[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXZO_9fJiffA2whABFbZ1Nwhx8pwHesZAHZesSIdFNZU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":56,"analysis":164,"fingerprints":416},"wp-stats","WP-Stats","2.56","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Ch3>Usage (Create Stats Page)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to ‘WP-Admin -> Pages -> Add New’\u003C\u002Fli>\n\u003Cli>Type any title you like in the page’s title area\u003C\u002Fli>\n\u003Cli>If you ARE using nice permalinks, after typing the title, WordPress will generate the permalink to the page. You will see an ‘Edit’ link just beside the permalink.\u003C\u002Fli>\n\u003Cli>Click ‘Edit’ and type in ‘stats’ in the text field (without the quotes) and click ‘Save’.\u003C\u002Fli>\n\u003Cli>Type \u003Ccode>[page_stats]\u003C\u002Fcode> in the page’s content area\u003C\u002Fli>\n\u003Cli>Click ‘Publish’\u003C\u002Fli>\n\u003Cli>If you ARE NOT using nice permalinks, you need to go to \u003Ccode>WP-Admin -> Settings -> Stats\u003C\u002Fcode> and under ‘Stats URL’, you need to fill in the URL to the Stats Page you created above.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Usage (With Widget)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to \u003Ccode>WP-Admin -> Appearance -> Widgets\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>The widget name is \u003Ccode>Stats\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Build Status\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Flesterchan\u002Fwp-stats\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-stats\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-stats\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-stats\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-stats\u002Fi18n\u002F\" title=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-stats\u002Fi18n\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdev.wp-plugins.org\u002Fbrowser\u002Fwp-stats\u002Fi18n\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fwww.simpleicon.com\" rel=\"nofollow ugc\">SimpleIcon\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fp>\n","Display your WordPress blog statistics. Ranging from general total statistics, some of my plugins statistics and top 10 statistics.",3000,335338,52,7,"2023-08-09T03:06:00.000Z","6.2.9","5.5","",[20,21,22,4,23],"stat","statistics","stats","wp-stat","https:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-stats.2.56.zip",85,1,0,"2015-06-17 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2015-10001","wp-stats-cross-site-request-forgery","WP-Stats \u003C 2.52 - Cross-Site Request Forgery","The WP-Stats WordPress plugin before 2.52 does not have CSRF check in admin-menu when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads in wordpress-admin-panel.",null,"\u003C2.52","2.52","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3df11929-37be-4c52-ae53-fbbe926659b7?source=api-prod",3142,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":50,"total_installs":51,"avg_security_score":52,"avg_patch_time_days":53,"trust_score":54,"computed_at":55},"gamerz",20,889190,89,1377,71,"2026-04-04T15:55:06.388Z",[57,82,101,124,143],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":28,"last_vuln_date":81,"fetched_at":30},"burst-statistics","Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)","3.2.3","Burst Statistics B.V.","https:\u002F\u002Fprofiles.wordpress.org\u002Fburstbv\u002F","\u003Ch4>Finally, analytics that you’ll actually use.\u003C\u002Fh4>\n\u003Cp>Google Analytics is overkill. Other WordPress statistics plugins are cluttered and confusing. You just want to know what’s happening on your site – without a data science degree.\u003C\u002Fp>\n\u003Cp>Burst Statistics gives you a clean, intuitive analytics dashboard focused on the metrics that actually matter. \u003Cstrong>No external accounts. No complex setup. Install, activate, and understand your traffic in seconds.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Trusted by \u003Cstrong>200,000+ WordPress sites\u003C\u002Fstrong>. Built by the experienced team behind UpdraftPlus, WP-Optimize, and All-In-One Security.\u003C\u002Fp>\n\u003Ch4>What our users are saying\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Finally, an analytics plugin I can actually explain to clients.”\u003Cbr \u002F>\n  — @anguskeystone on wordpress.org\u003C\u002Fp>\n\u003Cp>“I tried WP Statistics and Independent Analytics, but they’re overloaded and confusing. Burst’s UI is intuitive and focused on what matters to me.”\u003Cbr \u002F>\n  — @vallered on wordpress.org\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Why Burst Statistics?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Designed to be actionable\u003C\u002Fstrong>\u003Cbr \u002F>\nOther analytics plugins throw everything at you. Burst shows what matters — visitors, pageviews, referrers, top pages — in a dashboard you’ll actually use. No overload of data. No confusing menus.