[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRZa4JSRzXd1EBSy7LawE_vmnIjJTZ_bPW9Id-YGFG7k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":141,"fingerprints":312},"pulsemaps","PulseMaps Visitor World Map","1.7.2","aitosoftware","https:\u002F\u002Fprofiles.wordpress.org\u002Faitosoftware\u002F","\u003Cp>The PulseMaps plugin visualizes your site visitors’ locations on the world map.  The plugin includes a map widget which you place on the pages you want to track.  The areas where you get the most visitors are shown with a lighter color.  The most recent visitors are show as flashing dots on the map.  The total number of visits is also shown.\u003C\u002Fp>\n\u003Cp>For a live demo, visit the \u003Ca href=\"http:\u002F\u002Fpulsemaps.com\u002F\" rel=\"nofollow ugc\">PulseMaps website\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Fpulsemaps.com\u002Fmaps\u002F526958181\u002F\" rel=\"nofollow ugc\">detail page for PulseMap website visitors\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Simply drop the widget on your blog’s sidebar. The map widget will work as a form of “social proof” : your visitors see that your blog is being read by people all over the world. This makes your blog instantly more trustworthy–who would trust a blog nobody reads? With this widget, you show readers that your site DOES get visitors. As an added bonus, the map just looks pretty dang cool!\u003C\u002Fp>\n\u003Cp>Click on the widget to get to a detail page sporting a huge map which can be freely zoomed and panned, along with other interesting details and statistics.\u003C\u002Fp>\n\u003Cp>The widget size and colors are fully customizable; you can choose any colors and size you wish on the admin panel.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Map widget shows visitors in real time\u003C\u002Fli>\n\u003Cli>Customizable map widget size and colors\u003C\u002Fli>\n\u003Cli>Click on map to open a large map with more details and statistics\u003C\u002Fli>\n\u003Cli>Works on all popular browsers\u003C\u002Fli>\n\u003Cli>Lightweight plugin (does not need a lot of disk space)\u003C\u002Fli>\n\u003C\u002Ful>\n","Show off your website visitors on the world map. When people around the world visit your blog, the corresponding areas on the heat map widget light up …",90,42047,56,4,"2015-02-02T17:05:00.000Z","3.5.2","3.0","",[20,21,22,23,24],"heat-map","traffic-counter","traffic-widget","visitor-map","world-map","http:\u002F\u002Fpulsemaps.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpulsemaps.1.7.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T15:54:23.414Z",[38,56,72,97,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":28,"num_ratings":28,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":54,"download_link":55,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"traffic-counter-widget","Plugin Name: Traffic Counter Widget Plugin","2.1.2","aviaxis","https:\u002F\u002Fprofiles.wordpress.org\u002Faviaxis\u002F","\u003Cp>TCW shows the number of visitors \u002F hits \u002F unique IPs in the past 24 hours, 7 days and 30 days. It also shows the number of users currently online.\u003C\u002Fp>\n\u003Cp>It provides a robots filter, but the automatic traffic could also be considered.\u003C\u002Fp>\n\u003Cp>Traffic Counter Widget offers language support and automatic log deletion.\u003C\u002Fp>\n\u003Cp>For help or reporting bugs please refer to: http:\u002F\u002Fwww.pixme.org\u002Ftehnologie-internet\u002Fwordpress-traffic-counter-widget\u002F4228\u003C\u002Fp>\n\u003Ch3>Other\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You may use the code any way you wish, with respect to the WordPress general licensing rules. However I do not guaratee anythig, of course 🙂 \u003C\u002Fli>\n\u003Cli>Please do not remove the link to the plugin’s page unless you donate. Help me keep it free.