[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJqOdd08UrKD9trWqA_rXIT8yN76XYSeXiBvKWrAC4hc":3},{"slug":4,"name":5,"version":6,"author":4,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":50,"analysis":145,"fingerprints":355},"usermaven","Usermaven","1.2.7","https:\u002F\u002Fprofiles.wordpress.org\u002Fusermaven\u002F","\u003Cp>Usermaven helps marketing and product teams turn more visitors into customers, get more people to use the product, and keep them coming back. No more guessing or relying on intuition – let data drive your success.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Effortless, no-code event tracking: Unlike other tools, Usermaven eliminates dependence on developers for tracking key actions performed by users on your website or app, including comprehensive WooCommerce store analytics.\u003C\u002Fli>\n\u003Cli>Analyze your marketing channels to increase ROI. See which traffic sources or campaigns are bringing in the most conversions and sales.\u003C\u002Fli>\n\u003Cli>Track and compare the performance of your marketing campaigns with UTMs.\u003C\u002Fli>\n\u003Cli>Track individual user behavior to understand their interests. See what they’re paying attention to, and make informed decisions.\u003C\u002Fli>\n\u003Cli>Get accurate stats with Adblocker bypassing and cookie-less tracking.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce Integration\u003C\u002Fh4>\n\u003Cp>Usermaven automatically tracks all essential WooCommerce events to give you deep insights into your store’s performance:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Product Views: Track when customers view product pages\u003C\u002Fli>\n\u003Cli>Cart Actions: Monitor add-to-cart, remove-from-cart, and cart updates\u003C\u002Fli>\n\u003Cli>Checkout Process: Follow users through each step of your checkout funnel\u003C\u002Fli>\n\u003Cli>Purchase Events: Capture successful purchases with complete order details\u003C\u002Fli>\n\u003Cli>Product Categories: Understand which product categories drive the most interest\u003C\u002Fli>\n\u003Cli>Revenue Analytics: Get detailed revenue reports and purchase patterns\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Usermaven?\u003C\u002Fh4>\n\u003Cp>Most firms try to use complex and expensive analytics platforms like Mixpanel or Amplitude but never get around to properly configuring them to get meaningful insights. You need a product analytics solution that’s easy to setup and has ready-made templates to generate actionable insights for making data-backed growth decisions.\u003C\u002Fp>\n\u003Cp>That’s why we built Usermaven, the new data scientist in your team. We are making product analytics affordable, easy to setup and simple to maintain.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Super Simple – Designed to be simple and intuitive in every way, without complexity or clutter to distract you. WooCommerce events are tracked automatically with zero configuration needed.\u003C\u002Fli>\n\u003Cli>Privacy Compliance – We’ve designed Usermaven to comply with GDPR and CCPA regulations from day one.\u003C\u002Fli>\n\u003Cli>System Security – We apply the latest security standards and take measures to ensure your data is safe with us.\u003C\u002Fli>\n\u003C\u002Ful>\n","Usermaven's web analytics product is a Google Analytics alternative that provides a real-time view of your website traffic metrics.",1000,13296,100,3,"2026-01-14T09:30:00.000Z","6.8.5","3.0.1","5.6",[19,20,21,22,23],"analytics","google-analytics-alternative","privacy","stats","web-analytics","https:\u002F\u002Fgithub.com\u002Fusermaven\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fusermaven.1.2.7.zip",99,1,0,"2025-03-28 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-31079","usermaven-cross-site-request-forgery","Usermaven \u003C= 1.2.1 - Cross-Site Request Forgery","The Usermaven plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2.1","1.2.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-04-02 15:16:25",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F95b82437-e63c-4762-9193-40ea74dbf1c9?source=api-prod",6,{"slug":4,"display_name":4,"profile_url":7,"plugin_count":27,"total_installs":10,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":26,"computed_at":49},"2026-04-04T00:36:42.057Z",[51,72,88,108,126],{"slug":52,"name":53,"version":54,"author":55,"author_profile":56,"description":57,"short_description":58,"active_installs":59,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":69,"download_link":70,"security_score":26,"vuln_count":13,"unpatched_count":28,"last_vuln_date":71,"fetched_at":30},"plausible-analytics","Plausible Analytics","2.5.6","Plausible Insights OÜ","https:\u002F\u002Fprofiles.wordpress.org\u002Fplausible\u002F","\u003Cp>Plausible Analytics is an easy-to-use, open source, lightweight and privacy-friendly web analytics alternative to Google Analytics.\u003C\u002Fp>\n\u003Cp>Plausible Analytics doesn’t use cookies and is fully compliant with GDPR, CCPA and PECR. Made and hosted in the EU, powered by European-owned cloud infrastructure 🇪🇺.\u003C\u002Fp>\n\u003Cp>Take a look at \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fplausible.io\" rel=\"nofollow ugc\">the live demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You need a subscription to Plausible Analytics to track your stats. There’s a free 30-day trial with no credit card required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We’re completely independent, self-funded, bootstrapped and debt-free. We’re not interested in raising funds or taking investment. We choose the subscription business model rather than surveillance capitalism. We’re operating a sustainable project funded solely by the fees that our subscribers pay us.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fplausible.io\u002F\" rel=\"nofollow ugc\">Visit our website\u003C\u002Fa> for full details.\u003C\u002Fp>\n\u003Ch3>Why use Plausible?\u003C\u002Fh3>\n\u003Cp>Google Analytics is frustrating to use, difficult to understand, slow to load and privacy-invasive. That’s why we built Plausible Analytics, a simple but powerful, lightweight, open source and privacy-friendly alternative.