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy-first by design\u003C\u002Fstrong>\u003Cbr \u002F>\nAll statistics stay on your server. No external tracking. Your data is yours – we never see it without your explicit permission.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Zero setup friction\u003C\u002Fstrong>\u003Cbr \u002F>\nInstall, activate, done. No Google accounts, no tracking codes, no configuration headaches. Start seeing live visitors immediately.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Built for WordPress\u003C\u002Fstrong>\u003Cbr \u002F>\nNot a port from another platform. Designed specifically for WordPress with native performance and seamless integration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fast and lightweight\u003C\u002Fstrong>\u003Cbr \u002F>\nOptimized database queries, no bloated scripts (\u003C4kb tracking script), no external dependencies slowing down your pages. Designed to track accurately even when using aggressive server-side caching.\u003C\u002Fp>\n\u003Cp>\u003Ch4>Features\u003C\u002Fh4>\n\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Understand your traffic\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View table of top performing pages and posts\u003C\u002Fli>\n\u003Cli>Track key metrics (Visitors, Sessions, Pageviews, Bounce Rate)\u003C\u002Fli>\n\u003Cli>Breakdown of visitors by device (Desktop, Tablet, Mobile)\u003C\u002Fli>\n\u003Cli>Filter data by custom date ranges\u003C\u002Fli>\n\u003Cli>Compare traffic over time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Real-time analytics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Identify the real-time source for live visitors\u003C\u002Fli>\n\u003Cli>View the specific pages users are visiting now\u003C\u002Fli>\n\u003Cli>See a live count of active users on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>See what content performs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Top pages and posts ranked by views\u003C\u002Fli>\n\u003Cli>Compare any date range\u003C\u002Fli>\n\u003Cli>Track individual page performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom conversion tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Track views, clicks and hooks\u003C\u002Fli>\n\u003Cli>Track WooCommerce sales\u003C\u002Fli>\n\u003Cli>Track custom events or hooks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy without compromise\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>100% self-hosted — all statistics stored locally in your WordPress database\u003C\u002Fli>\n\u003Cli>Cookieless tracking option (no consent banner required in some countries)\u003C\u002Fli>\n\u003Cli>Designed to support GDPR, CCPA, DSGVO, AVG, RGPD, and PECR compliance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Stay informed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Weekly or monthly email reports delivered to your inbox\u003C\u002Fli>\n\u003Cli>Compare periods to spot trends\u003C\u002Fli>\n\u003Cli>Get notified when tracking does not work\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>From the creators of UpdraftPlus, WP Optimize and All In One Security\u003C\u002Fh4>\n\u003Cp>Burst Statistics was created by experienced developers who also created:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupdraftplus\u002F\" rel=\"ugc\">UpdraftPlus: WP Backup & Migration Plugin\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F\" rel=\"ugc\">All-In-One Security (AIOS) – Security and Firewall\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-optimize\u002F\" rel=\"ugc\">WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Who is Burst for?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bloggers & content creators\u003C\u002Fstrong> — See which posts resonate with your audience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Small business owners\u003C\u002Fstrong> — Understand your traffic without complexity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> — Track visitor behavior and sales (Burst Pro – Business plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & freelancers\u003C\u002Fstrong> — Manage analytics for your clients (Burst Pro – Agency plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-conscious site owners\u003C\u002Fstrong> — GDPR-compliant stats without consent banners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone tired of Google Analytics\u003C\u002Fstrong> — Get clarity instead of confusion\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Unlock comprehensive insights into your website’s user behaviour with Burst Pro. Benefit from advanced features designed to improve performance, boost engagement, and drive conversions. \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Get Burst Pro now.