[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKrk5j9UTBKgM4prnCj28omnwY7N-C4-RpdL42GgcGIw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":139,"fingerprints":405},"wp-smart-analytics","WP Smart Analytics","1.2.1","Vinod Sebastian","https:\u002F\u002Fprofiles.wordpress.org\u002Fvinodsebastian\u002F","\u003Cp>WP Smart Analytics provides insights into visitor analytics and provides security to your wordpress installation from the comfort of your WordPress dashboard. This mobile friendly plugin uses only encrypted text files for logs and database for statistics. It has option to anonymize IP’s and data is stored locally.\u003C\u002Fp>\n\u003Cp>Tag cloud provides you an overview of the tagged visitors in descending order of visit frequency along with their visit details which can be used for lead analytics, and security maintenance. It further distinguishes website visitors as administrator or visitor or bot.\u003C\u002Fp>\n\u003Cp>User interface is provided to retrieve statistics for a given period on Page Type, Page Title, Visitor Country, Visitor Platform, Visitor Browser and Visitor Source.\u003C\u002Fp>\n\u003Cp>The plugin offers readonly and manage roles based on user role. A shortcode [wpsa_log] is also provided to display visitor logs which we strongly suggest to hide from public.\u003C\u002Fp>\n\u003Cp>Please use the plugin if and only if it meets required statutory and regulatory compliances applicable in relevant  jurisdiction(s). Contributor(s) takes no responsibility or liability due to its usage – either direct or indirect so please use your discretion.\u003C\u002Fp>\n\u003Cp>Many new features are in pipeline.\u003C\u002Fp>\n\u003Ch4>Website\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fvinodsebastian.com\u002Fwp-smart-analytics-plugin\u002F\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>https:\u002F\u002Fvinodsebastian.com\u002Fwp-smart-analytics-plugin\u002F\u003C\u002Fp>\n","WP Smart Analytics provides insights into visitor analytics provides security to your WordPress installation. This mobile friendly plugin uses only en &hellip;",0,2875,100,1,"2022-08-07T18:03:00.000Z","5.9.13","3.9.0","5.3.0",[20,21,22,23,4],"ban","behavior","security","visitor","http:\u002F\u002Fwww.vinodsebastian.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-smart-analytics.1.2.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"vinodsebastian",2,10,93,30,89,"2026-04-04T15:19:05.192Z",[39,64,87,103,117],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":60,"download_link":61,"security_score":62,"vuln_count":14,"unpatched_count":11,"last_vuln_date":63,"fetched_at":28},"wp-fail2ban","WP fail2ban – Advanced Security","5.4.1","invisnet","https:\u002F\u002Fprofiles.wordpress.org\u002Finvisnet\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.fail2ban.org\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">fail2ban\u003C\u002Fa> is one of the simplest and most effective security measures you can implement to protect your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cem>WP fail2ban\u003C\u002Fem> provides the link between WordPress and \u003Ccode>fail2ban\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Oct 17 20:59:54 foobar wordpress(www.example.com)[1234]: Authentication failure for admin from 192.168.0.1\nOct 17 21:00:00 foobar wordpress(www.example.com)[2345]: Accepted password for admin from 192.168.0.1\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cem>WPf2b\u003C\u002Fem> comes with three \u003Ccode>fail2ban\u003C\u002Fcode> filters: \u003Ccode>wordpress-hard.conf\u003C\u002Fcode>, \u003Ccode>wordpress-soft.conf\u003C\u002Fcode>, and \u003Ccode>wordpress-extra.conf\u003C\u002Fcode>. These are designed to allow a split between immediate banning (hard) and the traditional more graceful approach (soft), with extra rules for custom configurations.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Failed Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nThe very first feature of \u003Cem>WPf2b\u003C\u002Fem>: logging failed login attempts so the IP can be banned. Just as useful today as it was then.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block User Enumeration\u003C\u002Fstrong>\u003Cbr \u002F>\nOne of the most common precursors to a password-guessing brute force attack is \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fblock-user-enumeration\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">user enumeration\u003C\u002Fa>. \u003Cem>WPf2b\u003C\u002Fem> can block it, stopping the attack before it starts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block username logins\u003C\u002Fstrong>\u003Cbr \u002F>\nSometimes it’s not possible to block user enumeration (for example, if your theme provides Author profiles). \u003Cem>WPf2b\u003C\u002Fem> can require users to login with their email address instead of their username.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Blocking Users\u003C\u002Fstrong>\u003Cbr \u002F>\nAnther of the older \u003Cem>WPf2b\u003C\u002Fem> features: the login process can be aborted for specified usernames.