\u003C\u002Fp>\n\u003Cp>Here’s what makes Plausible a great Google Analytics alternative and why over 16,000 paying subscribers trust us with their website and business insights:\u003C\u002Fp>\n\u003Ch3>Smooth transition from Google Analytics\u003C\u002Fh3>\n\u003Cp>Plausible features a realtime dashboard, entry pages report and integration with Search Console. You can track your paid campaigns and conversions. You can invite team members. You can even \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fgoogle-analytics-import\" rel=\"nofollow ugc\">import your historical stats from Google Analytics\u003C\u002Fa>. Learn how to get the most out of \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fdocs\u002Fyour-plausible-experience\" rel=\"nofollow ugc\">your Plausible experience\u003C\u002Fa> and join thousands who have already migrated from Google Analytics.\u003C\u002Fp>\n\u003Ch3>Simple analytics at a glance\u003C\u002Fh3>\n\u003Cp>Plausible is simple analytics. It is easy to understand and it cuts through the noise. Check your site traffic and get all the essential insights on one page in one minute. There are no layers of menus, there is no need for you to build custom reports, custom dashboards or PowerPoint documents.\u003C\u002Fp>\n\u003Ch3>Lightweight script that keeps your site speed fast\u003C\u002Fh3>\n\u003Cp>Plausible is lightweight analytics. Our script is 75 times smaller than Google Analytics. Your page weight will be cut down, your site will load faster and you’ll reduce your carbon footprint for a greener and more sustainable web. A site with 100,000 monthly visitors can save 8.2 kg of CO2 emissions per year by switching.\u003C\u002Fp>\n\u003Ch3>No need for cookie banners or GDPR consent\u003C\u002Fh3>\n\u003Cp>Plausible is privacy-friendly analytics. All the site measurement is carried out absolutely anonymously. Cookies are not used and no personal data is collected. There are no persistent identifiers. No cross-site or cross-device tracking either. Your site data is not used for any other purposes. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.\u003C\u002Fp>\n\u003Ch3>Track events and marketing campaigns\u003C\u002Fh3>\n\u003Cp>Plausible is useful. Segment your audience by any metric you click on. Answer the important questions about your visitors, content and referral sources. Analyze paid campaigns using UTM parameters. Track scroll depth, site search terms, outbound link clicks, cloaked affiliate link clicks, file downloads, form completions, 404 error pages, post authors, post categories and custom taxonomies without manually configuring anything or writing any code.\u003C\u002Fp>\n\u003Ch3>Built-in WooCommerce and Easy Digital Downloads analytics\u003C\u002Fh3>\n\u003Cp>Plausible provides automated WooCommerce and Easy Digital Downloads analytics solutions to track conversions, revenue and attribution. Activities tracked include adding to cart, removing from cart, entering checkout and completing a purchase. A purchase funnel looking at the user journey from viewing a product to making a purchase is enabled to help you see the drop-off rates between the different steps, understand your cart abandonment rate and increase your conversions.\u003C\u002Fp>\n\u003Ch3>Invite team members and share your dashboard\u003C\u002Fh3>\n\u003Cp>Plausible is shareable. Your stats are private by default but you can choose to be transparent and make them public so anyone with your custom link can view them. You can also share your stats privately by generating a secure link. This link is impossible to guess but you can add password protection for extra security. You can invite team members and assign user roles too.\u003C\u002Fp>\n\u003Ch3>Transparent and open source software\u003C\u002Fh3>\n\u003Cp>Plausible is open source analytics. Our source code is available and accessible on GitHub so anyone can read it, inspect it and review it to verify that our actions match with our words. We welcome feedback and have a public roadmap. If you’re happy to manage your own infrastructure, you can self-host Plausible too.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Our product is updated several times per week and with our WordPress plugin you always have access to all the latest features\u003C\u002Fli>\n\u003Cli>Automatically includes tracking code in the header of your site\u003C\u002Fli>\n\u003Cli>Simple plugin settings page with easy options and an onboarding guide \u003C\u002Fli>\n\u003Cli>Get more accurate stats and count those who use adblockers by running the Plausible script as a first-party connection from your domain name\u003C\u002Fli>\n\u003Cli>View your Plausible stats directly in your WordPress dashboard (you can grant access to other user roles too)\u003C\u002Fli>\n\u003Cli>Tracking of admin users is disabled by default (you can also disable tracking of other user roles)\u003C\u002Fli>\n\u003Cli>Enable WooCommerce or Easy Digital Downloads revenue tracking\u003C\u002Fli>\n\u003Cli>Enable file downloads, external link clicks, cloaked affiliate link clicks, site search terms, form completions and 404 error pages tracking \u003C\u002Fli>\n\u003Cli>Enable automated tracking of post authors, post categories and custom taxonomies for better content analysis\u003C\u002Fli>\n\u003Cli>Custom events and custom dimensions can be setup using CSS class names directly in the WordPress editor, no JS knowledge needed\u003C\u002Fli>\n\u003Cli>Integrate with Google Search Console so you can see search queries people use to find your site in Google’s search results\u003C\u002Fli>\n\u003Cli>Import your historical Google Analytics stats\u003C\u002Fli>\n\u003Cli>Keep an eye on your traffic with weekly and\u002For monthly email and Slack reports\u003C\u002Fli>\n\u003Cli>Get traffic spike notifications via email or Slack so you don’t miss being on the Hacker News\u003C\u002Fli>\n\u003Cli>Tag your paid ads, emails and social media posts with UTM tags and analyze your ecommerce and marketing campaigns from click to conversion using marketing funnels \u003C\u002Fli>\n\u003Cli>Filter the dashboard by any metric that you click on to get further insights. Mix and match filters too\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For more information: \u003Ca href=\"https:\u002F\u002Fplausible.io\u002Fwordpress-analytics-plugin\" rel=\"nofollow ugc\">How to setup Plausible Analytics WordPress plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Plausible Analytics is a privacy-friendly web analytics plugin for WordPress that is an easy-to-use, lightweight and more accurate  alternative to Goo &hellip;",10000,343380,98,30,"2026-02-17T10:56:00.000Z","6.9.4","5.9","7.2",[19,68,21,22,23],"google-analytics","https:\u002F\u002Fplausible.