[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkRF_7Pwm6aRgufdIljS2u05B70zl2XawvGg4z-q0FCQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":16,"download_link":19,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22,"vulnerabilities":23,"developer":24,"crawl_stats":21,"alternatives":29,"analysis":67,"fingerprints":400},"pod-marketing-analytics","POD Marketing Analytics","0.2.17","jumpdemand","https:\u002F\u002Fprofiles.wordpress.org\u002Fjumpdemand\u002F","\u003Cp>For those people who have an active Pod Marketing Analytics account, this plugin will add the website tracking script onto your website. To learn more about the Pod Marketing Analytics Portal and to get your Pod Marketing Analytics Portal account, go to http:\u002F\u002Fwww.jumpdemand.me.\u003C\u002Fp>\n","The easy way to integrate the Pod Marketing Analytics Portal to your website.",0,1666,"2021-06-09T20:49:00.000Z","5.7.15","2.8","",[18],"tracking-script","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpod-marketing-analytics.0.2.17.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":11,"avg_security_score":20,"avg_patch_time_days":26,"trust_score":27,"computed_at":28},1,30,84,"2026-04-05T09:57:47.150Z",[30,54],{"slug":31,"name":32,"version":33,"author":34,"author_profile":35,"description":36,"short_description":37,"active_installs":38,"downloaded":39,"rating":40,"num_ratings":41,"last_updated":42,"tested_up_to":43,"requires_at_least":15,"requires_php":16,"tags":44,"homepage":49,"download_link":50,"security_score":51,"vuln_count":52,"unpatched_count":11,"last_vuln_date":53,"fetched_at":22},"activedemand","ActiveDEMAND","0.2.47","ActiveDEMAND Online Agency Marketing Automation","https:\u002F\u002Fprofiles.wordpress.org\u002Fponiard\u002F","\u003Cp>Adds the \u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FvaiXT\" rel=\"nofollow ugc\">ActiveDEMAND\u003C\u002Fa> tracking script to your website. As well this plugin gives you the ability to use shortcodes to embed ActiveDEMAND webforms into your widgets, pages, posts, and sidebars.\u003C\u002Fp>\n\u003Ch4>Personalize your WordPress visitor Experience with ActiveDEMAND\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FN8DSB\" rel=\"nofollow ugc\">Dynamically change website content based on users GEO-IP location, utm_source\u002Fmedium, any visitor history\u002Fcontext\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002F3RDMj\" rel=\"nofollow ugc\">Embed web forms on any page\u002Fpost\u002Fsidebar etc\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002F0b1aD\" rel=\"nofollow ugc\">Add custom popups and opt in bars\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FYkfq2\" rel=\"nofollow ugc\">Automatically send emails to people who fill out forms\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FbNjo5\" rel=\"nofollow ugc\">Track visitors, link clicks etc\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FN8DSB\" rel=\"nofollow ugc\">GEO IP lookup of all visitors, email opens, phone calls, etc\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FTKVri\" rel=\"nofollow ugc\">Full attribution of marketing activities\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FgomgB\" rel=\"nofollow ugc\">Appointment Scheduling\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For the full list of capabilities, visit \u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FvaiXT\" rel=\"nofollow ugc\">www.ActiveDEMAND.com\u003C\u002Fa>!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F9VsHjxMsHHk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Fully automate your marketing with \u003Ca href=\"https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FvaiXT\" rel=\"nofollow ugc\"> ActiveDEMAND\u003C\u002Fa>.\u003C\u002Fp>\n","ActiveDEMAND, the easy way to add Web Forms, Dynamic Content, and Popups to your WordPress site.",1000,40669,100,6,"2025-10-15T20:37:00.000Z","6.8.5",[45,46,47,48,18],"dynamic-content","geo-ip","opt-in-forms","popup-builder","https:\u002F\u002Fwww2.activedemand.com\u002Fs\u002FGnf5n","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivedemand.0.2.47.zip",88,4,"2025-04-16 00:00:00",{"slug":55,"name":56,"version":57,"author":34,"author_profile":35,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":11,"num_ratings":11,"last_updated":62,"tested_up_to":63,"requires_at_least":15,"requires_php":16,"tags":64,"homepage":65,"download_link":66,"security_score":20,"vuln_count":11,"unpatched_count":11,"last_vuln_date":21,"fetched_at":22},"walnutmarketing","Walnut.Marketing Portal","0.2.05","\u003Cp>Adds the Walnut.Marketing Portal tracking script to your website.