[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9HowwWNp4DznR3XNzkPI6d9JEc8T2UdYQVuPAbU2y_4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":137,"fingerprints":318},"scand-easy-ga-toolkit","Easy Google Analytics Toolkit","1.0.6","SCAND","https:\u002F\u002Fprofiles.wordpress.org\u002Fscandltd\u002F","\u003Cp>Easy Google Analytics Toolkit takes advantage of the latest and amazing features of Universal Analytics or Global Site Tag and makes it pretty easy to add a tracking code on your blog. It allows you to type in any css selector with the appropriate category and action values that will be placed into the ga function.\u003C\u002Fp>\n\u003Cp>This is definitely one of the easiest-to-use WordPress plugins to insert the analytic snippet on your websites built in WordPress and track events for any HTML elements on your page.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Custom selectors \u003C\u002Fstrong> – you can bind a Google Analytics send event to any selector you want. This feature requires administrator’s skills in CSS and JavaScript.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Force SSL\u003C\u002Fstrong> – Setting Force SSL to true will force HTTP pages to also send all beacons using HTTPS.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anonymize IP\u003C\u002Fstrong> – The IP address of the user will be anonymized.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User ID\u003C\u002Fstrong> – This is intended to be a known identifier for a user provided by the site owner\u002Ftracking library user.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event\u003C\u002Fstrong> – for Download, Email, Phone number, Outbound links, and Error 404.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File extension\u003C\u002Fstrong> – type your own filename extension that you would like to track.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Production or development mode\u003C\u002Fstrong> – for easy testing and tuning up a plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript code snippet\u003C\u002Fstrong> – type any JavaScript code in custom defined tracking event.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Use analytics.js or gtag.js library\u003C\u002Fstrong> – you can select whether to use Universal Analytics or switch to a newly released Global Site Tag.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>The Russian language translation is available.\u003C\u002Fp>\n","Easy Google Analytics Toolkit: analytics code integration on the WordPress website with setting up custom selectors to be checked",10,2334,0,"2024-10-18T06:55:00.000Z","6.6.5","3.9","",[19,20,21,22,23],"analytics","custom-events","global-site-tag","google-universal-analytics","gtag","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fscand-easy-ga-toolkit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscand-easy-ga-toolkit.1.0.6.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"scandltd",3,330,78,30,79,"2026-04-04T15:40:02.474Z",[39,64,84,104,122],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":13,"last_vuln_date":63,"fetched_at":28},"host-analyticsjs-local","CAOS | Host Google Analytics Locally","5.0.1","Daan van den Bergh","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaanvandenbergh\u002F","\u003Cp>\u003Cstrong>CAOS can be downloaded for free without any paid subscription from \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhost-analyticsjs-local\u002F\" rel=\"ugc\">the official WordPress repository\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>CAOS (Complete Analytics Optimization Suite) for Google Analytics allows you to \u003Cstrong>host gtag.js\u003C\u002Fstrong> locally and keep it updated using WordPress’ built-in Cron-schedule. Fully automatic!\u003C\u002Fp>\n\u003Cp>Not a big Google Analytics user and just curious about your pageviews? CAOS fully supports \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjahilldev\u002Fminimal-analytics\u002Ftree\u002Fmain\u002Fpackages\u002Fga4#readme\" rel=\"nofollow ugc\">Minimal Analytics 4\u003C\u002Fa>. An extremely lightweight alternative to Google Analytics’ default libraries (gtag.js). \u003Cem>Minimal Analytics also helps you get rid of that annoying \u003Cstrong>Unused JS\u003C\u002Fstrong> notice in Google PageSpeed Insights!