[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBgW3Hpy35kZyrInscR4zya9NNFiYGej5qzITrE-oZV4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":43,"crawl_stats":34,"alternatives":49,"analysis":157,"fingerprints":497},"ux-sniff","UXsniff AI-powered Heatmaps and Session Recordings","1.3.3","Pei Yong Goh","https:\u002F\u002Fprofiles.wordpress.org\u002Fuxsniff\u002F","\u003Cp>A simple WordPress heatmap plugin to monitoring your user’s behaviour, detect and report abnormal user activities. This plugin allows you to install UXsniff tracking code to your wordpress without editing your theme.\u003C\u002Fp>\n\u003Cp>The plugin also shows basic statistic about your website. Some basic features such as Heatmaps, Clickmaps, Session Recordings and Rage alerts are available within the plugin. Login to UXsniff for advanced features such as Time-Travel A\u002FB Testing, User Journey, Feedback Widgets, On-site Surveys, Broken link scanner, Site Audit and advanced reports.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Insert UXsniff tracking code\u003C\u002Fli>\n\u003Cli>Report abnormal user activities\u003C\u002Fli>\n\u003Cli>Heatmaps\u003C\u002Fli>\n\u003Cli>Clickmaps\u003C\u002Fli>\n\u003Cli>Session recordings\u003C\u002Fli>\n\u003Cli>AI insights for session recordings\u003C\u002Fli>\n\u003Cli>Rage alerts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Advanced Features (available on uxsniff.com for free)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Time-Travel A\u002FB Testing (compare against past snapshots—no split traffic, no code.)\u003C\u002Fli>\n\u003Cli>Real-time monitoring\u003C\u002Fli>\n\u003Cli>Wayback machine for heatmaps (time travel to old designs)\u003C\u002Fli>\n\u003Cli>Feedback widgets\u003C\u002Fli>\n\u003Cli>On-site surveys\u003C\u002Fli>\n\u003Cli>LinkGuard – broken links scanner\u003C\u002Fli>\n\u003Cli>Site audit – scan your site for UX and SEO issues\u003C\u002Fli>\n\u003C\u002Ful>\n","Short Description: AI-powered Heatmaps, Session Recordings & A\u002FB Testing",100,7345,2,"2026-03-10T14:00:00.000Z","6.8.5","3.0.1","5.2.4",[19,20,21],"a-b-testing","heatmaps","session-recordings","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fux-sniff.1.3.3.zip",78,1,"2025-04-10 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34},"CVE-2025-32532","uxsniff-reflected-cross-site-scripting","UXsniff \u003C= 1.2.8 - Reflected Cross-Site Scripting","The UXsniff plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.2.8","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-18 13:39:46",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd53c16c6-9a67-4bfa-a993-4b391d24be23?source=api-prod",{"slug":44,"display_name":7,"profile_url":8,"plugin_count":13,"total_installs":11,"avg_security_score":45,"avg_patch_time_days":46,"trust_score":47,"computed_at":48},"uxsniff",89,30,86,"2026-04-05T15:11:30.254Z",[50,71,92,114,134],{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":47,"num_ratings":60,"last_updated":61,"tested_up_to":62,"requires_at_least":63,"requires_php":22,"tags":64,"homepage":68,"download_link":69,"security_score":11,"vuln_count":70,"unpatched_count":70,"last_vuln_date":34,"fetched_at":27},"lucky-orange","Lucky Orange","2.1.1","luckyorange","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrickeys\u002F","\u003Cp>Less time crunching numbers, more time growing your business.\u003C\u002Fp>\n\u003Ch3>Understand your visitors. Improve your website. Increase your sales.\u003C\u002Fh3>\n\u003Cp>If your WordPress site is getting traffic but not conversions, Lucky Orange shows you why. With one-click install and a free plan to get started, you can uncover where visitors struggle, what’s stopping them from buying, and how to turn browsers into customers.\u003Cbr \u002F>\nFrom session recordings to heatmaps, live chat to Page Insights, Lucky Orange helps you optimize every part of your customer journey with clear, visual data.\u003C\u002Fp>\n\u003Ch3>Dynamic Heatmaps\u003C\u002Fh3>\n\u003Cp>Discover where people click, scroll, and hover—including dynamic content like popups, dropdowns, and forms. Works seamlessly with SPAs and AJAX-loaded pages.