[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpjpxwJRntB5G7it9Hgaxg35sbTJH8s18jLQiBsPxtBQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":140,"fingerprints":218},"responsetappr","ResponseTap WP","1.1.3","garethmorgans","https:\u002F\u002Fprofiles.wordpress.org\u002Fgarethmorgans\u002F","\u003Cp>This plugin is a ResponseTap WordPress integration to aid with call tracking.\u003C\u002Fp>\n\u003Cp>ResponseTap is a call intelligence platform that provides real-time, actionable data related to inbound phone calls. Insights provided through ResponseTap are integral to analysing the success of marketing channels and lead generation activities.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Get your website ID from the ResponseTap dashboard and input it to our settings page.\u003C\u002Fp>\n\u003Cp>The settings page for this plugin can be found in the admin section of WordPress under \u003Ccode>Settings > ResponseTap WP\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Use shortcodes in replacement of phone numbers in your code.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[responsetap_wp responsetap_number=\"12345\" number=\"+44 (1163) 400442\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The shortcode will be replaced with the following markup when published:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"tel:+44123456\">\n    \u003Cspan class=\"rTapNumber12345\">\n        +44123456\n    \u003C\u002Fspan>\n\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If ResponseTap returns an error, it will the plugin will use the fallback entered. See below:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"tel:+441163400442\">\n    \u003Cspan class=\"rTapNumber12345\">\n        +44 (1163) 400442\n    \u003C\u002Fspan>\n\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","A ResponseTap integration for Wordpress.",0,1107,100,1,"","5.2.24","2.9","7.0.0",[20,21,22,23,24],"call","call-tracking","herdl","responsetap","tracking","https:\u002F\u002Fgithub.com\u002Fherdl\u002Fresponsetappr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresponsetappr.zip",null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":32,"trust_score":34,"computed_at":35},3,30,95,91,"2026-04-05T02:02:41.616Z",[37,63,80,100,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":15,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":11,"last_vuln_date":61,"fetched_at":62},"callrail-phone-call-tracking","CallRail Phone Call Tracking","0.5.3","CallRail","https:\u002F\u002Fprofiles.wordpress.org\u002Fcallrail\u002F","\u003Cp>CallRail is here to bring complete visibility to the marketers who rely on quality inbound leads to measure success. Our customers live in a results-driven world, and giving them a clear view into their digital marketing efforts is a first priority for CallRail. We see the opportunities in surfacing and connecting data from calls, forms, chat and beyond — helping our customers get to better outcomes.\u003C\u002Fp>\n\u003Cp>Our WordPress plugin allows you to learn detailed information about the source and web session of every caller from your website using a process called \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002Fleads\u002Fdynamic-number-insertion-2\u002F\" rel=\"nofollow ugc\">Dynamic Number Insertion\u003C\u002Fa>. It also powers our form tracking tool, which gives you the power to attribute form submissions back to their source and learn about what the user did on your site before submitting the form.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Learn more about \u003Ca href=\"https:\u002F\u002Fwww.callrail.com\u002F\" rel=\"nofollow ugc\">CallRail\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Check out our WP plugin \u003Ca href=\"https:\u002F\u002Fsupport.callrail.com\u002Fhc\u002Fen-us\u002Farticles\u002F201011537\" rel=\"nofollow ugc\">support documentation.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Dynamically swap CallRail tracking phone numbers based on the visitor's referring source.",10000,358191,74,6,"2026-02-11T19:30:00.000Z","6.9.4","3.0",[53,54,21,55,56],"adwords","analytics","conversion-tracking","seo","http:\u002F\u002Fwww.callrail.com\u002Fdocs\u002Fweb-integration\u002Fwordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcallrail-phone-call-tracking.0.5.3.zip",99,2,"2023-10-24 00:00:00","2026-03-15T15:16:48.613Z",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":13,"num_ratings":31,"last_updated":73,"tested_up_to":50,"requires_at_least":51,"requires_php":15,"tags":74,"homepage":78,"download_link":79,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":62},"whatconverts","WhatConverts","1.0.7","whatconverts call tracking and reporting","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhatconverts\u002F","\u003Cp>This plugin adds the required tracking code for WhatConverts.\u003C\u002Fp>\n\u003Cp>For more information visit, \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>WhatConverts plugin uses s.ksrndkehqnwntyxlhgto.com as the path to deliver the script.  The script is included on your site to allow WhatConverts to capture leads from your website.  s.ksrndkehqnwntyxlhgto.com is owned and operated by \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002F\" rel=\"nofollow ugc\">WhatConverts\u003C\u002Fa>.  