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":15,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":128,"download_link":129,"security_score":70,"vuln_count":27,"unpatched_count":13,"last_vuln_date":130,"fetched_at":29},"seo-simple-pack","SEO SIMPLE PACK","3.6.3","Ryo","https:\u002F\u002Fprofiles.wordpress.org\u002Flooswebstudio\u002F","\u003Cp>“SEO SIMPLE PACK” is a very simple plugin for SEO.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Outputs basic meta tags that are essential for SEO measures.\u003C\u002Fli>\n\u003Cli>It can be set for each page type.\u003C\u002Fli>\n\u003Cli>You can also set the OGP information required for SNS such as Facebook and Twitter.\u003C\u002Fli>\n\u003Cli>You can customize the meta tag information individually for each post, page, and term.\u003C\u002Fli>\n\u003Cli>The output content of each meta tag can also be rewritten with a hook.\u003C\u002Fli>\n\u003Cli>You can easily set the Google Analytics measurement code and Webmaster Tools verification code.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please see the following page for a detailed explanation of this plugin.\u003C\u002Fp>\n\u003Cp>URL: \u003Ca href=\"https:\u002F\u002Floos.co.jp\u002Fen\u002Fdocuments\u002Fseo-simple-pack\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Floos.co.jp\u002Fen\u002Fdocuments\u002Fseo-simple-pack\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Source code\u003C\u002Fh3>\n\u003Cp>The source code of this plugin is available on Github.\u003C\u002Fp>\n\u003Cp>URL: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fddryo\u002FSEO-SIMPLE-PACK\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fddryo\u002FSEO-SIMPLE-PACK\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Cp>After installation, the minimum required meta tags will be output without doing anything. However, it is recommended that you set the following setting items yourself.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Home page description\u003C\u002Fli>\n\u003Cli>Image of “og:image”\u003C\u002Fli>\n\u003Cli>“noindex” setting for each page type\u003C\u002Fli>\n\u003Cli>Stop author archive setting (if you don’t want to access the author archive page)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Access to the settings screen\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>An item written as “SEO PACK” has been added to the left menu of the WordPress administration screen.\u003C\u002Fli>\n\u003Cli>Click to go to the settings page.\u003C\u002Fli>\n\u003Cli>You can change the settings on the two types of management screens, “General settings” and “OGP settings”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Individual settings for each page\u003C\u002Fh4>\n\u003Cp>The following items can be set individually for Posts \u002F Pages and Term pages such as Categories \u002F Tags.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“meta robots” tag\u003C\u002Fli>\n\u003Cli>“title” tag\u003C\u002Fli>\n\u003Cli>“meta description” tag\u003C\u002Fli>\n\u003Cli>“meta og:image” tag\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About initial settings\u003C\u002Fh3>\n\u003Cp>Here are some default settings when you haven’t changed the settings.\u003C\u002Fp>\n\u003Cp>  Tag\u003Cbr \u002F>\n  Output contents\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u003Ctitle>\u003C\u002Fcode> tag on the posts page\u003Cbr \u002F>\n  Site name | Tagline\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u003Cdescription>\u003C\u002Fcode> tag on the Home page\u003Cbr \u002F>\n  Tagline\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u003Ctitle>\u003C\u002Fcode> tag on the Posts \u002F Pages\u003Cbr \u002F>\n  The title of the page | Site name\u003C\u002Fp>\n\u003Cp>  \u003Ccode>\u003Cdescription>\u003C\u002Fcode> tag on the Posts \u002F Pages\u003Cbr \u002F>\n  Automatically generated from the content of that page\u003C\u002Fp>\n\u003Cp>  Status\u003Cbr \u002F>\n  Which page it is applied to\u003C\u002Fp>\n\u003Cp>  \u003Ccode>noindex\u003C\u002Fcode>\u003Cbr \u002F>\n  Each archive page, 404 page, Search result page\u003C\u002Fp>\n\u003Cp>For other information, please check the actual setting screen.\u003C\u002Fp>\n","This is a very simple SEO plugin. You can easily set and customize meta tags and OGP tags for each page.",100000,1214756,92,14,"2026-04-01T23:00:00.000Z","4.9","7.0",[20,125,126,23,127],"meta","meta-tag","wsebmaster","https:\u002F\u002Fwemo.tech\u002F1670","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseo-simple-pack.3.6.3.zip","2024-06-27 00:00:00",{"slug":132,"name":133,"version":134,"author":135,"author_profile":136,"description":137,"short_description":138,"active_installs":139,"downloaded":140,"rating":141,"num_ratings":142,"last_updated":143,"tested_up_to":15,"requires_at_least":144,"requires_php":145,"tags":146,"homepage":150,"download_link":151,"security_score":83,"vuln_count":13,"unpatched_count":13,"last_vuln_date":37,"fetched_at":29},"kliken-marketing-for-google","AI