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Free vs Pro\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Burst Statistics (Free)\u003C\u002Fstrong> includes everything you need to understand your website traffic: visitors, pageviews, referrers, top content, device stats, goal tracking, email reports, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Burst Pro\u003C\u002Fstrong> adds advanced features for businesses and professionals:\u003C\u002Fp>\n\u003Cp>CREATOR PLAN\u003Cbr \u002F>\n* UTM campaign tracking — See which marketing efforts drive results\u003Cbr \u002F>\n* Geographic data — Country and city-level visitor insights\u003Cbr \u002F>\n* Advanced filtering — Segment data by any dimension\u003Cbr \u002F>\n* Data archiving settings — Keep your database lean automatically\u003Cbr \u002F>\n* Priority support — Direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Cp>BUSINESS PLAN\u003Cbr \u002F>\n* Everything in the creator plan +\u003Cbr \u002F>\n* Full sales dashboard — Understand what content brings in the most revenue\u003Cbr \u002F>\n* Revenue attribution — Connect WooCommerce sales to traffic sources\u003C\u002Fp>\n\u003Cp>AGENCY PLAN\u003Cbr \u002F>\n* Everything in the business plan +\u003Cbr \u002F>\n* Reporting — Generate shareable reports\u003C\u002Fp>\n\u003Cp>All Burst Pro plans include \u003Cstrong>priority support\u003C\u002Fstrong>.  You’ll have direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Ch4>Learn More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fburst-statistics-vs-google-analytics\u002F\" rel=\"nofollow ugc\">Burst Statistics vs Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fwhy-is-burst-privacy-friendly\u002F\" rel=\"nofollow ugc\">Privacy & GDPR Compliance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Burst Pro Pricing\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy and Data Sharing\u003C\u002Fh4>\n\u003Cp>Burst Statistics includes an \u003Cstrong>optional\u003C\u002Fstrong> data sharing program. It is disabled by default. You can enable it under Burst Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Data Sharing, and you can turn it off again at any time from the same location.\u003Cbr \u002F>\nWhen enabled, the plugin sends a small set of aggregated, anonymized metrics to Burst Statistics’ servers once per month. This includes traffic statistics (visitors, pageviews, bounce rate, session duration), database row counts and query performance timings. No personal data, IP addresses, domain names, or visitor information is ever transmitted. All data is aggregated on your server before it leaves, making it impossible to trace back to your website or any individual user.\u003C\u002Fp>\n\u003Cp>We use this data to:\u003Cbr \u002F>\n* build anonymous industry benchmarks so you can compare your site’s performance against peers;\u003Cbr \u002F>\n* understand which features are most used, so we can prioritize development effectively;\u003Cbr \u002F>\n* know which WordPress and PHP versions are in active use, so we can make informed support decisions;\u003Cbr \u002F>\n* identify slow database queries across real-world installs, so we can improve plugin performance for everyone.\u003C\u002Fp>\n\u003Cp>For the complete list of data fields collected and full details on how the data is used, please read our \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fhow-we-handle-anonymous-usage-data\u002F\" rel=\"nofollow ugc\">Data Sharing Policy\u003C\u002Fa>.\u003Cbr \u002F>\nThis feature connects to: https:\u002F\u002Fapi.burst-statistics.com\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003C\u002Fstrong> in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Search for \u003Cstrong>Burst\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Install Now\u003C\u002Fstrong>, then \u003Cstrong>Activate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Visit \u003Cstrong>Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Dashboard\u003C\u002Fstrong> to see your analytics\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>That’s it. No external accounts. No tracking codes to paste. Burst starts collecting statistics immediately.\u003C\u002Fp>\n","Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.",200000,7013207,98,173,"2026-03-12T07:52:00.000Z","6.9.4","6.4","8.0",[74,75,76,21,22],"analytics","gdpr","privacy","https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Fburst-statistics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fburst-statistics.3.2.3.zip",96,3,"2025-06-27 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":79,"num_ratings":92,"last_updated":93,"tested_up_to":70,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":98,"download_link":99,"security_score":100,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"statify","Statify","1.8.5","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Statify provides a straightforward and compact access to the number of site views. It is privacy-friendly as it uses neither cookies nor a third party.