\u003Cbr \u002F>\nSay a bot collected your site’s usernames before you blocked user enumeration. Once you’ve changed all the usernames, add the old ones to the list; anything using them will trigger a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Empty Username Login Attempts\u003C\u002Fstrong>\u003Cbr \u002F>\nSome bots will try to login without a username; harmless, but annoying. These attempts are logged as a “soft” fail so the more persistent bots will be banned.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Spam\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will log a spammer’s IP address as a “hard” fail when their comment is marked as spam; the Premium version will also log the IP when Akismet discards “obvious” spam.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Attempted Comments\u003C\u002Fstrong>\u003Cbr \u002F>\nSome spam bots try to comment on everything, even things that aren’t there. \u003Cem>WPf2b\u003C\u002Fem> detects these and logs them as a “hard” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Pingbacks\u003C\u002Fstrong>\u003Cbr \u002F>\nPingbacks are a great feature, but they can be abused to attack the rest of the WWW. Rather than disable them completely, \u003Cem>WPf2b\u003C\u002Fem> effectively rate-limits potential attackers by logging the IP address as a “soft” fail.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block XML‑RPC Requests\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nThe only reason most sites need XML‑RPC (other than Pingbacks) is for Jetpack; \u003Cem>WPf2b\u003C\u002Fem> Premium can block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Block Countries\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nSometimes you just need a bigger hammer – if you’re seeing nothing but attacks from some countries, block them!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Cloudflare and Proxy Servers\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will work with \u003Ca href=\"https:\u002F\u002Fwp-fail2ban.com\u002Ffeatures\u002Fcloudflare-and-proxy-servers\u002F?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">Cloudflare\u003C\u002Fa>, and the Premium version will automatically update the list of Cloudflare IP addresses.\u003Cbr \u002F>\nYou can also configure your own list of trusted proxies.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>syslog Dashboard Widget\u003C\u002Fstrong>\u003Cbr \u002F>\nEver wondered what’s being logged? The dashboard widget shows the last 5 messages; the Premium version keeps a full history to help you analyse and prevent attacks.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Site Health Check\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> will (try to) check that your \u003Ccode>fail2ban\u003C\u002Fcode> configuration is sane and that the filters are up to date; out-of-date filters are the primary cause of \u003Cem>WPf2b\u003C\u002Fem> not working as well as it can.\u003Cbr \u002F>\nWhen did you last run the Site Health tool?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>\u003Ccode>mu-plugins\u003C\u002Fcode> Support\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>WPf2b\u003C\u002Fem> can easily be configured as a “must-use plugin” – see \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fconfiguration.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1#mu-plugins-support\" rel=\"nofollow ugc\">Configuration\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>API to Extend \u003Cem>WPf2b\u003C\u002Fem>\u003C\u002Fstrong>\u003Cbr \u002F>\nIf your plugin can detect behaviour which should be blocked, why reinvent the wheel?\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Event Hooks\u003C\u002Fstrong> [Premium]\u003Cbr \u002F>\nNeed to do something special when \u003Cem>WPf2b\u003C\u002Fem> detects a particular event? \u003Ca href=\"https:\u002F\u002Fdocs.wp-fail2ban.com\u002Fen\u002F5.4\u002Fdevelopers\u002Fevents.html?utm_source=wordpress.org&utm_medium=readme&utm_campaign=wp-fail2ban-premium-5.4.1\" rel=\"nofollow ugc\">There’s a hook for that\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Web Application Firewall (WAF)\u003C\u002Fli>\n\u003Cli>Akismet support.\u003C\u002Fli>\n\u003Cli>Block XML‑RPC while allowing Jetpack and\u002For Pingbacks.\u003C\u002Fli>\n\u003Cli>Block Countries.\u003C\u002Fli>\n\u003Cli>Auto-update Cloudflare IPs.\u003C\u002Fli>\n\u003Cli>Event log.\u003C\u002Fli>\n\u003Cli>Event hooks.\u003C\u002Fli>\n\u003C\u002Ful>\n","WP fail2ban uses fail2ban to protect your WordPress site.",70000,1973124,84,71,"2025-04-29T15:21:00.000Z","6.8.5","4.2","7.4",[56,57,58,22,59],"brute-force","fail2ban","login","syslog","https:\u002F\u002Fwp-fail2ban.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fail2ban.5.4.1.zip",99,"2019-02-25 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":54,"tags":79,"homepage":82,"download_link":83,"security_score":84,"vuln_count":85,"unpatched_count":11,"last_vuln_date":86,"fetched_at":28},"stop-user-enumeration","Stop User Enumeration","1.7.7","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Stop User Enumeration is a security plugin designed to detect and prevent hackers scanning your site for user login names.