[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6CeFs5q-OzfiKqXn3H5h2O4Dc9rSEsjfGjLRLtGIdRE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":14,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":47,"crawl_stats":37,"alternatives":50,"analysis":140,"fingerprints":251},"userheat","UserHeat Plugin","1.1.11","hayata","https:\u002F\u002Fprofiles.wordpress.org\u002Fhayata\u002F","\u003Cp>UserHeat is free heatmap analytics plugin to visualize user behavior\u003Cbr \u002F>\nboth PC and smartphone.\u003Cbr \u002F>\nIt takes just one step and 30 seconds to start analysis.\u003C\u002Fp>\n\u003Cp>The key features of the plugin are:\u003C\u002Fp>\n\u003Cp>・3 Heatmap(gaze,click,mouse track) reveals see exactly where your\u003Cbr \u002F>\nvisitors click on the page, see how much attention a specific area\u003Cbr \u002F>\ngets by thermography\u003C\u002Fp>\n\u003Cp>・Optimize forms usability to improve submission rates.\u003C\u002Fp>\n\u003Cp>・It is available not only for PC but also smartphones and tablet devices.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fen.userheat.com\" rel=\"nofollow ugc\">userheat\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Free heatmaps plugin for web analytics, on both PC and smartphone.",6000,35492,100,1,"2024-04-01T07:58:00.000Z","5.6.17","4.2","5.4",[20,21,22,23,24],"analytics","analyze","click","heatmap","japanese","http:\u002F\u002Fuserheat.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuserheat.1.1.11.zip",85,0,"2023-11-07 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2023-47553","userheat-plugin-cross-site-request-forgery","UserHeat Plugin \u003C= 1.1.10 - Cross-Site Request Forgery","The UserHeat Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.10. This is due to missing or incorrect nonce validation on the settingPage() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.1.10","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-01-17 12:17:30",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc03b5670-9f7e-4001-ba90-197559b794a1?source=api-prod",438,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":46,"trust_score":48,"computed_at":49},69,"2026-04-04T03:39:06.165Z",[51,70,86,104,120],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":68,"download_link":69,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"aurora-heatmap","Aurora Heatmap","1.7.1","r3098","https:\u002F\u002Fprofiles.wordpress.org\u002Fr3098\u002F","\u003Cp>Goddess Aurora is said to give light to the user world.\u003Cbr \u002F>\nThe name “Aurora Heatmap” visualizes user behavior with a beautiful heatmap.\u003Cbr \u002F>\nBringing light to the activation and optimization of your website.\u003C\u002Fp>\n\u003Ch4>The most important thing in site management.\u003C\u002Fh4>\n\u003Cp>That is, \u003Cem>Is the user satisfied?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Where do users see and move through the content?\u003C\u002Fli>\n\u003Cli>Whether the user is not confused?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Aurora Heatmap is the \u003Cstrong>strongest tool\u003C\u002Fstrong> for visualizing it.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Are you guiding users well?\u003C\u002Fli>\n\u003Cli>Conversion rate\u003C\u002Fli>\n\u003Cli>Are you missing out on prospects and readers?\u003C\u002Fli>\n\u003Cli>How is it evaluated by Google?\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You will be able to see the points of improvement.\u003C\u002Fp>\n\u003Ch4>Plugin features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>\u003Cem>No Coding\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>\u003Cem>No Setting\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You just install and activate the plugin.\u003Cbr \u002F>\nNo troublesome user registration or setup is required.\u003Cbr \u002F>\nIt works as default in most WordPress environments.\u003Cbr \u002F>\nAnd Aurora Heatmap is \u003Cstrong>complete with just plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The free version can check the click heat map of PC and mobile, and can be used on any number of sites.