[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZ1x9_SeKG4khe2e4pFMqbHMFzR-fwHif7gonO_LAKzw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":51,"analysis":152,"fingerprints":268},"traffic-monitor","Traffic Monitor","3.2.7","Dmitri Martin","https:\u002F\u002Fprofiles.wordpress.org\u002Fdmitriamartin\u002F","\u003Cp>Traffic Monitor gives you full visibility into how people and bots are hitting your site.\u003C\u002Fp>\n\u003Cp>Unlike bloated analytics and security plugins, Traffic Monitor focuses on logging raw request data that you control. You’ll know which pages are cached, which bots are visiting, where users are coming from, and how many requests are tied to each IP\u002Fbrowser combination.\u003C\u002Fp>\n\u003Cp>Perfect for developers, marketers, and site owners who want fast insights—without handing over their traffic data.\u003C\u002Fp>\n\u003Ch3>What Makes It Different\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ Logs requests for both \u003Cstrong>cached and non-cached pages\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>✅ Lets you \u003Cstrong>export raw traffic logs\u003C\u002Fstrong> as raw CSV for your own analysis\u003C\u002Fli>\n\u003Cli>✅ Identifies \u003Cstrong>repeat ad clicks\u003C\u002Fstrong> for spotting potential click fraud\u003C\u002Fli>\n\u003Cli>✅ Reveals \u003Cstrong>which bots are hitting your site\u003C\u002Fstrong>, so you can block them elsewhere (example: Cloudflare)\u003C\u002Fli>\n\u003Cli>✅ Tracks \u003Cstrong>IP address, fingerprint, device type, cache status, response code\u003C\u002Fstrong>, and more\u003C\u002Fli>\n\u003Cli>✅ Displays \u003Cstrong>referrer URLs and query strings\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>✅ Records the \u003Cstrong>original source\u003C\u002Fstrong> of requests by the same visitor as they surf your website\u003C\u002Fli>\n\u003Cli>✅ Doesn’t auto-block or inject junk—\u003Cstrong>just clean, useful data\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>✅ Works great with \u003Cstrong>Cloudflare, caching plugins, and reverse proxies\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Logs every page request\u003C\u002Fstrong>, including IP address, referrer, user-agent, browser, device, method, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detects cached traffic\u003C\u002Fstrong> even if served by Cloudflare, your web host, or a plugin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Identifies bot traffic\u003C\u002Fstrong> by bot name and category.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>View click IDs\u003C\u002Fstrong> like gclid and fbclid from ad platforms like Google and Meta.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Records repeat ad clicks\u003C\u002Fstrong> to detect potential click fraud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk delete or export logs\u003C\u002Fstrong> with one click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search, sort, and drill into data\u003C\u002Fstrong> from your dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Built-in help tabs\u003C\u002Fstrong> with definitions, setup help, and troubleshooting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Debug integrations instantly\u003C\u002Fstrong>: Know exactly what URLs are being hit, by which devices, and with what parameters. No guesswork.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spot caching gaps\u003C\u002Fstrong>: See which pages are served from cache and which aren’t, even with Cloudflare or plugin-level caching.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Understand real-world traffic\u003C\u002Fstrong>: Track entry pages, referrers, devices, and browsers—whether human or bot.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Catch click fraud signals\u003C\u002Fstrong>: Identify repeat ad clicks tied to the same IP\u002Fuser agent fingerprint or session, even if served from cache.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Audit referrers\u003C\u002Fstrong>: View exactly which websites or campaigns are driving traffic (including query strings).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Filter out noise\u003C\u002Fstrong>: Use bot labels and device types to focus only on human traffic when analyzing patterns.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lightweight traffic logger for WordPress analytics. View, filter, and export page request data; monitor caching; detect bots; and spot click fraud.",1000,5056,100,3,"2025-10-21T17:44:00.000Z","6.8.5","6.2","7.4",[20,21,22,23,24],"analytics","bot","fraud","logging","traffic","https:\u002F\u002Fgithub.com\u002Fdmitrimartin817\u002Ftraffic-monitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftraffic-monitor.3.2.7.zip",99,1,0,"2025-06-12 14:33:50","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":28},"CVE-2025-5815","traffic-monitor-missing-authorization-to-unauthenticated-settings-update","Traffic Monitor \u003C= 3.2.2 - Missing Authorization to Unauthenticated Settings Update","The Traffic Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tfcm_maybe_set_bot_flags() function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to disabled bot logging.",null,"\u003C=3.2.2","3.2.3","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-06-13 