For more information visit our \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fterms-of-use\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.whatconverts.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa> for more information on WhatConverts.\u003C\u002Fp>\n","Enables WhatConverts on all pages.",7000,31411,"2025-12-01T13:06:00.000Z",[75,21,76,77,64],"analytics-call-tracking","form-tracking","goal-tracking","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwhatconverts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhatconverts.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":47,"num_ratings":31,"last_updated":90,"tested_up_to":50,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":98,"download_link":99,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":62},"call-tracking-metrics","CallTrackingMetrics","2.1.8","taf2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaf2\u002F","\u003Cp>CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.\u003C\u002Fp>\n","CallTrackingMetrics integrates with your WordPress site to provide powerful call tracking and attribution.",3000,125043,"2026-02-16T14:22:00.000Z","6.5","8.2",[94,21,95,96,97],"advertising","conversation-analytics","google-ads","marketing-attribution","https:\u002F\u002Fcalltrackingmetrics.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcall-tracking-metrics.2.1.8.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":60,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":15,"tags":114,"homepage":118,"download_link":119,"security_score":120,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":62},"reachedge","LocaliQ – Tracking Code","1.9.1","REWordPressPlugin","https:\u002F\u002Fprofiles.wordpress.org\u002Frewordpressplugin\u002F","\u003Cp>The LocaliQ WordPress plugin adds the tracking code to the WordPress site.  This plugin adds the required javascript code on all pages in order to track analytics and enable other features for the \u003Ca href=\"https:\u002F\u002Flocaliq.com\" rel=\"nofollow ugc\">LocaliQ\u003C\u002Fa> products and other digital marketing solutions.\u003C\u002Fp>\n\u003Cp>The required javascript is loaded from a CDN at cdn.rlets.com\u002Fcapture_static\u002Fmms\u002Fmms.js. This file is under continuing development to provide the best performance and stability across all browser and OS combinations.\u003C\u002Fp>\n\u003Cp>As new features and functionality are added to LocaliQ Tracking, those updates will be rolled out through the mms.js file, and no updates of this plugin will be required.\u003C\u002Fp>\n\u003Cp>For more information, visit https:\u002F\u002Flocaliq.com.\u003C\u002Fp>\n\u003Ch3>API Interaction provided by capture_configs js from the CDN\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The capture_configs js loads the customer’s configuration data from LocaliQ\u003C\u002Fli>\n\u003Cli>Sends analytics data back to LocaliQ for performance metrics.\u003C\u002Fli>\n\u003Cli>Sends visit & referrer attribution back to LocaliQ for analytics\u003C\u002Fli>\n\u003Cli>Sends visit, email, and form post data back to LocaliQ to provide lead management.\u003C\u002Fli>\n\u003Cli>Email links are replaced with contact forms and the form data and sending of email is offloaded to LocaliQ’s servers.\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds LocaliQ's tracking code on all pages.",2000,27704,60,"2024-05-20T17:09:00.000Z","6.4.8","2.7",[21,115,76,116,117],"email-tracking","lead-conversion","localiq","https:\u002F\u002Fgithub.com\u002Freachlocal\u002Flocaliq-wordpress-4x-tracking-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freachedge.1.9.1.zip",92,{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":11,"num_ratings":11,"last_updated":131,"tested_up_to":50,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":138,"download_link":139,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":62},"clixtell-tracking-dynamic-phones","Clixtell","2.4","clixtell","https:\u002F\u002Fprofiles.wordpress.org\u002Fclixtell\u002F","\u003Cp>\u003Cstrong>Clixtell Tracking & Dynamic Phones\u003C\u002Fstrong> helps businesses protect their advertising budget and improve conversion tracking by integrating Clixtell’s advanced click fraud detection and dynamic call tracking technology into WordPress.\u003C\u002Fp>\n\u003Cp>With this plugin you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detect and block fraudulent clicks\u003C\u002Fli>\n\u003Cli>Track phone calls accurately from paid traffic\u003C\u002Fli>\n\u003Cli>Enable Dynamic Phone Insertion (DNI)\u003C\u002Fli>\n\u003Cli>Integrate seamlessly with your existing Clixtell account\u003C\u002Fli>\n\u003Cli>Avoid complex code changes or manual script insertion\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>An active \u003Cstrong>Clixtell account\u003C\u002Fstrong> is required to use this plugin.\u003C\u002Fp>\n\u003Cp>Learn more at \u003Ca href=\"https:\u002F\u002Fwww.clixtell.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.clixtell.