\u003Cbr \u002F>\nEven if it is free, there is no limit due to the number of PV and analysis pages.\u003C\u002Fp>\n\u003Ch4>Special notes\u003C\u002Fh4>\n\u003Cp>If it does not work well when used with a cache plugin, turn off JavaScript-related optimization, or exclude jQuery and Aurora Heatmap measurement script (reporter.js) from optimization.\u003Cbr \u002F>\nFor more details, please refer to \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap#oc-1\" rel=\"nofollow ugc\">official site description page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Aurora Heatmap can be used with the following cache plugins.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP Rocket\u003C\u002Fli>\n\u003Cli>W3 Total Cache\u003C\u002Fli>\n\u003Cli>WP Super Cache\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage and support\u003C\u002Fh4>\n\u003Cp>More detailed usage and FAQs are provided on the \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap\" rel=\"nofollow ugc\">Aurora Heatmap official site\u003C\u002Fa>.\u003Cbr \u002F>\nIf you can’t find the answer to your question in those documents, use the WordPress.org \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Faurora-heatmap\u002F\" rel=\"ugc\">support forum\u003C\u002Fa>.\u003Cbr \u002F>\nThe premium version has priority email support.\u003C\u002Fp>\n\u003Ch4>About privacy\u003C\u002Fh4>\n\u003Cp>This plugin \u003Cstrong>does not\u003C\u002Fstrong> perform the following operations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User tracking\u003C\u002Fli>\n\u003Cli>Send recorded data to external server\u003C\u002Fli>\n\u003Cli>Use of cookies\u003C\u002Fli>\n\u003Cli>Record of personally identifiable data including IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Aurora Heatmap Free version 90 seconds demo\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3W17Gg_vbHg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Beautiful like an aurora! A simple WordPress heatmap that can be completed with just a plugin.",20000,357256,94,7,"2025-04-14T09:25:00.000Z","6.8.0","4.9","7.0",[20,21,22,23,24],"https:\u002F\u002Fmarket.seous.info\u002Faurora-heatmap","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faurora-heatmap.1.7.1.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":28,"num_ratings":28,"last_updated":80,"tested_up_to":81,"requires_at_least":82,"requires_php":82,"tags":83,"homepage":84,"download_link":85,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"user-insight","User Insight WordPress Plugin","1.0.5","userlocal","https:\u002F\u002Fprofiles.wordpress.org\u002Fuserlocal\u002F","\u003Cp>説明\u003C\u002Fp>\n\u003Cp>このプラグインはWordPressのデータをアクセス解析ツールUser Insightで計測するためのプラグインです。\u003Cbr \u002F>\nデータを解析するため、このプラグインは nakanohito.jp のドメインと通信します。\u003Cbr \u002F>\n1分程度の簡単な設定でWordPressページにUser Insightのタグを設置できます。\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fui.userlocal.jp\" rel=\"nofollow ugc\">User Insightについてより詳しく見る\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","ヒートマップ対応アクセス解析ツールUser InsightのWordPressプラグインです。簡単な設定ですぐにUser Insightでデータを計測できるようになります。",200,3987,"2021-11-02T09:43:00.000Z","5.8.13","",[20,21,22,23,24],"https:\u002F\u002Fui.userlocal.jp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-insight.1.0.5.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":28,"num_ratings":28,"last_updated":96,"tested_up_to":81,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":102,"download_link":103,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"mieruca-heatmap-tag-manager","ミエルカヒートマップ タグマネージャー","1.0.0","Faber Company Inc.","https:\u002F\u002Fprofiles.wordpress.org\u002Ffabercompany\u002F","\u003Cp>無料で使えるヒートマップツール、『ミエルカヒートマップ』のタグ設置が簡単にできるプラグインです。\u003C\u002Fp>\n\u003Ch4>ミエルカヒートマップとは？\u003C\u002Fh4>\n\u003Cp>SEO対策サービス『\u003Ca href=\"https:\u002F\u002Fmieru-ca.com\u002F\" rel=\"nofollow ugc\">ミエルカ\u003C\u002Fa>』の姉妹プロダクト。\u003Cbr \u002F>\n以下の3種類のヒートマップから、売上、SEO流入、CVR改善を見える化し、UI\u002FUX改善へのヒントをご提供します。\u003Cbr \u002F>\n    – スクロールヒートマップ: Googleアナリティクスではわからない「ページ内での離脱箇所」を可視化\u003Cbr \u002F>\n    – クリックヒートマップ: ページ内でよくクリックされている場所を可視化、コンバージョンを妨げているクリック場所がないか確認可能\u003Cbr \u002F>\n    – アテンションヒートマップ: 訪問者がどのコンテンツに注目しているかを可視化、CV改善へのヒントに活用可能\u003Cbr \u002F>\n– 複数のアクセス端末 (PC 、スマートフォン、タブレット) 毎に解析可能、レスポンシブ時代の新たな分析にご活用ください。