Powered Marketing","1.5.4","kliken","https:\u002F\u002Fprofiles.wordpress.org\u002Fsitewit\u002F","\u003Cp>With Kliken’s All-In-One Marketing Solution, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Find ideal customers for your store as they are surfing the \u003Cstrong>Open Web\u003C\u002Fstrong>, searching on \u003Cstrong>Google\u003C\u002Fstrong>, or browsing \u003Cstrong>Facebook\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Retarget\u003C\u002Fstrong> existing customers and increase your conversion rates and sales\u003C\u002Fli>\n\u003Cli>Leverage Fortune 500 advertising power at a small business price – packages start as low as \u003Cstrong>$5 per day\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Grow your business with the #1 rated advertising extension on WooCommerce\u003C\u002Fh4>\n\u003Cp>Owning a small business is hard. Marketing that business shouldn’t be. Kliken’s all-in-one marketing platform helps business owners, like you, reach high-intent customers, surpass your competition and realize significant growth in sales, while decreasing conversion costs.\u003C\u002Fp>\n\u003Cp>For over a decade, the Kliken team has built the best performing e-commerce advertising engine, across multiple platforms, giving our customers the time to do what you do best – run your business, while Kliken helps grow your sales.\u003C\u002Fp>\n\u003Cp>From start to finish in under 10 minutes, build your shopping campaign, define your audience, and preview your ads – all for FREE – no credit card required. Once you’re ready to start growing your sales, select a monthly budget, checkout,  and get more.\u003C\u002Fp>\n\u003Ch4>More Traffic. More Sales. More for your Money. Get More, with Kliken.\u003C\u002Fh4>\n\u003Cp>Kliken’s AI Powered Marketing manages and automates everything you need to get your products on Google, Facebook, and the Open Web, for a low monthly cost. It helps eligible merchants:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Promote your products to \u003Cstrong>ideal customers\u003C\u002Fstrong> as they are surfing the Open Web with \u003Cstrong>Kliken Ads\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Retarget\u003C\u002Fstrong> online visitors to maximize sales with \u003Cstrong>Kliken Ads\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Create or link a \u003Cstrong>Google Merchant Center Account\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimize Product feeds\u003C\u002Fstrong> with a daily inventory sync across all platforms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access Google Product Listings\u003C\u002Fstrong> on surfaces across Google and the Google Shopping Tab\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Run Google Shopping Ads campaigns\u003C\u002Fstrong> to promote products across Google, Gmail, YouTube and the Display Network\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Run Facebook Ads campaigns\u003C\u002Fstrong> to promote products on Facebook\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>AI Powered Marketing Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Grow your sales: Unleash your potential by finding the customers that are looking for exactly what you offer across Google, Facebook and the Open Web.\u003C\u002Fli>\n\u003Cli>Priced for small businesses: Flexible advertising budget options starting as low as $5 per day. Get everything you need to advertise your business, no matter which platform you choose.\u003C\u002Fli>\n\u003Cli>Maximize your marketing performance: Track your sales performance and campaign results in your WooCommerce dashboard. You can see exactly how many visitors Kliken sends your way from the Open Web, Google, and Facebook. PLUS, see how your marketing budget is spent every day.\u003C\u002Fli>\n\u003Cli>Track sales performance: View results across the Open Web, Google, and Facebook while Kliken computes your return on advertising spend and optimize your campaigns using AI, giving you real-time campaign performance.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Ch4>Promote your products and retarget visitors as they surf the Web\u003C\u002Fh4>\n\u003Cp>We help you find ideal new customers interested in your products and increase sales to existing site visitors with Kliken Ads for the Open Web. We put your products in front of customers that already love what you sell and are ready to purchase – giving you maximum exposure with a greater return on advertising spend.\u003C\u002Fp>\n\u003Cp>Kliken Ads is the easiest, most affordable way to find new customers and increase sales. In less than 10 minutes, our customers can build a full campaign ready to go live, preview the campaign, select a budget to fit the business and start growing sales. Packages start at $5 per day.\u003C\u002Fp>\n\u003Ch4>Create or link your Google Merchant Center Account\u003C\u002Fh4>\n\u003Cp>We help you create or link your Woo store to the necessary accounts needed to get your products on Google. We also continue to optimize and manage these accounts so you don’t have to.