03:41:46",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F538669c7-3237-4059-85dc-4f4af1ff5a19?source=api-prod",{"slug":49,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":28,"trust_score":27,"computed_at":50},"dmitriamartin","2026-04-04T18:45:32.116Z",[52,70,88,105,128],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":13,"downloaded":60,"rating":29,"num_ratings":29,"last_updated":61,"tested_up_to":16,"requires_at_least":62,"requires_php":18,"tags":63,"homepage":68,"download_link":69,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"profound-agent-analytics","Profound Agent Analytics","1.0.3","Profound","https:\u002F\u002Fprofiles.wordpress.org\u002Fenarm4\u002F","\u003Cp>Profound Agent Analytics is a powerful WordPress plugin that integrates with Profound’s edge log analysis service to identify, classify, and provide reporting on bot and human traffic to your website. The plugin works by efficiently collecting and sending request data from public pages to Profound’s analytics platform. Read more \u003Ca href=\"https:\u002F\u002Fdocs.tryprofound.com\u002Fagent-analytics\u002Fwordpress\u002Fintroduction\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Non-blocking Performance\u003C\u002Fstrong>: Uses an asynchronous queue system to ensure zero impact on page load times\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong>: Query parameter redaction to protect sensitive data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Batching\u003C\u002Fstrong>: Efficiently sends logs in batches to minimize network overhead\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Circuit Breaker\u003C\u002Fstrong>: Automatic protection against API failures to prevent cascading issues\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Configuration\u003C\u002Fstrong>: Extensive settings for customizing what data is collected and sent\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enterprise Ready\u003C\u002Fstrong>: Supports environment variables and constants for API key configuration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>The plugin captures essential HTTP request metadata (method, path, status, timing)\u003C\u002Fli>\n\u003Cli>Data is immediately queued in a local database table with minimal overhead\u003C\u002Fli>\n\u003Cli>A background process sends batched logs to Profound’s API endpoint\u003C\u002Fli>\n\u003Cli>Failures are automatically retried with exponential backoff\u003C\u002Fli>\n\u003Cli>Your Profound dashboard provides real-time insights into your traffic\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Privacy & Security\u003C\u002Fh4>\n\u003Cp>Profound Agent Analytics is designed with privacy and security at its core:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Complete IP Tracking\u003C\u002Fstrong>: Captures full IP addresses for accurate traffic analysis and reverse DNS lookups (required for bot detection)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sensitive Data Protection\u003C\u002Fstrong>: Automatically redacts passwords, tokens, and credit card information from query parameters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Public Traffic Only\u003C\u002Fstrong>: Excludes all WordPress admin, REST API, and system paths – only tracks public visitor traffic\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Encrypted Storage\u003C\u002Fstrong>: API keys are encrypted using WordPress salts when Sodium extension is available\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Cookie Tracking\u003C\u002Fstrong>: Server-side only – does not use cookies or client-side tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance Optimized\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds less than 1ms to request processing time\u003C\u002Fli>\n\u003Cli>Efficient database operations with proper indexing\u003C\u002Fli>\n\u003Cli>Automatic cleanup of old log entries\u003C\u002Fli>\n\u003Cli>Memory-aware batching to prevent large payloads\u003C\u002Fli>\n\u003Cli>Configurable queue size limits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin sends data to Profound’s analytics service (https:\u002F\u002Fartemis.api.tryprofound.com). The data sent includes:\u003Cbr \u002F>\n– Full IP addresses (required for bot detection and traffic analysis)\u003Cbr \u002F>\n– Request URLs from public pages only (admin and system paths are excluded)\u003Cbr \u002F>\n– HTTP headers (user agent, referer)\u003Cbr \u002F>\n– Response metadata (status code, size, duration)\u003Cbr \u002F>\n– Query parameters (with sensitive values redacted)\u003C\u002Fp>\n\u003Cp>The plugin only tracks public visitor traffic. WordPress admin activity, user actions, and system operations are not collected. All data is processed in accordance with Profound’s privacy policy available at https:\u002F\u002Ftryprofound.com\u002Fprivacy-policy\u003C\u002Fp>\n\u003Ch3>System Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 6.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>MySQL 5.7+ or MariaDB 10.2+\u003C\u002Fli>\n\u003Cli>Ability to make outbound HTTPS requests\u003C\u002Fli>\n\u003Cli>WP-Cron enabled (or real cron configured)\u003C\u002Fli>\n\u003Cli>Sodium PHP extension (recommended for encryption)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact support@tryprofound.com\u003C\u002Fp>\n","Profound Agent Analytics sends lightweight HTTP request logs to Profound's analytics platform for advanced bot detection and traffic analysis.",439,"2025-12-02T21:05:00.000Z","6.0",[20,64,65,66,67],"bot-detection","performance","security","traffic-analysis","https:\u002F\u002Fdocs.tryprofound.com\u002Fagent-analytics\u002Fwordpress\u002Fintroduction","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprofound-agent-analytics.1.0.3.