\u003C\u002Fp>\n\u003Cp>より詳しい機能は\u003Ca href=\"https:\u002F\u002Fmieru-ca.com\u002Fheatmap\u002F\" rel=\"nofollow ugc\">ミエルカヒートマップの公式サイト\u003C\u002Fa>でご確認ください。\u003C\u002Fp>\n","無料で使えるヒートマップツール、ミエルカヒートマップのタグ設置が簡単にできるプラグインです。 This is the plugin to introduce the tag of the free heatmap service \"Mieruca Heatmap\" easily.",800,3830,"2025-10-27T13:55:00.000Z","5.0","7.3",[20,21,22,100,101],"read","scroll","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmieruca-heatmap-tag-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmieruca-heatmap-tag-manager.zip",{"slug":23,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":111,"downloaded":112,"rating":28,"num_ratings":28,"last_updated":113,"tested_up_to":114,"requires_at_least":82,"requires_php":82,"tags":115,"homepage":118,"download_link":119,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"Heatmap Plugin","1.3","DimitryKislichenko","https:\u002F\u002Fprofiles.wordpress.org\u002Fdimitrykislichenko\u002F","\u003Cp>This plugin will help you to analyze where people click on your site. As the result you will discover where better to place banners, how to organize navigation, where to put advertisements like AdSense and more. The heatmap of clicks can show you what works – which links people did find and click on.\u003C\u002Fp>\n\u003Cp>After you activated plugin, go to main page of your blog. If you are authenticated as administrator, at the top you will see small arrow.\u003C\u002Fp>\n","This plugin will help you to analyze where people click on your site. As the result you will discover where better to place banners, how to organize n &hellip;",30,11044,"2009-03-11T12:05:00.000Z","2.7.1",[116,117,23],"clickmap","clicks-analyzer","http:\u002F\u002Fwpheatmap.oufel.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheatmap.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":82,"tags":135,"homepage":138,"download_link":139,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"wp-super-heatmap","WP Super Heatmap","0.1.0","Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Frfrankel\u002F","\u003Cp>This plugin was created to give WordPress users a simple way of creating heatmaps for their website without any cost and without using third-party services.  All of the click-track data is stored locally and the heatmap is also calculated on your own server.  I tried to make the interface as simple as possible and anyone should be able to use this plugin without much trouble.\u003C\u002Fp>\n\u003Cp>Please note that this is currently an Alpha release of this plugin and please report any bugs to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fryan-frankel\u002Fwp_super_heatmap\u002Fissues?sort=created&direction=desc&state=open\" rel=\"nofollow ugc\">our GitHub repository.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also visit this plugins \u003Ca href=\"http:\u002F\u002Fwp-super-heatmap.swampedpublishing.com\u002F\" rel=\"nofollow ugc\">homepage to leave feedback\u003C\u002Fa> and to also get more detailed information about the plugin.  If you have ideas to improve the plugin please leave your comments on that page.\u003C\u002Fp>\n","This plugin tracks user clicks and creates a heatmap for your website. All data is stored locally and no third-party service is used. Completely free!",10,7117,60,2,"2011-11-15T21:21:00.000Z","3.2.1","3.0",[20,136,116,137,23],"click-map","heat-map","http:\u002F\u002FURI_Of_Page_Describing_Plugin_and_Updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-super-heatmap.0.1.0.zip",{"attackSurface":141,"codeSignals":165,"taintFlows":210,"riskAssessment":237,"analyzedAt":250},{"hooks":142,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":28,"unprotectedCount":28},[143,149,153,157],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_init","i18n","userheat.php",35,{"type":144,"name":150,"callback":151,"file":147,"line":152},"admin_menu","addPage",36,{"type":144,"name":154,"callback":155,"file":147,"line":156},"wp_footer","pushTag",37,{"type":144,"name":158,"callback":159,"file":147,"line":160},"init","closure",39,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":209},[],{"prepared":28,"raw":28,"locations":168},[],{"escaped":28,"rawEcho":170,"locations":171},18,[172,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207],{"file":173,"line":62,"context":174},"admin.php","raw