[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fED6wNXPFkGSfOiJ-YcKvyQM4OXH_ZCkEIZAtgx5Avfo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":70,"crawl_stats":37,"alternatives":74,"analysis":96,"fingerprints":766},"pilotpress","PilotPress","2.0.36","ONTRAPORT","https:\u002F\u002Fprofiles.wordpress.org\u002Fontraport\u002F","\u003Cp>PilotPress is a WordPress plug-in that brings the power of \u003Ca href=\"http:\u002F\u002Fontraport.com\" rel=\"nofollow ugc\">ONTRAPORT\u003C\u002Fa> to the WordPress platform, specifically:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create an Affiliate Network with customized login and reporting\u003C\u002Fli>\n\u003Cli>A Customer Center for handling purchases and subscriptions\u003C\u002Fli>\n\u003Cli>Insert ONTRAPORT Forms (such as SmartForms and OrderForms)\u003C\u002Fli>\n\u003Cli>Create a Membership Site with Access Levels and Protected Content\u003Cbr \u002F>\n    Create Website Subscriber users for Contacts\u003Cbr \u002F>\n    Create Signup Forms that create Contacts \u002F Website Subscribers\u003Cbr \u002F>\n    Show \u002F Hide Pages based on Membership Level\u003C\u002Fli>\n\u003Cli>Track Page Views within ONTRAPORT\u003C\u002Fli>\n\u003Cli>Merge Fields for logged-in users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note that an \u003Ca href=\"http:\u002F\u002Fontraport.com\" rel=\"nofollow ugc\">ONTRAPORT\u003C\u002Fa> paid account is required for this plugin to function. Data from your WordPress installation will be sent through our API hosted on api.ontraport.com.\u003C\u002Fp>\n\u003Ch3>Using your WordPress site as a Membership Site (aka Protecting and revealing content)\u003C\u002Fh3>\n\u003Cp>Below are instructions on how to protect content in your membership site. There are two ways to do this:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>First, you can drip content out over time (in a week-by-week type format).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Second, you can choose to reveal more content based on your customers’ membership levels like Silver, Gold, and Platinum etc.  You will first need to have either added the Pilotpress plugin to your existing WordPress site or have started a new WordPress site within ONTRAPORT. Watch the ‘Protect and Release Content’ video to learn how to do both.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Setting the Minimum Membership Level to view a page or post on your WordPress site\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once you have created your membership levels (which you did during the WordPress site creation or when you added the plugin to your existing site), you will notice that those membership levels also appeared in the right-hand margin of your WordPress posts \u002F pages under “PilotPress Options.” These options are used to limit access to the specified page or post. This is where you will set a minimum membership level to view the page or post. Check off the levels that you want, check the ‘Show in Navigation’ box if you want this page title to appear in your navigation menu, and finally set your ‘On Error’ redirect. The ‘On Error’ redirect is that page that your users will be sent to in the case that they don’t have the proper membership levels.\u003C\u002Fp>\n\u003Cp>For time release posts or pages, you will set the minimum membership needed to view the post off to the right, and then create a sequence right within ONTRAPORT that members will be automatically subscribed to when they sign up for your site.  As they move along on the sequence, say from week 1, to week 2, their membership level will change accordingly and they will be able to view the next week’s content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Setting up your system to release new content\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Go into the Admin menu, then into “WordPress Integration”.   (Make sure you’ve created membership levels for your website. If you haven’t, do that first).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Next, go to the Admin menu once again and click on “Product and Order Forms” to set up a new product if you haven’t done so already.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The product, in this case, is the membership to your membership site. If you were selling a silver, gold, and platinum membership to your site, each of those would be its own separate product, and, each should have its own order form. If on the other hand, you’re selling only one level of membership, you would only need to create one product. Note that if certain membership levels are free, or membership to the entire site is free, then you would simply set up a smartform for people to fill out to become members rather than an order form. You should also note that when you’re creating your membership level products, you must indicate that the product is a digital product, set the product as a subscription, and set a subscription price and time.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Then, when you create your order form, you will set it so the order form itself subscribes your contacts to the sequence that will first send them a welcome email containing their login info, and which will also control their membership levels (if there are any). For example, moving them along from week to week, or month to month, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>For now, title the sequence something like “membership progression sequence” if you’re planning to have this be a week-by-week content, or simply “membership login info”, if you’re going with the silver, gold, platinum format or simply a one membership level format. Set this sequence to be a ‘step’ sequence.  