[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTT58dzTctMf2rk6KruqFESxgSUZ7Ou525NckBYMYHCc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":130,"fingerprints":269},"wp-light-heatmap","WP Light Heatmap","1.0.0","wplightheatmap","https:\u002F\u002Fprofiles.wordpress.org\u002Fwplightheatmap\u002F","\u003Cp>This plugin allows you to create a heatmap based on mouse clicks and cursor movements. By default, positions of the cursor in the work area (e.g. main page of the blog, any post, categories, tags, etc.) will be saved per some interval in seconds (5 seconds by default) for every user that will visit your homepage.\u003C\u002Fp>\n\u003Cp>Also, you can add click tracking and the position of every mouse click will be saved too. All the saved coordinates will be saved in the database and can be rendered by admins at any time with the “Display Heatmap” button on the main page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Major features of the plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n– Automatically saves the position of the cursor per some time interval for every user\u003Cbr \u002F>\n– Immediately saves click positions on any page\u003Cbr \u002F>\n– Allows to set own position-save interval\u003Cbr \u002F>\n– Saves everything in your own WP database. No 3rd party services involved!\u003C\u002Fp>\n","This plugin allows you to create a heatmap based on mouse clicks and cursor movements.",0,3039,"","5.3.21","3.0.1","5.6",[18,19,20,21,22],"analytics","click-map","clickmap","heat-map","heatmap","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-light-heatmap.1.0.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},1,30,94,"2026-04-05T02:25:45.074Z",[34,54,73,88,109],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":13,"tags":49,"homepage":50,"download_link":51,"security_score":52,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"wp-super-heatmap","WP Super Heatmap","0.1.0","Ryan","https:\u002F\u002Fprofiles.wordpress.org\u002Frfrankel\u002F","\u003Cp>This plugin was created to give WordPress users a simple way of creating heatmaps for their website without any cost and without using third-party services.  All of the click-track data is stored locally and the heatmap is also calculated on your own server.  I tried to make the interface as simple as possible and anyone should be able to use this plugin without much trouble.\u003C\u002Fp>\n\u003Cp>Please note that this is currently an Alpha release of this plugin and please report any bugs to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fryan-frankel\u002Fwp_super_heatmap\u002Fissues?sort=created&direction=desc&state=open\" rel=\"nofollow ugc\">our GitHub repository.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can also visit this plugins \u003Ca href=\"http:\u002F\u002Fwp-super-heatmap.swampedpublishing.com\u002F\" rel=\"nofollow ugc\">homepage to leave feedback\u003C\u002Fa> and to also get more detailed information about the plugin.  If you have ideas to improve the plugin please leave your comments on that page.\u003C\u002Fp>\n","This plugin tracks user clicks and creates a heatmap for your website. All data is stored locally and no third-party service is used. Completely free!",10,7117,60,2,"2011-11-15T21:21:00.000Z","3.2.1","3.0",[18,19,20,21,22],"http:\u002F\u002FURI_Of_Page_Describing_Plugin_and_Updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-super-heatmap.0.1.0.zip",85,"2026-03-15T15:16:48.613Z",{"slug":55,"name":56,"version":57,"author":22,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":13,"tags":68,"homepage":71,"download_link":72,"security_score":52,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"heatmap-for-wp","heatmap for WordPress – Realtime analytics","0.5.2","https:\u002F\u002Fprofiles.wordpress.org\u002Fheatmap\u002F","\u003Cp>heatmap provides realtime analytics and mouse tracking that helps sites editors understand in seconds which are their best performing contents. heatmap is used to optimize the traffic flow on websites and significantly reduce exit rates.