[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fE49rWp4e3aThF2usMB6gHlu_VgXtdUc1NTySJWlv4Ik":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":131,"fingerprints":177},"reachlocal-convertcontacts","ConvertContacts","1.4.0","REWordPressPlugin","https:\u002F\u002Fprofiles.wordpress.org\u002Frewordpressplugin\u002F","\u003Cp>ConvertContacts provides a simple WordPress plugin, enabling you to capture leads, understand your sources of leads, respond to and manage those leads.  The ConvertContacts WordPress extension adds the tracking software on all the pages of your website.\u003C\u002Fp>\n\u003Cp>About ConvertContacts\u003C\u002Fp>\n\u003Cp>ConvertContacts is your secret weapon to help you finally know which of your marketing sources get you customers. Plus, it helps you turn more of your leads into customers with automated reminders and emails, giving you the edge on your competition.\u003C\u002Fp>\n\u003Ch3>API Interaction provided by capture_configs js from the CDN\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The capture_configs js loads the customer’s configuration data from ConvertContacts\u003C\u002Fli>\n\u003Cli>Sends analytics data back to ConvertContacts for performance metrics.\u003C\u002Fli>\n\u003Cli>Sends visit & referrer attribution back to ConvertContacts for analytics\u003C\u002Fli>\n\u003Cli>Sends visit, email, and form post data back to ConvertContacts to provide lead management.\u003C\u002Fli>\n\u003Cli>Email links are replaced with contact forms and the form data and sending of email is offloaded to ConvertContacts’s servers.\u003C\u002Fli>\n\u003C\u002Fol>\n","ConvertContacts offers lead & call tracking, lead notifications & nurturing, ROI reports, analytics & insights, and mobile app & alerts.",20,1801,0,"2021-03-30T00:18:00.000Z","5.7.0","2.7","",[19,20,21,22,23],"call-tracking","convertcontacts","form-capture","form-tracking","lead-conversion","https:\u002F\u002Fgithub.com\u002Freachlocal\u002Fconvert_contacts_wordpress_plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freachlocal-convertcontacts.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"rewordpressplugin",2,2020,89,30,86,"2026-04-04T16:15:51.304Z",[39,52,69,89,111],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":13,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":49,"requires_at_least":16,"requires_php":17,"tags":50,"homepage":17,"download_link":51,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"chartlocal","Chartlocal","1.0.0","chartlocalweb","https:\u002F\u002Fprofiles.wordpress.org\u002Fchartlocalweb\u002F","\u003Cp>Chartlocal provides a simple WordPress plugin, enabling you to capture leads, understand your sources of leads, respond to and manage those leads.  The Chartlocal WordPress extension adds the tracking software on all the pages of your website.\u003C\u002Fp>\n\u003Cp>About Chartlocal\u003C\u002Fp>\n\u003Cp>Chartlocal is your secret weapon to help you finally know which of your marketing sources get you customers. Plus, it helps you turn more of your leads into customers with automated reminders and emails, giving you the edge on your competition.\u003C\u002Fp>\n\u003Ch3>API Interaction provided by capture_configs js from the ReachLocal (rlets.com) CDN\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The capture_configs js loads the customer’s configuration data from ReachLocal\u003C\u002Fli>\n\u003Cli>Sends analytics data back to ReachLocal for performance metrics.\u003C\u002Fli>\n\u003Cli>Sends visit & referrer attribution back to ReachLocal for analytics\u003C\u002Fli>\n\u003Cli>Sends visit, email, and form post data back to ReachLocal to provide lead management.\u003C\u002Fli>\n\u003Cli>Email links are replaced with contact forms and the form data and sending of email is offloaded to ReachLocal’s servers.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.reachlocal.com\" rel=\"nofollow ugc\">ReachLocal Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.reachlocal.com\u002Fus\u002Fen\u002Flegal\u002Fterms-and-conditions\u002Ftracking-service-product-terms-0\" rel=\"nofollow ugc\">ReachLocal Terms & Conditions\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.reachlocal.com\u002Fus\u002Fen\u002Flegal\u002Fprivacy-policy\" rel=\"nofollow ugc\">ReachLocal Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Chartlocal offers lead & call tracking, lead notifications & nurturing, ROI reports, analytics & insights, and mobile app & alerts.",986,"2019-09-11T19:40:00.000Z","5.0.25",[19,40,21,22,23],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchartlocal.zip",{"slug":53,"name":54,"version":55,"author":7,"author_profile":8,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":32,"last_updated":61,"tested_up_to":62,"requires_at_least":16,"requires_php":17,"tags":63,"homepage":66,"download_link":67,"security_score":68,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"reachedge","LocaliQ – Tracking Code","1.9.1","\u003Cp>The LocaliQ WordPress plugin adds the tracking code to the WordPress site.  