\u003C\u002Fp>\n\u003Cp>User Enumeration is a type of attack where nefarious parties can probe your website to discover your login name. This is often a pre-cursor to brute-force password attacks. Stop User Enumeration helps block this initial attack and allows you to log IPs launching these attacks to block further attacks in the future.\u003C\u002Fp>\n\u003Cp>Tools like WPSCAN are designed for use by ethical hackers and make efforts to find user login names. Ethical hackers ask permission first, this plugin is designed to reduce the tools when used without permission and when used in conjunction with fail2ban can block those attempts at the firewall.\u003C\u002Fp>\n\u003Cp>If you are on a VPS or dedicated server, as the attack IP is logged, you can use (optional additional configuration) fail2ban to block the attack directly at your server’s firewall, a very powerful solution for VPS owners to stop brute force attacks as well as DDoS attacks.\u003C\u002Fp>\n\u003Cp>If you don’t have access to install fail2ban ( e.g. on a Shared Host ) you can still use this plugin.\u003C\u002Fp>\n\u003Cp>The plugin can stop the user id being leaked by the oEmbed API call.\u003C\u002Fp>\n\u003Cp>Since WordPress 4.5 user data can also be obtained by API calls without logging in, this is a WordPress feature, but if you don’t need it to get user data, this\u003Cbr \u002F>\nplugin will restrict and log that too.\u003C\u002Fp>\n\u003Cp>Since WordPress 5.5  sitemaps are generated by core WP  ( wp-sitemap.xml ) which includes a user\u002Fauthor sitemap that exposes the user id.  You can enable \u002F disable this in the plugin settings.\u003C\u002Fp>\n\u003Ch4>PHP 8.4 compatible\u003C\u002Fh4>\n\u003Cp>Tested on PHP 8.4\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Blocks user enumeration requests by GET or POST\u003C\u002Fli>\n\u003Cli>Syslogs a block so Fail2Ban can be used to block an IP\u003C\u002Fli>\n\u003Cli>Optionally blocks REST API user requests for non authorized users\u003C\u002Fli>\n\u003Cli>Optionally removes author sitemap\u003C\u002Fli>\n\u003Cli>Optionally removes author from OEMBED\u003C\u002Fli>\n\u003Cli>Optionally removes numbers from comment authors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin includes an optional email feature for plugin news and updates. When enabled:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Your email address may be sent to https:\u002F\u002Ffullworksplugins.com for important plugin updates and security notices\u003C\u002Fli>\n\u003Cli>This is completely optional and requires your explicit consent via the opt-in form in the plugin settings\u003C\u002Fli>\n\u003Cli>No data is collected or transmitted without your permission\u003C\u002Fli>\n\u003Cli>You can opt-out at any time from the plugin settings\u003C\u002Fli>\n\u003Cli>No other personal data is collected or transmitted to external services\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin logs attempted user enumeration attacks locally using WordPress’s standard logging system:\u003Cbr \u002F>\n* IP addresses of potential attackers are logged locally for security monitoring\u003Cbr \u002F>\n* These logs remain on your server and are not transmitted to any external service\u003Cbr \u002F>\n* Logs can be used with fail2ban or similar tools for enhanced security\u003C\u002Fp>\n\u003Cp>For more information about data handling, please visit https:\u002F\u002Ffullworksplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","Helps secure your site against hacking attacks through detecting  User Enumeration",50000,1305856,98,128,"2025-12-15T10:48:00.000Z","6.9.4","6.3",[57,22,80,81],"user-enumeration","wpscan","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fstop-user-enumeration\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstop-user-enumeration.1.7.7.zip",91,6,"2025-06-26 00:00:00",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":13,"num_ratings":97,"last_updated":98,"tested_up_to":52,"requires_at_least":99,"requires_php":54,"tags":100,"homepage":101,"download_link":102,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"wp-fail2ban-redux","WP Fail2Ban Redux","0.9.2","Brandon Allen","https:\u002F\u002Fprofiles.wordpress.org\u002Fthebrandonallen\u002F","\u003Cp>WP Fail2Ban Redux records various WordPress events to your server’s system log for integration with \u003Ca href=\"http:\u002F\u002Fwww.fail2ban.org\u002F\" rel=\"nofollow ugc\">Fail2Ban\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin is (\u003Cem>mostly\u003C\u002Fem>) a drop-in replacement for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-fail2ban\u002F\" rel=\"ugc\">WP fail2ban\u003C\u002Fa> by \u003Ca href=\"https:\u002F\u002Fcharles.lecklider.org\u002F\" rel=\"nofollow ugc\">Charles Lecklider\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>While WP fail2ban is a great plugin, there are a number of improvements that could be made. In order to facilitate these improvements, a major refactoring of the codebase was necessary.\u003C\u002Fp>\n\u003Cp>The core functionality between \u003Cem>WP Fail2Ban Redux\u003C\u002Fem> and WP fail2ban remains the same. \u003Cem>WP Fail2Ban Redux\u003C\u002Fem> is considered to be \u003Cem>mostly\u003C\u002Fem> a drop-in replacement, because all constants have been replaced with filters, and will, possibly, require some upgrade work. Don’t work it’s as simple as implementing the constants.