\u003C\u002Fp>\n\u003Ch3>Session Recordings\u003C\u002Fh3>\n\u003Cp>Replay real visitor sessions to see how people navigate your site, where they abandon, and what’s preventing conversions.\u003C\u002Fp>\n\u003Ch3>Conversion Funnels\u003C\u002Fh3>\n\u003Cp>Visualize each step of your funnel to find out which pages drive success—and where people are dropping off.\u003C\u002Fp>\n\u003Ch3>Visitor Profiles\u003C\u002Fh3>\n\u003Cp>See each visitor’s journey in a single view, including traffic source, cart value, and all sessions tied to that individual.\u003C\u002Fp>\n\u003Ch3>Live Chat\u003C\u002Fh3>\n\u003Cp>Engage visitors in real time based on behavior triggers. Answer questions and recover abandoned conversions before they’re lost.\u003C\u002Fp>\n\u003Ch3>Live View\u003C\u002Fh3>\n\u003Cp>See what your visitors are doing right now on your site—every movement, scroll, and click in real time.\u003C\u002Fp>\n\u003Ch3>Page Insights\u003C\u002Fh3>\n\u003Cp>Instantly surface key performance stats: top-clicked elements, frustration signals, engagement trends, and activity snapshots—all tied to specific pages.\u003C\u002Fp>\n\u003Ch3>Surveys\u003C\u002Fh3>\n\u003Cp>Ask the right questions at the right time—like what visitors are looking for, what’s missing, or why they didn’t convert.\u003C\u002Fp>\n\u003Ch3>Announcements\u003C\u002Fh3>\n\u003Cp>Target visitors with personalized messages, discount offers, or key updates based on device, behavior, or source.\u003C\u002Fp>\n\u003Ch3>Discovery\u003C\u002Fh3>\n\u003Cp>Uncover Optimization Opportunities based on specific parts of the customer journey. Know where to focus, and what changes can move the needle.\u003C\u002Fp>\n","Less time crunching numbers, more time growing your business.",2000,70312,24,"2025-04-14T15:38:00.000Z","6.8.0","2.0.3",[65,66,20,21,67],"analytics","conversion-rate-optimization","surveys","https:\u002F\u002Fwww.luckyorange.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flucky-orange.2.2.11.zip",0,{"slug":72,"name":73,"version":74,"author":73,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":22,"tags":85,"homepage":22,"download_link":89,"security_score":90,"vuln_count":25,"unpatched_count":70,"last_vuln_date":91,"fetched_at":27},"hotjar","Hotjar","1.0.16","https:\u002F\u002Fprofiles.wordpress.org\u002Fhotjar\u002F","\u003Cp>Hotjar helps you to connect the dots between what your users do and why—so you can confidently create and optimize user experiences that convert. See what your users see, ask how they feel, and connect 1:1, all from one powerful and intuitive platform.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hotjar Observe:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Visualize user behavior\u003C\u002Fstrong> – Heatmaps visually represent where users click, move, and scroll on your site. With this context, you’ll be inspired with simple ways to improve your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Put yourself in their shoes\u003C\u002Fstrong> – Watch recordings of real user behavior on your site. See visitors’ clicks, mouse movements, u-turns, and rage clicks. Learn what frustrates users and resolve issues early.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Measure conversions and learn why users drop off\u003C\u002Fstrong> – Visualize your conversion flows with Funnels, and understand where your users are getting stuck by zooming into relevant recordings.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Explore and understand your metrics\u003C\u002Fstrong> – Trends connects the dots between numbers and user behavior insights so you can visualize your most important metrics and find the recordings and heatmaps of the underlying user behavior with a single click.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hotjar Ask:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hear from your users\u003C\u002Fstrong> –  Surveys bring voice-of-customer to your decision-making. Gathering evidence for a landing page or feature? Use a targeted Survey to validate your ideas and better understand your users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Get feedback with context\u003C\u002Fstrong> – A real-time suggestion box on your site, Feedback lets users express frustration or delight about individual parts of your site, right down to the page, form, or image they’re looking at.