\u003C\u002Fp>\n\u003Cp>An interactive chart is followed by lists of the most common reference sources and target pages. The period of statistics and length of lists can be set directly in the dashboard widget.\u003C\u002Fp>\n\u003Ch3>Data Privacy\u003C\u002Fh3>\n\u003Cp>In direct comparison to statistics services such as \u003Cem>Google Analytics\u003C\u002Fem>, \u003Cem>WordPress.com Stats\u003C\u002Fem> and \u003Cem>Matomo (Piwik)\u003C\u002Fem> \u003Cem>Statify\u003C\u002Fem> doesn’t process and store personal data as e.g. IP addresses – \u003Cem>Statify\u003C\u002Fem> counts site views, not visitors.\u003C\u002Fp>\n\u003Cp>Absolute privacy compliance coupled with transparent procedures: A locally in WordPress created database table consists of only four fields (ID, date, source, target) and can be viewed at any time, cleaned up and cleared by the administrator.\u003C\u002Fp>\n\u003Cp>Due to this tracking approach, Statify is 100% compliant with GDPR and serves as an lightweight alternative to other tracking services.\u003C\u002Fp>\n\u003Ch3>Display of the widget\u003C\u002Fh3>\n\u003Cp>The plugin configuration can be changed directly in the \u003Cem>Statify\u003C\u002Fem> Widget on the dashboard by clicking the \u003Cem>Configure\u003C\u002Fem> link.\u003C\u002Fp>\n\u003Cp>The amount of links shown in the \u003Cem>Statify\u003C\u002Fem> Widget can be set as well as the option to only count views from today. Of course, older entries are not deleted when changing this setting.\u003C\u002Fp>\n\u003Cp>The statistics for the dashboard widget are cached for four minutes.\u003C\u002Fp>\n\u003Ch3>Period of data saving\u003C\u002Fh3>\n\u003Cp>\u003Cem>Statify\u003C\u002Fem> stores the data only for a limited period (default: two weeks), longer intervals can be selected as option in the widget. Data which is older than the selected period is deleted by a daily cron job.\u003C\u002Fp>\n\u003Cp>An increase in the database volume can be expected because all statistic values are collected and managed in the local WordPress database (especially if you increase the period of data saving).\u003C\u002Fp>\n\u003Ch3>JavaScript tracking for caching compatibility\u003C\u002Fh3>\n\u003Cp>For compatibility with caching plugins like \u003Ca href=\"http:\u002F\u002Fcachify.de\" rel=\"nofollow ugc\">Cachify\u003C\u002Fa> \u003Cem>Statify\u003C\u002Fem> offers an optional switchable tracking via JavaScript. This function allows reliable count of cached blog pages.\u003C\u002Fp>\n\u003Cp>For this to work correctly, the active theme has to call \u003Ccode>wp_footer()\u003C\u002Fcode>, typically in a file named \u003Ccode>footer.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch3>Skip tracking for spam referrers\u003C\u002Fh3>\n\u003Cp>The comment blacklist can be enabled to skip tracking for views with a referrer URL listed in comment blacklist, i. e. which considered as spam.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you’ve problems or think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstatify\" rel=\"ugc\">support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fstatify\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fstatify\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.",100000,2377836,50,"2025-12-21T16:02:00.000Z","4.7","5.2",[74,97,76,21,22],"pageviews","https:\u002F\u002Fstatify.pluginkollektiv.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstatify.1.8.5.zip",100,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":120,"download_link":121,"security_score":67,"vuln_count":122,"unpatched_count":28,"last_vuln_date":123,"fetched_at":30},"official-statcounter-plugin-for-wordpress","StatCounter – Free Real Time Visitor Stats","2.1.1","StatCounter","https:\u002F\u002Fprofiles.wordpress.org\u002Fstatcounter\u002F","\u003Cp>The Official StatCounter WordPress Plugin brings you all the powerful StatCounter features to your wordpress blog.\u003C\u002Fp>\n\u003Cp>Including but not limited to the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#invisible-counter\" rel=\"nofollow ugc\">Invisible Counter Option\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#configurable-counter\" rel=\"nofollow ugc\">Configurable Counter\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#configurable-summary-stats\" rel=\"nofollow ugc\">Configurable Summary Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#magnify-user\" rel=\"nofollow ugc\">Magnify User\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#drill-down\" rel=\"nofollow ugc\">Drill Down\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#popular-pages\" rel=\"nofollow ugc\">Popular Pages\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#entry-pages\" rel=\"nofollow ugc\">Entry Pages\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#exit-pages\" rel=\"nofollow ugc\">Exit Pages\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#came-from\" rel=\"nofollow ugc\">Came