You will go back and actually flesh out the steps of the sequence afterward in the autopilot tab.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Create an Order Form that has an Active Response Rule which makes new members to your site\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>\n\u003Cp>Now, you will make a new active response rule that is located on an order form and it will actually turn this new contact into a member of your membership site, once they submit the order form. If you’re unclear of what an active response rule is, please watch the video on active response rules.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>First, give the active response rule a title. An example would be, “Make a new Member to my Membership Site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Next, under “What Should Happen”, select “Change Field to Value”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Then, set [field] to “membership level” and set [value] to the desired membership level. (Example “week 1” for time release content).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>Create the membership Sequence to welcome client AND to deliver their login info:\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>\n\u003Cp>Now it’s time to go into the autopilot tab and flesh out your “Membership Progression Sequence”, so it will deliver your new customers’ login info and move them along from week 1, to week 2, etc.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>First, you will locate the step sequence you started (when you created your order form).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Next, you will set up an email step that goes out on a 15 minute delay (the system needs time to generate the membership site username and password) and thanks the new customer for joining and sends them their username and password.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Merge the the login info into the very first email\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Insert their username as a merge field and insert their password as a merge field as well.  Important Note: The ‘User Name’ and ‘password merge field’ is site- specific, so, find the website in question, then the select the “password” merge field underneath that specific site.  Also in this email, you would welcome them and remember to send them the link to the login page. Another Important Note Regarding the Password: The password merge field is unique and can only be sent once. In order to retrieve a password after this, a contact will have to retrieve their password from their login page, using the “forgot your password” link, or you can manually reset a contact’s password in their contact record under “website subscribers”.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add Rule Steps to the “Membership Progression Sequence”\u003Cbr \u002F>\nIf you are creating sequential content, as opposed to just the silver, gold, platinum type format, you will need to create rule steps that change your customers’ membership levels forward, from say, week to week, as the weeks go by.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>To do this, set a rule step to fire 7 days after that first email step. For example, add a rule to the sequence which moves them on to week 2, by changing their ‘membership level’ from week one, to week two.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>For this rule, you would set the “What Should Happen” section to “Change Field to Value” and then select the “Membership Level” field as the one to have changed. Then, set it to change to the next specific level of membership, in this case, we’d set it to ‘Week 2’. It would be the same moving forward to week 3, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cul>\n\u003Cli>Next , you could create an email step to fire immediately after the rule step to notify your contact that they are able to login and access week 2’s content, you may repeat this as many time as you wish. And, you don’t have to do it all at once. You might add the first three weeks to start, then add a week or twos worth of additional content at a time later on. The process is the same either way.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Note: Be sure to save each step as you go and then save your sequence when you’re all through.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Showing\u002FHiding Sections of Content on a Page\u003C\u002Fh3>\n\u003Cp>That’s right, you can not only show or hide pages based on membership levels, but you can show or hide a portion of a page based on a few different criteria. PilotPress comes with the ability to reveal content using Shortcodes. These nifty little tags can be placed around blocks of text, forms, etc to allow you to personalize the content of the page based on membership level, tags or even if the contact is currently being tracked by ONTRAPORT. We realize that this is a bit cumbersome…and, given our commitment to giving you an awesome membership site with “no code to mess with, no-how”, will have this feature usable right within the User Interface in a future PilotPress update, but it does work for now.