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Whenever you run an analysis of your website on \u003Cem>Google Pagespeed Insights\u003C\u002Fem>, \u003Cem>Pingdom\u003C\u002Fem> or \u003Cem>GTMetrix\u003C\u002Fem>, it’ll tell you to \u003Cstrong>leverage browser cache\u003C\u002Fstrong> when you’re using Google Analytics. Because Google has set the cache expiry time to 2 hours. This plugin will get you a \u003Cstrong>higher score\u003C\u002Fstrong> on Pagespeed and Pingdom and make \u003Cstrong>your website load faster\u003C\u002Fstrong>, because the user’s browser doesn’t have to make a roundtrip to download the file from Google’s external server.\u003C\u002Fp>\n\u003Cp>Just install the plugin, enter your Mesurement ID and the plugin adds the necessary Tracking Code for Google Analytics 4 to the header (or footer) of your theme, downloads and saves the gtag.js-file to your website’s server and keeps it updated (automagically) using a scheduled script in wp_cron(). Or if you’d like to use the locally hosted file with another plugin, check \u003Cstrong>Compatibility Mode\u003C\u002Fstrong> under \u003Cem>Advanced Settings\u003C\u002Fem>, Either way, CAOS is a set and forget plugin.\u003C\u002Fp>\n\u003Cp>For more information: [How to setup CAOS](For more information: \u003Ca href=\"https:\u002F\u002Fdaan.dev\u002Fdocs\u002Fcaos\u002F?utm_source=wordpress&utm_medium=description&utm_campaign=caos\" rel=\"nofollow ugc\">How to setup CAOS\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Host gtag.js for Google Analytics 4 locally,\u003C\u002Fli>\n\u003Cli>Downloaded files are renamed to random strings to avoid ad blockers,\u003C\u002Fli>\n\u003Cli>Minimal Analytics 4 support,\u003C\u002Fli>\n\u003Cli>Compatibility Mode allows you to use the locally hosted file with all Google Analytics plugins, e.g.\n\u003Cul>\n\u003Cli>MonsterInsights (Pro),\u003C\u002Fli>\n\u003Cli>ExactMetrics\u003C\u002Fli>\n\u003Cli>Site Kit by Google,\u003C\u002Fli>\n\u003Cli>WooCommerce Google Analytics Integration,\u003C\u002Fli>\n\u003Cli>WooCommerce Google Analytics Pro,\u003C\u002Fli>\n\u003Cli>Analytify,\u003C\u002Fli>\n\u003Cli>And many more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with all Cookie Notice plugins, e.g.\n\u003Cul>\n\u003Cli>Complianz,\u003C\u002Fli>\n\u003Cli>CookieYes,\u003C\u002Fli>\n\u003Cli>WP Cookie Notice,\u003C\u002Fli>\n\u003Cli>Cookie Notice & Compliance,\u003C\u002Fli>\n\u003Cli>Cookie Notice & Consent Banner,\u003C\u002Fli>\n\u003Cli>And many more!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Preconnect to google-analytics.com to reduce latency and speed up requests,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Add tracking code\u003C\u002Fstrong> to header, \u003Cstrong>footer\u003C\u002Fstrong> or manually,\u003C\u002Fli>\n\u003Cli>Save gtag.js anywhere within the WordPress content (wp-content) directory to avoid detection by WordPress security plugins (such as WordFence) or removal by caching plugins (such as WP Super Cache),\u003C\u002Fli>\n\u003Cli>Serve gtag.js from your CDN,\u003C\u002Fli>\n\u003Cli>Set Cookie Expiry Period,\u003C\u002Fli>\n\u003Cli>Force disabling display features functionalities,\u003C\u002Fli>\n\u003Cli>Track logged in Administrators,\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features in CAOS Pro\u003C\u002Fh3>\n\u003Cp>Use Google Analytics in \u003Ca href=\"https:\u002F\u002Fdaan.dev\u002Fblog\u002Fwordpress\u002Fgdpr-compliance-google-analytics\u002F?utm_source=wordpress&utm_medium=description&utm_campaign=caos\" rel=\"nofollow ugc\">compliance with GDPR\u003C\u002Fa> with:\u003Cbr \u002F>\n– Randomize Client ID (which grants a fresh, untraceable UUID\u002FClientID to each visitor),\u003Cbr \u002F>\n– Stealth Mode (a unique, customized API, designed for WordPress, which anonymizes your visitor’s data before sending it to Google’s servers).\u003C\u002Fp>\n\u003Cp>Other features:\u003Cbr \u002F>\n– Cloaked Affiliate Link Tracking,\u003Cbr \u002F>\n– Cloudflare Compatibility Mode.