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy WordPress integration\u003C\u002Fli>\n\u003Cli>Dynamic Phone Insertion (optional toggle)\u003C\u002Fli>\n\u003Cli>Automatic script loading\u003C\u002Fli>\n\u003Cli>Clean and secure WordPress Settings API usage\u003C\u002Fli>\n\u003Cli>Lightweight and performance-friendly\u003C\u002Fli>\n\u003Cli>No theme modification required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Clixtell\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Check \u003Cstrong>Activate Dynamic Call Tracking\u003C\u002Fstrong> to enable Dynamic Phone Insertion\u003C\u002Fli>\n\u003Cli>Save changes\u003C\u002Fli>\n\u003Cli>Ensure your Clixtell account is properly configured\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Tracking scripts are automatically injected on the frontend once enabled.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Clixtell Tracking & Dynamic Phones does not store or process personal data locally.\u003Cbr \u002F>\nAll tracking, analytics, and data processing are handled by Clixtell services.\u003Cbr \u002F>\nPlease review Clixtell’s Privacy Policy at:\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.clixtell.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For documentation and support:\u003Cbr \u002F>\n* https:\u002F\u002Fsupport.clixtell.com\u003Cbr \u002F>\n* https:\u002F\u002Fwww.clixtell.com\u003C\u002Fp>\n","Clixtell Tracking & Dynamic Phones integrates Clixtell click fraud detection and dynamic phone number insertion into your WordPress site.",1000,8147,"2026-02-07T05:14:00.000Z","5.5","7.2",[21,135,136,137,24],"click-fraud","dynamic-phone","marketing-analytics","https:\u002F\u002Fwww.clixtell.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclixtell-tracking-dynamic-phones.zip",{"attackSurface":141,"codeSignals":161,"taintFlows":185,"riskAssessment":212,"analyzedAt":217},{"hooks":142,"ajaxHandlers":153,"restRoutes":154,"shortcodes":155,"cronEvents":160,"entryPointCount":14,"unprotectedCount":11},[143,149],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","responsetap_wp_register_settings","responsetappr.php",64,{"type":144,"name":150,"callback":151,"file":147,"line":152},"wp_footer","responsetap_wp_render_script",65,[],[],[156],{"tag":157,"callback":158,"file":147,"line":159},"responsetap_wp","responsetap_wp_shortcode",66,[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":11,"externalRequests":11,"nonceChecks":14,"capabilityChecks":14,"bundledLibraries":184},[],{"prepared":11,"raw":11,"locations":164},[],{"escaped":11,"rawEcho":166,"locations":167},8,[168,171,174,176,178,180,182,183],{"file":169,"line":60,"context":170},"templates\\script.php","raw output",{"file":172,"line":173,"context":170},"templates\\settings.php",7,{"file":172,"line":175,"context":170},11,{"file":172,"line":177,"context":170},14,{"file":172,"line":179,"context":170},16,{"file":172,"line":181,"context":170},17,{"file":172,"line":181,"context":170},{"file":172,"line":181,"context":170},[],[186,204],{"entryPoint":187,"graph":188,"unsanitizedCount":11,"severity":203},"responsetap_wp_settings (responsetappr.php:24)",{"nodes":189,"edges":200},[190,195],{"id":191,"type":192,"label":193,"file":147,"line":194},"n0","source","$_REQUEST['responsetap_wp_website_id']",36,{"id":196,"type":197,"label":198,"file":147,"line":194,"wp_function":199},"n1","sink","update_option() [Settings Manipulation]","update_option",[201],{"from":191,"to":196,"sanitized":202},true,"low",{"entryPoint":205,"graph":206,"unsanitizedCount":11,"severity":203},"\u003Cresponsetappr> (responsetappr.php:0)",{"nodes":207,"edges":210},[208,209],{"id":191,"type":192,"label":193,"file":147,"line":194},{"id":196,"type":197,"label":198,"file":147,"line":194,"wp_function":199},[211],{"from":191,"to":196,"sanitized":202},{"summary":213,"deductions":214},"The 'responsetappr' plugin v1.1.3 exhibits a generally good security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and the use of prepared statements for all SQL queries are significant strengths. The plugin also demonstrates a commitment to security by including nonce and capability checks, which are essential for protecting against common WordPress attacks.  The attack surface is minimal and appears to be protected by authentication, which is excellent.\n\nHowever, a notable concern arises from the output escaping. With 100% of outputs not being properly escaped, this presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities. Any dynamic content rendered by the plugin that is not explicitly sanitized and escaped before display can be leveraged by attackers to inject malicious scripts.  While the taint analysis did not reveal any unsanitized paths, this is likely because the analysis scope was limited, and the unescaped outputs create ample opportunity for such issues to manifest if user-supplied data is involved.\n\nIn conclusion, the plugin's foundation is solid with good security practices in place for its entry points and data handling. Nevertheless, the widespread lack of output escaping is a critical weakness that needs immediate attention. The absence of historical vulnerabilities is positive, but it should not lead to complacency, especially given the identified XSS risk.",[215],{"reason":216,"points":173},"0% of outputs properly escaped","2026-03-17T05:48:40.239Z",{"wat":219,"direct":225},{"assetPaths":220,"generatorPatterns":221,"scriptPaths":222,"versionParams":224},[],[],[223],"\u002Fwp-content\u002Fplugins\u002Fresponsetappr\u002Ftemplates\u002Fscript.php",[],{"cssClasses":226,"htmlComments":228,"htmlAttributes":229,"restEndpoints":230,"jsGlobals":231,"shortcodeOutput":232},[227],"rTapNumber",[],[],[],[],[233,234],"\u003Ca href=\"tel:","\u003C\u002Fspan>\u003C\u002Fa>"]