\u003C\u002Fp>\n","Adds the Walnut.Marketing Portal tracking script to your website",10,2152,"2019-03-18T21:43:00.000Z","5.1.22",[18],"https:\u002F\u002Fwalnut.marketing","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwalnutmarketing.0.2.05.zip",{"attackSurface":68,"codeSignals":199,"taintFlows":284,"riskAssessment":380,"analyzedAt":399},{"hooks":69,"ajaxHandlers":170,"restRoutes":181,"shortcodes":197,"cronEvents":198,"entryPointCount":41,"unprotectedCount":41},[70,76,80,83,87,91,94,97,100,105,109,112,115,118,120,122,125,128,131,134,137,141,143,145,148,151,153,156,159,162,164,167],{"type":71,"name":72,"callback":73,"file":74,"line":75},"action","wp_enqueue_scripts","anonymous","class-SCCollector.php",165,{"type":77,"name":78,"callback":73,"priority":25,"file":74,"line":79},"filter","the_content",207,{"type":77,"name":81,"callback":73,"file":74,"line":82},"widget_text",210,{"type":71,"name":84,"callback":73,"priority":85,"file":74,"line":86},"wp_footer",900,225,{"type":71,"name":88,"callback":73,"file":89,"line":90},"admin_enqueue_scripts","landing-pages.php",13,{"type":71,"name":92,"callback":73,"priority":25,"file":89,"line":93},"wp",48,{"type":71,"name":95,"callback":73,"file":89,"line":96},"add_meta_boxes",124,{"type":71,"name":98,"callback":73,"file":89,"line":99},"save_post",163,{"type":71,"name":101,"callback":102,"file":103,"line":104},"init","initialize_hooks","linked-forms.php",495,{"type":71,"name":106,"callback":107,"file":103,"line":108},"plugins_loaded","initialize_class_vars",496,{"type":71,"name":88,"callback":110,"file":103,"line":111},"closure",555,{"type":71,"name":101,"callback":73,"file":113,"line":114},"PodMarketingAnalytics.php",42,{"type":77,"name":116,"callback":73,"priority":60,"file":113,"line":117},"block_categories",204,{"type":71,"name":101,"callback":73,"file":113,"line":119},208,{"type":71,"name":101,"callback":73,"file":113,"line":121},364,{"type":71,"name":123,"callback":73,"file":113,"line":124},"admin_init",444,{"type":77,"name":126,"callback":73,"file":113,"line":127},"mce_external_plugins",533,{"type":77,"name":129,"callback":73,"file":113,"line":130},"mce_buttons",534,{"type":71,"name":132,"callback":73,"file":113,"line":133},"woocommerce_cart_updated",591,{"type":71,"name":135,"callback":73,"file":113,"line":136},"woocommerce_cart_emptied",602,{"type":77,"name":138,"callback":73,"priority":139,"file":113,"line":140},"clean_url",11,733,{"type":71,"name":72,"callback":73,"file":113,"line":142},734,{"type":71,"name":88,"callback":73,"file":113,"line":144},736,{"type":71,"name":146,"callback":73,"file":113,"line":147},"admin_menu",738,{"type":77,"name":149,"callback":73,"priority":60,"file":113,"line":150},"plugin_action_links",739,{"type":71,"name":101,"callback":73,"file":113,"line":152},746,{"type":71,"name":154,"callback":73,"file":113,"line":155},"in_admin_footer",747,{"type":71,"name":157,"callback":110,"file":113,"line":158},"woocommerce_after_checkout_form",757,{"type":71,"name":160,"callback":110,"file":113,"line":161},"rest_api_init",864,{"type":71,"name":101,"callback":73,"file":113,"line":163},890,{"type":71,"name":165,"callback":73,"priority":60,"file":113,"line":166},"woocommerce_add_to_cart",945,{"type":71,"name":168,"callback":73,"file":113,"line":169},"woocommerce_thankyou",953,[171,175,178],{"action":172,"nopriv":173,"callback":73,"hasNonce":173,"hasCapCheck":173,"file":103,"line":174},"reset_ad_form_linkage",false,498,{"action":176,"nopriv":173,"callback":73,"hasNonce":173,"hasCapCheck":173,"file":103,"line":177},"update_ad_form_linkage",499,{"action":179,"nopriv":173,"callback":73,"hasNonce":173,"hasCapCheck":173,"file":103,"line":180},"show_form_mapper",500,[182,189,193],{"namespace":183,"route":184,"methods":185,"callback":73,"permissionCallback":187,"file":113,"line":188},"activedemand\u002Fv1","\u002Fcreate-post\u002F",[186],"POST","__return_true",865,{"namespace":183,"route":190,"methods":191,"callback":73,"permissionCallback":187,"file":113,"line":192},"\u002Fupdate-post\u002F",[186],871,{"namespace":183,"route":194,"methods":195,"callback":73,"permissionCallback":187,"file":113,"line":196},"\u002Fdelete-post\u002F",[186],877,[],[],{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":220,"fileOperations":202,"externalRequests":52,"nonceChecks":41,"capabilityChecks":11,"bundledLibraries":280},[],{"prepared":202,"raw":41,"locations":203},2,[204,207,209,211,214,217],{"file":113,"line":205,"context":206},906,"$wpdb->get_var() with