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplausible-analytics.2.5.6.zip","2023-08-16 00:00:00",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":28,"num_ratings":28,"last_updated":82,"tested_up_to":15,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":86,"download_link":87,"security_score":12,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"trackboxx-analytics","Trackboxx Analytics","1.4.0","Christian","https:\u002F\u002Fprofiles.wordpress.org\u002Ffastwpde\u002F","\u003Cp>\u003Cstrong>\u003Cem>GDPR-compliant web analytics without cookies!\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\nAnalyze and evaluate the visitor statistics of your website – simply and 100% GDPR compliant.\u003Cbr \u002F>\nTrackboxx – Visitor tracking Made in Germany.\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Fapp.trackboxx.com\u002Fpublic\u002Fshare\u002FBOxLaq5ByROPchnQlkzoXASgHWPCH8ZgwzEZbX7a\" rel=\"nofollow ugc\">Check out our live demo\u003C\u002Fa> OR \u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002F\" rel=\"nofollow ugc\">sign up for a free 30-day trial\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>You need a subscription to Trackboxx Analytics to track your stats. There’s a free 30-day trial with no credit card required.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Note: With our “Free Plan,” you can use Trackboxx 100% free – up to 2,500 pageviews a month with limited features. Our paid plans start at €5\u002Fmonth. Use the 30-day free trial with unlimited usage without the need for a credit card.\u003C\u002Fp>\n\u003Ch3>Why Use Trackboxx?\u003C\u002Fh3>\n\u003Cp>Navigating Google Analytics can be cumbersome, perplexing, laggy, and invasive in terms of privacy. Here’s where Trackboxx Analytics steps in – a streamlined, potent, feather-light, open-source, and privacy-conscious solution. Here’s why Trackboxx stands out as an outstanding alternative to Google Analytics:\u003C\u002Fp>\n\u003Ch3>Third-Party Service Terms\u003C\u002Fh3>\n\u003Cp>Before using this plugin, it is recommended to review the terms of use and privacy policies of the Trackboxx service:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">Trackboxx Terms of Use\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Trackboxx Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using this plugin, you acknowledge and agree to the terms and policies of the third-party service.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This documentation is provided for legal protection, ensuring that users are informed about the integration with third-party services. Please keep this information up to date to reflect any changes in service usage or associated terms.\u003C\u002Fp>\n\u003Ch3>Why Trackboxx\u003C\u002Fh3>\n\u003Cp>Privacy-first analytics for WordPress site owners and shop operators. 100% SaaS (not self-hosted) with a quick setup via plugin or code snippet. Start on the free plan or use our 30-day Trial with no credt Card required. Upgrade anytime for advanced features.\u003C\u002Fp>\n\u003Ch3>Simple Insights, Not Overwhelm\u003C\u002Fh3>\n\u003Cp>Clear live dashboard with page and landing-page reports—no complex menus or custom report building required.\u003C\u002Fp>\n\u003Ch3>E-Commerce Tracking\u003C\u002Fh3>\n\u003Cp>Full online shop analytics: sales, orders, revenue, average order value, and conversion rates. Track cart and checkout funnels, including cart abandonment. Works great with WooCommerce; more platforms via integrations.\u003C\u002Fp>\n\u003Ch3>Privacy & Compliance\u003C\u002Fh3>\n\u003Cp>Anonymous measurement by design—no cookies and no consent banners required. GDPR-friendly data handling with data minimization.\u003C\u002Fp>\n\u003Ch3>Performance\u003C\u002Fh3>\n\u003Cp>Lightweight tracking script that keeps your site fast and responsive.\u003C\u002Fp>\n\u003Ch3>Campaigns, Goals & Segments\u003C\u002Fh3>\n\u003Cp>Set up goals in minutes and track marketing campaigns (e.g., UTM). Break down performance by traffic sources, content, device, and more.\u003C\u002Fp>\n\u003Ch3>Team & Sharing\u003C\u002Fh3>\n\u003Cp>Invite team members, assign user roles, and share read-only views securely.\u003C\u002Fp>\n\u003Ch3>WordPress Integration\u003C\u002Fh3>\n\u003Cp>Automatic insertion of the tracking code in your site’s header. Clean settings page with clear options. View Trackboxx stats directly in your WordPress dashboard. Opt-out option for visitors included.\u003C\u002Fp>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Cp>Install the plugin, connect your Trackboxx site ID, and you’re ready to go—start free, upgrade when you need more.\u003C\u002Fp>\n\u003Ch3>Additional Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easy onboarding\u003C\u002Fli>\n\u003Cli>Automatically includes tracking code in the header of your site\u003C\u002Fli>\n\u003Cli>Simple plugin settings page with clear options\u003C\u002Fli>\n\u003Cli>View your Trackboxx stats directly in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>OptOut Option\u003C\u002Fli>\n\u003Cli>Activation of e-commerce options (coming soon)\u003C\u002Fli>\n\u003Cli>Set up goals\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setting up this WordPress Plugin\u003C\u002Fh3>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin communicates with two external domains operated by Trackboxx:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Script loading (\u003Ccode>cdn.trackboxx.info\u003C\u002Fcode>)\u003C\u002Fstrong> – When a page on your site loads, the Trackboxx tracking script is downloaded from \u003Ccode>https:\u002F\u002Fcdn.trackboxx.info\u002Fp\u002Ftracker.js\u003C\u002Fcode>. This request retrieves the JavaScript file and does not transmit any visitor data beyond the standard HTTP request for the script.