From\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#keyword-analysis\" rel=\"nofollow ugc\">Keyword Analysis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#recent-keyword-activity\" rel=\"nofollow ugc\">Recent Keyword Activity\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#search-engine-wars\" rel=\"nofollow ugc\">Search Engine Wars\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#visitor-paths\" rel=\"nofollow ugc\">Visitor Paths\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#visit-length\" rel=\"nofollow ugc\">Visit Length\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#returning-visits\" rel=\"nofollow ugc\">Returning Visits\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#recent-pageload-activity\" rel=\"nofollow ugc\">Recent Pageload Activity\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#recent-visitor-activity\" rel=\"nofollow ugc\">Recent Visitor Activity\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#country-state-city-stats\" rel=\"nofollow ugc\">Country\u002FState\u002FCity Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#visitor-map\" rel=\"nofollow ugc\">Recent Visitor Google Map\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#isp-stats\" rel=\"nofollow ugc\">ISP Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#browser-stats\" rel=\"nofollow ugc\">Browser Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#os-stats\" rel=\"nofollow ugc\">O.S. Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#resolution-stats\" rel=\"nofollow ugc\">Resolution Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#javascript-stats\" rel=\"nofollow ugc\">JavaScript Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#email-reports\" rel=\"nofollow ugc\">Email Reports\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#multiple-site-management\" rel=\"nofollow ugc\">Multiple Site Management\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#user-access-management\" rel=\"nofollow ugc\">User Access Management\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#public-stats\" rel=\"nofollow ugc\">Public Stats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fstatcounter.com\u002Ffeatures\u002F#blocking-cookie\" rel=\"nofollow ugc\">Blocking Cookie\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","StatCounter.com powered real-time detailed stats about the visitors to your blog.",70000,1981970,80,47,"2025-12-02T12:40:00.000Z","6.8.5","2.0.2",[117,118,21,22,119],"counter","hit","web","http:\u002F\u002Fstatcounter.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fofficial-statcounter-plugin-for-wordpress.2.1.1.zip",2,"2026-02-18 00:00:00",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":100,"num_ratings":134,"last_updated":135,"tested_up_to":70,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":140,"download_link":141,"security_score":79,"vuln_count":122,"unpatched_count":28,"last_vuln_date":142,"fetched_at":30},"koko-analytics","Koko Analytics – Privacy Friendly Statistics for WordPress","2.2.4","Danny van Kooten","https:\u002F\u002Fprofiles.wordpress.org\u002Fdvankooten\u002F","\u003Cp>Koko Analytics provides website analytics and visitor statistics directly inside your WordPress dashboard without relying on external services. It is privacy-friendly, lightweight, open source, and easy to use.\u003C\u002Fp>\n\u003Cp>Fully GDPR, CCPA and PECR compliant by design: no personal data is processed or stored, everything runs on your own server and can be used without cookies.\u003C\u002Fp>\n\u003Cp>You can \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fkoko-analytics-dashboard\u002F\" rel=\"nofollow ugc\">view a live demo here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Why Koko Analytics\u003C\u002Fh3>\n\u003Cp>Our goal is to provide you with a simple, lightweight and privacy-friendly alternative to Google Analytics for your WordPress statistics.\u003C\u002Fp>\n\u003Ch4>Privacy Friendly Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fprivacy-focused-wordpress-analytics\u002F\" rel=\"nofollow ugc\">privacy friendly analytics\u003C\u002Fa>. No personal data is processed or stored, all measurements are carried out completely anonymously and nothing is ever shared with any third-party service.\u003C\u002Fp>\n\u003Ch4>Lightweight Statistics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Flightweight-wordpress-analytics\u002F\" rel=\"nofollow ugc\">lightweight analytics\u003C\u002Fa>. It adds less than 1 kilobyte of data to your HTML and is fully compatible with pages served from any kind of cache. WordPress is bypassed entirely for its collection endpoint, making the impact on your site’s performance as close to zero as possible. Fact: there is no faster statistics plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>Simple Analytics Dashboard\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fsimple-wordpress-analytics\u002F\" rel=\"nofollow ugc\">simple analytics\u003C\u002Fa>. There are no complicated reports to dig through. A single dashboard page shows you all the important metrics.