\u003C\u002Fli>\n\u003Cli>If you enjoy it, and find it useful please donete 2 Euro here: http:\u002F\u002Fwww.pixme.org\u002Fwp-content\u002Fuploads\u002Fwidget-traffic-counter\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","TCW lets your users know how much traffic you have on your blog. It counts pages visited, hits and unique IPs on your blog and shows it in a widget.",700,75359,"2017-11-28T21:17:00.000Z","3.2.1","2.8.0",[21,22,52,53],"user-traffic","visitors-counter","http:\u002F\u002Fwww.pixme.org\u002Fwp-content\u002Fuploads\u002Fwidget-traffic-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftraffic-counter-widget.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":46,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":50,"requires_php":18,"tags":69,"homepage":18,"download_link":71,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"traffic-stats-widget","Plugin Name: Traffic Stats Widget Plugin","1.0.2","helenthomaswp","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelenthomaswp\u002F","\u003Cp>TSW shows the number of visitors \u002F hits \u002F unique IPs in the past 24 hours, 7 days and 30 days. It also shows the number of users currently online.\u003C\u002Fp>\n\u003Cp>It provides a robots filter, but the automatic traffic could also be considered.\u003C\u002Fp>\n\u003Cp>Traffic Stats Widget offers language support and automatic log deletion.\u003C\u002Fp>\n","TSW lets your users know how much traffic you have on your blog. It counts pages visited, hits and unique IPs on your blog and shows it in a widget.",50303,88,7,"2017-11-28T20:05:00.000Z","4.0.38",[70,21,22,52,53],"hit-counter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftraffic-stats-widget.1.0.2.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":11,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":92,"download_link":93,"security_score":94,"vuln_count":95,"unpatched_count":28,"last_vuln_date":96,"fetched_at":30},"interactive-geo-maps","MapGeo – Interactive Geo Maps","1.6.28","MapGeo","https:\u002F\u002Fprofiles.wordpress.org\u002Finteractivegeomaps\u002F","\u003Cp>Create interactive maps with regions and coloured markers. You can display the world map, continent maps and single country maps.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Ffeatures\" rel=\"nofollow ugc\">Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdemo.tastewp.com\u002Finteractive-geo-maps\" rel=\"nofollow ugc\">Admin Demo\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Fmaps\u002F\" rel=\"nofollow ugc\">Maps\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>More than 250 vector maps available\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>World map (with and without Antarctica)\u003C\u002Fli>\n\u003Cli>World map divided by continents (different variations)\u003C\u002Fli>\n\u003Cli>Maps of continents and regions (Africa, Asia, Caribbean, Central America, Europe, Latin America, Middle East, North America, Oceania, South America )\u003C\u002Fli>\n\u003Cli>US States divided by counties (California, Texas, Florida, New York and all the others)\u003C\u002Fli>\n\u003Cli>Mexico county maps\u003C\u002Fli>\n\u003Cli>Canada county maps\u003C\u002Fli>\n\u003Cli>Most countries in the world, including United States of America (USA), Germany, France, United Kingdom (UK), Netherlands, Spain, Australia, Italy, Poland, South Africa, Brazil, India, Japan and many others.\u003C\u002Fli>\n\u003Cli>Some countries with different map variations like France, divided by regions or departments, Portugal divided by districts or municipalities, among others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Create your first interactive map in minutes! Use it to display your visited countries map, travel map, office locations, projects map, representatives map, statistics map, data visualization map or any other thing!