output",{"file":173,"line":176,"context":174},8,{"file":173,"line":178,"context":174},9,{"file":173,"line":180,"context":174},15,{"file":173,"line":182,"context":174},17,{"file":173,"line":184,"context":174},31,{"file":173,"line":186,"context":174},66,{"file":173,"line":188,"context":174},75,{"file":173,"line":190,"context":174},84,{"file":173,"line":192,"context":174},93,{"file":173,"line":194,"context":174},102,{"file":173,"line":196,"context":174},126,{"file":173,"line":198,"context":174},137,{"file":173,"line":200,"context":174},157,{"file":173,"line":202,"context":174},159,{"file":173,"line":204,"context":174},181,{"file":173,"line":206,"context":174},188,{"file":147,"line":208,"context":174},67,[],[211,229],{"entryPoint":212,"graph":213,"unsanitizedCount":14,"severity":228},"settingPage (userheat.php:87)",{"nodes":214,"edges":225},[215,220],{"id":216,"type":217,"label":218,"file":147,"line":219},"n0","source","$_POST['groupid']",113,{"id":221,"type":222,"label":223,"file":147,"line":219,"wp_function":224},"n1","sink","update_option() [Settings Manipulation]","update_option",[226],{"from":216,"to":221,"sanitized":227},false,"low",{"entryPoint":230,"graph":231,"unsanitizedCount":14,"severity":228},"\u003Cuserheat> (userheat.php:0)",{"nodes":232,"edges":235},[233,234],{"id":216,"type":217,"label":218,"file":147,"line":219},{"id":221,"type":222,"label":223,"file":147,"line":219,"wp_function":224},[236],{"from":216,"to":221,"sanitized":227},{"summary":238,"deductions":239},"The \"userheat\" plugin v1.1.11 presents a mixed security posture. On the positive side, it demonstrates good practices in handling SQL queries, exclusively using prepared statements, and the static analysis shows no dangerous functions, file operations, external HTTP requests, or bundled libraries.  Furthermore, there are no critical or high-severity taint flows identified, and all known CVEs appear to be patched.  However, significant concerns arise from the complete lack of output escaping, meaning all 18 identified output points are vulnerable to Cross-Site Scripting (XSS) attacks.  The absence of nonce checks and capability checks on all entry points, combined with a complete lack of output escaping, creates a substantial risk of Cross-Site Request Forgery (CSRF) and XSS vulnerabilities, especially if any of the entry points were to handle user-supplied data. The plugin's vulnerability history, while currently clear of unpatched issues, previously had a medium-severity vulnerability related to CSRF, which aligns with the potential risks identified in the code analysis due to missing CSRF protection mechanisms. This plugin has strengths in database interaction but exhibits critical weaknesses in output sanitization and input validation.",[240,243,245,247],{"reason":241,"points":242},"Unescaped output on all 18 outputs",20,{"reason":244,"points":128},"Missing nonce checks on all entry points",{"reason":246,"points":128},"Missing capability checks on all entry points",{"reason":248,"points":249},"1 medium vulnerability in history (CSRF)",5,"2026-03-16T18:04:24.789Z",{"wat":252,"direct":262},{"assetPaths":253,"generatorPatterns":258,"scriptPaths":259,"versionParams":261},[254,255,256,257],"\u002Fwp-content\u002Fplugins\u002Fuserheat\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fuserheat\u002Fcss\u002Fsite.css","\u002Fwp-content\u002Fplugins\u002Fuserheat\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fuserheat\u002Fjs\u002Fsite.min.js",[],[260],"\u002F\u002Fuh.nakanohito.jp\u002Fuhj2\u002Fuh.js",[],{"cssClasses":263,"htmlComments":267,"htmlAttributes":270,"restEndpoints":271,"jsGlobals":272,"shortcodeOutput":275},[264,265,266],"uh-css-bootstrap","uh-css-site","uh-css-admin",[268,269],"\u003C!-- User Heat Tag -->","\u003C!-- End User Heat Tag -->",[],[],[273,274],"UserHeatTag","_uhtracker",[]]