This plugin adds the required javascript code on all pages in order to track analytics and enable other features for the \u003Ca href=\"https:\u002F\u002Flocaliq.com\" rel=\"nofollow ugc\">LocaliQ\u003C\u002Fa> products and other digital marketing solutions.\u003C\u002Fp>\n\u003Cp>The required javascript is loaded from a CDN at cdn.rlets.com\u002Fcapture_static\u002Fmms\u002Fmms.js. This file is under continuing development to provide the best performance and stability across all browser and OS combinations.\u003C\u002Fp>\n\u003Cp>As new features and functionality are added to LocaliQ Tracking, those updates will be rolled out through the mms.js file, and no updates of this plugin will be required.\u003C\u002Fp>\n\u003Cp>For more information, visit https:\u002F\u002Flocaliq.com.\u003C\u002Fp>\n\u003Ch3>API Interaction provided by capture_configs js from the CDN\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The capture_configs js loads the customer’s configuration data from LocaliQ\u003C\u002Fli>\n\u003Cli>Sends analytics data back to LocaliQ for performance metrics.\u003C\u002Fli>\n\u003Cli>Sends visit & referrer attribution back to LocaliQ for analytics\u003C\u002Fli>\n\u003Cli>Sends visit, email, and form post data back to LocaliQ to provide lead management.\u003C\u002Fli>\n\u003Cli>Email links are replaced with contact forms and the form data and sending of email is offloaded to LocaliQ’s servers.\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds LocaliQ's tracking code on all pages.",2000,27704,60,"2024-05-20T17:09:00.000Z","6.4.8",[19,64,22,23,65],"email-tracking","localiq","https:\u002F\u002Fgithub.com\u002Freachlocal\u002Flocaliq-wordpress-4x-tracking-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freachedge.1.9.1.zip",92,{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":17,"tags":84,"homepage":87,"download_link":88,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"whatconverts","WhatConverts","1.0.7","whatconverts call tracking and reporting","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhatconverts\u002F","\u003Cp>This plugin adds the required tracking code for WhatConverts.\u003C\u002Fp>\n\u003Cp>For more information visit, \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>WhatConverts plugin uses s.ksrndkehqnwntyxlhgto.com as the path to deliver the script.  The script is included on your site to allow WhatConverts to capture leads from your website.  s.ksrndkehqnwntyxlhgto.com is owned and operated by \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.  For more information visit our \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> for more information on WhatConverts.\u003C\u002Fp>\n","Enables WhatConverts on all pages.",7000,31411,100,3,"2025-12-01T13:06:00.000Z","6.9.4","3.0",[85,19,22,86,70],"analytics-call-tracking","goal-tracking","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwhatconverts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhatconverts.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":97,"downloaded":98,"rating":99,"num_ratings":100,"last_updated":101,"tested_up_to":82,"requires_at_least":83,"requires_php":17,"tags":102,"homepage":107,"download_link":108,"security_score":109,"vuln_count":32,"unpatched_count":13,"last_vuln_date":110,"fetched_at":28},"callrail-phone-call-tracking","CallRail Phone Call Tracking","0.5.3","CallRail","https:\u002F\u002Fprofiles.wordpress.org\u002Fcallrail\u002F","\u003Cp>CallRail is here to bring complete visibility to the marketers who rely on quality inbound leads to measure success. Our customers live in a results-driven world, and giving them a clear view into their digital marketing efforts is a first priority for CallRail. We see the opportunities in surfacing and connecting data from calls, forms, chat and beyond — helping our customers get to better outcomes.\u003C\u002Fp>\n\u003Cp>Our WordPress plugin allows you to learn detailed information about the source and web session of every caller from your website using a process called \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002Fleads\u002Fdynamic-number-insertion-2\u002F\" rel=\"nofollow ugc\">Dynamic Number Insertion\u003C\u002Fa>. It also powers our form tracking tool, which gives you the power to attribute form submissions back to their source and learn about what the user did on your site before submitting the form.