\u003C\u002Fp>\n\u003Cp>The Shortcodes currently available for use in PilotPress are as follows:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Show Content Based on Membership Level\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[show_if has_one=”Many,levels”] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content only for members who are logged in and have ANY of the membership levels listed (separated by commas)\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>[show_if has_all=”Many,levels”] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content only for members who are logged in and have ALL of the membership levels listed\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>[show_if not_one=”Many,levels”] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content only for members who are logged in and do NOT have at least ONE of the membership levels listed\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>[show_if not_any=”Many,levels”] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content for members who are logged in and are missing any of the memberships listed.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Show Content Based on Tags\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[show_if has_tag=”Tag”] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content only for members who are logged in and have the tag indicated by “Tag”\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Show Content Based if Contact is Identified\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[show_if is_contact] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content if visitor is an identified contact in your database\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>[show_if not_contact] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content if visitor is \u003Cstrong>not\u003C\u002Fstrong> an identified contact in your database\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>[show_if is_cookied_contact] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content if visitor has been identified as a contact through a previous login , or ONTRAPORT defined action (email click , form fillout , etc)\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>[show_if not_cookied_contact] content [\u002Fshow_if]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Displays content if visitor has \u003Cstrong>not\u003C\u002Fstrong>  been identified as a contact through a previous login , or ONTRAPORT defined action (email click , form fillout , etc)\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>[pilotpress_sync_contact]\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Allows you to re-sync a logged-in user with ONTRAPORT without having the user log in and out again. Runs only when the page first loads.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Creating the Sign-Up Page\u003C\u002Fh3>\n\u003Cp>This is where your prospects\u002Fclients purchase their membership. It’s the page that any sales emails, sales letters, and sales videos would point to.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>First, go back to your WordPress account and click on “Pages”, then click on “Add New”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Give it an appropriate title and write out your content in the text prompt. You might have a sales letter or a sales video.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Once you have added your sales content to the page, you’ll insert the order form your prospects will fill out in order to convert themselves into customers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You will achieve this by clicking the “ONTRAPORT” or “Add Media” button. (If you haven’t already created the order form or forms for your membership site, you need to now, before moving on).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Next, you will simply select the order form you created earlier and paste it on the page. If you’re offering multiple levels, like, silver, gold, and platinum, you may want to create separate pages for each that contains the respective order forms. This will give the pages a cleaner look (just link to the order page for each membership level from the main page).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Finish editing the page, proof it, and click on “Publish” (in the right-hand margin).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Next, click on “View Page” up at the top center to preview your page.\u003Cbr \u002F>\nOnce filled out, this form will take the customer to the “Thank-you” page which you set when you created the form. This most likely would be a page that thanks them, and tells them to go check their email for their login info and provides a link to the sign-in page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>When you’re all through creating your signup page, click “Publish”.  Now you will see that this page is available on your home menu.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Adding Forms within WordPress\u003C\u002Fh3>\n\u003Cp>The WordPress integration allows you to add ONTRAPORT Smartforms, Order Forms, Affiliate Signup Forms, and Upsell forms to your WordPress pages.\u003C\u002Fp>\n\u003Cp>To achieve this, you will first need to have added the PilotPress plugin to your existing WordPress site, or have started a new WordPress site within ONTRAPORT.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Log into your WordPress account.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>When adding a new post or page, you will notice that there is a new icon for “Add ONTRAPORT Form”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Click on the icon.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Once clicked, this will bring up all the Smartforms, Order Forms, Affiliate Signup Forms, and Upsell Forms that you have created in ONTRAPORT.