\u003C\u002Fp>\n","The fastest, lightest way to integrate Google Analytics in WordPress.",10000,1886167,98,128,"2025-12-01T13:59:00.000Z","6.9.4","4.6","7.0",[19,56,57,23,58],"gdpr","google","minimal","https:\u002F\u002Fdaan.dev\u002Fwordpress\u002Fcaos\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-analyticsjs-local.5.0.1.zip",99,2,"2023-12-12 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":32,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":17,"tags":78,"homepage":82,"download_link":83,"security_score":74,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-global-site-tag","WP Global Site Tag","1.0.7","digitalapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalapps\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdigitalapps.com\u002Fwordpress-plugins\u002Fwp-global-site-tag\u002F\" title=\"WP Global Site Tag\" rel=\"nofollow ugc\">Global Site Tag\u003C\u002Fa> (gtag.js) is a new Google Analytics replacement. WP Global Site Tag provides a framework for streamlined web page tagging – giving you better control while making implementation easier. Using gtag.js lets you benefit from the latest tracking features and integrations as they become available. This is the WordPress version.\u003C\u002Fp>\n\u003Cp>To use gtag.js to track your site, install the plugin and activate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simple to install and use even your clients can do it\u003C\u002Fli>\n\u003Cli>Configure multiple Google Analytics properties\u003C\u002Fli>\n\u003Cli>Minified version of the code is injected for faster loading times\u003C\u002Fli>\n\u003Cli>Built using WordPress best practices and standards\u003C\u002Fli>\n\u003Cli>Great for marketing agencies and individuals\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Supercharge Your GTM Setup with gtag\u003C\u002Fh3>\n\u003Cp>Wondering if you can make the most of gtag and set up Google Tag Manager (GTM) simultaneously? Heck yeah, you can!\u003C\u002Fp>\n\u003Cp>Setting up GTM with gtag is a breeze. Just swap out that initial GA_TRACKING_ID with your GTM container ID, and you’re good to go. You can still keep the universal analytics tag running smoothly within GTM, all while having gtag in the mix.\u003C\u002Fp>\n\u003Ch3>How to use Global Site Tag\u003C\u002Fh3>\n\u003Cp>To use gtag.js to track your site, install the plugin. Replace GA_TRACKING_ID with the tracking ID of the Google Analytics property you want to send data to.\u003C\u002Fp>\n\u003Ch3>Why use Global Site Tag\u003C\u002Fh3>\n\u003Cp>Global Site Tag streamlines tracking across all Google products, including their measurement, conversion tracking, and remarketing products. Global Site Tag is the new replacement for old Google Analytics script.\u003C\u002Fp>\n\u003Ch3>Difference between Universal Analytics & Global Site Tag\u003C\u002Fh3>\n\u003Cp>There are few differences you need to know before thinking of migrating to Global Site Tag.\u003C\u002Fp>\n\u003Cp>Install:\u003Cbr \u002F>\nUniversal Analytics(analytics.js) is only used for installing Google Analytics, and global tag can be used to install multiple tools like, GA and GTM.\u003C\u002Fp>\n\u003Cp>Tracking:\u003Cbr \u002F>\nUniversal Analytics uses trackers(ga(‘create’, ‘G-XXXXX-Y’, ‘auto’);) to send pageviews to Google Analytics while gtag send pageviews to GA property identified by the GA_Tracking_ID(gtag(‘config’,’GA_Tracking_ID’)).\u003C\u002Fp>\n\u003Cp>Use:\u003Cbr \u002F>\nGlobal Site Tag can be used for conversion tracking and remarketing while universal analytics can’t.\u003C\u002Fp>\n","Global Site Tag (gtag.js) is a new Google Analytics replacement – giving you better control while making implementation easier. Using gtag.",8000,71835,100,"2025-05-02T02:23:00.000Z","6.8.5","3.0.1",[21,79,80,81],"google-analytics","google-tag-manager","gtm","https:\u002F\u002Fdigitalapps.com\u002Fwp-global-site-tag\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-global-site-tag.