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The following events are recorded by default:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Failed XML-RPC authentication attempts.\u003C\u002Fli>\n\u003Cli>Successful authentication attempts.\u003C\u002Fli>\n\u003Cli>Failed authentication attempts — differentiated by a user’s existence.\u003C\u002Fli>\n\u003Cli>Pingback errors.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>The following events can be enabled via filter:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Pingback requests.\u003C\u002Fli>\n\u003Cli>Blocked user enumeration attempts.\u003C\u002Fli>\n\u003Cli>Authentication attempts for blocked usernames.\u003C\u002Fli>\n\u003Cli>Spammed comments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Extra documentation is available on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthebrandonallen\u002Fwp-fail2ban-redux\u002Fwiki\" rel=\"nofollow ugc\">WP Fail2Ban Redux GitHub Wiki\u003C\u002Fa>.\u003C\u002Fp>\n","Records various WordPress events to your server's system log for integration with Fail2Ban.",8000,96117,15,"2025-05-27T05:32:00.000Z","5.8",[57,58,22,59],"https:\u002F\u002Fgithub.com\u002Fthebrandonallen\u002Fwp-fail2ban-redux\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fail2ban-redux.0.9.2.zip",{"slug":104,"name":105,"version":106,"author":43,"author_profile":44,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":13,"num_ratings":32,"last_updated":111,"tested_up_to":52,"requires_at_least":112,"requires_php":54,"tags":113,"homepage":115,"download_link":116,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"wpf2b-addon-blocklist","WP fail2ban Blocklist","2.2.2","\u003Cp>There are many plugins that use a database to check for malicious IPs \u003Cstrong>after\u003C\u002Fstrong> they connect, and of course \u003Ccode>fail2ban\u003C\u002Fcode> stops \u003Cem>repeated\u003C\u002Fem> attacks, but what if bad IPs could be blocked \u003Cstrong>before\u003C\u002Fstrong> they attack?\u003C\u002Fp>\n\u003Cp>By working collaboratively – sharing attack data – \u003Cem>WP fail2ban Blocklist\u003C\u002Fem> does exactly that.\u003C\u002Fp>\n\u003Cp>The Blocklist Network Service (BNS) collects attack data from participating sites, performs some analytical magic, and sends back a list of IPs that are attacking sites now but haven’t yet attacked that site. In other words, each site periodically gets a unique list of IPs to block \u003Cstrong>preemptively\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>GDPR\u003C\u002Fh4>\n\u003Cp>The BNS doesn’t collect personal data, and bots don’t have rights.\u003C\u002Fp>\n\u003Cp>That said, the BNS only collects the minimum data required (time, IP, event), and only for IPs that have behaved maliciously.\u003C\u002Fp>\n\u003Cp>Of course, it is possible that some data is generated by \u003Cem>people\u003C\u002Fem> behaving maliciously, but the BNS has no way to differentiate – and nor should it: an attack is an attack.\u003C\u002Fp>\n\u003Ch4>Freemius\u003C\u002Fh4>\n\u003Cp>To work, the BNS \u003Cstrong>must\u003C\u002Fstrong> know:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>which sites are running the blocklist add-on,\u003C\u002Fli>\n\u003Cli>which version is in use,\u003C\u002Fli>\n\u003Cli>and a shared secret for secure communication.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Freemius already provides all these, and \u003Cem>WP fail2ban\u003C\u002Fem> already uses Freemius; why reinvent the wheel?\u003C\u002Fp>\n\u003Cp>Therefore, unlike the core \u003Cem>WP fail2ban\u003C\u002Fem> plugin, you \u003Cem>must\u003C\u002Fem> opt into Freemius for the blocklist to work.\u003C\u002Fp>\n","WP fail2ban Blocklist is a collaborative preemptive blocklist for WordPress.",4000,26820,"2025-05-01T12:27:00.000Z","4.9",[114,57,22],"blocklist","https:\u002F\u002Faddons.wp-fail2ban.com\u002Fblocklist\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpf2b-addon-blocklist.2.2.2.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":128,"last_updated":129,"tested_up_to":77,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":136,"download_link":137,"security_score":62,"vuln_count":14,"unpatched_count":11,"last_vuln_date":138,"fetched_at":28},"banhammer","Banhammer – Monitor Site Traffic, Block Bad Users and Bots","3.5.1","Jeff Starr","https:\u002F\u002Fprofiles.wordpress.org\u002Fspecialk\u002F","\u003Cblockquote>\n\u003Cp>⚡ Banhammer: Protect your site against enemy hordes!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Banhammer gives you full control over who and what may access your site. Visit the Armory to monitor traffic and review suspicious visitors. If you find some user or bot that is causing problems, you can ban them with a click. Or, if you just want to keep an eye on someone, you can flag them with a warning. Any banned users will be denied access to your site, until you restore access via the Tower. Check out the video and screenshots to get a better idea of how it works.