[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcGujql69H2YCUvjsCNsDtyOirikDkFSJKBYauCGXw7c":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":129,"fingerprints":282},"track-site-traffic","Tracking Inbound & Outbond traffic","1.0","dkchauhan","https:\u002F\u002Fprofiles.wordpress.org\u002Fdkchauhan\u002F","\u003Cp>We can use this plugin for Tracking Inbound and outbound traffic! by page or post.\u003Cbr \u002F>\nThrough this we can enable any page or post for track.its give you a panel for track all pages trafic.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n","We can use this plugin for Tracking Inbound and outbound traffic! by page or post.",20,2936,100,1,"2013-11-12T06:26:00.000Z","3.6.1","3.4","",[20,21,4,22],"incoming-traffic","referal-link","traffic-count","http:\u002F\u002Funifiedsoftwareservices.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrack-site-traffic.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},2,40,30,84,"2026-04-04T19:41:41.411Z",[37,59,76,95,111],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":18,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":57,"download_link":58,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"mechanic-visitor-counter","Mechanic Visitor Counter","3.3.3","Aditya Subawa","https:\u002F\u002Fprofiles.wordpress.org\u002Fadityasubawa\u002F","Mechanic Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include &hellip;",8000,222754,72,15,"2021-01-02T07:20:00.000Z","5.5.18","4.5.3",[52,53,54,55,56],"blog-stats","traffic-counter","traffic-statistics","visitor-counter","visitor-traffic","https:\u002F\u002Fwww.adityasubawa.com\u002Fmechanic-visitor-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmechanic-visitor-counter.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":34,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":18,"tags":73,"homepage":74,"download_link":75,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"xt-visitor-counter","XT Visitor Counter","1.4.3","xtrsyz","https:\u002F\u002Fprofiles.wordpress.org\u002Fxtrsyz\u002F","\u003Cp>XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress.Some of the features offered include Today Visitor, Today Hits, Total Hits, Total Visit, Who’s Online and IP Address Visitors.\u003C\u002Fp>\n\u003Cp>Upload and Install XT Visitor Counter Plugins, Activate and Drag the Widgets in to your WordPress Sidebar. And this plugins will useless for a thousands of websites. If you were here, download and install it, you’ll like it.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Refer Installation and FAQ section for all required information\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Most simple plugin available so far\u003C\u002Fli>\n\u003Cli>Do not remove developer plugins link\u003C\u002Fli>\n\u003C\u002Fol>\n","XT Visitor Counter is a widgets which will display the Visitor counter and traffic statistics on WordPress. Some of the features offered include Today &hellip;",7000,106479,5,"2023-01-31T15:01:00.000Z","6.1.10","3.0.1",[52,53,54,55,56],"http:\u002F\u002Fxtrsyz.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxt-visitor-counter.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":26,"num_ratings":26,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":93,"download_link":94,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"traffic-counter-widget","Plugin Name: Traffic Counter Widget Plugin","2.1.2","aviaxis","https:\u002F\u002Fprofiles.wordpress.org\u002Faviaxis\u002F","\u003Cp>TCW shows the number of visitors \u002F hits \u002F unique IPs in the past 24 hours, 7 days and 30 days. It also shows the number of users currently online.\u003C\u002Fp>\n\u003Cp>It provides a robots filter, but the automatic traffic could also be considered.\u003C\u002Fp>\n\u003Cp>Traffic Counter Widget offers language support and automatic log deletion.\u003C\u002Fp>\n\u003Cp>For help or reporting bugs please refer to: http:\u002F\u002Fwww.pixme.org\u002Ftehnologie-internet\u002Fwordpress-traffic-counter-widget\u002F4228\u003C\u002Fp>\n\u003Ch3>Other\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>You may use the code any way you wish, with respect to the WordPress general licensing rules. However I do not guaratee anythig, of course 🙂 \u003C\u002Fli>\n\u003Cli>Please do not remove the link to the plugin’s page unless you donate. Help me keep it free.\u003C\u002Fli>\n\u003Cli>If you enjoy it, and find it useful please donete 2 Euro here: http:\u002F\u002Fwww.pixme.org\u002Fwp-content\u002Fuploads\u002Fwidget-traffic-counter\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","TCW lets your users know how much traffic you have on your blog. It counts pages visited, hits and unique IPs on your blog and shows it in a widget.",700,75359,"2017-11-28T21:17:00.000Z","3.2.1","2.8.0",[53,90,91,92],"traffic-widget","user-traffic","visitors-counter","http:\u002F\u002Fwww.pixme.org\u002Fwp-content\u002Fuploads\u002Fwidget-traffic-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftraffic-counter-widget.