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Fmaps\u002F\" rel=\"nofollow ugc\">Browse Full List of Maps\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create as many maps as you want\u003C\u002Fli>\n\u003Cli>Responsive and cross-device\u003C\u002Fli>\n\u003Cli>Color countries\u003C\u002Fli>\n\u003Cli>Add round coloured markers\u003C\u002Fli>\n\u003Cli>Set hover color change\u003C\u002Fli>\n\u003Cli>Set click actions, like open a new window\u003C\u002Fli>\n\u003Cli>Choose from different map projections (Mercator, Miller, NaturalEarth1, among others)\u003C\u002Fli>\n\u003Cli>Select which regions to display in a map\u003C\u002Fli>\n\u003Cli>Exclude specific regions from a map\u003C\u002Fli>\n\u003Cli>Display HTML tooltips on hover\u003C\u002Fli>\n\u003Cli>Zoom controls and Pan\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro only Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Colour regions and markers individually\u003C\u002Fli>\n\u003Cli>Change initial zoom and center\u003C\u002Fli>\n\u003Cli>Cluster markers\u003C\u002Fli>\n\u003Cli>Add Legend\u003C\u002Fli>\n\u003Cli>Custom images as markers\u003C\u002Fli>\n\u003Cli>Vector icons as markers\u003C\u002Fli>\n\u003Cli>Text Labels\u003C\u002Fli>\n\u003Cli>Display content on click outside the map\u003C\u002Fli>\n\u003Cli>Display content in a lightbox\u003C\u002Fli>\n\u003Cli>Group regions\u003C\u002Fli>\n\u003Cli>Create heatmaps (choropleth maps)\u003C\u002Fli>\n\u003Cli>Add lines connecting markers\u003C\u002Fli>\n\u003Cli>Overlay different maps (have US states map on world map for example)\u003C\u002Fli>\n\u003Cli>Populate map automatically from existing categories or Tags\u003C\u002Fli>\n\u003Cli>Advanced zoom options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Ffeatures\u002F\" rel=\"nofollow ugc\">Features Examples\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The plugin generates interactive, responsive, touch-enabled SVG maps which are embedded directly into your HTML5 pages and compatible with all modern browsers and devices.\u003C\u002Fp>\n\u003Ch4>Privacy Information & External Services\u003C\u002Fh4>\n\u003Cp>This plugin will build the maps using the \u003Ca href=\"https:\u002F\u002Fwww.amcharts.com\u002Fjavascript-charts\u002F\" rel=\"nofollow ugc\">amcharts visualization library\u003C\u002Fa> which provides hundreds of different maps. The plugin loads some files from their CDN to build the map and display it on your page. You won’t need to have a amcharts account for the maps to work. More information about their \u003Ca href=\"https:\u002F\u002Fwww.amcharts.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">amcharts Privacy Policy\u003C\u002Fa>.\u003Cbr \u002F>\nWhen you first install the plugin, you can choose to \u003Ca href=\"https:\u002F\u002Finteractivegeomaps.com\u002Fdocs\u002Fopt-in-to-non-sensitive-diagnostic-tracking\u002F\" rel=\"nofollow ugc\">opt-in to share non-sensitive data with Freemius\u003C\u002Fa>, a framework we use to collect data about your WordPress installation that will help us improve the plugin. This is optional and the plugin will still work if you don’t opt-in. It will not collect any data from your visitors.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amcharts.com\u002F\" rel=\"nofollow ugc\">amcharts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fgithub.com\u002Fsummerstyle\u002FjsonTreeViewer\" rel=\"nofollow ugc\">jsonTree\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fkraaden.github.io\u002Fautocomplete\u002F\" rel=\"nofollow ugc\">autocomplete\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fundraw.co\u002F\" rel=\"nofollow ugc\">unDraw\u003C\u002Fa> – Banner Illustrations\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fcodestarframework.com\u002F\" rel=\"nofollow ugc\">Codestar Framework\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjohnbillion\u002Fextended-cpts\" rel=\"nofollow ugc\">Extended CPTs\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Create interactive vector maps of the world, continents, any country in the world and specific regions, including individual US state county maps.",40000,692370,63,"2026-03-11T22:08:00.000Z","6.9.4","5.0","7.0",[88,89,90,91,24],"interactive-map","map","travel-map","us-map","https:\u002F\u002Finteractivegeomaps.