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Learn more about \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002F\" rel=\"nofollow ugc\">CallRail\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out our WP plugin \u003Ca href=\"https:\u002F\u002Fsupport.callrail.com\u002Fhc\u002Fen-us\u002Farticles\u002F201011537\" rel=\"nofollow ugc\">support documentation.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.",10000,358191,74,6,"2026-02-11T19:30:00.000Z",[103,104,19,105,106],"adwords","analytics","conversion-tracking","seo","http:\u002F\u002Fwww.callrail.com\u002Fdocs\u002Fweb-integration\u002Fwordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallrail-phone-call-tracking.0.5.3.zip",99,"2023-10-24 00:00:00",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":99,"num_ratings":80,"last_updated":121,"tested_up_to":82,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":129,"download_link":130,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"call-tracking-metrics","CallTrackingMetrics","2.1.8","taf2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaf2\u002F","\u003Cp>CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.\u003C\u002Fp>\n","CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.",3000,125043,"2026-02-16T14:22:00.000Z","6.5","8.2",[125,19,126,127,128],"advertising","conversation-analytics","google-ads","marketing-attribution","https:\u002F\u002Fcalltrackingmetrics.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-tracking-metrics.2.1.8.zip",{"attackSurface":132,"codeSignals":159,"taintFlows":170,"riskAssessment":171,"analyzedAt":176},{"hooks":133,"ajaxHandlers":155,"restRoutes":156,"shortcodes":157,"cronEvents":158,"entryPointCount":13,"unprotectedCount":13},[134,139,143,150],{"type":135,"name":136,"callback":137,"file":138,"line":80},"action","admin_menu","convertcontacts_add_admin_menu","convertcontacts-tracking-plugin-settings.php",{"type":135,"name":140,"callback":141,"file":138,"line":142},"admin_init","convertcontacts_settings_init",4,{"type":144,"name":145,"callback":146,"priority":147,"file":148,"line":149},"filter","clean_url","convertcontacts_async_scripts",11,"convertcontacts-tracking-plugin.php",32,{"type":135,"name":151,"callback":152,"priority":153,"file":148,"line":154},"wp_enqueue_scripts","convertcontacts_tracking_plugin",5,44,[],[],[],[],{"dangerousFunctions":160,"sqlUsage":161,"outputEscaping":163,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":169},[],{"prepared":13,"raw":13,"locations":162},[],{"escaped":13,"rawEcho":164,"locations":165},1,[166],{"file":138,"line":167,"context":168},43,"raw output",[],[],{"summary":172,"deductions":173},"The static analysis of reachlocal-convertcontacts v1.4.0 indicates a generally strong security posture with no identified dangerous functions, SQL injection vulnerabilities, or file operation risks. The complete absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events is a significant strength, as it minimizes the plugin's attack surface.  Furthermore, all SQL queries are utilizing prepared statements, which is a critical best practice for preventing SQL injection. The lack of vulnerability history also suggests a history of good security practices by the developers.\n\nHowever, a significant concern is the 100% of output not being properly escaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is displayed on the frontend without proper sanitization. The absence of capability checks and nonce checks on potential, though currently non-existent, entry points also represents a missed opportunity for robust security implementation. While the current attack surface is zero, future development that introduces new entry points without these checks would immediately create vulnerabilities.\n\nIn conclusion, the plugin currently presents a low-risk profile due to its minimal attack surface and secure handling of database interactions. The primary weakness lies in its output escaping, which should be addressed proactively. The clean vulnerability history is a positive indicator, but the unescaped output warrants attention to prevent potential XSS issues.",[174],{"reason":175,"points":153},"Output not properly escaped","2026-03-16T23:08:38.170Z",{"wat":178,"direct":185},{"assetPaths":179,"generatorPatterns":181,"scriptPaths":182,"versionParams":184},[180],"\u002Fwp-content\u002Fplugins\u002Freachlocal-convertcontacts\u002Fconvertcontacts-tracking-plugin.php",[],[183],"\u002F\u002Fcdn.rlets.com\u002Fcapture_configs\u002F",[],{"cssClasses":186,"htmlComments":187,"htmlAttributes":188,"restEndpoints":189,"jsGlobals":190,"shortcodeOutput":191},[],[],[],[],[146],[]]