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":29,"num_ratings":29,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":18,"tags":83,"homepage":86,"download_link":87,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"almaweb-ai-visitor-analytics","AlmaWeb AI Visitor Analytics","1.2.0","AlmaWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Falmawebdev\u002F","\u003Cp>\u003Cstrong>Two sides of AI traffic, one powerful plugin.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With the rise of AI platforms like ChatGPT, Claude, Gemini, and Perplexity, your website faces two new realities:\u003Cbr \u002F>\n1. \u003Cstrong>AI bots scraping your content\u003C\u002Fstrong> for training and indexing\u003Cbr \u002F>\n2. \u003Cstrong>Real human visitors discovering your site through AI tools\u003C\u002Fstrong> and clicking through to visit\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AlmaWeb AI Visitor Analytics\u003C\u002Fstrong> is the only WordPress plugin that tracks BOTH:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AI Bot Detection\u003C\u002Fstrong>\u003Cbr \u002F>\nIdentify bots from major AI companies (OpenAI, Google, Meta), SEO crawlers (Ahrefs, Semrush), aggressive scrapers, and even “stealth” bots hiding behind standard User-Agents.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AI Referrer Tracking (NEW in v1.1.0)\u003C\u002Fstrong>\u003Cbr \u002F>\nTrack real human visitors coming FROM AI platforms! When someone asks ChatGPT a question and clicks a link to your site, you will see it. Understand which AI tools are sending you traffic, which pages they land on, and how diverse your AI traffic sources are.\u003C\u002Fp>\n\u003Ch4>Why AlmaWeb AI Visitor Analytics?\u003C\u002Fh4>\n\u003Cp>In a world where AIs massively consume AND distribute web content, it is crucial to know:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Who’s accessing your content\u003C\u002Fstrong> – Precisely identify each AI bot (GPTBot, ClaudeBot, Google-Extended, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>How much data is being extracted\u003C\u002Fstrong> – Measure the real impact on your bandwidth and resources\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Which pages are being targeted\u003C\u002Fstrong> – Discover what content interests AIs the most\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hidden bots\u003C\u002Fstrong> – Detect even bots that mask their identity with standard User-Agents\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>🔍 Multi-Level Detection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Level 1 – User-Agent:\u003C\u002Fstrong> Detects 190+ AI bot signatures (OpenAI, Anthropic, Google, Meta, Amazon, Apple, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Level 2 – IP Range:\u003C\u002Fstrong> Verifies official IP ranges (OpenAI, etc.) to identify masked bots\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Level 3 – Stealth Detection:\u003C\u002Fstrong> Detects invisible bots like ChatGPT Atlas that use standard browser User-Agents\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>📊 Comprehensive Dashboard\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Real-time statistics (human visits vs bots)\u003C\u002Fli>\n\u003Cli>Evolution charts with Chart.js\u003C\u002Fli>\n\u003Cli>Distribution by AI family (OpenAI, Google, Anthropic, etc.)\u003C\u002Fli>\n\u003Cli>Top 10 most active bots\u003C\u002Fli>\n\u003Cli>Top 10 most scraped pages\u003C\u002Fli>\n\u003Cli>Comparison with previous period\u003C\u002Fli>\n\u003Cli>Business KPIs: growth rate, peak hours, intent distribution\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>📋 Detailed Logs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Advanced filtering by bot type, IP, date\u003C\u002Fli>\n\u003Cli>Real-time search\u003C\u002Fli>\n\u003Cli>Full CSV export\u003C\u002Fli>\n\u003Cli>Complete details: User-Agent, IP, URL, detection method, AI family, bot intent\u003C\u002Fli>\n\u003Cli>Special badge for “invisible” bots\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>⚙️ Flexible Configuration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable\u002Fdisable tracking\u003C\u002Fli>\n\u003Cli>Bad bot blocking option (disabled by default)\u003C\u002Fli>\n\u003Cli>Configurable data retention (90 days by default)\u003C\u002Fli>\n\u003Cli>Automatic daily cleanup of old data\u003C\u002Fli>\n\u003Cli>Exclude logged-in users (optional)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>🔒 Privacy Respectful\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No data sent to third-party services\u003C\u002Fli>\n\u003Cli>All data stays in your WordPress database\u003C\u002Fli>\n\u003Cli>GDPR compliant\u003C\u002Fli>\n\u003Cli>No cookies or client-side tracking\u003C\u002Fli>\n\u003Cli>Only downloads public data (IP ranges)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Detected Bots\u003C\u002Fh4>\n\u003Cp>The plugin detects over 190 different bots in the following categories:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>AI Bots (AI Training & Inference):\u003C\u002Fstrong>\u003Cbr \u002F>\nOpenAI (GPTBot, ChatGPT-User, OAI-SearchBot, Operator), Anthropic (ClaudeBot, Claude-Web), Google AI (Google-Extended, Gemini, NotebookLM), Meta AI, Amazon Bedrock, Apple Intelligence, Perplexity, Mistral, xAI (Grok), Cohere, Character.AI, Stability AI, and 100+ others.