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finteractive-geo-maps.1.6.28.zip",97,3,"2025-04-09 00:00:00",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":18,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":116,"download_link":117,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"mechanic-visitor-counter","Mechanic Visitor Counter","3.3.3","Aditya Subawa","https:\u002F\u002Fprofiles.wordpress.org\u002Fadityasubawa\u002F","Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include …",8000,222754,72,15,"2021-01-02T07:20:00.000Z","5.5.18","4.5.3",[112,21,113,114,115],"blog-stats","traffic-statistics","visitor-counter","visitor-traffic","https:\u002F\u002Fwww.adityasubawa.com\u002Fmechanic-visitor-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmechanic-visitor-counter.zip",{"slug":119,"name":120,"version":121,"author":120,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":138,"download_link":139,"security_score":140,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"crazyegg-heatmap-tracking","Crazy Egg","2.12","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrazyegg\u002F","\u003Cp>Crazy Egg is a free plugin that allows you to painlessly add Crazy Egg’s tracking script to your WordPress site. The tracking script lets Crazy Egg track your visitors.\u003Cbr \u002F>\nThe plugin relies on a 3rd party as a service (www.crazyegg.com) in order to track visitor clicks and mouse movements. Please visit www.crazyegg.com\u002Fterms and www.crazyegg.com\u002Fprivacy to find out more about our policies.\u003C\u002Fp>\n","The easiest, free way to add your Crazy Egg tracking script to your WordPress site. The official Crazy Egg Plugin for WordPress.",7000,260860,76,5,"2024-11-08T16:58:00.000Z","6.7.5","2.0.2",[133,134,135,136,137],"analytics","click","crazy-egg","crazyegg","heat-maps","http:\u002F\u002Fwww.crazyegg.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrazyegg-heatmap-tracking.2.12.zip",92,{"attackSurface":142,"codeSignals":197,"taintFlows":262,"riskAssessment":295,"analyzedAt":311},{"hooks":143,"ajaxHandlers":182,"restRoutes":188,"shortcodes":189,"cronEvents":193,"entryPointCount":196,"unprotectedCount":33},[144,150,154,159,164,168,172,178],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_menu","pulsemaps_admin_add_page","pm-settings-page.php",49,{"type":145,"name":151,"callback":152,"file":148,"line":153},"admin_init","pulsemaps_admin_init",146,{"type":145,"name":155,"callback":156,"file":157,"line":158},"widgets_init","anonymous","pm-widget.php",96,{"type":145,"name":160,"callback":161,"file":162,"line":163},"plugins_loaded","pulsemaps_upgrade_check","pulsemaps.php",87,{"type":145,"name":165,"callback":166,"file":162,"line":167},"pulsemaps_daily","pulsemaps_refresh",170,{"type":145,"name":169,"callback":170,"file":162,"line":171},"admin_notices","pulsemaps_activate_notice",201,{"type":173,"name":174,"callback":175,"priority":176,"file":162,"line":177},"filter","plugin_action_links","pulsemaps_plugin_actions",10,213,{"type":145,"name":179,"callback":180,"file":162,"line":181},"wp_head","pulsemaps_async_tracker",232,[183],{"action":184,"nopriv":185,"callback":184,"hasNonce":185,"hasCapCheck":185,"file":186,"line":187},"pulsemaps_register",false,"pm-register.php",23,[],[190],{"tag":4,"callback":191,"file":162,"line":192},"pulsemaps_bigmap",266,[194],{"hook":165,"callback":165,"file":162,"line":195},133,2,{"dangerousFunctions":198,"sqlUsage":202,"outputEscaping":204,"fileOperations":33,"externalRequests":33,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":261},[199],{"fn":200,"file":157,"line":158,"context":201},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"PulseMapsWidget\");'));",{"prepared":28,"raw":28,"locations":203},[],{"escaped":33,"rawEcho":34,"locations":205},[206,210,212,213,215,217,219,220,221,223,225,227,229,231,233,235,237,239,241,243,244,246,248,250,252,253,255,256,257,259],{"file":207,"line":208,"context":209},"pm-proxy.php",24,"raw