\u003C\u002Fp>\n\u003Ch4>Key features of heatmap\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>realtime analytics, with easy-to-understand heat maps, that are overlaid on your site\u003C\u002Fli>\n\u003Cli>smart heat maps that support responsive web design and touch devices\u003C\u002Fli>\n\u003Cli>fully asynchronous tag; no impact on your site’s performance\u003C\u002Fli>\n\u003Cli>no sampling\u003C\u002Fli>\n\u003Cli>automatic updates (no need to refresh the page)\u003C\u002Fli>\n\u003Cli>only you can see the data of your site\u003C\u002Fli>\n\u003Cli>https supported\u003C\u002Fli>\n\u003Cli>full privacy (your users are anonymous)\u003C\u002Fli>\n\u003Cli>free plan available!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visit \u003Ca href=\"https:\u002F\u002Fheatmap.com\u002F\" rel=\"nofollow ugc\">heatmap.com\u003C\u002Fa> to learn more\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key features of the plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>easy and automatic installation of heatmap’s tag\u003C\u002Fli>\n\u003Cli>no extra load on the database of your wordpress site (no impact on your page speed)\u003C\u002Fli>\n\u003Cli>compatible with symbolic links if you have lots of websites\u003C\u002Fli>\n\u003Cli>written and maintained by the team behind \u003Ca href=\"https:\u002F\u002Fheatmap.com\u002F\" rel=\"nofollow ugc\">heatmap\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Real-time analytics and event tracking for your WordPress sites.",1000,100798,82,19,"2019-02-21T03:11:00.000Z","5.1.22","3.1",[18,21,22,69,70],"real-time","realtime","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fheatmap-for-wp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheatmap-for-wp.0.5.2.zip",{"slug":74,"name":75,"version":76,"author":74,"author_profile":77,"description":78,"short_description":79,"active_installs":24,"downloaded":80,"rating":24,"num_ratings":45,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":13,"tags":84,"homepage":13,"download_link":87,"security_score":52,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"howuku","Heatmap & Analytics – Howuku Web Optimization","1.0.5","https:\u002F\u002Fprofiles.wordpress.org\u002Fhowuku\u002F","\u003Cp>\u003Cstrong>Free heatmap and analytics tool for your WordPress sites.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Howuku is an all-in-one behavior analytics platform created to help you understand your audience better. Designed especially for marketers and product managers, Howuku offers state-of-the-art analytics tools to understand and visualize user behavior with heatmap and how it impacts your product.\u003C\u002Fp>\n\u003Cp>With Howuku, you can track dynamic heatmap, conversion funnels and get instant feedback from your customers to help your product grow.\u003C\u002Fp>\n\u003Cp>Additionally, the heatmap and recording can help you eliminate guesswork and show you what your visitors do exactly and why they drop-off from your website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fhowuku.com\u002F?utm_source=wordpress&utm_medium=plugin&utm_campaign=wp_plugin_page\" rel=\"nofollow ugc\">Get started for free\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>What is Heatmap?\u003C\u002Fh3>\n\u003Cp>A website heatmap is a visual representation that shows you what elements on your website are getting the most interaction (hot) and those that are getting the least (cold).\u003C\u002Fp>\n\u003Cp>You get a comprehensive understanding of what is holding visitors’ attention, what needs to be improved, and what needs to be removed.\u003C\u002Fp>\n\u003Cp>Basically, a heatmap help you see an aggregated view of your user behaviors’ hotspot.\u003C\u002Fp>\n\u003Ch3>How can heatmap helps you improve website conversions?