\u003C\u002Fp>\n\u003Ch4>Open Source Analytics\u003C\u002Fh4>\n\u003Cp>Koko Analytics is \u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fopen-source-wordpress-analytics\u002F\" rel=\"nofollow ugc\">open source analytics\u003C\u002Fa>. The source code is released under the GPL license and freely \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fibericode\u002Fkoko-analytics\" rel=\"nofollow ugc\">available on GitHub\u003C\u002Fa>. Anyone can read it, inspect it and review it.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A beautiful analytics dashboard built right into WordPress admin.\u003C\u002Fli>\n\u003Cli>View statistics for your most popular posts and pages.\u003C\u002Fli>\n\u003Cli>See referral statistics showing which sites send you traffic.\u003C\u002Fli>\n\u003Cli>Path-based tracking to see analytics for any URL, including archives and search pages.\u003C\u002Fli>\n\u003Cli>Reliably detect returning visitors without the use of cookies.\u003C\u002Fli>\n\u003Cli>Exclude visits from certain WordPress user roles or IP addresses.\u003C\u002Fli>\n\u003Cli>Import historical statistics from Jetpack Stats, Plausible or Burst Statistics.\u003C\u002Fli>\n\u003Cli>Periodically clean-up historical data older than a specified number of months or years.\u003C\u002Fli>\n\u003Cli>A widget, Gutenberg block or shortcode to show a list of your most visited posts or pages.\u003C\u002Fli>\n\u003Cli>A shortcode or Gutenberg block to show the total number of pageviews to a given page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Premium features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>See what countries your site is visited from with geo-location statistics.\u003C\u002Fli>\n\u003Cli>See what browsers, operating systems or devices your visitors are using.\u003C\u002Fli>\n\u003Cli>Custom event analytics to track outbound link clicks, contact form submissions, and more.\u003C\u002Fli>\n\u003Cli>Stay up-to-date with periodic analytics reports delivered to your email inbox.\u003C\u002Fli>\n\u003Cli>Be notified immediately whenever your site experiences an unusual traffic spike.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You will have access to all of these benefits and more for a small yearly fee.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.kokoanalytics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">View pricing for Koko Analytics Pro here \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n","Koko Analytics is a privacy-friendly statistics plugin for WordPress that is an easy to use alternative to Google Analytics.",60000,2043562,222,"2026-03-12T15:04:00.000Z","6.0","7.4",[74,139,76,21,22],"google-analytics","https:\u002F\u002Fwww.kokoanalytics.com\u002F#utm_source=wp-plugin&utm_medium=koko-analytics&utm_campaign=plugins-page","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkoko-analytics.2.2.4.zip","2026-01-20 00:00:00",{"slug":144,"name":145,"version":146,"author":147,"author_profile":148,"description":149,"short_description":150,"active_installs":132,"downloaded":151,"rating":152,"num_ratings":153,"last_updated":154,"tested_up_to":70,"requires_at_least":155,"requires_php":18,"tags":156,"homepage":159,"download_link":160,"security_score":161,"vuln_count":162,"unpatched_count":28,"last_vuln_date":163,"fetched_at":30},"wp-piwik","Connect Matomo – Analytics Dashboard for WordPress","1.1.1","matomoteam","https:\u002F\u002Fprofiles.wordpress.org\u002Fmatomoteam\u002F","\u003Cp>\u003Cstrong>Version 1.1.1 includes an important security related fix, it is highly recommended to update to this version.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you are not yet using Matomo On-Premise, Matomo Cloud or hosting your own instance of Matomo, please use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmatomo\u002F\" rel=\"ugc\">Matomo for WordPress plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin uses the Matomo API to show your Matomo statistics in your WordPress dashboard. It’s also able to add the Matomo tracking code to your blog and to do some modifications to the tracking code. Additionally, WP-Matomo supports WordPress networks and manages multiple sites and their tracking codes.\u003C\u002Fp>\n\u003Cp>To use this plugin the Matomo web analytics application is required. If you do not already have a Matomo setup (e.g., provided by your web hosting service), you have two simple options: use either a \u003Ca href=\"http:\u002F\u002Fmatomo.org\u002F\" rel=\"nofollow ugc\">self-hosted Matomo\u003C\u002Fa> or a \u003Ca href=\"https:\u002F\u002Fwww.innocraft.cloud\u002F?pk_campaign=WP-Piwik\" rel=\"nofollow ugc\">cloud-hosted Matomo by InnoCraft\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements:\u003C\u002Fstrong> PHP 7.0 (or higher), WordPress 5.0 (or higher), Matomo 4.0 (or higher)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages:\u003C\u002Fstrong> English, Albanian, Chinese, Dutch, French, German, Greek, Hungarian, Italian, Polish, Portuguese (Brazil). Partially supported: Azerbaijani, Belarusian, Hindi, Lithuanian, Luxembourgish, Norwegian, Persian, Romanian, Russian, Spanish, Swedish, Turkish, Ukrainian\u003C\u002Fp>\n\u003Ch4>What is Matomo?