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Search Engines:\u003C\u002Fstrong>\u003Cbr \u002F>\nGoogle, Bing, Yahoo, DuckDuckGo, Yandex, Baidu, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SEO Crawlers:\u003C\u002Fstrong>\u003Cbr \u002F>\nAhrefs, Semrush, Moz, Majestic, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scrapers & Malicious Bots:\u003C\u002Fstrong>\u003Cbr \u002F>\nContent scrapers, email collectors, attack bots, etc.\u003C\u002Fp>\n\u003Ch4>Advanced Stealth Bot Detection\u003C\u002Fh4>\n\u003Cp>Some AI bots like \u003Cstrong>ChatGPT Atlas\u003C\u002Fstrong> use standard browser User-Agents (Chrome, Safari) to go unnoticed. AlmaWeb AI Visitor Analytics detects them by verifying their IP addresses against official AI provider IP ranges.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Example:\u003C\u002Fstrong>\u003Cbr \u002F>\nA visitor with User-Agent “Mozilla\u002F5.0 Chrome\u002F…” from an IP in the OpenAI range (AS401518) will be identified as “ChatGPT Atlas” and marked with an “INVISIBLE” badge in the logs.\u003C\u002Fp>\n\u003Ch4>Performance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Minimal impact:\u003C\u002Fstrong> Optimized to not slow down your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart cache:\u003C\u002Fstrong> IP ranges are cached for 24h\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Optimized queries:\u003C\u002Fstrong> Indexes on all important columns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic cleanup:\u003C\u002Fstrong> Daily deletion of old data\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Protect your content and understand your traffic like never before.\u003C\u002Fp>\n\u003Ch3>Official Plugin Page\u003C\u002Fh3>\n\u003Cp>Visit the official plugin page for additional resources and support:\u003Cbr \u002F>\n\u003Cstrong>https:\u002F\u002Falmaweb.fr\u002Fai-visitor-analytics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Privacy & Data Protection\u003C\u002Fh3>\n\u003Cp>AlmaWeb AI Visitor Analytics takes your privacy seriously:\u003C\u002Fp>\n\u003Ch4>Data Storage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All data is stored locally in your WordPress database\u003C\u002Fli>\n\u003Cli>No external services receive any data from your site\u003C\u002Fli>\n\u003Cli>You have full control over data retention (configurable from 1 to 365 days)\u003C\u002Fli>\n\u003Cli>Automatic daily cleanup removes old data based on your settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What Data is Collected\u003C\u002Fh4>\n\u003Cp>The plugin collects the following information for each visit:\u003Cbr \u002F>\n* User-Agent string\u003Cbr \u002F>\n* IP address\u003Cbr \u002F>\n* Requested URL\u003Cbr \u002F>\n* HTTP referrer\u003Cbr \u002F>\n* Request method (GET, POST, etc.)\u003Cbr \u002F>\n* HTTP headers (Accept, Accept-Language, Accept-Encoding)\u003Cbr \u002F>\n* Timestamp\u003C\u002Fp>\n\u003Cp>This data is used solely for bot detection and traffic analysis on your own site.\u003C\u002Fp>\n\u003Ch4>GDPR Compliance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>No cookies are set by this plugin\u003C\u002Fli>\n\u003Cli>No client-side tracking or JavaScript-based analytics\u003C\u002Fli>\n\u003Cli>IP addresses are stored for bot identification purposes only\u003C\u002Fli>\n\u003Cli>You can configure data retention to comply with your privacy policy\u003C\u002Fli>\n\u003Cli>Users can request data deletion through standard WordPress data export\u002Ferasure tools\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What This Plugin Does NOT Do\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Does NOT send your data to external servers\u003C\u002Fli>\n\u003Cli>Does NOT track end-user behavior for advertising\u003C\u002Fli>\n\u003Cli>Does NOT use third-party analytics services\u003C\u002Fli>\n\u003Cli>Does NOT set cookies\u003C\u002Fli>\n\u003Cli>Does NOT require user consent (server-side logging only)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Cp>This plugin may connect to the following third-party services \u003Cstrong>only\u003C\u002Fstrong> to download publicly available bot IP ranges:\u003C\u002Fp>\n\u003Ch4>OpenAI IP Ranges\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>GPTBot:\u003C\u002Fstrong> https:\u002F\u002Fopenai.com\u002Fgptbot.json\u003C\u002Fli>\n\u003Cli>\u003Cstrong>ChatGPT-User:\u003C\u002Fstrong> https:\u002F\u002Fopenai.com\u002Fchatgpt-user.json\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SearchBot:\u003C\u002Fstrong> https:\u002F\u002Fopenai.com\u002Fsearchbot.json\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Purpose:\u003C\u002Fstrong> Verify IP addresses to detect OpenAI bots, including stealth bots like ChatGPT Atlas\u003Cbr \u002F>\n\u003Cstrong>Data sent:\u003C\u002Fstrong> None – the plugin only downloads public IP range information\u003Cbr \u002F>\n\u003Cstrong>Caching:\u003C\u002Fstrong> IP ranges are cached for 24 hours to minimize requests\u003Cbr \u002F>\n\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> https:\u002F\u002Fopenai.