variable interpolation",{"file":113,"line":208,"context":206},908,{"file":113,"line":210,"context":206},927,{"file":113,"line":212,"context":213},940,"$wpdb->query() with variable interpolation",{"file":215,"line":216,"context":206},"recover-cart.php",31,{"file":215,"line":218,"context":219},33,"$wpdb->get_results() with variable interpolation",{"escaped":221,"rawEcho":222,"locations":223},5,28,[224,227,228,230,232,234,236,238,240,242,245,247,249,251,253,255,257,259,261,262,264,266,268,270,272,274,276,278],{"file":74,"line":225,"context":226},222,"raw output",{"file":89,"line":114,"context":226},{"file":89,"line":229,"context":226},115,{"file":89,"line":231,"context":226},160,{"file":103,"line":233,"context":226},111,{"file":103,"line":235,"context":226},113,{"file":103,"line":237,"context":226},513,{"file":103,"line":239,"context":226},537,{"file":103,"line":241,"context":226},551,{"file":243,"line":244,"context":226},"partials\\tinymce-editor.php",61,{"file":243,"line":246,"context":226},65,{"file":243,"line":248,"context":226},97,{"file":243,"line":250,"context":226},101,{"file":243,"line":252,"context":226},135,{"file":243,"line":254,"context":226},139,{"file":113,"line":256,"context":226},758,{"file":258,"line":114,"context":226},"settings.php",{"file":258,"line":260,"context":226},76,{"file":258,"line":27,"context":226},{"file":258,"line":263,"context":226},130,{"file":258,"line":265,"context":226},177,{"file":258,"line":267,"context":226},215,{"file":258,"line":269,"context":226},218,{"file":258,"line":271,"context":226},253,{"file":258,"line":273,"context":226},256,{"file":258,"line":275,"context":226},289,{"file":258,"line":277,"context":226},292,{"file":258,"line":279,"context":226},326,[281],{"name":282,"version":21,"knownCves":283},"TinyMCE",[],[285,302,310,320,329,350,371],{"entryPoint":286,"graph":287,"unsanitizedCount":11,"severity":301},"activedemand_ajax_get_landing_html (landing-pages.php:107)",{"nodes":288,"edges":298},[289,293],{"id":290,"type":291,"label":292,"file":89,"line":235},"n0","source","$_POST",{"id":294,"type":295,"label":296,"file":89,"line":229,"wp_function":297},"n1","sink","echo() [XSS]","echo",[299],{"from":290,"to":294,"sanitized":300},true,"low",{"entryPoint":303,"graph":304,"unsanitizedCount":11,"severity":301},"\u003Clanding-pages> (landing-pages.php:0)",{"nodes":305,"edges":308},[306,307],{"id":290,"type":291,"label":292,"file":89,"line":235},{"id":294,"type":295,"label":296,"file":89,"line":229,"wp_function":297},[309],{"from":290,"to":294,"sanitized":300},{"entryPoint":311,"graph":312,"unsanitizedCount":11,"severity":301},"ajax_show_form_mapper (linked-forms.php:544)",{"nodes":313,"edges":318},[314,317],{"id":290,"type":291,"label":315,"file":103,"line":316},"$_GET",545,{"id":294,"type":295,"label":296,"file":103,"line":241,"wp_function":297},[319],{"from":290,"to":294,"sanitized":300},{"entryPoint":321,"graph":322,"unsanitizedCount":11,"severity":301},"\u003Clinked-forms> (linked-forms.php:0)",{"nodes":323,"edges":327},[324,326],{"id":290,"type":291,"label":292,"file":103,"line":325},523,{"id":294,"type":295,"label":296,"file":103,"line":241,"wp_function":297},[328],{"from":290,"to":294,"sanitized":300},{"entryPoint":330,"graph":331,"unsanitizedCount":348,"severity":349},"activedemand_save_add_to_cart (PodMarketingAnalytics.php:892)",{"nodes":332,"edges":345},[333,335,338,341],{"id":290,"type":291,"label":334,"file":113,"line":205},"$_COOKIE['active_demand_cookie_cart'] (x2)",{"id":294,"type":295,"label":336,"file":113,"line":205,"wp_function":337},"get_var() [SQLi]","get_var",{"id":339,"type":291,"label":340,"file":113,"line":205},"n2","$_COOKIE",{"id":342,"type":295,"label":343,"file":113,"line":212,"wp_function":344},"n3","query() [SQLi]","query",[346,347],{"from":290,"to":294,"sanitized":173},{"from":339,"to":342,"sanitized":173},3,"high",{"entryPoint":351,"graph":352,"unsanitizedCount":52,"severity":349},"\u003CPodMarketingAnalytics> (PodMarketingAnalytics.php:0)",{"nodes":353,"edges":367},[354,357,361,362,363,365],{"id":290,"type":291,"label":355,"file":113,"line":356},"$_SERVER",329,{"id":294,"type":295,"label":358,"file":113,"line":359,"wp_function":360},"wp_remote_post() [SSRF]",716,"wp_remote_post",{"id":339,"type":291,"label":334,"file":113,"line":205},{"id":342,"type":295,"label":336,"file":113,"line":205,"wp_function":337},{"id":364,"type":291,"label":340,"file":113,"line":205},"n4",{"id":366,"type":295,"label":343,"file":113,"line":212,"wp_function":344},"n5",[368,369,370],{"from":290,"to":294,"sanitized":173},{"from":339,"to":342,"sanitized":173},{"from":364,"to":366,"sanitized":173},{"entryPoint":372,"graph":373,"unsanitizedCount":25,"severity":349},"\u003Crecover-cart> (recover-cart.php:0)",{"nodes":374,"edges":378},[375,377],{"id":290,"type":291,"label":376,"file":215,"line":216},"$_GET['recover-cart']",{"id":294,"type":295,"label":336,"file":215,"line":216,"wp_function":337},[379],{"from":290,"to":294,"sanitized":173},{"summary":381,"deductions":382},"The pod-marketing-analytics plugin, in version 0.2.17, exhibits significant security concerns primarily due to a lack of proper authentication and authorization checks across its exposed entry points.  A substantial attack surface is presented with all 6 identified entry points (3 AJAX handlers and 3 REST API routes) lacking any authentication or permission checks. This means any unauthenticated user could potentially trigger these functions, leading to unintended actions or information disclosure.\n\nThe static analysis further reveals critical issues in taint analysis, with 3 flows identified as having unsanitized paths and classified as high severity. This indicates a strong potential for injection-type vulnerabilities, such as cross-site scripting (XSS) or path traversal, if user-supplied input is not adequately sanitized before being used in sensitive operations like file operations or SQL queries. The low percentage of properly escaped output (15%) exacerbates this risk, making it more likely for malicious data to be rendered directly in the browser or used insecurely.\n\nDespite the concerning code analysis, the vulnerability history is clean, with no recorded CVEs. This suggests that either the plugin has not been extensively targeted or previous versions may not have contained exploitable flaws of a publicly known nature. However, the absence of past vulnerabilities should not be a cause for complacency, especially given the current security posture indicated by the static analysis. The plugin's strengths lie in the absence of dangerous functions and the presence of nonce checks, which are good security practices, though their effectiveness is undermined by the lack of overarching authorization. Overall, the plugin requires immediate attention to address the unauthenticated entry points and unsanitized data flows to mitigate severe security risks.",[383,385,387,390,393,395,397],{"reason":384,"points":60},"All AJAX handlers without auth checks",{"reason":386,"points":60},"All REST API routes without permission callbacks",{"reason":388,"points":389},"High severity unsanitized taint flows",15,{"reason":391,"points":392},"Low percentage of properly escaped output",8,{"reason":394,"points":41},"SQL queries with low prepared statement usage",{"reason":396,"points":52},"File operations present",{"reason":398,"points":52},"External HTTP requests present","2026-03-17T06:29:23.170Z",{"wat":401,"direct":409},{"assetPaths":402,"generatorPatterns":406,"scriptPaths":407,"versionParams":408},[403,404,405],"\u002Fwp-content\u002Fplugins\u002Fpod-marketing-analytics\u002Fgutenberg-blocks\u002Fdynamic-content-blocks\u002Fblock.build.js","\u002Fwp-content\u002Fplugins\u002Fpod-marketing-analytics\u002Fgutenberg-blocks\u002Fforms\u002Fblock.build.js","\u002Fwp-content\u002Fplugins\u002Fpod-marketing-analytics\u002Fgutenberg-blocks\u002Fstoryboard\u002Fblock.build.js",[],[403,404,405],[],{"cssClasses":410,"htmlComments":411,"htmlAttributes":412,"restEndpoints":416,"jsGlobals":417,"shortcodeOutput":422},[],[],[413,414,415],"data-block-id","data-form-id","data-storyboard-id",[],[418,419,420,421],"activedemand_blocks","activedemand_vendor","activedemand_forms","activedemand_storyboard",[423,424,425],"[pod_block id='","[pod_form id='","[pod_storyboard id='"]