\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Make sure all your important Call-to-actions is above the average-fold of your scroll map\u003C\u002Fli>\n\u003Cli>Identify if your visitors are confused by non-clickable elements and turn those into links\u003C\u002Fli>\n\u003Cli>Find out what your visitors are looking for and reposition your element to improve engagement rate\u003C\u002Fli>\n\u003Cli>Make sure visitors seeing critical website elements like eBooks, guides, and solution briefs?\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>KEY FEATURES OF HEATMAP\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Click heatmap to learn where do visitor click the most\u003C\u002Fli>\n\u003Cli>Scroll heatmap to find out how far down do visitors scrolled\u003C\u002Fli>\n\u003Cli>Segment heatmap with segmented user data such as Source, Referrer, Day of Week and etc\u003C\u002Fli>\n\u003Cli>Sharable external heatmap link to your product and marketing team\u003C\u002Fli>\n\u003Cli>Export PDF report of your heatmap\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>OTHER OPTIMIZATION FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Heatmap: click map, scroll map, and user segmented hotspot\u003C\u002Fli>\n\u003Cli>Visitor Recording: CCTV for your website\u003C\u002Fli>\n\u003Cli>Realtime Analytics and Conversion Funnel\u003C\u002Fli>\n\u003Cli>Create unlimited no. of websites, recordings and heatmap\u003C\u002Fli>\n\u003Cli>Free feedback widget tool and pop-up survey\u003C\u002Fli>\n\u003Cli>On-site A\u002FB testing no coding needed\u003C\u002Fli>\n\u003Cli>Filtering and segmentation\u003C\u002Fli>\n\u003Cli>Mobile, tablet, and PC recordings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Learn more about \u003Ca href=\"https:\u002F\u002Fhowuku.com\u002Ffeatures?utm_source=wordpress&utm_medium=plugin&utm_campaign=wp_plugin_page\" rel=\"nofollow ugc\">all optimization features here\u003C\u002Fa>!\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Resources\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Website:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fhowuku.com\u002F?utm_source=wordpress&utm_medium=plugin&utm_campaign=wp_plugin_page\" rel=\"nofollow ugc\">Howuku Homepage\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Pricing:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fhowuku.com\u002Fpricing?utm_source=wordpress&utm_medium=plugin&utm_campaign=wp_plugin_page\" rel=\"nofollow ugc\">Affordable Plans\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Heatmap:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fhowuku.com\u002Fwebsite-heatmap?utm_source=wordpress&utm_medium=plugin&utm_campaign=wp_plugin_page\" rel=\"nofollow ugc\">Dynamic Heatmap\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Register:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fapp.howuku.com\u002Fsign-up\u002Fbasic?utm_source=wordpress\" rel=\"nofollow ugc\">GET STARTED FOR FREE\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Legal\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fhelp.howuku.com\u002Farticle\u002F18-terms-of-service\" rel=\"nofollow ugc\">Terms & Condition\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fhelp.howuku.com\u002Farticle\u002F17-privacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fhelp.howuku.com\u002Farticle\u002F35-gdpr\" rel=\"nofollow ugc\">GDPR Compliant\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fhelp.howuku.com\u002Farticle\u002F41-cookies-policy\" rel=\"nofollow ugc\">Cookies Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>Sign up for FREE today, no credit card needed!\u003C\u002Fem>\u003C\u002Fp>\n","Free heatmap and analytics tool for your WordPress sites.",3333,"2022-06-12T07:44:00.000Z","6.0.11","2.7",[18,21,22,85,86],"heatmaps","recording","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhowuku.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":96,"downloaded":97,"rating":31,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":107,"download_link":108,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"aurora-heatmap","Aurora Heatmap","1.7.1","r3098","https:\u002F\u002Fprofiles.wordpress.org\u002Fr3098\u002F","\u003Cp>Goddess Aurora is said to give light to the user world.\u003Cbr \u002F>\nThe name “Aurora Heatmap” visualizes user behavior with a beautiful heatmap.\u003Cbr \u002F>\nBringing light to the activation and optimization of your website.\u003C\u002Fp>\n\u003Ch4>The most important thing in site management.\u003C\u002Fh4>\n\u003Cp>That is, \u003Cem>Is the user satisfied?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Where do users see and move through the content?\u003C\u002Fli>\n\u003Cli>Whether the user is not confused?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Aurora Heatmap is the \u003Cstrong>strongest tool\u003C\u002Fstrong> for visualizing it.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Are you guiding users well?\u003C\u002Fli>\n\u003Cli>Conversion rate\u003C\u002Fli>\n\u003Cli>Are you missing out on prospects and readers?\u003C\u002Fli>\n\u003Cli>How is it evaluated by Google?\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You will be able to see the points of improvement.\u003C\u002Fp>\n\u003Ch4>Plugin features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>\u003Cem>No Coding\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>\u003Cem>No Setting\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You just install and activate the plugin.\u003Cbr \u002F>\nNo troublesome user registration or setup is required.\u003Cbr \u002F>\nIt works as default in most WordPress environments.\u003Cbr \u002F>\nAnd Aurora Heatmap is \u003Cstrong>complete with just plugin\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The free version can check the click heat map of PC and mobile, and can be used on any number of sites.\u003Cbr \u002F>\nEven if it is free, there is no limit due to the number of PV and analysis pages.\u003C\u002Fp>\n\u003Ch4>Special notes\u003C\u002Fh4>\n\u003Cp>If it does not work well when used with a cache plugin, turn off JavaScript-related optimization, or exclude jQuery and Aurora Heatmap measurement script (reporter.js) from optimization.\u003Cbr \u002F>\nFor more details, please refer to \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap#oc-1\" rel=\"nofollow ugc\">official site description page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Aurora Heatmap can be used with the following cache plugins.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WP Rocket\u003C\u002Fli>\n\u003Cli>W3 Total Cache\u003C\u002Fli>\n\u003Cli>WP Super Cache\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage and support\u003C\u002Fh4>\n\u003Cp>More detailed usage and FAQs are provided on the \u003Ca href=\"https:\u002F\u002Fmarket.seous.info\u002Fen\u002Faurora-heatmap\" rel=\"nofollow ugc\">Aurora Heatmap official site\u003C\u002Fa>.\u003Cbr \u002F>\nIf you can’t find the answer to your question in those documents, use the WordPress.org \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Faurora-heatmap\u002F\" rel=\"ugc\">support forum\u003C\u002Fa>.\u003Cbr \u002F>\nThe premium version has priority email support.\u003C\u002Fp>\n\u003Ch4>About privacy\u003C\u002Fh4>\n\u003Cp>This plugin \u003Cstrong>does not\u003C\u002Fstrong> perform the following operations.