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch4>Important Notes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>No data from your site is ever sent to these services\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>The plugin only downloads publicly available IP range lists\u003C\u002Fli>\n\u003Cli>These requests happen server-side (not from visitors’ browsers)\u003C\u002Fli>\n\u003Cli>IP ranges are cached locally for 24 hours\u003C\u002Fli>\n\u003Cli>If the external service is unavailable, the plugin continues to work using User-Agent detection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Bundled Libraries\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Chart.js v4.5.1\u003C\u002Fstrong> (bundled locally)\u003Cbr \u002F>\n* Used for dashboard visualizations\u003Cbr \u002F>\n* No external connections required\u003Cbr \u002F>\n* Loaded only on admin pages\u003Cbr \u002F>\n* License: MIT\u003C\u002Fp>\n\u003Cp>All third-party code is included in the plugin and does not require external CDN connections.\u003C\u002Fp>\n\u003Ch3>Support & Documentation\u003C\u002Fh3>\n\u003Ch4>Getting Help\u003C\u002Fh4>\n\u003Cp>If you need help with the plugin, here are your options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Documentation:\u003C\u002Fstrong> Check the plugin settings page for inline help and tooltips\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Support Forum:\u003C\u002Fstrong> Post your questions on the WordPress.org support forum\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Official Page:\u003C\u002Fstrong> Visit https:\u002F\u002Falmaweb.fr\u002Fai-visitor-analytics for contact and support\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Reporting Bugs\u003C\u002Fh4>\n\u003Cp>If you find a bug, please report it on the WordPress.org support forum with:\u003Cbr \u002F>\n* WordPress version\u003Cbr \u002F>\n* PHP version\u003Cbr \u002F>\n* Steps to reproduce the issue\u003Cbr \u002F>\n* Any error messages you’re seeing\u003C\u002Fp>\n\u003Cp>You can also contact us directly through our official page at https:\u002F\u002Falmaweb.fr\u002Fai-visitor-analytics\u003C\u002Fp>\n\u003Ch4>Feature Requests\u003C\u002Fh4>\n\u003Cp>We welcome feature suggestions! Please submit them on the WordPress.org support forum or contact us through https:\u002F\u002Falmaweb.fr\u002Fai-visitor-analytics\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>This plugin is open source and welcomes contributions!\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>The plugin is available in French and English. To add a new language:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Copy \u003Ccode>languages\u002Falmaweb-ai-visitor-analytics.pot\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Translate using Poedit or similar tool\u003C\u002Fli>\n\u003Cli>Save as \u003Ccode>almaweb-ai-visitor-analytics-{locale}.po\u003C\u002Fcode> and compile to \u003Ccode>.mo\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Contact us through https:\u002F\u002Falmaweb.fr\u002Fai-visitor-analytics to submit your translation\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Developed by:\u003C\u002Fstrong> Yohan Ziri\u003Cbr \u002F>\n\u003Cstrong>Company:\u003C\u002Fstrong> AlmaWeb (https:\u002F\u002Falmaweb.fr)\u003Cbr \u002F>\n\u003Cstrong>License:\u003C\u002Fstrong> GPLv3 or later\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Special Thanks:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Chart.js for beautiful visualizations\u003Cbr \u002F>\n* The WordPress community for feedback and support\u003Cbr \u002F>\n* All users who help improve the bot detection library\u003C\u002Fp>\n","Monitor AI bots visiting your site AND track real visitors coming FROM AI platforms like ChatGPT, Claude, and Perplexity.",30,287,"2026-02-01T20:44:00.000Z","6.9.4","5.0",[84,20,21,85,24],"ai","seo","https:\u002F\u002Falmaweb.fr\u002Fai-visitor-analytics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Falmaweb-ai-visitor-analytics.1.2.0.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":29,"downloaded":96,"rating":29,"num_ratings":29,"last_updated":97,"tested_up_to":81,"requires_at_least":62,"requires_php":18,"tags":98,"homepage":97,"download_link":103,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":104},"campaign-ai","Campaign AI","1.0.0","campaignai2026","https:\u002F\u002Fprofiles.wordpress.org\u002Fcampaignai2026\u002F","\u003Cp>Campaign AI is a \u003Cstrong>service-connected WordPress plugin\u003C\u002Fstrong> that integrates your website with the Campaign AI fraud prevention platform.\u003C\u002Fp>\n\u003Cp>The plugin enables your site to communicate with Campaign AI’s remote analysis system, allowing traffic activity to be evaluated for signs of automated behavior, malicious access, or advertising abuse.\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Notice:\u003C\u002Fstrong>\u003Cbr \u002F>\nCampaign AI requires an \u003Cstrong>active external account\u003C\u002Fstrong>. The plugin alone does not provide fraud detection without a valid Campaign AI integration code.\u003C\u002Fp>\n\u003Ch3>How Campaign AI works\u003C\u002Fh3>\n\u003Cp>Once configured, Campaign AI observes incoming visits and sends limited technical data to its remote service.\u003Cbr \u002F>\nThis information is processed to help identify patterns commonly associated with click fraud, bots, and invalid traffic sources.