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":101,"download_link":102,"security_score":103,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"dd-gtag-event-tracking","Analytics Event Tracking for GTAG","1.3","thehowarde","https:\u002F\u002Fprofiles.wordpress.org\u002Fthehowarde\u002F","\u003Cp>This plugin makes it easy to add Google Analytics Events \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fanalytics\u002Fdevguides\u002Fcollection\u002Fgtagjs\u002Fevents\" rel=\"nofollow ugc\">GTAG Events\u003C\u002Fa> for inbound or outbound links from your website.  Especially useful for click tracking or analyzing landing page interactions.\u003C\u002Fp>\n\u003Cp>You can also choose via the settings page to use the analytics.js or Universal Analytics event tracking code.\u003C\u002Fp>\n\u003Cp>This plugin will add a simple to use WP Editor Button for entry of link, link text, and the Analytics event information.\u003C\u002Fp>\n\u003Cp>Within the WP Editor, the track-able links will be colored red instead of blue.\u003C\u002Fp>\n\u003Cp>Also adds a lightweight frontend Javascript file to enable the tracking.\u003C\u002Fp>\n\u003Ch3>1.2\u003C\u002Fh3>\n\u003Cp>Fix error using universal.\u003C\u002Fp>\n\u003Ch3>1.1\u003C\u002Fh3>\n\u003Cp>Add options page to include universal analytics events\u003C\u002Fp>\n\u003Ch3>1.0\u003C\u002Fh3>\n\u003Cp>Initial Build\u003C\u002Fp>\n","Adds a button to the WP Editor for easy insertion of links that can be tracked as Events in Google Analytics using the gtag.",20,1580,"2020-07-01T18:06:00.000Z","5.4.19","4.5","5.6",[99,100,79,23],"analytics-events","events","https:\u002F\u002Fwww.duckdiverllc.com\u002Fgtag-event-tracking","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdd-gtag-event-tracking.1.3.zip",85,{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":92,"downloaded":112,"rating":13,"num_ratings":13,"last_updated":113,"tested_up_to":95,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":120,"download_link":121,"security_score":103,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"web-vitals","Web Vitals","0.1.2","saltagency","https:\u002F\u002Fprofiles.wordpress.org\u002Fsaltagency\u002F","\u003Cp>Send \u003Ca href=\"https:\u002F\u002Fweb.dev\u002Fvitals\u002F\" rel=\"nofollow ugc\">Web Vitals\u003C\u002Fa> to Google Analytics.\u003C\u002Fp>\n\u003Cp>This plugin does not embed or include GA\u002FGTAG\u002FGTM on to your site, it uses existing integration to submit Google Analytics events collected through javascript Web Vitals script.\u003C\u002Fp>\n\u003Cp>Integrates with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>GA  (analytics.js)\u003C\u002Fli>\n\u003Cli>GTAG\u003C\u002Fli>\n\u003Cli>Google Tag Manager\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default method to send web vitals is picked automatically, if you do not recieve events in Analytics, select your analytics integration from the plugin options.\u003C\u002Fp>\n\u003Cp>Web Vitals script can be either loaded from CDN or locally.\u003C\u002Fp>\n","Send Web Vitals to Google Analytics.",1535,"2020-06-19T10:46:00.000Z","5.1","7.2",[19,117,23,118,119],"ga","performance","tagmanager","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsa-webvitals","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweb-vitals.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":11,"downloaded":130,"rating":13,"num_ratings":13,"last_updated":131,"tested_up_to":15,"requires_at_least":53,"requires_php":97,"tags":132,"homepage":135,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"ach-tag-manager","ACh Tag Manager","1.0.1","ACh","https:\u002F\u002Fprofiles.wordpress.org\u002Fach1992\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fach.li\" rel=\"nofollow ugc\">Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fach-tag-manager\u002F#installation\" rel=\"ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fach-tag-manager\u002Freviews\u002F#new-post\" rel=\"ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>ACh Google Tag Manager\u003C\u002Fstrong> is a free tool for everyone to manage Global Site Tag (GA4 Measurement ID), Google Tag Manager, and Google Analytics. You can set up \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fanalytics\u002Fanswer\u002F10089681\" rel=\"nofollow ugc\">Google Analytics 4 property\u003C\u002Fa> (GA4) with this plugin.