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>User tracking\u003C\u002Fli>\n\u003Cli>Send recorded data to external server\u003C\u002Fli>\n\u003Cli>Use of cookies\u003C\u002Fli>\n\u003Cli>Record of personally identifiable data including IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Aurora Heatmap Free version 90 seconds demo\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3W17Gg_vbHg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Beautiful like an aurora! A simple WordPress heatmap that can be completed with just a plugin.",20000,357256,7,"2025-04-14T09:25:00.000Z","6.8.0","4.9","7.0",[18,104,105,22,106],"analyze","click","japanese","https:\u002F\u002Fmarket.seous.info\u002Faurora-heatmap","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faurora-heatmap.1.7.1.zip",{"slug":110,"name":111,"version":112,"author":111,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":13,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":53},"crazyegg-heatmap-tracking","Crazy Egg","2.12","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrazyegg\u002F","\u003Cp>Crazy Egg is a free plugin that allows you to painlessly add Crazy Egg’s tracking script to your WordPress site. The tracking script lets Crazy Egg track your visitors.\u003Cbr \u002F>\nThe plugin relies on a 3rd party as a service (www.crazyegg.com) in order to track visitor clicks and mouse movements. Please visit www.crazyegg.com\u002Fterms and www.crazyegg.com\u002Fprivacy to find out more about our policies.\u003C\u002Fp>\n","The easiest, free way to add your Crazy Egg tracking script to your WordPress site. The official Crazy Egg Plugin for WordPress.",7000,260860,76,5,"2024-11-08T16:58:00.000Z","6.7.5","2.0.2",[18,105,124,125,126],"crazy-egg","crazyegg","heat-maps","http:\u002F\u002Fwww.crazyegg.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrazyegg-heatmap-tracking.2.12.zip",92,{"attackSurface":131,"codeSignals":206,"taintFlows":229,"riskAssessment":255,"analyzedAt":268},{"hooks":132,"ajaxHandlers":174,"restRoutes":196,"shortcodes":203,"cronEvents":204,"entryPointCount":205,"unprotectedCount":205},[133,139,144,148,153,156,158,160,162,166,170],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","admin_menu","wp_light_heatmap_admin_menu","admin\\partials\\wp_light_heatmap-admin-display.php",14,{"type":134,"name":140,"callback":141,"file":142,"line":143},"wp_enqueue_scripts","wp_light_heatmap_script","core\\wp_light_heatmap_includes.php",12,{"type":134,"name":145,"callback":146,"file":142,"line":147},"admin_init","wp_light_heatmap_admin_script",59,{"type":134,"name":149,"callback":150,"file":151,"line":152},"plugins_loaded","anonymous","includes\\class-wp_light_heatmap.php",151,{"type":134,"name":154,"callback":150,"file":151,"line":155},"admin_enqueue_scripts",166,{"type":134,"name":154,"callback":150,"file":151,"line":157},167,{"type":134,"name":140,"callback":150,"file":151,"line":159},182,{"type":134,"name":140,"callback":150,"file":151,"line":161},183,{"type":134,"name":163,"callback":164,"file":165,"line":138},"wp_footer","insert_display_heatmap_bar","public\\partials\\wp_light_heatmap-public-display.php",{"type":134,"name":145,"callback":167,"file":168,"line":169},"wp_light_heatmap_init","wp_light_heatmap.php",88,{"type":134,"name":171,"callback":172,"file":168,"line":173},"rest_api_init","init_rest_route",107,[175,180,182,185,187,189,191,194],{"action":176,"nopriv":177,"callback":176,"hasNonce":178,"hasCapCheck":178,"file":179,"line":143},"wp_light_heatmap_calculate_neighbors",true,false,"core\\wp_light_heatmap_calculate.php",{"action":176,"nopriv":178,"callback":176,"hasNonce":178,"hasCapCheck":178,"file":179,"line":181},13,{"action":183,"nopriv":177,"callback":183,"hasNonce":178,"hasCapCheck":178,"file":168,"line":184},"wp_light_heatmap_add_dot",123,{"action":183,"nopriv":178,"callback":183,"hasNonce":178,"hasCapCheck":178,"file":168,"line":186},124,{"action":188,"nopriv":177,"callback":188,"hasNonce":178,"hasCapCheck":178,"file":168,"line":152},"wp_light_heatmap_display",{"action":188,"nopriv":178,"callback":188,"hasNonce":178,"hasCapCheck":178,"file":168,"line":190},152,{"action":192,"nopriv":177,"callback":192,"hasNonce":178,"hasCapCheck":178,"file":168,"line":193},"wp_light_heatmap_clear_database",180,{"action":192,"nopriv":178,"callback":192,"hasNonce":178,"hasCapCheck":178,"file":168,"line":195},181,[197],{"namespace":198,"route":199,"methods":200,"callback":183,"permissionCallback":25,"file":168,"line":202},"heatmap\u002Fv1","\u002Fendpoint",[201],"POST",109,[],[],9,{"dangerousFunctions":207,"sqlUsage":208,"outputEscaping":214,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":45,"bundledLibraries":228},[],{"prepared":209,"raw":29,"locations":210},3,[211],{"file":168,"line":212,"context":213},186,"$wpdb->query() with