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F0t4qBH0TuW0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>👉 Important: Not yet compatible with WP Multisite!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Core Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ban or Warn any WP user or IP address\u003C\u002Fli>\n\u003Cli>Restore access to any banned targets\u003C\u002Fli>\n\u003Cli>Monitor site traffic in the Armory\u003C\u002Fli>\n\u003Cli>Monitor logged users in the Admin Area\u003C\u002Fli>\n\u003Cli>Monitor all visitors on the front-end\u003C\u002Fli>\n\u003Cli>Manage banned targets in the Tower\u003C\u002Fli>\n\u003Cli>Complete Ajax-powered navigation\u003C\u002Fli>\n\u003Cli>Useful tools like jump, sort, search\u003C\u002Fli>\n\u003Cli>Complete documentation via Help tab\u003C\u002Fli>\n\u003Cli>Automatically clear logged data\u003C\u002Fli>\n\u003Cli>Sound effects for Ban, Warn, et al\u003C\u002Fli>\n\u003Cli>NEW: manually block any IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Options Galore\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optionally ignore logged-in users\u003C\u002Fli>\n\u003Cli>Optionally protect Login Page and Admin Area\u003C\u002Fli>\n\u003Cli>Customize the banned response and status code\u003C\u002Fli>\n\u003Cli>Display banned message or redirect the request\u003C\u002Fli>\n\u003Cli>Choose the interval to clear logged data\u003C\u002Fli>\n\u003Cli>One-click restore plugin default options\u003C\u002Fli>\n\u003Cli>All collected data may be deleted easily\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>More Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Clean code\u003C\u002Fli>\n\u003Cli>Fast and secure\u003C\u002Fli>\n\u003Cli>Built with WP API\u003C\u002Fli>\n\u003Cli>Lightweight and flexible\u003C\u002Fli>\n\u003Cli>Regularly updated and “future proof”\u003C\u002Fli>\n\u003Cli>Works great with any WordPress theme\u003C\u002Fli>\n\u003Cli>Comprehensive search of all logged data\u003C\u002Fli>\n\u003Cli>Works great with other WordPress plugins\u003C\u002Fli>\n\u003Cli>Works with or without Gutenberg Block Editor\u003C\u002Fli>\n\u003Cli>Focused on usability, performance, and security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Banhammer is perfect for site owners, admins, and developers who want to keep an eye on traffic and block any unwanted visitors. It is a simple, flexible, and powerful security solution. Perfect for the best WordPress sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Exclusive Features in Pro Version\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ban based on URI request, referrer, or user agent\u003C\u002Fli>\n\u003Cli>Whitelist any IP address or user agent\u003C\u002Fli>\n\u003Cli>View cookies, POST data, and FILES data\u003C\u002Fli>\n\u003Cli>Email Alerts for banned & warned requests\u003C\u002Fli>\n\u003Cli>Display custom message to each banned target\u003C\u002Fli>\n\u003Cli>Add private notes to warned\u002Fbanned targets\u003C\u002Fli>\n\u003Cli>Customize target strings for user agents, IPs, etc.\u003C\u002Fli>\n\u003Cli>Disable logging of banned, warned, and whitelisted targets\u003C\u002Fli>\n\u003Cli>Smart bot detection\u003C\u002Fli>\n\u003Cli>Paged results in Tower\u003C\u002Fli>\n\u003Cli>User avatars in Tower\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For complete documentation, visit the Help tab on any Banhammer screen.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>⚡ \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro now available&nbsp;&raquo;\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>User Data:\u003C\u002Fstrong> Banhammer collects user data to “do its thing”. The collected data is temporary and automatically deleted every day, or at whatever time interval is specified in the plugin settings. The only time that any data is “remembered” is when you ban something. For each person\u002Fthing that you ban, the plugin stores either the IP address OR the username (never both). At any time, all saved data may be deleted permanently via the plugin settings and Armory Tools.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cookies:\u003C\u002Fstrong> Banhammer does not set any cookies for regular visitors, but does set a few simple cookies for admin-level users. These simple cookies enable dope effects and interactivity in the Armory and Tower UI. But no cookies are set or used for any other visitor\u002Fuser or purpose.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Services:\u003C\u002Fstrong> Banhammer uses a free lookup service for GeoIP information. This happens only for admin-level users when they are viewing data in the Armory or Tower. No other third-party services are used by this plugin.