\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FQc2kooLNDiU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fmatomo.org\u002Fwhat-is-matomo\u002F\" rel=\"nofollow ugc\">Learn more.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>First steps\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Learn how to install your own Matomo instance: \u003Ca href=\"https:\u002F\u002Fmatomo.org\u002Fdocs\u002Frequirements\u002F\" rel=\"nofollow ugc\">Requirements\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fmatomo.org\u002Fdocs\u002Finstallation-optimization\u002F\" rel=\"nofollow ugc\">Installation\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>If you need support about Matomo, please have a look at the \u003Ca href=\"https:\u002F\u002Fforum.matomo.org\u002F\" rel=\"nofollow ugc\">Matomo forums\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Finally, you can start \u003Ca href=\"https:\u002F\u002Fmatomo.org\u002Fblog\u002F2015\u002F05\u002Fwordpress-integration-wp-piwik-1-0\u002F\" rel=\"nofollow ugc\">setting up WP-Matomo\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcodes\u003C\u002Fh4>\n\u003Cp>You can use following shortcodes if activated:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wp-piwik module=\"overview\" title=\"\" period=\"day\" date=\"yesterday\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Shows overview table like WP-Matomo’s overview dashboard. See Matomo API documentation on VisitsSummary.get to get more information on period and day. Multiple data arrays will be cumulated. If you fill the title attribute, its content will be shown in the table’s title.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wp-piwik module=\"opt-out\" language=\"en\" width=\"100%\" height=\"200px\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Shows the Matomo opt-out Iframe. You can change the Iframe’s language by the language attribute (e.g. de for German language) and its width and height using the corresponding attributes.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wp-piwik module=\"post\" range=\"last30\" key=\"sum_daily_nb_uniq_visitors\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Shows the chosen keys value related to the current post. You can define a range (format: lastN, previousN or YYYY-MM-DD,YYYY-MM-DD) and the desired value’s key (e.g., sum_daily_nb_uniq_visitors, nb_visits or nb_hits – for details see Matomo’s API method Actions.getPageUrl using a range).\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wp-piwik]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>is equal to \u003Cem>[wp-piwik module=”overview” title=”” period=”day” date=”yesterday”]\u003C\u002Fem>.\u003C\u002Fp>\n\u003Ch4>Credits and Acknowledgements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Graphs powered by \u003Ca href=\"https:\u002F\u002Fwww.chartjs.org\" rel=\"nofollow ugc\">Chart.js\u003C\u002Fa> (MIT License).\u003C\u002Fli>\n\u003Cli>All translators at Transifex and WordPress.\u003C\u002Fli>\n\u003Cli>Anyone who donates to the WP-Matomo project, including the Matomo team!\u003C\u002Fli>\n\u003Cli>All users who send me mails containing criticism, commendation, feature requests and bug reports – you help me to make WP-Matomo much better!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Thank you all!\u003C\u002Fp>\n","Adds Matomo (former Piwik) statistics to your WordPress dashboard and is also able to add the Matomo Tracking Code to your blog.",2878717,90,95,"2026-03-10T06:59:00.000Z","5.0",[74,157,21,22,158],"matomo","tracking","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-piwik\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-piwik.1.1.1.zip",97,5,"2023-09-21 00:00:00",{"attackSurface":165,"codeSignals":193,"taintFlows":375,"riskAssessment":404,"analyzedAt":415},{"hooks":166,"ajaxHandlers":185,"restRoutes":186,"shortcodes":187,"cronEvents":192,"entryPointCount":27,"unprotectedCount":28},[167,173,177,181],{"type":168,"name":169,"callback":170,"file":171,"line":172},"action","plugins_loaded","stats_textdomain","wp-stats.php",33,{"type":168,"name":174,"callback":175,"file":171,"line":176},"admin_menu","stats_menu",40,{"type":168,"name":178,"callback":179,"file":171,"line":180},"wp_enqueue_script","stats_stylesheets",48,{"type":168,"name":182,"callback":183,"file":171,"line":184},"widgets_init","widget_stats_init",825,[],[],[188],{"tag":189,"callback":190,"file":171,"line":191},"page_stats","stats_page_shortcode",353,[],{"dangerousFunctions":194,"sqlUsage":195,"outputEscaping":225,"fileOperations":28,"externalRequests":28,"nonceChecks":27,"capabilityChecks":28,"bundledLibraries":374},[],{"prepared":28,"raw":196,"locations":197},13,[198,201,203,204,206,208,210,213,215,217,219,221,223],{"file":171,"line":199,"context":200},72,"$wpdb->get_var() with