variable interpolation",{"escaped":215,"rawEcho":119,"locations":216},20,[217,220,222,224,226],{"file":137,"line":218,"context":219},112,"raw output",{"file":179,"line":221,"context":219},106,{"file":165,"line":223,"context":219},32,{"file":168,"line":225,"context":219},65,{"file":168,"line":227,"context":219},173,[],[230,247],{"entryPoint":231,"graph":232,"unsanitizedCount":29,"severity":246},"wp_light_heatmap_display (wp_light_heatmap.php:153)",{"nodes":233,"edges":244},[234,239],{"id":235,"type":236,"label":237,"file":168,"line":238},"n0","source","$_POST",164,{"id":240,"type":241,"label":242,"file":168,"line":157,"wp_function":243},"n1","sink","get_results() [SQLi]","get_results",[245],{"from":235,"to":240,"sanitized":178},"high",{"entryPoint":248,"graph":249,"unsanitizedCount":29,"severity":246},"\u003Cwp_light_heatmap> (wp_light_heatmap.php:0)",{"nodes":250,"edges":253},[251,252],{"id":235,"type":236,"label":237,"file":168,"line":238},{"id":240,"type":241,"label":242,"file":168,"line":157,"wp_function":243},[254],{"from":235,"to":240,"sanitized":178},{"summary":256,"deductions":257},"The wp-light-heatmap plugin v1.0.0 presents significant security concerns due to a large number of unprotected entry points. With all 8 AJAX handlers and 1 REST API route lacking authentication checks, an attacker could potentially execute arbitrary actions or access sensitive data without proper authorization.  The taint analysis revealing two high-severity flows with unsanitized paths further exacerbates this risk, indicating a strong possibility of code injection or data manipulation vulnerabilities.\n\nWhile the plugin has a clean vulnerability history with no known CVEs, this should not be interpreted as a sign of robust security. The absence of past issues could simply be due to a lack of thorough security auditing or exploitation attempts. The plugin's strengths lie in its limited use of dangerous functions and a decent percentage of SQL queries using prepared statements, along with properly escaped outputs. However, the lack of nonce checks on AJAX endpoints and capability checks on its entry points are critical oversights that undermine its overall security posture.",[258,260,262,264,266],{"reason":259,"points":42},"All AJAX handlers unprotected",{"reason":261,"points":42},"REST API route unprotected",{"reason":263,"points":143},"High severity taint flows with unsanitized paths",{"reason":265,"points":42},"No nonce checks on AJAX handlers",{"reason":267,"points":119},"Limited capability checks on entry points","2026-03-17T06:02:22.659Z",{"wat":270,"direct":283},{"assetPaths":271,"generatorPatterns":275,"scriptPaths":276,"versionParams":279},[272,273,274],"\u002Fwp-content\u002Fplugins\u002Fwp-light-heatmap\u002Fassets\u002Fcss\u002Fwp_light_heatmap_admin.css","\u002Fwp-content\u002Fplugins\u002Fwp-light-heatmap\u002Fassets\u002Fjs\u002Fwp_light_heatmap_admin.js","\u002Fwp-content\u002Fplugins\u002Fwp-light-heatmap\u002Fassets\u002Fjs\u002Fwp_light_heatmap_public.js",[],[277,278],"assets\u002Fjs\u002Fwp_light_heatmap_admin.js","assets\u002Fjs\u002Fwp_light_heatmap_public.js",[280,281,282],"wp-light-heatmap\u002Fassets\u002Fcss\u002Fwp_light_heatmap_admin.css?ver=","wp-light-heatmap\u002Fassets\u002Fjs\u002Fwp_light_heatmap_admin.js?ver=","wp-light-heatmap\u002Fassets\u002Fjs\u002Fwp_light_heatmap_public.js?ver=",{"cssClasses":284,"htmlComments":286,"htmlAttributes":287,"restEndpoints":289,"jsGlobals":291,"shortcodeOutput":293},[285],"wp-light-heatmap-heatmap",[],[288],"data-heatmap-selector",[290],"\u002Fheatmap\u002Fv1\u002Fendpoint",[292],"lightHeatmapOptionsArray",[]]