\u003C\u002Fp>\n\u003Cp>Banhammer is developed and maintained by \u003Ca href=\"https:\u002F\u002Fx.com\u002Fperishable\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>, 15-year \u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002F\" rel=\"nofollow ugc\">WordPress developer\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002F\" rel=\"nofollow ugc\">book author\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support development\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I develop and maintain this free plugin with love for the WordPress community. To show support, you can \u003Ca href=\"https:\u002F\u002Fmonzillamedia.com\u002Fdonate.html\" rel=\"nofollow ugc\">make a donation\u003C\u002Fa> or purchase one of my books:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002F\" rel=\"nofollow ugc\">The Tao of WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F\" rel=\"nofollow ugc\">Digging into WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhtaccessbook.com\u002F\" rel=\"nofollow ugc\">.htaccess made easy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwp-tao.com\u002Fwordpress-themes-book\u002F\" rel=\"nofollow ugc\">WordPress Themes In Depth\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbooks.perishablepress.com\u002Fdownloads\u002Fwizards-collection-sql-recipes-wordpress\u002F\" rel=\"nofollow ugc\">Wizard’s SQL Recipes for WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>And\u002For purchase one of my premium WordPress plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbbq-pro\u002F\" rel=\"nofollow ugc\">BBQ Pro\u003C\u002Fa> – Blazing fast WordPress firewall\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fblackhole-pro\u002F\" rel=\"nofollow ugc\">Blackhole Pro\u003C\u002Fa> – Automatically block bad bots\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fbanhammer-pro\u002F\" rel=\"nofollow ugc\">Banhammer Pro\u003C\u002Fa> – Monitor traffic and ban the bad guys\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fga-google-analytics-pro\u002F\" rel=\"nofollow ugc\">GA Google Analytics Pro\u003C\u002Fa> – Connect WordPress to Google Analytics\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fhead-meta-pro\u002F\" rel=\"nofollow ugc\">Head Meta Pro\u003C\u002Fa> – Ultimate Meta Tags for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fsimple-ajax-chat-pro\u002F\" rel=\"nofollow ugc\">Simple Ajax Chat Pro\u003C\u002Fa> – Unlimited chat rooms\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplugin-planet.com\u002Fusp-pro\u002F\" rel=\"nofollow ugc\">USP Pro\u003C\u002Fa> – Unlimited front-end forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links, tweets and likes also appreciated. Thank you! 🙂\u003C\u002Fp>\n","Monitor traffic and ban unwanted visitors. Block any user or IP address so they can't access your site.",1000,48178,88,18,"2026-02-05T15:36:00.000Z","4.7","5.6.20",[20,133,134,135,22],"block","bots","monitor","https:\u002F\u002Fperishablepress.com\u002Fbanhammer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbanhammer.3.5.1.zip","2025-09-25 14:27:24",{"attackSurface":140,"codeSignals":211,"taintFlows":244,"riskAssessment":397,"analyzedAt":404},{"hooks":141,"ajaxHandlers":170,"restRoutes":199,"shortcodes":200,"cronEvents":209,"entryPointCount":210,"unprotectedCount":11},[142,148,152,155,159,162,166],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_menu","create_admin_menu","class-wpsa.php",135,{"type":143,"name":149,"callback":150,"file":146,"line":151},"init","ban_ip",144,{"type":143,"name":149,"callback":153,"file":146,"line":154},"set_cookie_session",145,{"type":143,"name":156,"callback":157,"file":146,"line":158},"wp_footer","log_visitor",146,{"type":143,"name":149,"callback":160,"file":146,"line":161},"detect_admin_cookie",148,{"type":143,"name":163,"callback":164,"file":146,"line":165},"admin_enqueue_scripts","register_admin_assets",204,{"type":143,"name":167,"callback":168,"file":146,"line":169},"wp_enqueue_scripts","enqueue_shortcode_assets",1994,[171,177,181,185,189,193,197],{"action":172,"nopriv":173,"callback":174,"hasNonce":175,"hasCapCheck":175,"file":146,"line":176},"wpsa_view_log",false,"wp_ajax_wpsa_view_log",true,137,{"action":178,"nopriv":173,"callback":179,"hasNonce":175,"hasCapCheck":175,"file":146,"line":180},"wpsa_delete_log","wp_ajax_wpsa_delete_log",138,{"action":182,"nopriv":173,"callback":183,"hasNonce":175,"hasCapCheck":175,"file":146,"line":184},"wpsa_add_tag","wp_ajax_wpsa_add_tag",139,{"action":186,"nopriv":173,"callback":187,"hasNonce":175,"hasCapCheck":175,"file":146,"line":188},"wpsa_save_settings","wp_ajax_wpsa_save_settings",140,{"action":190,"nopriv":173,"callback":191,"hasNonce":175,"hasCapCheck":175,"file":146,"line":192},"wpsa_generate_report","wp_ajax_wpsa_generate_report",141,{"action":194,"nopriv":173,"callback":195,"hasNonce":175,"hasCapCheck":173,"file":146,"line":196},"wpsa_view_log_shortcode","wp_ajax_wpsa_view_log_shortcode",1996,{"action":194,"nopriv":175,"callback":195,"hasNonce":175,"hasCapCheck":173,"file":146,"line":198},1997,[],[201,205],{"tag":202,"callback":203,"file":146,"line":204},"wpsa_log","wpsa_log_shortcode_plugin",1991,{"tag":206,"callback":207,"file":146,"line":208},"wpsa_count","wpsa_count_shortcode_plugin",1992,[],9,{"dangerousFunctions":212,"sqlUsage":213,"outputEscaping":220,"fileOperations":242,"externalRequests":14,"nonceChecks":85,"capabilityChecks":210,"bundledLibraries":243},[],{"prepared":214,"raw":14,"locations":215},7,[216],{"file":217,"line":218,"context":219},"uninstall.php",42,"$wpdb->query() with variable interpolation",{"escaped":221,"rawEcho":210,"locations":222},11,[223,226,228,230,232,234,236,238,240],{"file":146,"line":224,"context":225},472,"raw