\u003C\u002Fp>\n\u003Ch4>Optimize Smart Product feeds with daily inventory sync\u003C\u002Fh4>\n\u003Cp>Keeping your inventory up-to-date is easy with our automated product feed and daily syncs so you can make sure shoppers are only seeing your in-stock products when they find you on Google.\u003C\u002Fp>\n\u003Ch4>Access free listings on the Google Shopping tab and surfaces across Google\u003C\u002Fh4>\n\u003Cp>When eligible merchants sign up for Google Shopping, they automatically opt into free listings so that they can potentially show up on \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fmerchants\u002Fanswer\u002F9199328\" rel=\"nofollow ugc\">surfaces across Google\u003C\u002Fa> or the \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fmerchants\u002Fanswer\u002F9838672?hl=en\" rel=\"nofollow ugc\">Google Shopping tab\u003C\u002Fa> to drive free traffic to their approved products.\u003C\u002Fp>\n\u003Cp>Learn more about free listings \u003Ca href=\"https:\u002F\u002Fwww.blog.google\u002Fproducts\u002Fshopping\u002Fits-now-free-to-sell-on-google\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa> and access the help center \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fmerchants\u002Fanswer\u002F9838672\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Run paid Google Shopping Ads campaign to show up across Google Shopping, Search, YouTube, Gmail, and the Google Display Network\u003C\u002Fh4>\n\u003Cp>Google Shopping Ads campaigns (also called Performance Max Campaigns) help increase your sales and revenue by displaying your products to interested shoppers strategically across Google to drive traffic and sales.\u003C\u002Fp>\n\u003Cp>Select which categories you want to advertise and the extension will generate Google Shopping feeds that automatically manage ad creation, targeting, bidding, budget allocation, sales, and conversions.\u003C\u002Fp>\n\u003Ch3>Kliken’s AI Powered Marketing Pricing\u003C\u002Fh3>\n\u003Ch4>The Kliken automation fee is $10 per month\u003C\u002Fh4>\n\u003Cp>The automation fee covers everything you need to be successful on Google, Facebook and the Open Web.\u003C\u002Fp>\n\u003Ch4>You can also choose your Shopping Ads Campaign budget based on your needs.\u003C\u002Fh4>\n\u003Cp>We have seen the most success with merchants who start with the $300 budget so your feed can go through proper machine learning optimization and get better qualified leads.\u003C\u002Fp>\n\u003Ch3>Questions?\u003C\u002Fh3>\n\u003Cp>The Kliken team is here to help you. Please send an email to \u003Ca href=\"mailto:support@kliken.com\" rel=\"nofollow ugc\">support@kliken.com\u003C\u002Fa> or call Toll Free: 877-474-8394 or +1-813-279-8888.\u003C\u002Fp>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cp>There are a few basic requirements to get approved for Google Shopping. Making sure your store meets these basic requirements can help with getting your products on Google faster. These policies are meant to ensure customers have a great shopping experience in your WooCommerce store!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Return and refund policy: include a return and refund policy page that is clear and easy to find (e.g. link to policy in website footer or header). More info \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fmerchants\u002Fanswer\u002F6363310?hl=en&ref_topic=9216868\" rel=\"nofollow ugc\">here\u003C\u002Fa>. (Whether your store provides returns\u002Frefunds is OK! Just make sure to clearly state this)\u003C\u002Fli>\n\u003Cli>Contact information: include accurate contact information, including 2 of the 3: email, phone number, or physical address. More info \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fmerchants\u002Fanswer\u002F6363310?hl=en&ref_topic=9216868\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Listing available payment methods before checkout with text or icons\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can learn more about all the Google Shopping policies and how to help your store get approved \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fmerchants\u002Ftopic\u002F7286989?hl=en&ref_topic=7259123\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Terms & Conditions\u003C\u002Fh3>\n\u003Cp>*Valid only for new Kliken customers. Promotional codes have no promotional value and entry of the promotional code serves only to begin your qualification for the associated promotional credit. To earn the promotional credit, start advertising and spend $500 in the first 60 days to recieve a $500 advertising credit! Your account must be successfully billed by Kliken and remain in good standing in order to qualify for the promotional credit. The promotional credit will be applied within approximately 5 days after the 61st day of starting your campaign, as long as you’ve activated your account using the promotional code and fulfilled all requirements stated in the offer. For the complete terms and conditions, \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fads\u002Fcoupons\u002Fterms.html\" rel=\"nofollow ugc\">click here\u003C\u002Fa>.