\u003C\u002Fp>\n\u003Cp>The plugin communicates with the following external service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>https:\u002F\u002Fcronjob.campaign-ai.com\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Information transmitted\u003C\u002Fh3>\n\u003Cp>To function correctly, Campaign AI may transmit the following data elements to its service endpoint:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Campaign AI integration code\u003C\u002Fli>\n\u003Cli>Visitor IP address\u003C\u002Fli>\n\u003Cli>Referrer URL (if available)\u003C\u002Fli>\n\u003Cli>Time of the request\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is used strictly for traffic evaluation and fraud detection purposes.\u003C\u002Fp>\n\u003Ch3>Purpose of data processing\u003C\u002Fh3>\n\u003Cp>The transmitted information allows Campaign AI to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Detect automated or scripted traffic\u003C\u002Fli>\n\u003Cli>Identify suspicious click behavior\u003C\u002Fli>\n\u003Cli>Reduce waste from invalid advertising interactions\u003C\u002Fli>\n\u003Cli>Improve campaign performance insights\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Campaign AI does \u003Cstrong>not intentionally collect personal user information\u003C\u002Fstrong> beyond what is technically necessary to perform fraud analysis.\u003C\u002Fp>\n\u003Ch3>Account requirement\u003C\u002Fh3>\n\u003Cp>An active Campaign AI account is required to use this plugin.\u003Cbr \u002F>\nYou can register and obtain an integration code at:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>https:\u002F\u002Fwww.campaign-ai.com\u003C\u002Fstrong>\u003C\u002Fp>\n","Campaign AI integration plugin that protects websites and ad campaigns from bots and invalid traffic using real-time click fraud detection.",118,"",[99,100,64,101,102],"ad-fraud-protection","ads-security","click-fraud-prevention","invalid-traffic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcampaign-ai.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":81,"requires_at_least":118,"requires_php":97,"tags":119,"homepage":97,"download_link":124,"security_score":125,"vuln_count":126,"unpatched_count":29,"last_vuln_date":127,"fetched_at":31},"visitors-traffic-real-time-statistics","Visitor Traffic Real Time Statistics","8.5","wp-buy","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp-buy\u002F","\u003Cp>\u003Cstrong>Visitor Traffic Real-Time Statistics for WordPress\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Unlock powerful insights into your website traffic with\u003Cstrong>Visitor Traffic Real-Time Statistics\u003C\u002Fstrong>, the ultimate WordPress plugin for tracking visitors, visits, browsers, operating systems, and more — all in one intuitive dashboard.\u003C\u002Fp>\n\u003Cp>With real-time data and easy-to-use shortcodes, you’ll get a complete picture of your site’s performance without the complexity. Whether you’re a blogger, business owner, or marketer, this plugin gives you the tools to understand your audience better and make smarter decisions.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Why Choose Visitor Traffic Real-Time Statistics?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Real-Time Visitor Tracking:\u003C\u002Fstrong> See who’s visiting your site and when — in real-time.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly Dashboard:\u003C\u002Fstrong> All your key insights are displayed on a single, easy-to-navigate dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Comprehensive Analytics:\u003C\u002Fstrong> Track visitors by country, device, browser, operating system, referrer, and more.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Integration:\u003C\u002Fstrong> Display visitor stats anywhere on your site with simple shortcodes.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Insights:\u003C\u002Fstrong> Monitor keywords, search engine referrals, and traffic sources to improve your SEO performance.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Available Shortcodes (Simple & Flexible)\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Add these shortcodes to any post, page, or widget to showcase your traffic stats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[ahc_stats_widget]\u003C\u002Fcode> – Display a site-wide statistics widget on the front end.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_stats_widget title=\"Your Title\" fontsize=\"16\" display_today_visitors=true display_total_visitors=true]\u003C\u002Fcode> – Customize the widget with your own parameters.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_today_visitors]\u003C\u002Fcode> – Display today’s visitors.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_today_visits]\u003C\u002Fcode> – Display today’s page views.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_total_visitors]\u003C\u002Fcode> – Show your all-time visitor count.  \u003C\u002Fli>\n\u003Cli>\u003Ccode>[ahc_total_visits]\u003C\u002Fcode> – Display total visits to your site.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Free Version Features:\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Real-time visitor tracking and stats.  \u003C\u002Fli>\n\u003Cli>Insights into browsers, countries, hits, referrals, and searches.  \u003C\u002Fli>\n\u003Cli>Track daily, weekly, and monthly visitor trends.  \u003C\u002Fli>\n\u003Cli>Shortcodes to display key stats on your site.  \u003C\u002Fli>\n\u003Cli>Track top referring websites and keywords.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Upgrade to Pro for Even More Power!\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Take your analytics to the next level with\u003Cstrong>Visitor Traffic Real-Time Statistics Pro\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Multisite Support:\u003C\u002Fstrong> Track traffic across multiple sites in one place.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live User Tracking:\u003C\u002Fstrong> See how many people are online right now.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Interactive Google Maps:\u003C\u002Fstrong> Visualize visitor locations globally.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Page Tracking:\u003C\u002Fstrong> Identify your most popular posts and pages.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Visit Graphs:\u003C\u002Fstrong> Analyze visitor activity by the hour.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced SEO Insights:\u003C\u002Fstrong> Discover the keywords driving traffic to your site.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Reports:\u003C\u002Fstrong> Get actionable insights with easy-to-read reports.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Who Can Benefit?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Bloggers who want to track reader engagement.  \u003C\u002Fli>\n\u003Cli>E-commerce store owners looking to understand customer behavior.  \u003C\u002Fli>\n\u003Cli>Marketers seeking to optimize SEO strategies.  \u003C\u002Fli>\n\u003Cli>Website administrators who need detailed traffic analysis.  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Get Started Today!\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Install the plugin now\u003C\u002Fstrong> to gain valuable insights into your site traffic and grow your online presence.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fproduct\u002Fvisitors-traffic-real-time-statistics-pro\u002F#gopro\" rel=\"nofollow ugc\">Go PRO Now\u003C\u002Fa>\u003C\u002Fstrong> to unlock all premium features and maximize your analytics potential!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.wp-buy.com\u002Fsupport-center\u002F\" rel=\"nofollow ugc\">Visit Our Support Center\u003C\u002Fa>\u003C\u002Fstrong> for any assistance.\u003C\u002Fp>\n\u003Cp>Your website is getting visitors. Don’t miss out on the insights that can help your business grow.\u003C\u002Fp>\n","This plugin will help you to track your visitors, browsers, operating systems, visits and much more in one dashboard page.",40000,1832736,84,233,"2026-02-21T04:42:00.000Z","3.0.1",[120,121,122,24,123],"hits-counter","statistics","stats-analytics","visitor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvisitors-traffic-real-time-statistics.8.5.zip",90,8,"2026-04-03 22:10:48",{"slug":129,"name":130,"version":131,"author":132,"author_profile":133,"description":134,"short_description":135,"active_installs":136,"downloaded":137,"rating":138,"num_ratings":139,"last_updated":140,"tested_up_to":141,"requires_at_least":142,"requires_php":142,"tags":143,"homepage":97,"download_link":149,"security_score":27,"vuln_count":150,"unpatched_count":29,"last_vuln_date":151,"fetched_at":31},"clickcease-click-fraud-protection","ClickCease Click Fraud Protection","3.2.13","eranfl","https:\u002F\u002Fprofiles.wordpress.org\u002Feranfl\u002F","\u003Cp>Bots and invalid traffic can reach your site through paid, organic, and direct traffic, resulting in a wasted ad budget and disrupted marketing funnels.\u003C\u002Fp>\n\u003Cp>Prevent bots, competitors, and malicious users from damaging your marketing performance with ClickCease, the industry-leading service that keeps your website and ads safe from fraud. Quick installation and real-time protection for all your website’s incoming traffic.\u003C\u002Fp>\n\u003Cp>ClickCease protects you from invalid traffic by monitoring and protecting your:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Paid traffic (Google, Facebook, & Microsoft)\u003C\u002Fli>\n\u003Cli>Organic traffic\u003C\u002Fli>\n\u003Cli>Direct traffic\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Put a stop to ad and click fraud on your website with our market-leading AI software. Allow yourself to fully focus on growing your business without having online fraud distract you.\u003C\u002Fp>\n\u003Cp>You will need an active ClickCease subscription to use this WordPress plugin.\u003C\u002Fp>\n","Protect your website and ad campaigns from bots, competitors, and click fraud with ClickCease's advanced fraud prevention and real-time monitoring.",10000,261207,66,7,"2025-07-21T15:27:00.000Z","6.6.5","5.6",[144,145,146,147,148],"bot-protection","click-fraud","clickcease","fraud-protection","website-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclickcease-click-fraud-protection.zip",2,"2024-05-06 