output",{"file":146,"line":227,"context":225},519,{"file":146,"line":229,"context":225},583,{"file":146,"line":231,"context":225},1584,{"file":146,"line":233,"context":225},1586,{"file":146,"line":235,"context":225},1616,{"file":146,"line":237,"context":225},1666,{"file":146,"line":239,"context":225},1977,{"file":146,"line":241,"context":225},2153,4,[],[245,268,279,291,301,330,380],{"entryPoint":246,"graph":247,"unsanitizedCount":14,"severity":267},"set_cookie_session (class-wpsa.php:597)",{"nodes":248,"edges":264},[249,254,258],{"id":250,"type":251,"label":252,"file":146,"line":253},"n0","source","$_COOKIE",656,{"id":255,"type":256,"label":257,"file":146,"line":253},"n1","transform","→ generate_visitorname()",{"id":259,"type":260,"label":261,"file":146,"line":262,"wp_function":263},"n2","sink","update_option() [Settings Manipulation]",2193,"update_option",[265,266],{"from":250,"to":255,"sanitized":173},{"from":255,"to":259,"sanitized":173},"low",{"entryPoint":269,"graph":270,"unsanitizedCount":14,"severity":267},"detect_admin_cookie (class-wpsa.php:679)",{"nodes":271,"edges":276},[272,274,275],{"id":250,"type":251,"label":252,"file":146,"line":273},728,{"id":255,"type":256,"label":257,"file":146,"line":273},{"id":259,"type":260,"label":261,"file":146,"line":262,"wp_function":263},[277,278],{"from":250,"to":255,"sanitized":173},{"from":255,"to":259,"sanitized":173},{"entryPoint":280,"graph":281,"unsanitizedCount":11,"severity":267},"wp_ajax_wpsa_view_log (class-wpsa.php:1573)",{"nodes":282,"edges":289},[283,286],{"id":250,"type":251,"label":284,"file":146,"line":285},"$_POST (x2)",1580,{"id":255,"type":260,"label":287,"file":146,"line":231,"wp_function":288},"echo() [XSS]","echo",[290],{"from":250,"to":255,"sanitized":175},{"entryPoint":292,"graph":293,"unsanitizedCount":11,"severity":267},"wp_ajax_wpsa_add_tag (class-wpsa.php:1629)",{"nodes":294,"edges":299},[295,298],{"id":250,"type":251,"label":296,"file":146,"line":297},"$_POST",1637,{"id":255,"type":260,"label":287,"file":146,"line":237,"wp_function":288},[300],{"from":250,"to":255,"sanitized":175},{"entryPoint":302,"graph":303,"unsanitizedCount":32,"severity":267},"wp_ajax_wpsa_save_settings (class-wpsa.php:1679)",{"nodes":304,"edges":325},[305,308,310,312,317,321,323],{"id":250,"type":251,"label":306,"file":146,"line":307},"$_POST (x10)",1689,{"id":255,"type":260,"label":261,"file":146,"line":309,"wp_function":263},1691,{"id":259,"type":251,"label":296,"file":146,"line":311},1884,{"id":313,"type":260,"label":314,"file":146,"line":315,"wp_function":316},"n3","query() [SQLi]",1891,"query",{"id":318,"type":251,"label":319,"file":146,"line":320},"n4","$_COOKIE (x2)",1780,{"id":322,"type":256,"label":257,"file":146,"line":320},"n5",{"id":324,"type":260,"label":261,"file":146,"line":262,"wp_function":263},"n6",[326,327,328,329],{"from":250,"to":255,"sanitized":175},{"from":259,"to":313,"sanitized":175},{"from":318,"to":322,"sanitized":173},{"from":322,"to":324,"sanitized":173},{"entryPoint":331,"graph":332,"unsanitizedCount":379,"severity":267},"\u003Cclass-wpsa> (class-wpsa.php:0)",{"nodes":333,"edges":369},[334,336,338,339,340,342,343,344,346,348,350,353,355,357,362,365,367],{"id":250,"type":251,"label":252,"file":146,"line":335},649,{"id":255,"type":260,"label":314,"file":146,"line":337,"wp_function":316},1535,{"id":259,"type":251,"label":284,"file":146,"line":285},{"id":313,"type":260,"label":287,"file":146,"line":231,"wp_function":288},{"id":318,"type":251,"label":341,"file":146,"line":335},"$_COOKIE (x3)",{"id":322,"type":260,"label":287,"file":146,"line":235,"wp_function":288},{"id":324,"type":251,"label":306,"file":146,"line":307},{"id":345,"type":260,"label":261,"file":146,"line":309,"wp_function":263},"n7",{"id":347,"type":251,"label":296,"file":146,"line":311},"n8",{"id":349,"type":260,"label":314,"file":146,"line":315,"wp_function":316},"n9",{"id":351,"type":251,"label":252,"file":146,"line":352},"n10",1768,{"id":354,"type":260,"label":261,"file":146,"line":262,"wp_function":263},"n11",{"id":356,"type":251,"label":296,"file":146,"line":297},"n12",{"id":358,"type":260,"label":359,"file":146,"line":360,"wp_function":361},"n13","wp_remote_get() [SSRF]",2885,"wp_remote_get",{"id":363,"type":251,"label":364,"file":146,"line":253},"n14","$_COOKIE (x5)",{"id":366,"type":256,"label":257,"file":146,"line":253},"n15",{"id":368,"type":260,"label":261,"file":146,"line":262,"wp_function":263},"n16",[370,371,372,373,374,375,376,377,378],{"from":250,"to":255,"sanitized":175},{"from":259,"to":313,"sanitized":175},{"from":318,"to":322,"sanitized":175},{"from":324,"to":345,"sanitized":175},{"from":347,"to":349,"sanitized":175},{"from":351,"to":354,"sanitized":175},{"from":356,"to":358,"sanitized":175},{"from":363,"to":366,"sanitized":173},{"from":366,"to":368,"sanitized":173},5,{"entryPoint":381,"graph":382,"unsanitizedCount":32,"severity":396},"log_visitor (class-wpsa.php:1293)",{"nodes":383,"edges":392},[384,387,388,390,391],{"id":250,"type":251,"label":385,"file":146,"line":386},"$_SERVER",1312,{"id":255,"type":260,"label":314,"file":146,"line":337,"wp_function":316},{"id":259,"type":251,"label":385,"file":146,"line":389},1404,{"id":313,"type":256,"label":257,"file":146,"line":389},{"id":318,"type":260,"label":261,"file":146,"line":262,"wp_function":263},[393,394,395],{"from":250,"to":255,"sanitized":173},{"from":259,"to":313,"sanitized":173},{"from":313,"to":318,"sanitized":173},"high",{"summary":398,"deductions":399},"The \"wp-smart-analytics\" v1.2.1 plugin exhibits a generally good security posture with a significant number of security checks in place.  