\u003C\u002Fp>\n\u003Ch3>ACh Google Tag Manager Features You’ll Absolutely love\u003C\u002Fh3>\n\u003Ch4>You can set up Google Analytics 4 property (GA4) with this plugin.\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>The easy way to set GA4 Measurement ID.\u003C\u002Fp>\n\u003Cp>The easy way to set Global Site Tag.\u003C\u002Fp>\n\u003Cp>The easy way to set Google Tag Manager.\u003C\u002Fp>\n\u003Cp>The easy way to set Google Analytics.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>If you want to contribute to the translation, \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fach-tag-manager\" rel=\"nofollow ugc\">please visit our translation section\u003C\u002Fa>. We appreciate all the translation help we can get.\u003C\u002Fp>\n","Manage GA4 Measurement ID, Google Tag Manager, and Google Analytics. You can set up Google Analytics 4 property (GA4).",1497,"2024-08-09T05:57:00.000Z",[133,21,79,80,134],"ga4","measurement-id","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fach-tag-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fach-tag-manager.zip",{"attackSurface":138,"codeSignals":173,"taintFlows":252,"riskAssessment":306,"analyzedAt":317},{"hooks":139,"ajaxHandlers":162,"restRoutes":169,"shortcodes":170,"cronEvents":171,"entryPointCount":172,"unprotectedCount":13},[140,146,150,153,158],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","plugins_loaded","load_textdomain","scand-easy-ga-toolkit.php",43,{"type":141,"name":147,"callback":148,"file":144,"line":149},"admin_enqueue_scripts","enqueue_styles",44,{"type":141,"name":147,"callback":151,"file":144,"line":152},"enqueue_scripts",45,{"type":141,"name":154,"callback":155,"priority":156,"file":144,"line":157},"admin_menu","set_admin_menu",4,46,{"type":141,"name":159,"callback":160,"priority":32,"file":144,"line":161},"wp_footer","print_ga_script",50,[163],{"action":164,"nopriv":165,"callback":166,"hasNonce":167,"hasCapCheck":165,"file":144,"line":168},"easy_ga_load_preview",false,"load_preview",true,47,[],[],[],1,{"dangerousFunctions":174,"sqlUsage":175,"outputEscaping":177,"fileOperations":13,"externalRequests":13,"nonceChecks":62,"capabilityChecks":13,"bundledLibraries":251},[],{"prepared":13,"raw":13,"locations":176},[],{"escaped":178,"rawEcho":179,"locations":180},6,36,[181,184,186,189,191,193,195,197,200,202,204,206,208,210,212,214,215,217,218,220,222,224,226,228,230,232,234,235,237,239,241,242,244,246,248,249],{"file":182,"line":74,"context":183},"includes\\class-scand-easy-ga-toolkit-admin.php","raw output",{"file":182,"line":185,"context":183},120,{"file":187,"line":188,"context":183},"includes\\views\\main.php",8,{"file":187,"line":190,"context":183},54,{"file":187,"line":192,"context":183},101,{"file":187,"line":194,"context":183},221,{"file":187,"line":196,"context":183},242,{"file":198,"line":199,"context":183},"includes\\views\\_custom_event_area.php",11,{"file":198,"line":201,"context":183},13,{"file":198,"line":203,"context":183},14,{"file":198,"line":205,"context":183},19,{"file":198,"line":207,"context":183},21,{"file":198,"line":209,"context":183},22,{"file":198,"line":211,"context":183},27,{"file":198,"line":213,"context":183},48,{"file":198,"line":161,"context":183},{"file":198,"line":216,"context":183},52,{"file":198,"line":216,"context":183},{"file":198,"line":219,"context":183},63,{"file":198,"line":221,"context":183},65,{"file":198,"line":223,"context":183},67,{"file":198,"line":225,"context":183},72,{"file":198,"line":227,"context":183},73,{"file":198,"line":229,"context":183},75,{"file":198,"line":231,"context":183},81,{"file":198,"line":233,"context":183},91,{"file":198,"line":26,"context":183},{"file":198,"line":236,"context":183},97,{"file":198,"line":238,"context":183},114,{"file":198,"line":240,"context":183},115,{"file":198,"line":185,"context":183},{"file":198,"line":243,"context":183},138,{"file":198,"line":245,"context":183},139,{"file":247,"line":172,"context":183},"includes\\views\\_custom_event_preview.php",{"file":247,"line":201,"context":183},{"file":144,"line":250,"context":183},182,[],[253,284,297],{"entryPoint":254,"graph":255,"unsanitizedCount":172,"severity":283},"showForm (includes\\class-scand-easy-ga-toolkit-admin.php:54)",{"nodes":256,"edges":279},[257,262,267,270,274],{"id":258,"type":259,"label":260,"file":182,"line":261},"n0","source","$_POST",62,{"id":263,"type":264,"label":265,"file":182,"line":74,"wp_function":266},"n1","sink","echo() [XSS]","echo",{"id":268,"type":259,"label":260,"file":182,"line":269},"n2",108,{"id":271,"type":272,"label":273,"file":182,"line":269},"n3","transform","→ updateOption()",{"id":275,"type":264,"label":276,"file":182,"line":277,"wp_function":278},"n4","update_option() [Settings Manipulation]",255,"update_option",[280,281,282],{"from":258,"to":263,"sanitized":167},{"from":268,"to":271,"sanitized":165},{"from":271,"to":275,"sanitized":165},"low",{"entryPoint":285,"graph":286,"unsanitizedCount":172,"severity":283},"\u003Cclass-scand-easy-ga-toolkit-admin> (includes\\class-scand-easy-ga-toolkit-admin.php:0)",{"nodes":287,"edges":293},[288,289,290,291,292],{"id":258,"type":259,"label":260,"file":182,"line":261},{"id":263,"type":264,"label":265,"file":182,"line":74,"wp_function":266},{"id":268,"type":259,"label":260,"file":182,"line":269},{"id":271,"type":272,"label":273,"file":182,"line":269},{"id":275,"type":264,"label":276,"file":182,"line":277,"wp_function":278},[294,295,296],{"from":258,"to":263,"sanitized":167},{"from":268,"to":271,"sanitized":165},{"from":271,"to":275,"sanitized":165},{"entryPoint":298,"graph":299,"unsanitizedCount":172,"severity":283},"\u003Cmain> (includes\\views\\main.php:0)",{"nodes":300,"edges":304},[301,303],{"id":258,"type":259,"label":302,"file":187,"line":190},"$_SERVER['REQUEST_METHOD']",{"id":263,"type":264,"label":265,"file":187,"line":190,"wp_function":266},[305],{"from":258,"to":263,"sanitized":165},{"summary":307,"deductions":308},"The \"scand-easy-ga-toolkit\" v1.0.6 plugin exhibits a generally positive security posture, with no known past vulnerabilities or critical issues identified in the static analysis. The absence of raw SQL queries and external HTTP requests are strong indicators of good development practices. The plugin also demonstrates a commitment to security by including nonce checks, which are crucial for preventing cross-site request forgery attacks, especially for its single AJAX handler.\n\nHowever, there are some areas for improvement. The most significant concern is the low percentage of properly escaped output. With 42 total outputs and only 14% properly escaped, there is a high risk of cross-site scripting (XSS) vulnerabilities. The taint analysis, while not flagging critical or high severity issues, did reveal three flows with unsanitized paths, which could potentially be exploited if combined with other weaknesses. Furthermore, the plugin lacks capability checks on its entry points, meaning that users with lower privileges might be able to trigger certain functionalities, which could be problematic depending on what the AJAX handler performs.\n\nIn conclusion, while the plugin avoids many common pitfalls like unpatched CVEs and raw SQL, the significant lack of output escaping presents a substantial risk. The absence of capability checks on the AJAX handler is another area of concern. Addressing the output escaping issues and implementing capability checks would significantly enhance the plugin's security.",[309,312,314],{"reason":310,"points":311},"Low percentage of properly escaped output",15,{"reason":313,"points":188},"Unsanitized paths in taint flows",{"reason":315,"points":316},"Missing capability checks on entry points",7,"2026-03-16T23:53:52.282Z",{"wat":319,"direct":328},{"assetPaths":320,"generatorPatterns":323,"scriptPaths":324,"versionParams":325},[321,322],"\u002Fwp-content\u002Fplugins\u002Fscand-easy-ga-toolkit\u002Fincludes\u002Fcss\u002Fscand-easy-ga-toolkit-admin.css","\u002Fwp-content\u002Fplugins\u002Fscand-easy-ga-toolkit\u002Fincludes\u002Fjs\u002Fscand-easy-ga-toolkit-admin.js",[],[],[326,327],"scand-easy-ga-toolkit\u002Fincludes\u002Fcss\u002Fscand-easy-ga-toolkit-admin.css?ver=","scand-easy-ga-toolkit\u002Fincludes\u002Fjs\u002Fscand-easy-ga-toolkit-admin.js?ver=",{"cssClasses":329,"htmlComments":330,"htmlAttributes":331,"restEndpoints":332,"jsGlobals":333,"shortcodeOutput":335},[],[],[],[],[334],"scand_js_obj",[]]