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>When you select one, it will grab the code and insert the form right onto your page in the location where the cursor is. If you know some HTML, you can edit the way the form looks here using HTML mode. Otherwise, you’ll need to edit the form from within the form editor in ONTRAPORT\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","PilotPress allows you to have a website, membership site, customer center, and a partner center integrated together with ONTRAPORT.",1000,104046,44,5,"2025-09-24T19:48:00.000Z","6.8.5","3.6","",[20,21,22,23],"moonray","officeautopilot","ontraport","sendpepper","https:\u002F\u002Fontraport.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpilotpress.zip",55,3,2,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",[32,46,57],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-58238","pilotpress-authenticated-contributor-stored-cross-site-scripting","PilotPress \u003C= 2.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting","The PilotPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.0.36","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-09-26 17:36:52",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4671b103-1240-4508-81ce-6b8573658021?source=api-prod",{"id":47,"url_slug":48,"title":49,"description":50,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":51,"cvss_vector":52,"vuln_type":53,"published_date":29,"updated_date":54,"references":55,"days_to_patch":37},"CVE-2025-58221","pilotpress-missing-authorization","PilotPress \u003C= 2.0.36 - Missing Authorization","The PilotPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.0.36. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action.",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Missing Authorization","2025-09-26 17:33:53",[56],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Feaeadd4b-a6f5-45fd-9324-77cf2e3bb978?source=api-prod",{"id":58,"url_slug":59,"title":60,"description":61,"plugin_slug":4,"theme_slug":37,"affected_versions":62,"patched_in_version":63,"severity":39,"cvss_score":51,"cvss_vector":64,"vuln_type":53,"published_date":65,"updated_date":66,"references":67,"days_to_patch":69},"CVE-2024-23524","pilotpress-authenticatedsubscriber-missing-authorization-via-multiple-ajax-functions","PilotPress \u003C= 2.0.30 - Authenticated(Subscriber+) Missing Authorization via multiple AJAX functions","The PilotPress plugin for WordPress is vulnerable to unauthorized access to data and loss of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 2.0.30. This makes it possible for authenticated attackers, with subscriber access and above, to view reports and purge database transients.","\u003C=2.0.30","2.0.31","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:L","2024-01-31 00:00:00","2024-03-22 15:19:48",[68],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6a8d121d-434d-4445-874f-d3cf6b6e7233?source=api-prod",52,{"slug":22,"display_name":7,"profile_url":8,"plugin_count":71,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":69,"trust_score":72,"computed_at":73},1,57,"2026-04-05T02:00:11.226Z",[75],{"slug":76,"name":77,"version":78,"author":76,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":93,"download_link":94,"security_score":95,"vuln_count":84,"unpatched_count":84,"last_vuln_date":37,"fetched_at":30},"segmetrics","SegMetrics Marketing Analytics","1.1.3","https:\u002F\u002Fprofiles.wordpress.org\u002Fsegmetrics\u002F","\u003Ch3>\u003Ca href=\"https:\u002F\u002Fsegmetrics.io\" rel=\"nofollow ugc\">SegMetrics\u003C\u002Fa> is the premier analytics platform for marketing professionals.\u003C\u002Fh3>\n\u003Cp>With over 54 Million leads, $3.2 Billion in revenue, and half a million marketing campaigns, SegMetrics’ mission is to bring \u003Cstrong>smart\u003C\u002Fstrong>, \u003Cstrong>actionable\u003C\u002Fstrong>, data to marketers everywhere — without all the technical setup and hassle.\u003C\u002Fp>\n\u003Cp>SegMetrics connects to the marketing tools you already use to make sure that every dollar and lead is accounted for.\u003C\u002Fp>\n\u003Cp>Get 100% clarity on where your leads come from, how they act, and how much your marketing is really worth.\u003C\u002Fp>\n\u003Ch3>Let’s Get Started\u003C\u002Fh3>\n\u003Cp>Ready to start getting actionable insights into your marketing funnels? Here’s what you have to do next:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsegmetrics.io\u002Fpricing\" rel=\"nofollow ugc\">Sign up for a SegMetrics account\u003C\u002Fa> (With 14-day free trial)\u003C\u002Fli>\n\u003Cli>Install the SegMetrics plugin, and select “SegMetrics” from the Settings menu in your WordPress sidebar.\u003C\u002Fli>\n\u003Cli>Enter your SegMetrics Account ID and API Key, click “Save Changes,” and you’re done!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>If you need a little more help, check out our \u003Ca href=\"https:\u002F\u002Fdocs.segmetrics.io\u002Farticle\u002F50-installing-the-tracking-snippet\" rel=\"nofollow ugc\">documentation that walks you through installing the tracking snippet\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Now that you’re all set up, you’ll be able to access all of SegMetrics’ attribution features.\u003Cbr \u002F>\nHere’s how SegMetrics connects with your marketing funnels to deliver accurate revenue and lead attribution.\u003C\u002Fp>\n\u003Ch3>By installing the SegMetrics plugin, you’ll be able to do things like:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Analyze where leads are coming from\u003C\u002Fli>\n\u003Cli>Get return on ad spend for all your campaigns\u003C\u002Fli>\n\u003Cli>See exactly what pages a lead has visited and when\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Connect Your Favorite CRM, eCommerce and More\u003C\u002Fh4>\n\u003Cp>Easily connect your marketing platform with your ecommerce and all the other tools you use,\u003Cbr \u002F>\nincluding Infusionsoft, Ontraport, ActiveCampaign, Google Ads, Facebook, MailChimp, Klaviyo and much more.