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Event endpoint (\u003Ccode>hit.trackboxx.info\u003C\u002Fcode>)\u003C\u002Fstrong> – After the script is loaded, anonymised visit data and e‑commerce events are sent to \u003Ccode>https:\u002F\u002Fhit.trackboxx.info\u002Fhit-action\u003C\u002Fcode>. The payload includes the current page URL, referrer, your Trackboxx site ID and any WooCommerce events (product names, values, coupons, etc.). IP addresses are anonymised before being transmitted. This endpoint is contacted on each page view and whenever tracked WooCommerce events occur.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fterms-and-conditions\u002F\" rel=\"nofollow ugc\">Trackboxx Terms of Use\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Ftrackboxx.com\u002Fen\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Trackboxx Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n","A simple, GDPR compliant Google Analytics alternative.",70,643,"2026-02-03T11:59:00.000Z","4.8","8.0",[19,68,21,22,23],"","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrackboxx-analytics.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":61,"num_ratings":98,"last_updated":99,"tested_up_to":64,"requires_at_least":100,"requires_php":84,"tags":101,"homepage":104,"download_link":105,"security_score":106,"vuln_count":13,"unpatched_count":28,"last_vuln_date":107,"fetched_at":30},"burst-statistics","Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)","3.2.3","Burst Statistics B.V.","https:\u002F\u002Fprofiles.wordpress.org\u002Fburstbv\u002F","\u003Ch4>Finally, analytics that you’ll actually use.\u003C\u002Fh4>\n\u003Cp>Google Analytics is overkill. Other WordPress statistics plugins are cluttered and confusing. You just want to know what’s happening on your site – without a data science degree.\u003C\u002Fp>\n\u003Cp>Burst Statistics gives you a clean, intuitive analytics dashboard focused on the metrics that actually matter. \u003Cstrong>No external accounts. No complex setup. Install, activate, and understand your traffic in seconds.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Trusted by \u003Cstrong>200,000+ WordPress sites\u003C\u002Fstrong>. Built by the experienced team behind UpdraftPlus, WP-Optimize, and All-In-One Security.\u003C\u002Fp>\n\u003Ch4>What our users are saying\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Finally, an analytics plugin I can actually explain to clients.”\u003Cbr \u002F>\n  — @anguskeystone on wordpress.org\u003C\u002Fp>\n\u003Cp>“I tried WP Statistics and Independent Analytics, but they’re overloaded and confusing. Burst’s UI is intuitive and focused on what matters to me.”\u003Cbr \u002F>\n  — @vallered on wordpress.org\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Why Burst Statistics?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Designed to be actionable\u003C\u002Fstrong>\u003Cbr \u002F>\nOther analytics plugins throw everything at you. Burst shows what matters — visitors, pageviews, referrers, top pages — in a dashboard you’ll actually use. No overload of data. No confusing menus.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy-first by design\u003C\u002Fstrong>\u003Cbr \u002F>\nAll statistics stay on your server. No external tracking. Your data is yours – we never see it without your explicit permission.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Zero setup friction\u003C\u002Fstrong>\u003Cbr \u002F>\nInstall, activate, done. No Google accounts, no tracking codes, no configuration headaches. Start seeing live visitors immediately.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Built for WordPress\u003C\u002Fstrong>\u003Cbr \u002F>\nNot a port from another platform. Designed specifically for WordPress with native performance and seamless integration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fast and lightweight\u003C\u002Fstrong>\u003Cbr \u002F>\nOptimized database queries, no bloated scripts (\u003C4kb tracking script), no external dependencies slowing down your pages. Designed to track accurately even when using aggressive server-side caching.\u003C\u002Fp>\n\u003Cp>\u003Ch4>Features\u003C\u002Fh4>\n\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Understand your traffic\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View table of top performing pages and posts\u003C\u002Fli>\n\u003Cli>Track key metrics (Visitors, Sessions, Pageviews, Bounce Rate)\u003C\u002Fli>\n\u003Cli>Breakdown of visitors by device (Desktop, Tablet, Mobile)\u003C\u002Fli>\n\u003Cli>Filter data by custom date ranges\u003C\u002Fli>\n\u003Cli>Compare traffic over time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Real-time analytics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Identify the real-time source for live visitors\u003C\u002Fli>\n\u003Cli>View the specific pages users are visiting now\u003C\u002Fli>\n\u003Cli>See a live count of active users on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>See what content performs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Top pages and posts ranked by views\u003C\u002Fli>\n\u003Cli>Compare any date range\u003C\u002Fli>\n\u003Cli>Track individual page performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom conversion tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Track views, clicks and hooks\u003C\u002Fli>\n\u003Cli>Track WooCommerce sales\u003C\u002Fli>\n\u003Cli>Track custom events or hooks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy without compromise\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>100% self-hosted — all statistics stored locally in your WordPress database\u003C\u002Fli>\n\u003Cli>Cookieless tracking option (no consent banner required in some countries)\u003C\u002Fli>\n\u003Cli>Designed to support GDPR, CCPA, DSGVO, AVG, RGPD, and PECR compliance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Stay informed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Weekly or monthly email reports delivered to your inbox\u003C\u002Fli>\n\u003Cli>Compare periods to spot trends\u003C\u002Fli>\n\u003Cli>Get notified when tracking does not work\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>From the creators of UpdraftPlus, WP Optimize and All In One Security\u003C\u002Fh4>\n\u003Cp>Burst Statistics was created by experienced developers who also created:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupdraftplus\u002F\" rel=\"ugc\">UpdraftPlus: WP Backup & Migration Plugin\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F\" rel=\"ugc\">All-In-One Security (AIOS) – Security and Firewall\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-optimize\u002F\" rel=\"ugc\">WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Who is Burst for?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bloggers & content creators\u003C\u002Fstrong> — See which posts resonate with your audience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Small business owners\u003C\u002Fstrong> — Understand your traffic without complexity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> — Track visitor behavior and sales (Burst Pro – Business plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & freelancers\u003C\u002Fstrong> — Manage analytics for your clients (Burst Pro – Agency plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-conscious site owners\u003C\u002Fstrong> — GDPR-compliant stats without consent banners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone tired of Google Analytics\u003C\u002Fstrong> — Get clarity instead of confusion\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Unlock comprehensive insights into your website’s user behaviour with Burst Pro. Benefit from advanced features designed to improve performance, boost engagement, and drive conversions. \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Get Burst Pro now.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Free vs Pro\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Burst Statistics (Free)\u003C\u002Fstrong> includes everything you need to understand your website traffic: visitors, pageviews, referrers, top content, device stats, goal tracking, email reports, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Burst Pro\u003C\u002Fstrong> adds advanced features for businesses and professionals:\u003C\u002Fp>\n\u003Cp>CREATOR PLAN\u003Cbr \u002F>\n* UTM campaign tracking — See which marketing efforts drive results\u003Cbr \u002F>\n* Geographic data — Country and city-level visitor insights\u003Cbr \u002F>\n* Advanced filtering — Segment data by any dimension\u003Cbr \u002F>\n* Data archiving settings — Keep your database lean automatically\u003Cbr \u002F>\n* Priority support — Direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Cp>BUSINESS PLAN\u003Cbr \u002F>\n* Everything in the creator plan +\u003Cbr \u002F>\n* Full sales dashboard — Understand what content brings in the most revenue\u003Cbr \u002F>\n* Revenue attribution — Connect WooCommerce sales to traffic sources\u003C\u002Fp>\n\u003Cp>AGENCY PLAN\u003Cbr \u002F>\n* Everything in the business plan +\u003Cbr \u002F>\n* Reporting — Generate shareable reports\u003C\u002Fp>\n\u003Cp>All Burst Pro plans include \u003Cstrong>priority support\u003C\u002Fstrong>.  You’ll have direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Ch4>Learn More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fburst-statistics-vs-google-analytics\u002F\" rel=\"nofollow ugc\">Burst Statistics vs Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fwhy-is-burst-privacy-friendly\u002F\" rel=\"nofollow ugc\">Privacy & GDPR Compliance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Burst Pro Pricing\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy and Data Sharing\u003C\u002Fh4>\n\u003Cp>Burst Statistics includes an \u003Cstrong>optional\u003C\u002Fstrong> data sharing program. It is disabled by default. You can enable it under Burst Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Data Sharing, and you can turn it off again at any time from the same location.\u003Cbr \u002F>\nWhen enabled, the plugin sends a small set of aggregated, anonymized metrics to Burst Statistics’ servers once per month. This includes traffic statistics (visitors, pageviews, bounce rate, session duration), database row counts and query performance timings. No personal data, IP addresses, domain names, or visitor information is ever transmitted. All data is aggregated on your server before it leaves, making it impossible to trace back to your website or any individual user.\u003C\u002Fp>\n\u003Cp>We use this data to:\u003Cbr \u002F>\n* build anonymous industry benchmarks so you can compare your site’s performance against peers;\u003Cbr \u002F>\n* understand which features are most used, so we can prioritize development effectively;\u003Cbr \u002F>\n* know which WordPress and PHP versions are in active use, so we can make informed support decisions;\u003Cbr \u002F>\n* identify slow database queries across real-world installs, so we can improve plugin performance for everyone.\u003C\u002Fp>\n\u003Cp>For the complete list of data fields collected and full details on how the data is used, please read our \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fhow-we-handle-anonymous-usage-data\u002F\" rel=\"nofollow ugc\">Data Sharing Policy\u003C\u002Fa>.