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hotjar Engage:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Connect with users\u003C\u002Fstrong> – Automate the recruitment, scheduling, and hosting of moderated user interviews, and focus on what matters the most—connecting with users.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Hotjar Platform:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Stay on top of your user metrics\u003C\u002Fstrong> – Use your Dashboard to get a high-level view of user data and spot issues before they become serious, identify trends, and find deeper insights.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrate Hotjar with the tools you love\u003C\u002Fstrong> – Connect Hotjar with thousands of popular apps, so you can automate your work and have more time for what matters most—no code required.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin provides a simple installation of Hotjar on your WordPress site. \u003Ca href=\"https:\u002F\u002Finsights.hotjar.com\u002Fregister?utm_source=wordpress&utm_medium=plugin\" rel=\"nofollow ugc\">Sign-up for your free trial today\u003C\u002Fa>!\u003C\u002Fp>\n","The fast & visual way to understand your users.",80000,1084428,58,18,"2023-10-25T07:52:00.000Z","6.0.11","4.6",[20,72,86,87,88],"insights","recordings","visual","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhotjar.1.0.16.zip",85,"2023-10-05 00:00:00",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":112,"download_link":113,"security_score":11,"vuln_count":70,"unpatched_count":70,"last_vuln_date":34,"fetched_at":27},"unbounce","Unbounce Landing Pages","1.1.4","Unbounce","https:\u002F\u002Fprofiles.wordpress.org\u002Funbouncewordpress\u002F","\u003Cp>With Unbounce’s landing page plugin for WordPress, marketers can create fully customized landing pages for\u003Cbr \u002F>\ntheir campaigns and publish them to their existing WordPress sites.\u003C\u002Fp>\n\u003Cp>To publish landing pages on your WordPress website:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Build your landing page in Unbounce, the world’s most powerful landing page builder\u003C\u002Fli>\n\u003Cli>Publish your page to WordPress using this very plugin\u003C\u002Fli>\n\u003Cli>Manage all your WordPress landing pages through the plugin’s interface\u003C\u002Fli>\n\u003Cli>Edit and update all your landing pages from Unbounce’s page builder. They’ll automatically get updated on your WordPress site\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unbounce allows you to customize your landing pages to match your brand perfectly. The WYSIWYG builder allows\u003Cbr \u002F>\nfor quick and easy page editing. With the Unbounce WordPress Landing Page Plugin, you can launch your landing\u003Cbr \u002F>\npage on your own domain without ever talking to I.T. Try it for a month for free!\u003C\u002Fp>\n\u003Cp>More than 10,000 digital marketers use Unbounce. Some of the features they love the most include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Publish pages to your WordPress domain\u003C\u002Fli>\n\u003Cli>A team of Customer Success coaches that are easy to reach when you need help\u003C\u002Fli>\n\u003Cli>80+ free templates (plus more on ThemeForest)\u003C\u002Fli>\n\u003Cli>Complete customizability of the desktop and mobile layouts\u003C\u002Fli>\n\u003Cli>Built in A\u002FB testing features\u003C\u002Fli>\n\u003Cli>Integrations with the tools marketers use – MailChimp, SalesForce, Hubspot & more\u003C\u002Fli>\n\u003Cli>Easy Google Analytics tagging & event tracking\u003C\u002Fli>\n\u003Cli>Plus much more\u003C\u002Fli>\n\u003C\u002Ful>\n","Unbounce is the most powerful standalone landing page builder available.",10000,417130,64,11,"2025-06-02T17:36:00.000Z","6.7.5","4.1.5","8.0",[19,109,110,111,93],"ab-testing","cro","split-testing","http:\u002F\u002Funbounce.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funbounce.1.1.4.