\u003C\u002Fp>\n\u003Ch4>Accurate data you can trust\u003C\u002Fh4>\n\u003Cp>SegMetrics connects directly to your CRM — giving you 100% accuracy in your revenue and lead reporting.\u003Cbr \u002F>\nGet actionable insights without any coding, spreadsheet exporting, or pivot tables. Get answers to your burning questions in seconds.\u003C\u002Fp>\n\u003Cp>SegMetrics is used by direct marketers and SaaS companies in a number of niches.\u003Cbr \u002F>\nBut if there’s one thing that unites them all in their marketing endeavors, it’s a \u003Cstrong>need for accurate data\u003C\u002Fstrong>. SegMetrics is built on our deep understanding of reliably getting the metrics businesses need to stay profitable.\u003C\u002Fp>\n\u003Ch4>SegMetrics deciphers the data so you don’t have to.\u003C\u002Fh4>\n\u003Cp>We built SegMetrics to be reliable, simple to set up, and easy to read. Because no matter the size or type of your business, success shouldn’t depend on wrestling some sense out of confusing or conflicting data. Get back to making clear-headed, informed decisions. We’ll handle the numbers.\u003C\u002Fp>\n\u003Ch4>Get Access to ALL Your Data\u003C\u002Fh4>\n\u003Cp>As soon as you sign up with SegMetrics, you get access to all your data — not just the data after you sign up.\u003C\u002Fp>\n\u003Cp>Give current trends more context by comparing old ones, or get to the bottom of long-unanswered questions.\u003C\u002Fp>\n\u003Ch4>Support You Can Rely On\u003C\u002Fh4>\n\u003Cp>The SegMetrics support team has extensive experience working closely with clients to meet their reporting needs.\u003C\u002Fp>\n\u003Cp>If you have a question or issue, we’ll help resolve it ASAP – even if it’s technologically convoluted or completely specific to your business.\u003C\u002Fp>\n","Connect your SegMetrics account to get unparalleled insights into your visitor journey.",100,4437,0,"2025-03-14T22:20:00.000Z","6.7.5","4.9","5.6",[90,91,22,76,92],"analytics","infusionsoft","tracking","https:\u002F\u002Fsegmetrics.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsegmetrics.1.1.4.zip",92,{"attackSurface":97,"codeSignals":437,"taintFlows":642,"riskAssessment":750,"analyzedAt":765},{"hooks":98,"ajaxHandlers":370,"restRoutes":402,"shortcodes":403,"cronEvents":434,"entryPointCount":435,"unprotectedCount":436},[99,105,109,113,117,120,124,127,130,133,137,142,145,148,152,156,159,163,168,171,174,177,180,184,187,190,194,198,201,205,209,212,215,219,223,227,231,234,238,242,245,249,253,256,260,264,267,271,275,279,283,286,290,294,298,301,304,308,311,314,318,322,324,328,331,335,339,343,346,349,352,356,359,361,364,367],{"type":100,"name":101,"callback":102,"file":103,"line":104},"action","widgets_init","register","pilotpress.php",33,{"type":100,"name":106,"callback":107,"file":103,"line":108},"admin_footer-widgets.php","pilotpress_widget_js",35,{"type":100,"name":110,"callback":111,"priority":71,"file":103,"line":112},"init","load_settings",1011,{"type":100,"name":110,"callback":114,"priority":115,"file":103,"line":116},"load_scripts",10,1012,{"type":100,"name":110,"callback":118,"file":103,"line":119},"sessionslap_ping",1013,{"type":100,"name":121,"callback":122,"file":103,"line":123},"wp_print_styles","stylesheets",1014,{"type":100,"name":125,"callback":92,"file":103,"line":126},"wp_print_footer_scripts",1015,{"type":100,"name":128,"callback":128,"file":103,"line":129},"retrieve_password",1016,{"type":100,"name":131,"callback":131,"file":103,"line":132},"profile_update",1017,{"type":100,"name":134,"callback":135,"file":103,"line":136},"admin_menu","settings_init",1023,{"type":138,"name":139,"callback":140,"file":103,"line":141},"filter","admin_init","clean_meta",1024,{"type":138,"name":139,"callback":143,"file":103,"line":144},"flush_rewrite_rules",1025,{"type":138,"name":139,"callback":146,"file":103,"line":147},"user_lockout",1026,{"type":100,"name":149,"callback":150,"file":103,"line":151},"admin_enqueue_scripts","admin_load_scripts",1027,{"type":100,"name":153,"callback":154,"file":103,"line":155},"admin_notices","display_notice",1028,{"type":100,"name":134,"callback":157,"file":103,"line":158},"metabox_add",1030,{"type":100,"name":160,"callback":161,"file":103,"line":162},"pre_post_update","metabox_save",1031,{"type":100,"name":164,"callback":165,"priority":166,"file":103,"line":167},"media_buttons","media_button_add",20,1033,{"type":100,"name":169,"callback":169,"file":103,"line":170},"media_upload_forms",1034,{"type":100,"name":172,"callback":172,"file":103,"line":173},"media_upload_images",1035,{"type":100,"name":175,"callback":175,"file":103,"line":176},"media_upload_videos",1036,{"type":100,"name":178,"callback":178,"file":103,"line":179},"media_upload_fields",1037,{"type":138,"name":181,"callback":182,"file":103,"line":183},"tiny_mce_before_init","mce_valid_elements",1042,{"type":138,"name":185,"callback":185,"file":103,"line":186},"tiny_mce_version",1043,{"type":138,"name":188,"callback":188,"file":103,"line":189},"mce_external_plugins",1044,{"type":138,"name":191,"callback":192,"file":103,"line":193},"mce_buttons_3","mce_buttons",1045,{"type":100,"name":195,"callback":196,"file":103,"line":197},"admin_footer","grab_mce_fields",1046,{"type":100,"name":195,"callback":199,"file":103,"line":200},"grab_mce_shortcodes",1047,{"type":138,"name":202,"callback":203,"file":103,"line":204},"manage_posts_columns","page_list_col",1049,{"type":100,"name":206,"callback":207,"priority":115,"file":103,"line":208},"manage_posts_custom_column","page_list_col_value",1050,{"type":138,"name":210,"callback":203,"file":103,"line":211},"manage_pages_columns",1051,{"type":100,"name":213,"callback":207,"priority":115,"file":103,"line":214},"manage_pages_custom_column",1052,{"type":138,"name":216,"callback":217,"priority":84