\u003Cbr \u002F>\nThis feature connects to: https:\u002F\u002Fapi.burst-statistics.com\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003C\u002Fstrong> in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Search for \u003Cstrong>Burst\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Install Now\u003C\u002Fstrong>, then \u003Cstrong>Activate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Visit \u003Cstrong>Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Dashboard\u003C\u002Fstrong> to see your analytics\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>That’s it. No external accounts. No tracking codes to paste. Burst starts collecting statistics immediately.\u003C\u002Fp>\n","Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.",200000,7013207,173,"2026-03-12T07:52:00.000Z","6.4",[19,102,21,103,22],"gdpr","statistics","https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Fburst-statistics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fburst-statistics.3.2.3.zip",96,"2025-06-27 00:00:00",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":106,"num_ratings":118,"last_updated":119,"tested_up_to":64,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":124,"download_link":125,"security_score":12,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"statify","Statify","1.8.5","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Statify provides a straightforward and compact access to the number of site views. It is privacy-friendly as it uses neither cookies nor a third party.\u003C\u002Fp>\n\u003Cp>An interactive chart is followed by lists of the most common reference sources and target pages. The period of statistics and length of lists can be set directly in the dashboard widget.\u003C\u002Fp>\n\u003Ch3>Data Privacy\u003C\u002Fh3>\n\u003Cp>In direct comparison to statistics services such as \u003Cem>Google Analytics\u003C\u002Fem>, \u003Cem>WordPress.com Stats\u003C\u002Fem> and \u003Cem>Matomo (Piwik)\u003C\u002Fem> \u003Cem>Statify\u003C\u002Fem> doesn’t process and store personal data as e.g. IP addresses – \u003Cem>Statify\u003C\u002Fem> counts site views, not visitors.\u003C\u002Fp>\n\u003Cp>Absolute privacy compliance coupled with transparent procedures: A locally in WordPress created database table consists of only four fields (ID, date, source, target) and can be viewed at any time, cleaned up and cleared by the administrator.\u003C\u002Fp>\n\u003Cp>Due to this tracking approach, Statify is 100% compliant with GDPR and serves as an lightweight alternative to other tracking services.\u003C\u002Fp>\n\u003Ch3>Display of the widget\u003C\u002Fh3>\n\u003Cp>The plugin configuration can be changed directly in the \u003Cem>Statify\u003C\u002Fem> Widget on the dashboard by clicking the \u003Cem>Configure\u003C\u002Fem> link.\u003C\u002Fp>\n\u003Cp>The amount of links shown in the \u003Cem>Statify\u003C\u002Fem> Widget can be set as well as the option to only count views from today. Of course, older entries are not deleted when changing this setting.\u003C\u002Fp>\n\u003Cp>The statistics for the dashboard widget are cached for four minutes.\u003C\u002Fp>\n\u003Ch3>Period of data saving\u003C\u002Fh3>\n\u003Cp>\u003Cem>Statify\u003C\u002Fem> stores the data only for a limited period (default: two weeks), longer intervals can be selected as option in the widget. Data which is older than the selected period is deleted by a daily cron job.\u003C\u002Fp>\n\u003Cp>An increase in the database volume can be expected because all statistic values are collected and managed in the local WordPress database (especially if you increase the period of data saving).\u003C\u002Fp>\n\u003Ch3>JavaScript tracking for caching compatibility\u003C\u002Fh3>\n\u003Cp>For compatibility with caching plugins like \u003Ca href=\"http:\u002F\u002Fcachify.de\" rel=\"nofollow ugc\">Cachify\u003C\u002Fa> \u003Cem>Statify\u003C\u002Fem> offers an optional switchable tracking via JavaScript. This function allows reliable count of cached blog pages.\u003C\u002Fp>\n\u003Cp>For this to work correctly, the active theme has to call \u003Ccode>wp_footer()\u003C\u002Fcode>, typically in a file named \u003Ccode>footer.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch3>Skip tracking for spam referrers\u003C\u002Fh3>\n\u003Cp>The comment blacklist can be enabled to skip tracking for views with a referrer URL listed in comment blacklist, i. e. which considered as spam.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you’ve problems or think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstatify\" rel=\"ugc\">support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fstatify\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fstatify\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.",100000,2377836,50,"2025-12-21T16:02:00.000Z","4.7","5.2",[19,123,21,103,22],"pageviews","https:\u002F\u002Fstatify.pluginkollektiv.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstatify.1.8.5.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":134,"downloaded":135,"rating":12,"num_ratings":136,"last_updated":137,"tested_up_to":64,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":141,"download_link":142,"security_score":106,"vuln_count":143,"unpatched_count":28,"last_vuln_date":144,"fetched_at":30},"koko-analytics","Koko Analytics – Privacy Friendly Statistics for WordPress","2.2.4","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Cp>Koko Analytics provides website analytics and visitor statistics directly inside your WordPress dashboard without relying on external services. It is privacy-friendly, lightweight, open source, and easy to use.\u003C\u002Fp>\n\u003Cp>Fully GDPR, CCPA and PECR compliant by design: no personal data is processed or stored, everything runs on your own server and can be used without cookies.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fkoko-analytics-dashboard\u002F\" rel=\"nofollow ugc\">view a live demo here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Why Koko Analytics\u003C\u002Fh3>\n\u003Cp>Our goal is to provide you with a simple, lightweight and privacy-friendly alternative to Google Analytics for your WordPress statistics.