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":22,"tags":129,"homepage":132,"download_link":133,"security_score":90,"vuln_count":70,"unpatched_count":70,"last_vuln_date":34,"fetched_at":27},"mouseflow-for-wordpress","Mouseflow for WordPress","5.1.3","mouseflow","https:\u002F\u002Fprofiles.wordpress.org\u002Fmouseflow\u002F","\u003Cp>With Mouseflow for WordPress you can access everything Mouseflow has to offer – directly from your WordPress dashboard! Learn more about your visitors by analyzing heatmaps and recordings of user sessions, including mouse movements, clicks, scroll events and more. The plugin makes it quick and easy to install Mouseflow on your WordPress-site.\u003C\u002Fp>\n","Mouseflow gives you free and easy-to-use conversion and user experience analytics for your website. Analyze conversion funnels, heatmaps and even sess &hellip;",7000,88910,76,6,"2023-09-26T07:43:00.000Z","6.3.8","4.5.0",[65,20,118,130,131],"user-behaviour","ux","https:\u002F\u002Fmouseflow.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmouseflow-for-wordpress.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":142,"downloaded":143,"rating":144,"num_ratings":145,"last_updated":146,"tested_up_to":15,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":153,"download_link":154,"security_score":155,"vuln_count":25,"unpatched_count":70,"last_vuln_date":156,"fetched_at":27},"instapage","Instapage Plugin","3.7.1","instapagedev","https:\u002F\u002Fprofiles.wordpress.org\u002Finstapagedev\u002F","\u003Cp>Join the thousands of users who have downloaded the Instapage plugin for WordPress to seamlessly publish landing pages as a natural extension of your WordPress blog or website. All you have to do is select the ‘Push to WordPress’ publishing option within Instapage when you’re finished with your landing page. (Click the “Installation” tab for detailed upload instructions)\u003C\u002Fp>\n\u003Cp>Instapage is the most powerful landing page platform on the market. Ideal for teams and agencies, Instapage has everything you need to build fully customizable, on-brand landing pages.\u003C\u002Fp>\n\u003Cp>Instapage is the only platform that offers unlimited domains.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>No other landing page builder offers this level of precision with full design freedom\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Every promotion deserves a great page. One that you’re confident is pixel perfect, exquisitely composed, professional and polished, whether it’s in desktop or mobile form. Our fully customizable builder is intuitive and powerful, so it’s easy to create on-brand, conversion-friendly landing pages\u003C\u002Fp>\n\u003Cp>Design without bounds by selecting from over 5,000 fonts and 33,000,000 images to work with. And, our new alignment, distribution and grouping features, ensure your work is perfect in desktop or mobile versions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Over 100+ Landing Page Templates to Get You Started\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save valuable time and money with our integrations\u003C\u002Fstrong>\u003Cbr \u002F>\nIntegrate with the most widely used marketing services, like Salesforce, Zapier, Drupal, Autopilot, MailChimp, Google Analytics, AWeber, GoToWebinar, to name just a few.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highest ranked support in the industry\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Join 250,000+ businesses who rely on Instapage.\u003C\u002Fp>\n","Instapage plugin - the best way for WordPress to seamlessly publish landing pages as a natural extension of your WordPress blog or website.",5000,506353,96,218,"2025-12-03T09:23:00.000Z","3.4","5.4.0",[19,135,150,151,152],"landing-page","lead-generation","squeeze-page","https:\u002F\u002Finstapage.