\u003C\u002Fp>\n","Kliken's all-in-one marketing helps businesses reach high-intent customers, beat the competition and see sales growth while lowering conversion costs",50000,3459475,54,29,"2025-12-02T16:38:00.000Z","5.8","7.4",[147,19,20,148,149],"advertising","bing","google","https:\u002F\u002Fwoo.kliken.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkliken-marketing-for-google.1.5.4.zip",{"attackSurface":153,"codeSignals":182,"taintFlows":195,"riskAssessment":222,"analyzedAt":230},{"hooks":154,"ajaxHandlers":178,"restRoutes":179,"shortcodes":180,"cronEvents":181,"entryPointCount":13,"unprotectedCount":13},[155,161,165,169,173],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","admin_init","nimbata_admin_init","nimbata.php",67,{"type":156,"name":162,"callback":163,"file":159,"line":164},"admin_menu","nimbata_admin_menu",68,{"type":156,"name":166,"callback":167,"file":159,"line":168},"admin_notices","nimbata_admin_notice",69,{"type":156,"name":170,"callback":171,"file":159,"line":172},"wp_enqueue_scripts","run_nimbata_dni",71,{"type":174,"name":175,"callback":176,"priority":81,"file":159,"line":177},"filter","script_loader_tag","add_nimbata_script_attributes",72,[],[],[],[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":13,"externalRequests":13,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":194},[],{"prepared":13,"raw":13,"locations":185},[],{"escaped":187,"rawEcho":71,"locations":188},5,[189,192],{"file":159,"line":190,"context":191},27,"raw output",{"file":159,"line":193,"context":191},117,[],[196,214],{"entryPoint":197,"graph":198,"unsanitizedCount":13,"severity":213},"nimbata_options (nimbata.php:75)",{"nodes":199,"edges":210},[200,205],{"id":201,"type":202,"label":203,"file":159,"line":204},"n0","source","$_POST (x2)",91,{"id":206,"type":207,"label":208,"file":159,"line":119,"wp_function":209},"n1","sink","update_option() [Settings Manipulation]","update_option",[211],{"from":201,"to":206,"sanitized":212},true,"low",{"entryPoint":215,"graph":216,"unsanitizedCount":13,"severity":213},"\u003Cnimbata> (nimbata.php:0)",{"nodes":217,"edges":220},[218,219],{"id":201,"type":202,"label":203,"file":159,"line":204},{"id":206,"type":207,"label":208,"file":159,"line":119,"wp_function":209},[221],{"from":201,"to":206,"sanitized":212},{"summary":223,"deductions":224},"The nimbata-call-tracking plugin v1.7.4 exhibits a generally strong security posture based on the static analysis. The absence of any direct attack surface points such as AJAX handlers, REST API routes, or shortcodes without authentication is a significant positive. Furthermore, the code demonstrates good practices by utilizing prepared statements for all SQL queries, implementing nonce checks, and capability checks, and ensuring a reasonable level of output escaping. There are no identified dangerous functions, file operations, external HTTP requests, or tainted data flows that would suggest immediate critical risks within the analyzed code.\n\nHowever, the presence of a known, currently unpatched medium-severity vulnerability is a significant concern that detracts from the overall security. The history of a past Cross-Site Request Forgery (CSRF) vulnerability, even if patched, suggests a potential area of weakness that attackers might target again. While the static analysis shows no immediate exploitable flaws in the current version's code, the unpatched CVE represents a concrete risk that requires immediate attention. The plugin has a good foundation in secure coding practices, but the unaddressed vulnerability is a clear weakness that elevates the overall risk profile.\n\nIn conclusion, while the code itself appears to be written with security in mind, the existence of an unpatched medium-severity vulnerability is a critical issue. Users should prioritize updating the plugin as soon as a patched version is available. The plugin's adherence to many secure coding principles is commendable, but it is overshadowed by the known exploitable flaw.",[225,228],{"reason":226,"points":227},"Unpatched medium-severity CVE",15,{"reason":229,"points":187},"71% output escaping (potential for minor XSS)","2026-03-16T19:48:24.293Z",{"wat":232,"direct":239},{"assetPaths":233,"generatorPatterns":234,"scriptPaths":235,"versionParams":237},[],[],[236],"\u002F\u002Fcdn.dni.nimbata.com\u002F",[238],"nimbata-ct-script-",{"cssClasses":240,"htmlComments":241,"htmlAttributes":242,"restEndpoints":246,"jsGlobals":247,"shortcodeOutput":248},[],[],[243,244,245],"name=\"nimbata_dni_id_input\"","name=\"nimbata_dni_sri_input\"","placeholder=\"shaNNN-XXXXXXXX\"",[],[],[],{"error":212,"url":250,"statusCode":251,"statusMessage":252,"message":252},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fnimbata-call-tracking\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":254,"versions":255},12,[256,262,270,278,286,294,302,310,317,325,333,341],{"version":6,"download_url":25,"svn_tag_url":257,"released_at":37,"has_diff":47,"diff_files_changed":258,"diff_lines":37,"trac_diff_url":259,"vulnerabilities":260,"is_current":212},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.8.