\u003C\u002Fp>\n\u003Ch4>Privacy Friendly Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fprivacy-focused-wordpress-analytics\u002F\" rel=\"nofollow ugc\">privacy friendly analytics\u003C\u002Fa>. No personal data is processed or stored, all measurements are carried out completely anonymously and nothing is ever shared with any third-party service.\u003C\u002Fp>\n\u003Ch4>Lightweight Statistics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Flightweight-wordpress-analytics\u002F\" rel=\"nofollow ugc\">lightweight analytics\u003C\u002Fa>. It adds less than 1 kilobyte of data to your HTML and is fully compatible with pages served from any kind of cache. WordPress is bypassed entirely for its collection endpoint, making the impact on your site’s performance as close to zero as possible. Fact: there is no faster statistics plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>Simple Analytics Dashboard\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fsimple-wordpress-analytics\u002F\" rel=\"nofollow ugc\">simple analytics\u003C\u002Fa>. There are no complicated reports to dig through. A single dashboard page shows you all the important metrics.\u003C\u002Fp>\n\u003Ch4>Open Source Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fopen-source-wordpress-analytics\u002F\" rel=\"nofollow ugc\">open source analytics\u003C\u002Fa>. The source code is released under the GPL license and freely \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fibericode\u002Fkoko-analytics\" rel=\"nofollow ugc\">available on GitHub\u003C\u002Fa>. Anyone can read it, inspect it and review it.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A beautiful analytics dashboard built right into WordPress admin.\u003C\u002Fli>\n\u003Cli>View statistics for your most popular posts and pages.\u003C\u002Fli>\n\u003Cli>See referral statistics showing which sites send you traffic.\u003C\u002Fli>\n\u003Cli>Path-based tracking to see analytics for any URL, including archives and search pages.\u003C\u002Fli>\n\u003Cli>Reliably detect returning visitors without the use of cookies.\u003C\u002Fli>\n\u003Cli>Exclude visits from certain WordPress user roles or IP addresses.\u003C\u002Fli>\n\u003Cli>Import historical statistics from Jetpack Stats, Plausible or Burst Statistics.\u003C\u002Fli>\n\u003Cli>Periodically clean-up historical data older than a specified number of months or years.\u003C\u002Fli>\n\u003Cli>A widget, Gutenberg block or shortcode to show a list of your most visited posts or pages.\u003C\u002Fli>\n\u003Cli>A shortcode or Gutenberg block to show the total number of pageviews to a given page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>See what countries your site is visited from with geo-location statistics.\u003C\u002Fli>\n\u003Cli>See what browsers, operating systems or devices your visitors are using.\u003C\u002Fli>\n\u003Cli>Custom event analytics to track outbound link clicks, contact form submissions, and more.\u003C\u002Fli>\n\u003Cli>Stay up-to-date with periodic analytics reports delivered to your email inbox.\u003C\u002Fli>\n\u003Cli>Be notified immediately whenever your site experiences an unusual traffic spike.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You will have access to all of these benefits and more for a small yearly fee.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">View pricing for Koko Analytics Pro here \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n","Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.",60000,2043562,222,"2026-03-12T15:04:00.000Z","6.0","7.4",[19,68,21,103,22],"https:\u002F\u002Fwww.kokoanalytics.com\u002F#utm_source=wp-plugin&utm_medium=koko-analytics&utm_campaign=plugins-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkoko-analytics.2.2.4.zip",2,"2026-01-20 00:00:00",{"attackSurface":146,"codeSignals":304,"taintFlows":316,"riskAssessment":343,"analyzedAt":354},{"hooks":147,"ajaxHandlers":297,"restRoutes":298,"shortcodes":299,"cronEvents":300,"entryPointCount":28,"unprotectedCount":28},[148,154,159,164,168,172,176,180,184,188,192,196,200,204,208,212,216,220,224,228,232,235,237,240,242,246,249,252,256,260,264,267,270,272,274,279,283,286,288,291,293],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","woocommerce_init","init_cart_abandonment_tracking","includes\\class-usermaven-woocommerce.php",23,{"type":149,"name":155,"callback":156,"priority":157,"file":152,"line":158},"shutdown","check_cart_abandonment",20,26,{"type":149,"name":160,"callback":161,"priority":162,"file":152,"line":163},"woocommerce_login_credentials","identify_wc_user",10,34,{"type":149,"name":165,"callback":166,"file":152,"line":167},"template_redirect","track_product_view",37,{"type":149,"name":169,"callback":170,"priority":162,"file":152,"line":171},"woocommerce_add_to_cart","track_add_to_cart",40,{"type":149,"name":173,"callback":174,"priority":162,"file":152,"line":175},"woocommerce_cart_item_removed","track_remove_from_cart",41,{"type":149,"name":177,"callback":178,"priority":162,"file":152,"line":179},"woocommerce_after_cart_item_quantity_update","track_cart_update",42,{"type":149,"name":181,"callback":182,"file":152,"line":183},"wp","maybe_track_checkout_init",46,{"type":149,"name":185,"callback":186,"priority":162,"file":152,"line":187},"woocommerce_new_order","track_order_submission",48,{"type":149,"name":189,"callback":190,"priority":162,"file":152,"line":191},"woocommerce_order_status_changed","track_order_status_changed",52,{"type":149,"name":193,"callback":194,"priority":162,"file":152,"line":195},"woocommerce_order_status_completed","track_order_completed",53,{"type":149,"name":197,"callback":198,"priority":162,"file":152,"line":199},"woocommerce_order_status_failed","track_order_failed",54,{"type":149,"name":201,"callback":202,"priority":162,"file":152,"line":203},"woocommerce_order_status_processing","track_order_processing",55,{"type":149,"name":205,"callback":206,"priority":162,"file":152,"line":207},"woocommerce_order_status_on-hold","track_order_on_hold",56,{"type":149,"name":209,"callback":210,"priority":162,"file":152,"line":211},"woocommerce_order_status_pending","track_order_pending",57,{"type":149,"name":213,"callback":214,"priority":162,"file":152,