,"file":103,"line":218},"user_has_cap","lock_delete",1053,{"type":138,"name":220,"callback":221,"file":103,"line":222},"media_upload_tabs","modify_media_tab",1054,{"type":100,"name":224,"callback":225,"file":103,"line":226},"wp_loaded","update_post_types",1055,{"type":100,"name":228,"callback":229,"file":103,"line":230},"admin_head","include_form_admin_options",1058,{"type":100,"name":228,"callback":232,"file":103,"line":233},"admin_preview",1059,{"type":138,"name":235,"callback":236,"file":103,"line":237},"rewrite_rules_array","filter_rewrite_rules",1068,{"type":100,"name":239,"callback":240,"file":103,"line":241},"wp","post_process",1069,{"type":138,"name":243,"callback":243,"file":103,"line":244},"get_pages",1070,{"type":138,"name":246,"callback":247,"file":103,"line":248},"wp_nav_menu","get_nav_menus",1071,{"type":138,"name":250,"callback":251,"file":103,"line":252},"wp_nav_menu_objects","get_nav_menu_objects",1072,{"type":138,"name":254,"callback":254,"file":103,"line":255},"posts_where",1073,{"type":138,"name":257,"callback":258,"file":103,"line":259},"query_vars","filter_query_vars",1074,{"type":138,"name":261,"callback":262,"file":103,"line":263},"the_content","content_process",1075,{"type":138,"name":265,"callback":262,"file":103,"line":266},"login_message",1076,{"type":100,"name":268,"callback":269,"priority":71,"file":103,"line":270},"wp_authenticate","user_login",1090,{"type":100,"name":272,"callback":273,"file":103,"line":274},"wp_login_failed","user_login_failed",1091,{"type":100,"name":276,"callback":277,"file":103,"line":278},"lostpassword_post","user_lostpassword",1092,{"type":100,"name":280,"callback":281,"file":103,"line":282},"wp_logout","user_logout",1093,{"type":100,"name":110,"callback":284,"file":103,"line":285},"pp_login_button",1094,{"type":100,"name":287,"callback":288,"priority":115,"file":103,"line":289},"user_register","add_new_register_user_to_ONTRAPORT",1095,{"type":138,"name":291,"callback":292,"priority":115,"file":103,"line":293},"comments_open","ppDisableComments",3077,{"type":138,"name":295,"callback":296,"priority":115,"file":103,"line":297},"get_comments_number","ppZeroCommentsNumber",3078,{"type":100,"name":228,"callback":299,"file":103,"line":300},"pilotpress_sessionslap_face",3589,{"type":100,"name":302,"callback":299,"file":103,"line":303},"wp_head",3590,{"type":138,"name":305,"callback":306,"file":103,"line":307},"widget_text","do_shortcode",3598,{"type":138,"name":188,"callback":309,"file":103,"line":310},"add_login_button",4388,{"type":138,"name":191,"callback":312,"file":103,"line":313},"register_login_button",4389,{"type":100,"name":149,"callback":315,"file":316,"line":317},"ppprotectAdminStyles","ppprotect-categories.php",31,{"type":100,"name":319,"callback":320,"file":316,"line":321},"category_edit_form_fields","ppprotectEditFormFields",34,{"type":100,"name":323,"callback":320,"file":316,"line":108},"category_add_form_fields",{"type":100,"name":325,"callback":326,"file":316,"line":327},"created_category","ppprotectSaveFields",38,{"type":100,"name":329,"callback":326,"file":316,"line":330},"edited_category",39,{"type":100,"name":332,"callback":333,"file":316,"line":334},"pre_get_posts","ppprotectHomeAndArchivePosts",42,{"type":138,"name":336,"callback":337,"file":316,"line":338},"widget_posts_args","ppprotectRecentPosts",43,{"type":100,"name":340,"callback":341,"file":316,"line":342},"template_redirect","ppprotectCategory",46,{"type":100,"name":340,"callback":344,"file":316,"line":345},"ppprotectPost",49,{"type":100,"name":347,"callback":348,"file":316,"line":69},"edit_form_after_editor","ppprotectPostWarning",{"type":100,"name":195,"callback":350,"file":316,"line":351},"ppprotectCategoryJS",58,{"type":100,"name":353,"callback":354,"file":316,"line":355},"delete_category","ppprotectDeleteCategory",60,{"type":138,"name":261,"callback":357,"file":316,"line":358},"ppprotectLoginPage",506,{"type":138,"name":261,"callback":357,"file":316,"line":360},595,{"type":138,"name":291,"callback":362,"priority":115,"file":316,"line":363},"ppprotectCloseComments",596,{"type":138,"name":295,"callback":365,"priority":115,"file":316,"line":366},"ppprotectGetCommentsNumber",597,{"type":100,"name":195,"callback":368,"file":316,"line":369},"ppprotectAdminCategoryScripts",887,[371,376,381,385,389,393,396,399],{"action":372,"nopriv":373,"callback":374,"hasNonce":373,"hasCapCheck":373,"file":103,"line":375},"pp_update_aff_details",false,"update_aff_details",1019,{"action":377,"nopriv":373,"callback":378,"hasNonce":379,"hasCapCheck":373,"file":103,"line":380},"pp_update_cc_details","update_cc_details",true,1020,{"action":382,"nopriv":373,"callback":383,"hasNonce":373,"hasCapCheck":373,"file":103,"line":384},"pp_insert_form","get_insert_form_html",1038,{"action":386,"nopriv":373,"callback":387,"hasNonce":373,"hasCapCheck":373,"file":103,"line":388},"pp_insert_video","get_insert_video_html",1039,{"action":390,"nopriv":373,"callback":391,"hasNonce":373,"hasCapCheck":373,"file":103,"line":392},"pp_get_aff_report","get_aff_report",1040,{"action":394,"nopriv":373,"callback":394,"hasNonce":379,"hasCapCheck":379,"file":103,"line":395},"purge_transients",1061,{"action":397,"nopriv":373,"callback":397,"hasNonce":373,"hasCapCheck":373,"file":103,"line":398},"admin_preview_redirect",1062,{"action":400,"nopriv":373,"callback":401,"hasNonce":373,"hasCapCheck":373,"file":316,"line":26},"pp_category_override","wp_ajax_ppprotectAllowOverride",[],[404,408,411,414,418,421,424,427,430],{"tag":405,"callback":406,"file":103,"line":407},"protected","shortcode_show_if",1078,{"tag":409,"callback":406,"file":103,"line":410},"show_if",1079,{"tag":412,"callback":412,"file":103,"line":413},"login_page",1080,{"tag":415,"callback":416,"file":103,"line":417},"field","shortcode_field",1081,{"tag":419,"callback":406,"file":103,"line":420},"pilotpress_protected",1083,{"tag":422,"callback":406,"file":103,"line":423},"pilotpress_show_if",1084,{"tag":425,"callback":412,"file":103,"line":426},"pilotpress_login_page",1085,{"tag":428,"callback":416,"file":103,"line":429},"pilotpress_field",1086,{"tag":431,"callback":432,"file":103,"line":433},"pilotpress_sync_contact","shortcode_sync_contact",1087,[],17,6,{"dangerousFunctions":438,"sqlUsage":439,"outputEscaping":480,"fileOperations":84,"externalRequests":28,"nonceChecks":27,"capabilityChecks":481,"bundledLibraries":641},[],{"prepared":440,"raw":435,"locations":441},15,[442,445,448,450,453,455,457,459,461,463,465,468,470,472,474,476,478],{"file":103,"line":443,"context":444},200,"$wpdb->get_results() with