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.4&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.8.0",[261],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":263,"download_url":264,"svn_tag_url":265,"released_at":37,"has_diff":47,"diff_files_changed":266,"diff_lines":37,"trac_diff_url":267,"vulnerabilities":268,"is_current":47},"1.7.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.7.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.7.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.3&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.4",[269],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":271,"download_url":272,"svn_tag_url":273,"released_at":37,"has_diff":47,"diff_files_changed":274,"diff_lines":37,"trac_diff_url":275,"vulnerabilities":276,"is_current":47},"1.7.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.7.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.7.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.2&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.3",[277],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":279,"download_url":280,"svn_tag_url":281,"released_at":37,"has_diff":47,"diff_files_changed":282,"diff_lines":37,"trac_diff_url":283,"vulnerabilities":284,"is_current":47},"1.7.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.7.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.7.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.1&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.2",[285],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":287,"download_url":288,"svn_tag_url":289,"released_at":37,"has_diff":47,"diff_files_changed":290,"diff_lines":37,"trac_diff_url":291,"vulnerabilities":292,"is_current":47},"1.7.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.7.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.7.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.7&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.7.1",[293],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":295,"download_url":296,"svn_tag_url":297,"released_at":37,"has_diff":47,"diff_files_changed":298,"diff_lines":37,"trac_diff_url":299,"vulnerabilities":300,"is_current":47},"1.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.6&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.7",[301],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":303,"download_url":304,"svn_tag_url":305,"released_at":37,"has_diff":47,"diff_files_changed":306,"diff_lines":37,"trac_diff_url":307,"vulnerabilities":308,"is_current":47},"1.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.5&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.6",[309],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":76,"download_url":311,"svn_tag_url":312,"released_at":37,"has_diff":47,"diff_files_changed":313,"diff_lines":37,"trac_diff_url":314,"vulnerabilities":315,"is_current":47},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.3&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.5",[316],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":318,"download_url":319,"svn_tag_url":320,"released_at":37,"has_diff":47,"diff_files_changed":321,"diff_lines":37,"trac_diff_url":322,"vulnerabilities":323,"is_current":47},"1.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.2&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.3",[324],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":326,"download_url":327,"svn_tag_url":328,"released_at":37,"has_diff":47,"diff_files_changed":329,"diff_lines":37,"trac_diff_url":330,"vulnerabilities":331,"is_current":47},"1.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.1&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.2",[332],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":334,"download_url":335,"svn_tag_url":336,"released_at":37,"has_diff":47,"diff_files_changed":337,"diff_lines":37,"trac_diff_url":338,"vulnerabilities":339,"is_current":47},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fnimbata-call-tracking%2Ftags%2F1.0&new_path=%2Fnimbata-call-tracking%2Ftags%2F1.1",[340],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37},{"version":97,"download_url":342,"svn_tag_url":343,"released_at":37,"has_diff":47,"diff_files_changed":344,"diff_lines":37,"trac_diff_url":37,"vulnerabilities":345,"is_current":47},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnimbata-call-tracking.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fnimbata-call-tracking\u002Ftags\u002F1.0\u002F",[],[346],{"id":33,"url_slug":34,"title":35,"severity":39,"cvss_score":40,"vuln_type":42,"patched_in_version":37}]