00:00:00",{"attackSurface":153,"codeSignals":239,"taintFlows":258,"riskAssessment":259,"analyzedAt":267},{"hooks":154,"ajaxHandlers":213,"restRoutes":234,"shortcodes":235,"cronEvents":236,"entryPointCount":237,"unprotectedCount":238},[155,161,167,171,175,180,184,188,191,195,198,201,205,210],{"type":156,"name":157,"callback":158,"file":159,"line":160},"action","admin_menu","register_admin_menu","classes\\controller\\class-tfcm-admin-controller.php",18,{"type":162,"name":163,"callback":164,"priority":165,"file":159,"line":166},"filter","default_hidden_columns","set_default_hidden_columns",10,19,{"type":156,"name":168,"callback":169,"priority":165,"file":159,"line":170},"set-screen-option","save_screen_options",20,{"type":162,"name":172,"callback":173,"priority":165,"file":159,"line":174},"hidden_columns","get_hidden_columns",21,{"type":156,"name":176,"callback":177,"file":178,"line":179},"admin_enqueue_scripts","enqueue_admin_scripts","classes\\controller\\class-tfcm-assets.php",16,{"type":156,"name":181,"callback":182,"file":178,"line":183},"wp_enqueue_scripts","enqueue_client_scripts",17,{"type":156,"name":185,"callback":186,"file":187,"line":170},"plugins_loaded","run_on_plugin_update","classes\\controller\\class-tfcm-lifecycle.php",{"type":156,"name":189,"callback":190,"file":187,"line":174},"admin_notices","display_update_notice",{"type":162,"name":192,"callback":193,"priority":165,"file":194,"line":160},"plugin_row_meta","add_meta_links","classes\\controller\\class-tfcm-plugin-links-controller.php",{"type":156,"name":196,"callback":197,"file":194,"line":166},"admin_head","add_star_styles",{"type":156,"name":196,"callback":199,"file":200,"line":166},"add_help_tab","classes\\view\\class-tfcm-help-tabs.php",{"type":156,"name":202,"callback":203,"file":204,"line":179},"in_admin_header","add_custom_header","classes\\view\\class-tfcm-view.php",{"type":156,"name":206,"callback":207,"priority":29,"file":208,"line":209},"init","tfcm_ensure_session_started","traffic-monitor.php",70,{"type":156,"name":206,"callback":211,"file":208,"line":212},"tfcm_handle_requests",121,[214,220,224,225,228,230],{"action":215,"nopriv":216,"callback":217,"hasNonce":218,"hasCapCheck":218,"file":187,"line":219},"tfcm_dismiss_export_notice",false,"handle_dismiss_export_notice",true,22,{"action":221,"nopriv":218,"callback":222,"hasNonce":216,"hasCapCheck":216,"file":223,"line":160},"tfcm_get_ip","get_client_ip","classes\\controller\\class-tfcm-request-controller.php",{"action":221,"nopriv":216,"callback":222,"hasNonce":216,"hasCapCheck":216,"file":223,"line":170},{"action":226,"nopriv":218,"callback":227,"hasNonce":216,"hasCapCheck":216,"file":223,"line":219},"tfcm_log_ajax_request","handle_ajax_request",{"action":226,"nopriv":216,"callback":227,"hasNonce":216,"hasCapCheck":216,"file":223,"line":229},24,{"action":231,"nopriv":216,"callback":232,"hasNonce":218,"hasCapCheck":218,"file":223,"line":233},"tfcm_handle_bulk_action","handle_bulk_action",26,[],[],[],6,4,{"dangerousFunctions":240,"sqlUsage":241,"outputEscaping":244,"fileOperations":29,"externalRequests":29,"nonceChecks":14,"capabilityChecks":238,"bundledLibraries":257},[],{"prepared":242,"raw":29,"locations":243},97,[],{"escaped":245,"rawEcho":238,"locations":246},75,[247,251,253,255],{"file":248,"line":249,"context":250},"classes\\view\\class-tfcm-log-table.php",218,"raw output",{"file":248,"line":252,"context":250},239,{"file":248,"line":254,"context":250},265,{"file":248,"line":256,"context":250},278,[],[],{"summary":260,"deductions":261},"The \"traffic-monitor\" plugin v3.2.7 presents a mixed security posture.  On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping the vast majority of its output.  Furthermore, there are no detected dangerous functions, file operations, or external HTTP requests, and the plugin does not bundle any libraries, which reduces the attack surface related to known library vulnerabilities.\n\nHowever, significant concerns arise from the plugin's attack surface. It exposes six AJAX handlers, of which a substantial four lack proper authentication checks. This presents a clear opportunity for unauthorized users to interact with sensitive functionalities. The presence of a past medium-severity vulnerability, specifically related to missing authorization, further amplifies this concern, suggesting a recurring pattern of authorization issues.\n\nIn conclusion, while the plugin has strengths in its database interaction and output handling, the unprotected AJAX endpoints are a critical weakness. The history of a missing authorization vulnerability reinforces this as a potential area of exploitation.  The plugin is currently patched against known CVEs, which is a positive sign, but the inherent design flaws in the AJAX handler security require immediate attention.",[262,264],{"reason":263,"points":165},"Unprotected AJAX handlers",{"reason":265,"points":266},"Past medium severity vulnerability (missing authorization)",15,"2026-03-16T19:08:16.532Z",{"wat":269,"direct":282},{"assetPaths":270,"generatorPatterns":274,"scriptPaths":275,"versionParams":278},[271,272,273],"\u002Fwp-content\u002Fplugins\u002Ftraffic-monitor\u002Fassets\u002Fjs\u002Ftfcm-admin-script.js","\u002Fwp-content\u002Fplugins\u002Ftraffic-monitor\u002Fassets\u002Fcss\u002Ftfcm-admin-style.css","\u002Fwp-content\u002Fplugins\u002Ftraffic-monitor\u002Fassets\u002Fjs\u002Ftfcm-client-script.js",[],[276,277],"assets\u002Fjs\u002Ftfcm-admin-script.js","assets\u002Fjs\u002Ftfcm-client-script.js",[279,280,281],"traffic-monitor\u002Fassets\u002Fjs\u002Ftfcm-admin-script.js?ver=","traffic-monitor\u002Fassets\u002Fcss\u002Ftfcm-admin-style.css?ver=","traffic-monitor\u002Fassets\u002Fjs\u002Ftfcm-client-script.js?ver=",{"cssClasses":283,"htmlComments":284,"htmlAttributes":285,"restEndpoints":286,"jsGlobals":287,"shortcodeOutput":290},[],[],[],[],[288,289],"tfcmAdmin","tfcmClientAjax",[]]