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":84,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":88,"requires_php":18,"tags":108,"homepage":18,"download_link":110,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"traffic-stats-widget","Plugin Name: Traffic Stats Widget Plugin","1.0.2","helenthomaswp","https:\u002F\u002Fprofiles.wordpress.org\u002Fhelenthomaswp\u002F","\u003Cp>TSW shows the number of visitors \u002F hits \u002F unique IPs in the past 24 hours, 7 days and 30 days. It also shows the number of users currently online.\u003C\u002Fp>\n\u003Cp>It provides a robots filter, but the automatic traffic could also be considered.\u003C\u002Fp>\n\u003Cp>Traffic Stats Widget offers language support and automatic log deletion.\u003C\u002Fp>\n","TSW lets your users know how much traffic you have on your blog. It counts pages visited, hits and unique IPs on your blog and shows it in a widget.",50303,88,7,"2017-11-28T20:05:00.000Z","4.0.38",[109,53,90,91,92],"hit-counter","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftraffic-stats-widget.1.0.2.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":13,"downloaded":119,"rating":26,"num_ratings":26,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"mc-visitor-tally","MC Visitor Tally","2.8.3","Mike Hickcox","https:\u002F\u002Fprofiles.wordpress.org\u002Fmike-hickcox\u002F","\u003Cp>Easy-to-use visitor counter designed for the website admin. With a clean look appropriate for a professional website. Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unique site visitor counts in these time frames: Today, Yesterday, Past 7 Days, Current Month, Current Year.\u003C\u002Fli>\n\u003Cli>Counts are shown in an admin dashboard widget which appears when the plugin is activated.\u003C\u002Fli>\n\u003Cli>The admin dashboard widget has an optional table of monthly totals for comparisons.\u003C\u002Fli>\n\u003Cli>The dashboard widget tells when the plugin was installed so you know when the counts on your website began.\u003C\u002Fli>\n\u003Cli>Use the front-end WIDGET (MC Visitor Tally) to place the tallies on website pages, sidebars, and\u002For footer.\u003C\u002Fli>\n\u003Cli>Use the SHORTCODE [mcvt-visitor-tally] to place the tallies in sidebars, pages, and other locations on the website.\u003C\u002Fli>\n\u003Cli>Use any of several styles of visitor tables on your website with the shortcode and widget.\u003C\u002Fli>\n\u003Cli>The year-to-date count on the shortcode and widget can be turned off if you don’t want to show the YTD numbers at this time.\u003C\u002Fli>\n\u003Cli>Visitor data more than one year old are automatically deleted from the plugin’s database table, removing unneeded records.\u003C\u002Fli>\n\u003Cli>Counts are real people, as most bots and crawlers will not be counted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Settings and Use\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>SETTINGS LINK: Find “MC Visitor Tally” under “Settings” in the left menu. Also found under the plugin name in the list of installed plugins.\u003C\u002Fli>\n\u003Cli>MONTHLY COMPARISONS: Decide if you want month-to-month totals shown in the admin dashboard widget for comparisons. Also shows the total for the past 12 months.\u003C\u002Fli>\n\u003Cli>ONLINE TABLE STYLES: Choose a style for online tables. Experiment with this – themes and page builders display these tables very differently.\u003C\u002Fli>\n\u003Cli>YEAR-TO-DATE TOTALS: On the settings page, you can turn off the year-to-date counts on your website pages.\u003C\u002Fli>\n\u003Cli>WIDGET: Use the widget (MC Visitor Tally) to add the counter to sidebars or other widget-enabled areas of the website.\u003C\u002Fli>\n\u003Cli>SHORTCODE: Use the shortcode [mcvt-visitor-tally] to add the counter to any page, sidebar, or the footer.\u003C\u002Fli>\n\u003Cli>ON PLUGIN REMOVAL: On the settings page, you can decide not to delete the database table when removing the plugin – if you intend to re-install it later.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays unique daily visits. Web page tables. Dashboard widget with monthly