variable interpolation",{"file":103,"line":446,"context":447},2631,"$wpdb->query() with variable interpolation",{"file":103,"line":449,"context":444},3187,{"file":103,"line":451,"context":452},3407,"$wpdb->get_var() with variable interpolation",{"file":103,"line":454,"context":452},3414,{"file":103,"line":456,"context":444},3482,{"file":103,"line":458,"context":444},4411,{"file":103,"line":460,"context":452},4419,{"file":103,"line":462,"context":452},4429,{"file":316,"line":464,"context":452},114,{"file":316,"line":466,"context":467},119,"$wpdb->get_row() with variable interpolation",{"file":316,"line":469,"context":452},128,{"file":316,"line":471,"context":452},347,{"file":316,"line":473,"context":444},352,{"file":316,"line":475,"context":452},674,{"file":316,"line":477,"context":444},679,{"file":316,"line":479,"context":444},717,{"escaped":481,"rawEcho":482,"locations":483},14,83,[484,488,490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542,544,546,548,550,552,554,556,558,560,562,564,566,568,570,572,573,575,577,579,581,582,584,586,587,589,590,592,593,595,596,598,599,600,602,603,604,605,607,609,611,613,615,617,619,621,623,625,627,629,631,633,635,637,639],{"file":485,"line":486,"context":487},"login-button.php",11,"raw output",{"file":103,"line":489,"context":487},509,{"file":103,"line":491,"context":487},543,{"file":103,"line":493,"context":487},547,{"file":103,"line":495,"context":487},567,{"file":103,"line":497,"context":487},571,{"file":103,"line":499,"context":487},588,{"file":103,"line":501,"context":487},601,{"file":103,"line":503,"context":487},614,{"file":103,"line":505,"context":487},626,{"file":103,"line":507,"context":487},627,{"file":103,"line":509,"context":487},628,{"file":103,"line":511,"context":487},657,{"file":103,"line":513,"context":487},685,{"file":103,"line":515,"context":487},713,{"file":103,"line":517,"context":487},724,{"file":103,"line":519,"context":487},725,{"file":103,"line":521,"context":487},784,{"file":103,"line":523,"context":487},790,{"file":103,"line":525,"context":487},1165,{"file":103,"line":527,"context":487},1327,{"file":103,"line":529,"context":487},1510,{"file":103,"line":531,"context":487},1625,{"file":103,"line":533,"context":487},1627,{"file":103,"line":535,"context":487},1631,{"file":103,"line":537,"context":487},1643,{"file":103,"line":539,"context":487},1652,{"file":103,"line":541,"context":487},1695,{"file":103,"line":543,"context":487},1705,{"file":103,"line":545,"context":487},1728,{"file":103,"line":547,"context":487},1776,{"file":103,"line":549,"context":487},1807,{"file":103,"line":551,"context":487},1811,{"file":103,"line":553,"context":487},1902,{"file":103,"line":555,"context":487},1940,{"file":103,"line":557,"context":487},1941,{"file":103,"line":559,"context":487},1942,{"file":103,"line":561,"context":487},1943,{"file":103,"line":563,"context":487},1944,{"file":103,"line":565,"context":487},2021,{"file":103,"line":567,"context":487},2088,{"file":103,"line":569,"context":487},2089,{"file":103,"line":571,"context":487},2105,{"file":103,"line":571,"context":487},{"file":103,"line":574,"context":487},2111,{"file":103,"line":576,"context":487},2114,{"file":103,"line":578,"context":487},2116,{"file":103,"line":580,"context":487},2123,{"file":103,"line":580,"context":487},{"file":103,"line":583,"context":487},2127,{"file":103,"line":585,"context":487},2139,{"file":103,"line":585,"context":487},{"file":103,"line":588,"context":487},2143,{"file":103,"line":588,"context":487},{"file":103,"line":591,"context":487},2157,{"file":103,"line":591,"context":487},{"file":103,"line":594,"context":487},2159,{"file":103,"line":594,"context":487},{"file":103,"line":597,"context":487},2169,{"file":103,"line":597,"context":487},{"file":103,"line":597,"context":487},{"file":103,"line":601,"context":487},2175,{"file":103,"line":601,"context":487},{"file":103,"line":601,"context":487},{"file":103,"line":601,"context":487},{"file":103,"line":606,"context":487},2183,{"file":103,"line":608,"context":487},2196,{"file":103,"line":610,"context":487},4323,{"file":103,"line":612,"context":487},4334,{"file":103,"line":614,"context":487},4360,{"file":103,"line":616,"context":487},4582,{"file":103,"line":618,"context":487},4585,{"file":103,"line":620,"context":487},4593,{"file":103,"line":622,"context":487},4595,{"file":103,"line":624,"context":487},4644,{"file":103,"line":626,"context":487},4645,{"file":103,"line":628,"context":487},4646,{"file":103,"line":630,"context":487},4672,{"file":316,"line":632,"context":487},261,{"file":316,"line":634,"context":487},768,{"file":316,"line":636,"context":487},884,{"file":316,"line":638,"context":487},949,{"file":316,"line":640,"context":487},982,[],[643,659,668,677,686,695,714,741],{"entryPoint":644,"graph":645,"unsanitizedCount":71,"severity":39},"admin_preview_redirect (pilotpress.php:1161)",{"nodes":646,"edges":657},[647,652],{"id":648,"type":649,"label":650,"file":103,"line":651},"n0","source","$_POST",1164,{"id":653,"type":654,"label":655,"file":103,"line":525,"wp_function":656},"n1","sink","echo() [XSS]","echo",[658],{"from":648,"to":653,"sanitized":373},{"entryPoint":660,"graph":661,"unsanitizedCount":71,"severity":39},"get_aff_report (pilotpress.php:1641)",{"nodes":662,"edges":666},[663,665],{"id":648,"type":649,"label":650,"file":103,"line":664},1642,{"id":653,"type":654,"label":655,"file":103,"line":537,"wp_function":656},[667],{"from":648,"to":653,"sanitized":373},{"entryPoint":669,"graph":670,"unsanitizedCount":71,"severity":39},"update_aff_details (pilotpress.php:1648)",{"nodes":671,"edges":675},[672,674],{"id":648,"type":649,"label":650,"file":103,"line":673},1649,{"id":653,"type":654,"label":655,"file":103,"line":539,"wp_function":656},[676],{"from":648,"to":653,"sanitized":373},{"entryPoint":678,"graph":679,"unsanitizedCount":71,"severity":39},"get_insert_form_html (pilotpress.php:1701)",{"nodes":680,"edges":684},[681,683],{"id":648,"type":649,"label":650,"file":103,"line":682},1704,{"id":653,"type":654,"label":655,"file":103,"line":543,"wp_function":656},[685],{"from":648,"to":653,"sanitized":373},{"entryPoint":687,"graph":688,"unsanitizedCount":71,"severity":39},"wp_ajax_ppprotectAllowOverride (ppprotect-categories.php:749)",{"nodes":689,"edges":693},[690,692],{"id":648,"type":649,"label":650,"file":316,"line":691},756,{"id":653,"type":654,"label":655,"file":316,"line":634,"wp_function":656},[694],{"from":648,"to":653,"sanitized":373},{"entryPoint":696,"graph":697,"unsanitizedCount":84,"severity":713},"update_cc_details (pilotpress.php:1657)",{"nodes":698,"edges":710},[699,702,705,708],{"id":648,"type":649,"label":700,"file":103,"line":701},"$_POST['username']",1683,{"id":653,"type":654,"label":703,"file":103,"line":701,"wp_function":704},"query() [SQLi]","query",{"id":706,"type":649,"label":650,"file":103,"line":707},"n2",1662,{"id":709,"type":654,"label":655,"file":103,"line":541,"wp_function":656},"n3",[711,712],{"from":648,"to":653,"sanitized":379},{"from":706,"to":709,"sanitized":379},"low",{"entryPoint":715,"graph":716,"unsanitizedCount":84,"severity":713},"\u003Cpilotpress> (pilotpress.php:0)",{"nodes":717,"edges":736},[718,720,721,724,725,727,729,733],{"id":648,"type":649,"label":719,"file":103,"line":651},"$_POST (x6)",{"id":653,"type":654,"label":655,"file":103,"line":525,"wp_function":656},{"id":706,"type":649,"label":722,"file":103,"line":723},"$_COOKIE (x3)",1279,{"id":709,"type":654,"label":655,"file":103,"line":531,"wp_function":656},{"id":726,"type":649,"label":700,"file":103,"line":701},"n4",{"id":728,"type":654,"label":703,"file":103,"line":701,"wp_function":704},"n5",{"id":730,"type":649,"label":731,"file":103,"line":732},"n6","$_GET",1578,{"id":734,"type":654,"label":703,"file":103,"line":735,"wp_function":704},"n7",3553,[737,738,739,740],{"from":648,"to":653,"sanitized":379},{"from":706,"to":709,"sanitized":379},{"from":726,"to":728,"sanitized":379},{"from":730,"to":734,"sanitized":379},{"entryPoint":742,"graph":743,"unsanitizedCount":84,"severity":713},"\u003Cppprotect-categories> (ppprotect-categories.php:0)",{"nodes":744,"edges":748},[745,747],{"id":648,"type":649,"label":746,"file":316,"line":691},"$_POST (x2)",{"id":653,"type":654,"label":655,"file":316,"line":634,"wp_function":656},[749],{"from":648,"to":653,"sanitized":379},{"summary":751,"deductions":752},"The pilotpress plugin exhibits a mixed security posture. While it avoids dangerous functions and file operations, and has a reasonable number of capability checks, significant concerns arise from its unprotected AJAX handlers.  A substantial portion of its attack surface is exposed without authentication, creating a direct pathway for potential unauthorized actions. The output escaping is also a major weakness, with a very low percentage of outputs being properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, although limited in scope, flagged flows with unsanitized paths, reinforcing the XSS concerns.  The plugin's vulnerability history, with three known medium-severity CVEs, two of which remain unpatched, further exacerbates these risks. The common types of past vulnerabilities, XSS and missing authorization, directly align with the current findings in the code analysis. This indicates a pattern of recurring security weaknesses that have not been fully addressed.  In conclusion, while pilotpress demonstrates some good practices, the high number of unprotected AJAX handlers, poor output escaping, and ongoing unpatched vulnerabilities present a significant security risk that requires immediate attention.",[753,755,758,760,762],{"reason":754,"points":115},"Unprotected AJAX handlers",{"reason":756,"points":757},"Low percentage of properly escaped output",8,{"reason":759,"points":166},"Unpatched CVEs (2 medium severity)",{"reason":761,"points":14},"Flows with unsanitized paths",{"reason":763,"points":764},"Vulnerability history of XSS and Missing Auth",7,"2026-03-16T19:07:16.934Z",{"wat":767,"direct":776},{"assetPaths":768,"generatorPatterns":773,"scriptPaths":774,"versionParams":775},[769,770,771,772],"\u002Fwp-content\u002Fplugins\u002Fpilotpress\u002Fjs\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Fpilotpress\u002Fjs\u002Ftracking.js","\u002Fwp-content\u002Fplugins\u002Fpilotpress\u002Fjs\u002FmoonrayJS-only-wp-forms.css","\u002Fwp-content\u002Fplugins\u002Fpilotpress\u002Fjs\u002Fmoonray.css",[],[769,770,771,772],[],{"cssClasses":777,"htmlComments":779,"htmlAttributes":780,"restEndpoints":783,"jsGlobals":784,"shortcodeOutput":785},[778],"pilotpress-widget",[],[781,782],"data-ppc-form","data-ppc-form-id",[],[107],[786,787],"[pilotpress_customer_center]","[pilotpress_partner_center]"]