output",{"file":186,"line":211,"context":209},54,{"file":148,"line":187,"context":209},{"file":148,"line":214,"context":209},34,{"file":148,"line":216,"context":209},36,{"file":148,"line":218,"context":209},81,{"file":148,"line":65,"context":209},{"file":148,"line":158,"context":209},{"file":148,"line":222,"context":209},113,{"file":148,"line":224,"context":209},114,{"file":148,"line":226,"context":209},115,{"file":148,"line":228,"context":209},116,{"file":148,"line":230,"context":209},117,{"file":148,"line":232,"context":209},186,{"file":148,"line":234,"context":209},242,{"file":148,"line":236,"context":209},243,{"file":148,"line":238,"context":209},275,{"file":148,"line":240,"context":209},276,{"file":157,"line":242,"context":209},31,{"file":157,"line":214,"context":209},{"file":157,"line":245,"context":209},67,{"file":157,"line":247,"context":209},68,{"file":157,"line":249,"context":209},74,{"file":157,"line":251,"context":209},75,{"file":157,"line":65,"context":209},{"file":157,"line":254,"context":209},89,{"file":157,"line":254,"context":209},{"file":157,"line":254,"context":209},{"file":162,"line":258,"context":209},197,{"file":162,"line":260,"context":209},224,[],[263],{"entryPoint":264,"graph":265,"unsanitizedCount":196,"severity":294},"\u003Cpm-proxy> (pm-proxy.php:0)",{"nodes":266,"edges":290},[267,271,276,280,284],{"id":268,"type":269,"label":270,"file":207,"line":187},"n0","source","$_POST",{"id":272,"type":273,"label":274,"file":207,"line":208,"wp_function":275},"n1","sink","echo() [XSS]","echo",{"id":277,"type":269,"label":278,"file":207,"line":279},"n2","$_POST['path']",22,{"id":281,"type":282,"label":283,"file":207,"line":279},"n3","transform","→ pulsemaps_post_request()",{"id":285,"type":273,"label":286,"file":287,"line":288,"wp_function":289},"n4","fopen() [File Access]","pm-util.php",29,"fopen",[291,292,293],{"from":268,"to":272,"sanitized":185},{"from":277,"to":281,"sanitized":185},{"from":281,"to":285,"sanitized":185},"medium",{"summary":296,"deductions":297},"The \"pulsemaps\" plugin version 1.7.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding database interactions, with 100% of SQL queries using prepared statements, and it has no recorded vulnerability history, suggesting a relatively stable and secure past. The absence of bundled libraries also removes a potential vector for outdated and vulnerable third-party code.\n\nHowever, significant concerns arise from the static analysis. The plugin possesses an unprotected AJAX handler, which represents a direct entry point for potential attackers without any authorization checks. Furthermore, the code signals a dangerous function usage with `create_function`, and a concerningly low rate of output escaping (only 3% properly escaped) indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while showing no critical or high severity flows, did identify a flow with unsanitized paths, which could be a precursor to more severe issues if exploited in conjunction with other weaknesses.\n\nOverall, while the lack of historical vulnerabilities is a positive indicator, the presence of an unprotected AJAX endpoint, the use of a dangerous function, and the poor output escaping are critical weaknesses that significantly elevate the risk profile of this plugin. These issues demand immediate attention and remediation.",[298,300,302,305,307,309],{"reason":299,"points":176},"Unprotected AJAX handler",{"reason":301,"points":128},"Dangerous function create_function used",{"reason":303,"points":304},"Low percentage of properly escaped output",8,{"reason":306,"points":128},"No nonce checks on entry points",{"reason":308,"points":128},"No capability checks on entry points",{"reason":310,"points":128},"Flow with unsanitized paths found","2026-03-16T21:17:59.714Z",{"wat":313,"direct":325},{"assetPaths":314,"generatorPatterns":318,"scriptPaths":319,"versionParams":322},[315,316,317],"\u002Fwp-content\u002Fplugins\u002Fpulsemaps\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fpulsemaps\u002Fcss\u002Fwidget.css","\u002Fwp-content\u002Fplugins\u002Fpulsemaps\u002Fjs\u002Fpulsemaps.js",[],[320,321],"http:\u002F\u002Fpulsemaps.com\u002Ftracker.js?id=","http:\u002F\u002Fpulsemaps.com\u002Fmap.js?id=",[323,324],"pulsemaps\u002Fstyle.css?ver=","pulsemaps\u002Fpulsemaps.js?ver=",{"cssClasses":326,"htmlComments":328,"htmlAttributes":329,"restEndpoints":331,"jsGlobals":332,"shortcodeOutput":334},[327],"pulsemaps-map-container",[],[330],"id=\"pulsemaps_map\"",[],[333],"pulsemaps_url",[335,336],"\u003Cdiv id=\"pulsemaps_map\"","Website visitor map by PulseMaps.com\u003C\u002Fa>"]