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstapage.3.7.1.zip",99,"2025-09-26 00:00:00",{"attackSurface":158,"codeSignals":189,"taintFlows":354,"riskAssessment":483,"analyzedAt":496},{"hooks":159,"ajaxHandlers":185,"restRoutes":186,"shortcodes":187,"cronEvents":188,"entryPointCount":70,"unprotectedCount":70},[160,166,171,175,178,182],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","wp_enqueue_scripts","uxsniff_output","functions.php",52,{"type":161,"name":167,"callback":168,"file":169,"line":170},"admin_menu","uxsniff_info_menu","uxsniff.php",14,{"type":161,"name":172,"callback":173,"file":169,"line":174},"admin_enqueue_scripts","uxsniff_enqueue_styles_script",16,{"type":161,"name":176,"callback":177,"file":169,"line":81},"wp_footer","uxsniff_frontendFooterScript",{"type":161,"name":179,"callback":180,"file":169,"line":181},"admin_init","update_uxsniff_info",102,{"type":161,"name":162,"callback":183,"priority":11,"file":169,"line":184},"closure",204,[],[],[],[],{"dangerousFunctions":190,"sqlUsage":191,"outputEscaping":193,"fileOperations":70,"externalRequests":25,"nonceChecks":25,"capabilityChecks":70,"bundledLibraries":350},[],{"prepared":70,"raw":70,"locations":192},[],{"escaped":81,"rawEcho":11,"locations":194},[195,199,201,202,203,204,205,207,208,210,211,212,215,217,218,220,221,223,225,226,227,228,229,230,231,233,234,235,236,237,238,241,242,243,245,247,248,251,252,253,255,257,258,259,261,262,264,266,267,269,270,271,273,274,275,277,278,279,281,282,284,285,287,288,290,291,292,293,294,295,296,297,298,299,300,301,302,303,306,308,310,312,314,317,319,320,322,324,326,328,330,332,334,337,339,340,341,344,346,348],{"file":196,"line":197,"context":198},"fsheatmap.php",134,"raw output",{"file":196,"line":200,"context":198},256,{"file":196,"line":200,"context":198},{"file":196,"line":200,"context":198},{"file":196,"line":200,"context":198},{"file":196,"line":200,"context":198},{"file":196,"line":206,"context":198},438,{"file":196,"line":206,"context":198},{"file":196,"line":209,"context":198},451,{"file":196,"line":209,"context":198},{"file":196,"line":209,"context":198},{"file":213,"line":214,"context":198},"heatmap.php",196,{"file":213,"line":216,"context":198},264,{"file":213,"line":216,"context":198},{"file":213,"line":219,"context":198},267,{"file":213,"line":219,"context":198},{"file":213,"line":222,"context":198},281,{"file":213,"line":224,"context":198},304,{"file":213,"line":224,"context":198},{"file":213,"line":224,"context":198},{"file":213,"line":224,"context":198},{"file":213,"line":224,"context":198},{"file":213,"line":224,"context":198},{"file":213,"line":224,"context":198},{"file":213,"line":232,"context":198},428,{"file":213,"line":232,"context":198},{"file":213,"line":232,"context":198},{"file":213,"line":232,"context":198},{"file":213,"line":232,"context":198},{"file":213,"line":232,"context":198},{"file":239,"line":240,"context":198},"heatmaps.php",167,{"file":239,"line":240,"context":198},{"file":239,"line":240,"context":198},{"file":239,"line":244,"context":198},236,{"file":239,"line":246,"context":198},245,{"file":239,"line":246,"context":198},{"file":249,"line":250,"context":198},"inspect-url.php",133,{"file":249,"line":250,"context":198},{"file":249,"line":250,"context":198},{"file":249,"line":254,"context":198},253,{"file":249,"line":256,"context":198},254,{"file":249,"line":200,"context":198},{"file":249,"line":200,"context":198},{"file":249,"line":260,"context":198},381,{"file":249,"line":260,"context":198},{"file":263,"line":11,"context":198},"inspect.php",{"file":263,"line":265,"context":198},112,{"file":263,"line":265,"context":198},{"file":263,"line":268,"context":198},174,{"file":263,"line":268,"context":198},{"file":263,"line":268,"context":198},{"file":263,"line":272,"context":198},287,{"file":263,"line":272,"context":198},{"file":263,"line":272,"context":198},{"file":263,"line":276,"context":198},289,{"file":263,"line":276,"context":198},{"file":263,"line":276,"context":198},{"file":263,"line":280,"context":198},425,{"file":263,"line":280,"context":198},{"file":283,"line":268,"context":198},"inspector.php",{"file":283,"line":268,"context":198},{"file":283,"line":286,"context":198},257,{"file":283,"line":286,"context":198},{"file":289,"line":11,"context":198},"journey.php",{"file":289,"line":265,"context":198},{"file":289,"line":265,"context":198},{"file":289,"line":268,"context":198},{"file":289,"line":268,"context":198},{"file":289,"line":268,"context":198},{"file":289,"line":272,"context":198},{"file":289,"line":272,"context":198},{"file":289,"line":272,"context":198},{"file":289,"line":276,"context":198},{"file":289,"line":276,"context":198},{"file":289,"line":276,"context":198},{"file