comparisons.",4869,"2025-11-25T21:41:00.000Z","6.6.5","4.7","7.0",[109,53,125,55,126],"traffic-stats","visitor-stats","https:\u002F\u002Fmid-coast.com\u002Fmc-visitor-tally","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmc-visitor-tally.2.8.3.zip",{"attackSurface":130,"codeSignals":163,"taintFlows":223,"riskAssessment":270,"analyzedAt":281},{"hooks":131,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":26,"unprotectedCount":26},[132,138,142,145,149,153],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","admin_init","lt_admin_init","tracker.php",466,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_menu","lt_add_admin_panels",467,{"type":133,"name":134,"callback":143,"priority":14,"file":136,"line":144},"track_add_custom_box",469,{"type":133,"name":146,"callback":147,"file":136,"line":148},"save_post","track_save_post",470,{"type":133,"name":150,"callback":151,"file":136,"line":152},"wp_footer","store_timer_data",473,{"type":133,"name":154,"callback":155,"file":136,"line":156},"lt_clear_max","lt_clear_max_run",476,[],[],[],[161],{"hook":154,"callback":154,"file":136,"line":162},44,{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":185,"fileOperations":26,"externalRequests":26,"nonceChecks":166,"capabilityChecks":31,"bundledLibraries":222},[],{"prepared":166,"raw":167,"locations":168},3,6,[169,172,174,177,180,183],{"file":136,"line":170,"context":171},17,"$wpdb->get_var() with variable interpolation",{"file":136,"line":173,"context":171},54,{"file":136,"line":175,"context":176},55,"$wpdb->query() with variable interpolation",{"file":136,"line":178,"context":179},136,"$wpdb->get_results() with variable interpolation",{"file":136,"line":181,"context":182},139,"$wpdb->get_row() with variable interpolation",{"file":136,"line":184,"context":182},283,{"escaped":26,"rawEcho":170,"locations":186},[187,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220],{"file":136,"line":188,"context":189},144,"raw output",{"file":136,"line":191,"context":189},172,{"file":136,"line":193,"context":189},173,{"file":136,"line":195,"context":189},174,{"file":136,"line":197,"context":189},175,{"file":136,"line":199,"context":189},177,{"file":136,"line":201,"context":189},178,{"file":136,"line":203,"context":189},179,{"file":136,"line":205,"context":189},180,{"file":136,"line":207,"context":189},181,{"file":136,"line":209,"context":189},192,{"file":136,"line":211,"context":189},200,{"file":136,"line":213,"context":189},231,{"file":136,"line":215,"context":189},238,{"file":136,"line":217,"context":189},242,{"file":136,"line":219,"context":189},424,{"file":136,"line":221,"context":189},429,[],[224,242,257],{"entryPoint":225,"graph":226,"unsanitizedCount":14,"severity":241},"trackpage_custom_box (tracker.php:413)",{"nodes":227,"edges":238},[228,233],{"id":229,"type":230,"label":231,"file":136,"line":232},"n0","source","$_GET",421,{"id":234,"type":235,"label":236,"file":136,"line":221,"wp_function":237},"n1","sink","echo() [XSS]","echo",[239],{"from":229,"to":234,"sanitized":240},false,"medium",{"entryPoint":243,"graph":244,"unsanitizedCount":26,"severity":256},"lt_settings_panel (tracker.php:210)",{"nodes":245,"edges":253},[246,249],{"id":229,"type":230,"label":247,"file":136,"line":248},"$_POST",218,{"id":234,"type":235,"label":250,"file":136,"line":251,"wp_function":252},"update_option() [Settings Manipulation]",219,"update_option",[254],{"from":229,"to":234,"sanitized":255},true,"low",{"entryPoint":258,"graph":259,"unsanitizedCount":26,"severity":256},"\u003Ctracker> (tracker.php:0)",{"nodes":260,"edges":267},[261,262,263,265],{"id":229,"type":230,"label":247,"file":136,"line":248},{"id":234,"type":235,"label":250,"file":136,"line":251,"wp_function":252},{"id":264,"type":230,"label":231,"file":136,"line":232},"n2",{"id":266,"type":235,"label":236,"file":136,"line":221,"wp_function":237},"n3",[268,269],{"from":229,"to":234,"sanitized":255},{"from":264,"to":266,"sanitized":255},{"summary":271,"deductions":272},"The 'track-site-traffic' plugin v1.0 presents a mixed security posture. On the positive side, it boasts a very small attack surface with no identified AJAX handlers, REST API routes, or shortcodes exposed without authentication.  The plugin also demonstrates awareness of security practices by including nonce checks and capability checks, and it has no known historical vulnerabilities, which is a strong indicator of careful development or a lack of past discovery.  However, several significant concerns arise from the static analysis. A notable issue is the complete lack of output escaping, meaning any data processed or displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks. Furthermore, a concerning percentage of SQL queries are not using prepared statements, increasing the risk of SQL injection vulnerabilities. The presence of one unsanitized path in the taint analysis, even without a critical or high severity rating, warrants further investigation as it represents a potential entry point for malicious input.",[273,275,278],{"reason":274,"points":47},"0% output escaping",{"reason":276,"points":277},"67% SQL queries not using prepared statements",10,{"reason":279,"points":280},"Flows with unsanitized paths found",8,"2026-03-16T23:09:15.276Z",{"wat":283,"direct":288},{"assetPaths":284,"generatorPatterns":285,"scriptPaths":286,"versionParams":287},[],[],[],[],{"cssClasses":289,"htmlComments":293,"htmlAttributes":294,"restEndpoints":297,"jsGlobals":298,"shortcodeOutput":299},[290,291,292],"wrap","form-table","tablesorter",[],[295,296],"id=\"divTrackerContent\"","class=\"tablesorter\"",[],[],[]]