"line":215},"woocommerce_order_status_cancelled","track_order_cancelled",58,{"type":149,"name":217,"callback":218,"priority":162,"file":152,"line":219},"woocommerce_order_status_refunded","track_order_refunded",59,{"type":149,"name":221,"callback":222,"priority":162,"file":152,"line":223},"woocommerce_order_status_draft","track_order_draft",60,{"type":149,"name":225,"callback":226,"priority":162,"file":152,"line":227},"woocommerce_created_customer","track_customer_created",63,{"type":149,"name":229,"callback":230,"file":152,"line":231},"woocommerce_cart_updated","reset_checkout_tracking",66,{"type":149,"name":233,"callback":230,"file":152,"line":234},"woocommerce_cart_emptied",67,{"type":149,"name":177,"callback":230,"file":152,"line":236},68,{"type":149,"name":193,"callback":238,"file":152,"line":239},"reset_initiate_checkout_tracking",71,{"type":149,"name":197,"callback":238,"file":152,"line":241},72,{"type":149,"name":243,"callback":244,"priority":162,"file":152,"line":245},"woocommerce_thankyou","track_order_thankyou",75,{"type":149,"name":150,"callback":247,"file":152,"line":248},"closure",78,{"type":149,"name":250,"callback":247,"file":152,"line":251},"woocommerce_checkout_order_processed",83,{"type":149,"name":253,"callback":254,"priority":162,"file":152,"line":255},"yith_wcwl_added_to_wishlist","track_add_to_wishlist",93,{"type":149,"name":257,"callback":258,"priority":162,"file":152,"line":259},"yith_wcwl_removed_from_wishlist","track_remove_from_wishlist",94,{"type":149,"name":261,"callback":262,"priority":162,"file":152,"line":263},"yith_wcwl_moved_to_another_wishlist","track_move_to_another_wishlist",95,{"type":149,"name":265,"callback":247,"file":152,"line":266},"woocommerce_before_checkout_form",1750,{"type":149,"name":169,"callback":268,"file":152,"line":269},"update_last_activity",1758,{"type":149,"name":173,"callback":268,"file":152,"line":271},1759,{"type":149,"name":177,"callback":268,"file":152,"line":273},1760,{"type":149,"name":275,"callback":276,"priority":118,"file":277,"line":278},"wp_footer","usermaven_events_tracking_print_js_snippet","includes\\class-usermaven.php",92,{"type":149,"name":280,"callback":281,"file":277,"line":282},"plugins_loaded","anonymous",153,{"type":149,"name":284,"callback":281,"file":277,"line":285},"admin_enqueue_scripts",168,{"type":149,"name":284,"callback":281,"file":277,"line":287},169,{"type":149,"name":289,"callback":281,"file":277,"line":290},"wp_enqueue_scripts",184,{"type":149,"name":289,"callback":281,"file":277,"line":292},185,{"type":149,"name":294,"callback":295,"file":296,"line":239},"admin_menu","add_usermaven_settings_menu","usermaven.php",[],[],[],[301],{"hook":302,"callback":302,"file":152,"line":303},"usermaven_check_cart_abandonment",1621,{"dangerousFunctions":305,"sqlUsage":306,"outputEscaping":308,"fileOperations":28,"externalRequests":143,"nonceChecks":27,"capabilityChecks":28,"bundledLibraries":315},[],{"prepared":28,"raw":28,"locations":307},[],{"escaped":309,"rawEcho":27,"locations":310},38,[311],{"file":312,"line":313,"context":314},"includes\\usermaven-settings-form.php",105,"raw output",[],[317,335],{"entryPoint":318,"graph":319,"unsanitizedCount":28,"severity":334},"usermaven_activation_form (includes\\usermaven-settings-form.php:6)",{"nodes":320,"edges":331},[321,326],{"id":322,"type":323,"label":324,"file":312,"line":325},"n0","source","$_POST (x10)",16,{"id":327,"type":328,"label":329,"file":312,"line":231,"wp_function":330},"n1","sink","update_option() [Settings Manipulation]","update_option",[332],{"from":322,"to":327,"sanitized":333},true,"low",{"entryPoint":336,"graph":337,"unsanitizedCount":28,"severity":334},"\u003Cusermaven-settings-form> (includes\\usermaven-settings-form.php:0)",{"nodes":338,"edges":341},[339,340],{"id":322,"type":323,"label":324,"file":312,"line":325},{"id":327,"type":328,"label":329,"file":312,"line":231,"wp_function":330},[342],{"from":322,"to":327,"sanitized":333},{"summary":344,"deductions":345},"The Usermaven v1.2.7 plugin exhibits a generally positive security posture with strong adherence to several best practices. The static analysis reveals a very limited attack surface with no unprotected AJAX handlers, REST API routes, or shortcodes. The plugin also demonstrates excellent SQL query handling, with 100% of queries using prepared statements, and a high rate of output escaping (97%).  The absence of dangerous functions, file operations, and critical\u002Fhigh severity taint flows further indicates a commitment to secure coding.  However, there are areas for improvement. The presence of 2 external HTTP requests warrants careful scrutiny to ensure they are not exploitable. More significantly, the plugin has a history of known vulnerabilities, including one CVE recorded. While currently unpatched CVEs are zero, the fact that a medium severity vulnerability has been recorded in the past, particularly of the Cross-Site Request Forgery (CSRF) type, suggests that past security oversights have occurred. This history, combined with a complete absence of capability checks, leaves room for concern regarding privilege escalation or unauthorized actions if other security mechanisms were to fail.",[346,349,352],{"reason":347,"points":348},"Medium severity vulnerability in history",7,{"reason":350,"points":351},"2 external HTTP requests",4,{"reason":353,"points":162},"0 capability checks found","2026-03-16T19:07:59.572Z",{"wat":356,"direct":366},{"assetPaths":357,"generatorPatterns":360,"scriptPaths":361,"versionParams":363},[358,359],"\u002Fwp-content\u002Fplugins\u002Fusermaven\u002Fadmin\u002Fcss\u002Fusermaven-admin.css","\u002Fwp-content\u002Fplugins\u002Fusermaven\u002Fadmin\u002Fjs\u002Fusermaven-admin.js",[],[362],"\u002Fwp-content\u002Fplugins\u002Fusermaven\u002Fpublic\u002Fjs\u002Fusermaven-public.js",[364,365],"usermaven-admin.css?ver=","usermaven-admin.js?ver=",{"cssClasses":367,"htmlComments":369,"htmlAttributes":370,"restEndpoints":372,"jsGlobals":373,"shortcodeOutput":375},[368],"usermaven-notice-warning",[],[371],"data-um-event",[],[374],"usermaven_public",[]]