It correctly implements nonce and capability checks on its AJAX endpoints, and its REST API is properly secured. The plugin also demonstrates a strong adherence to secure coding practices by using prepared statements for the vast majority of its SQL queries.\n\nHowever, concerns arise from the taint analysis results, which indicate 5 out of 7 analyzed flows have unsanitized paths. While no critical or high severity taint flows were identified, this suggests potential vulnerabilities related to how user-supplied data is processed, which could lead to unexpected behavior or data manipulation if exploited. The code analysis also shows that only 55% of output escaping is properly done, which could expose the plugin to Cross-Site Scripting (XSS) vulnerabilities if malicious data is present in the unescaped outputs.\n\nThe plugin's history of zero known CVEs is a positive indicator of its overall security maturity. It suggests that the development team is either proactive in addressing security issues or that the plugin has not been a significant target for vulnerabilities in the past. Despite the absence of historical vulnerabilities, the presence of unsanitized taint flows and insufficient output escaping in the current analysis warrants careful consideration. The plugin's strengths lie in its robust authentication and authorization mechanisms for its entry points, but its weaknesses are found in the sanitization and escaping of data within its code.",[400,402],{"reason":401,"points":33},"Unsanitized taint flows detected",{"reason":403,"points":379},"Insufficient output escaping","2026-03-17T07:26:05.412Z",{"wat":406,"direct":445},{"assetPaths":407,"generatorPatterns":425,"scriptPaths":426,"versionParams":427},[408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424],"\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fbackend-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fbackend-style-responsive.css","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fsweetalert.css","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fjquery-ui.css","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fjquery.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fselect2.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fbackend-script.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fsweetalert.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fjquery-ui.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fjquery.dataTables.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002FChart.bundle.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fselect2.full.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fmoment.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fdaterangepicker.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fadmin-script.js","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Ffrontend\u002Fcss\u002Ffrontend-style.css","\u002Fwp-content\u002Fplugins\u002Fwp-smart-analytics\u002Finc\u002Ffrontend\u002Fjs\u002Ffrontend-script.js",[],[414,415,416,417,418,419,420,421,422,424],[428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444],"wp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fbackend-style.css?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fbackend-style-responsive.css?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fsweetalert.css?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fjquery-ui.css?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fjquery.dataTables.min.css?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fcss\u002Fselect2.min.css?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fbackend-script.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fsweetalert.min.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fjquery-ui.min.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fjquery.dataTables.min.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002FChart.bundle.min.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fselect2.full.min.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fmoment.min.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fdaterangepicker.js?ver=","wp-smart-analytics\u002Finc\u002Fadmin\u002Fjs\u002Fadmin-script.js?ver=","wp-smart-analytics\u002Finc\u002Ffrontend\u002Fcss\u002Ffrontend-style.css?ver=","wp-smart-analytics\u002Finc\u002Ffrontend\u002Fjs\u002Ffrontend-script.js?ver=",{"cssClasses":446,"htmlComments":448,"htmlAttributes":450,"restEndpoints":453,"jsGlobals":456,"shortcodeOutput":458},[447],"wp_smart_analytics_admin_page",[449],"\u003C!-- WP Smart Analytics Admin Page -->",[451,452],"data-wpsa-admin-ajax-url","data-wpsa-nonce",[454,455],"\u002Fwp-json\u002Fwpsa\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fwpsa\u002Fv1\u002Flogs",[457],"wpsa_admin_ajax_object",[]]