":289,"line":280,"context":198},{"file":289,"line":280,"context":198},{"file":304,"line":305,"context":198},"options.php",77,{"file":304,"line":307,"context":198},82,{"file":304,"line":309,"context":198},142,{"file":304,"line":311,"context":198},143,{"file":304,"line":313,"context":198},166,{"file":315,"line":316,"context":198},"rage.php",84,{"file":315,"line":318,"context":198},91,{"file":315,"line":155,"context":198},{"file":315,"line":321,"context":198},145,{"file":315,"line":323,"context":198},149,{"file":315,"line":325,"context":198},158,{"file":315,"line":327,"context":198},163,{"file":315,"line":329,"context":198},178,{"file":315,"line":331,"context":198},184,{"file":315,"line":333,"context":198},398,{"file":335,"line":336,"context":198},"realtime.php",261,{"file":335,"line":338,"context":198},285,{"file":335,"line":338,"context":198},{"file":335,"line":338,"context":198},{"file":342,"line":343,"context":198},"recordings.php",528,{"file":342,"line":345,"context":198},529,{"file":342,"line":347,"context":198},539,{"file":342,"line":349,"context":198},542,[351],{"name":352,"version":34,"knownCves":353},"DataTables",[],[355,425,435,448,458,466,474],{"entryPoint":356,"graph":357,"unsanitizedCount":424,"severity":36},"\u003Coptions> (options.php:0)",{"nodes":358,"edges":412},[359,364,370,374,378,382,384,388,392,396,399,402,404,408,410],{"id":360,"type":361,"label":362,"file":304,"line":363},"n0","source","$_POST (x2)",25,{"id":365,"type":366,"label":367,"file":304,"line":368,"wp_function":369},"n1","sink","update_option() [Settings Manipulation]",43,"update_option",{"id":371,"type":361,"label":372,"file":304,"line":373},"n2","$_POST (x3)",33,{"id":375,"type":366,"label":376,"file":304,"line":307,"wp_function":377},"n3","echo() [XSS]","echo",{"id":379,"type":361,"label":380,"file":304,"line":381},"n4","$_SERVER (x3)",93,{"id":383,"type":366,"label":376,"file":304,"line":309,"wp_function":377},"n5",{"id":385,"type":361,"label":386,"file":304,"line":387},"n6","$_POST",34,{"id":389,"type":390,"label":391,"file":304,"line":387},"n7","transform","→ parse_json_from_url()",{"id":393,"type":366,"label":394,"file":304,"line":125,"wp_function":395},"n8","wp_remote_get() [SSRF]","wp_remote_get",{"id":397,"type":361,"label":386,"file":304,"line":398},"n9",47,{"id":400,"type":390,"label":401,"file":304,"line":398},"n10","→ uxsniff_failure_option_msg()",{"id":403,"type":366,"label":376,"file":164,"line":174,"wp_function":377},"n11",{"id":405,"type":361,"label":406,"file":304,"line":407},"n12","$_SERVER",95,{"id":409,"type":390,"label":391,"file":304,"line":407},"n13",{"id":411,"type":366,"label":394,"file":304,"line":125,"wp_function":395},"n14",[413,415,416,417,419,420,421,422,423],{"from":360,"to":365,"sanitized":414},true,{"from":371,"to":375,"sanitized":414},{"from":379,"to":383,"sanitized":414},{"from":385,"to":389,"sanitized":418},false,{"from":389,"to":393,"sanitized":418},{"from":397,"to":400,"sanitized":418},{"from":400,"to":403,"sanitized":418},{"from":405,"to":409,"sanitized":418},{"from":409,"to":411,"sanitized":418},3,{"entryPoint":426,"graph":427,"unsanitizedCount":103,"severity":434},"\u003Cfsheatmap> (fsheatmap.php:0)",{"nodes":428,"edges":432},[429,431],{"id":360,"type":361,"label":430,"file":196,"line":13},"$_GET (x11)",{"id":365,"type":366,"label":376,"file":196,"line":197,"wp_function":377},[433],{"from":360,"to":365,"sanitized":418},"low",{"entryPoint":436,"graph":437,"unsanitizedCount":103,"severity":434},"\u003Cheatmap> (heatmap.php:0)",{"nodes":438,"edges":445},[439,441,442,444],{"id":360,"type":361,"label":440,"file":213,"line":103},"$_GET (x8)",{"id":365,"type":366,"label":376,"file":213,"line":216,"wp_function":377},{"id":371,"type":361,"label":380,"file":213,"line":443},17,{"id":375,"type":366,"label":376,"file":213,"line":222,"wp_function":377},[446,447],{"from":360,"to":365,"sanitized":418},{"from":371,"to":375,"sanitized":418},{"entryPoint":449,"graph":450,"unsanitizedCount":125,"severity":434},"\u003Cinspect-url> (inspect-url.php:0)",{"nodes":451,"edges":456},[452,455],{"id":360,"type":361,"label":453,"file":249,"line":454},"$_GET (x6)",22,{"id":365,"type":366,"label":376,"file":249,"line":250,"wp_function":377},[457],{"from":360,"to":365,"sanitized":418},{"entryPoint":459,"graph":460,"unsanitizedCount":103,"severity":434},"\u003Cinspect> (inspect.php:0)",{"nodes":461,"edges":464},[462,463],{"id":360,"type":361,"label":430,"file":263,"line":454},{"id":365,"type":366,"label":376,"file":263,"line":265,"wp_function":377},[465],{"from":360,"to":365,"sanitized":418},{"entryPoint":467,"graph":468,"unsanitizedCount":103,"severity":434},"\u003Cjourney> (journey.php:0)",{"nodes":469,"edges":472},[470,471],{"id":360,"type":361,"label":430,"file":289,"line":454},{"id":365,"type":366,"label":376,"file":289,"line":265,"wp_function":377},[473],{"from":360,"to":365,"sanitized":418},{"entryPoint":475,"graph":476,"unsanitizedCount":25,"severity":434},"\u003Crealtime> (realtime.php:0)",{"nodes":477,"edges":481},[478,480],{"id":360,"type":361,"label":479,"file":335,"line":336},"$_SERVER['HTTP_HOST']",{"id":365,"type":366,"label":376,"file":335,"line":336,"wp_function":377},[482],{"from":360,"to":365,"sanitized":418},{"summary":484,"deductions":485},"The 'ux-sniff' plugin v1.3.3 exhibits a mixed security posture.  On the positive side, the static analysis reveals a limited attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are accessible without authentication.  Furthermore, all SQL queries are properly prepared, indicating good database interaction practices.  However, a significant concern arises from the taint analysis, which shows that all analyzed flows have unsanitized paths, although no critical or high severity issues were flagged. The plugin's vulnerability history is also a major red flag, with one currently unpatched medium severity CVE for Cross-Site Scripting, which last occurred on April 10, 2025. This historical pattern, combined with a low percentage of properly escaped output (15%), suggests a recurring weakness in handling user-provided data, making it susceptible to XSS attacks if the unpatched CVE is exploited or if similar vulnerabilities exist and are not yet publicly known.",[486,488,491,494],{"reason":487,"points":443},"Currently unpatched CVE (Medium)",{"reason":489,"points":490},"All analyzed taint flows have unsanitized paths",10,{"reason":492,"points":493},"Low output escaping rate (15%)",5,{"reason":495,"points":424},"Bundled DataTables library","2026-03-16T21:02:13.572Z",{"wat":498,"direct":527},{"assetPaths":499,"generatorPatterns":512,"scriptPaths":513,"versionParams":514},[500,501,502,503,504,505,506,507,508,509,510,511],"\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fcss\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fcss\u002FdataTables.bootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fcss\u002Fresponsive.bootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fcss\u002FfixedHeader.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fcss\u002Fdaterangepicker.css","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fjs\u002Fglobal.min.js","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fjs\u002Fbootstrap.bundle.js","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fjs\u002Fecharts.min.js","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fjs\u002Fjquery.dataTables.min.js","\u002Fwp-content\u002Fplugins\u002Fux-sniff\u002Fassets\u002Fjs\u002FdataTables.responsive.min.js",[],[],[515,516,517,518,519,520,521,522,523,524,525,526],"ux-sniff\u002Fstyle.css?ver=","ux-sniff\u002Fassets\u002Fcss\u002Fmain.css?ver=","ux-sniff\u002Fassets\u002Fcss\u002FdataTables.bootstrap.min.css?ver=","ux-sniff\u002Fassets\u002Fcss\u002Fresponsive.bootstrap.min.css?ver=","ux-sniff\u002Fassets\u002Fcss\u002FfixedHeader.dataTables.min.css?ver=","ux-sniff\u002Fassets\u002Fcss\u002Fdaterangepicker.css?ver=","ux-sniff\u002Fassets\u002Fcss\u002Fbootstrap.min.css?ver=","ux-sniff\u002Fassets\u002Fjs\u002Fglobal.min.js?ver=","ux-sniff\u002Fassets\u002Fjs\u002Fbootstrap.bundle.js?ver=","ux-sniff\u002Fassets\u002Fjs\u002Fecharts.min.js?ver=","ux-sniff\u002Fassets\u002Fjs\u002Fjquery.dataTables.min.js?ver=","ux-sniff\u002Fassets\u002Fjs\u002FdataTables.responsive.min.js?ver=",{"cssClasses":528,"htmlComments":529,"htmlAttributes":530,"restEndpoints":531,"jsGlobals":532,"shortcodeOutput":533},[],[],[],[],[],[]]