variable interpolation",{"file":171,"line":202,"context":200},84,{"file":171,"line":79,"context":200},{"file":171,"line":205,"context":200},108,{"file":171,"line":207,"context":200},120,{"file":171,"line":209,"context":200},132,{"file":171,"line":211,"context":212},150,"$wpdb->get_results() with variable interpolation",{"file":171,"line":214,"context":212},178,{"file":171,"line":216,"context":212},206,{"file":171,"line":218,"context":212},241,{"file":171,"line":220,"context":212},277,{"file":171,"line":222,"context":200},531,{"file":171,"line":224,"context":212},570,{"escaped":226,"rawEcho":52,"locations":227},8,[228,232,234,236,238,240,242,244,246,248,250,252,254,256,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,310,311,312,314,315,316,318,319,320,322,323,324,326,327,328,330,331,332,334,335,336,338,339,340,342,343,344,346,347,348,350,351,352,354,355,356,358,359,360,361,363,364,365,366,368,370,371,373],{"file":229,"line":230,"context":231},"stats-options.php",62,"raw output",{"file":229,"line":233,"context":231},63,{"file":229,"line":235,"context":231},77,{"file":229,"line":237,"context":231},87,{"file":229,"line":239,"context":231},92,{"file":229,"line":241,"context":231},99,{"file":229,"line":243,"context":231},107,{"file":229,"line":245,"context":231},113,{"file":229,"line":247,"context":231},119,{"file":229,"line":249,"context":231},127,{"file":171,"line":251,"context":231},64,{"file":171,"line":253,"context":231},74,{"file":171,"line":255,"context":231},86,{"file":171,"line":67,"context":231},{"file":171,"line":258,"context":231},110,{"file":171,"line":260,"context":231},122,{"file":171,"line":262,"context":231},134,{"file":171,"line":264,"context":231},162,{"file":171,"line":266,"context":231},190,{"file":171,"line":268,"context":231},225,{"file":171,"line":270,"context":231},260,{"file":171,"line":272,"context":231},292,{"file":171,"line":274,"context":231},315,{"file":171,"line":276,"context":231},332,{"file":171,"line":278,"context":231},671,{"file":171,"line":280,"context":231},673,{"file":171,"line":282,"context":231},677,{"file":171,"line":284,"context":231},681,{"file":171,"line":286,"context":231},685,{"file":171,"line":288,"context":231},689,{"file":171,"line":290,"context":231},693,{"file":171,"line":292,"context":231},697,{"file":171,"line":294,"context":231},701,{"file":171,"line":296,"context":231},705,{"file":171,"line":298,"context":231},709,{"file":171,"line":300,"context":231},714,{"file":171,"line":302,"context":231},722,{"file":171,"line":304,"context":231},731,{"file":171,"line":306,"context":231},734,{"file":171,"line":308,"context":231},771,{"file":171,"line":308,"context":231},{"file":171,"line":308,"context":231},{"file":171,"line":308,"context":231},{"file":171,"line":313,"context":231},775,{"file":171,"line":313,"context":231},{"file":171,"line":313,"context":231},{"file":171,"line":317,"context":231},777,{"file":171,"line":317,"context":231},{"file":171,"line":317,"context":231},{"file":171,"line":321,"context":231},779,{"file":171,"line":321,"context":231},{"file":171,"line":321,"context":231},{"file":171,"line":325,"context":231},781,{"file":171,"line":325,"context":231},{"file":171,"line":325,"context":231},{"file":171,"line":329,"context":231},783,{"file":171,"line":329,"context":231},{"file":171,"line":329,"context":231},{"file":171,"line":333,"context":231},785,{"file":171,"line":333,"context":231},{"file":171,"line":333,"context":231},{"file":171,"line":337,"context":231},787,{"file":171,"line":337,"context":231},{"file":171,"line":337,"context":231},{"file":171,"line":341,"context":231},789,{"file":171,"line":341,"context":231},{"file":171,"line":341,"context":231},{"file":171,"line":345,"context":231},791,{"file":171,"line":345,"context":231},{"file":171,"line":345,"context":231},{"file":171,"line":349,"context":231},794,{"file":171,"line":349,"context":231},{"file":171,"line":349,"context":231},{"file":171,"line":353,"context":231},798,{"file":171,"line":353,"context":231},{"file":171,"line":353,"context":231},{"file":171,"line":357,"context":231},801,{"file":171,"line":357,"context":231},{"file":171,"line":357,"context":231},{"file":171,"line":357,"context":231},{"file":171,"line":362,"context":231},804,{"file":171,"line":362,"context":231},{"file":171,"line":362,"context":231},{"file":171,"line":362,"context":231},{"file":171,"line":367,"context":231},808,{"file":171,"line":369,"context":231},809,{"file":171,"line":369,"context":231},{"file":171,"line":372,"context":231},818,{"file":171,"line":372,"context":231},[],[376],{"entryPoint":377,"graph":378,"unsanitizedCount":28,"severity":403},"\u003Cstats-options> (stats-options.php:0)",{"nodes":379,"edges":399},[380,385,391,395],{"id":381,"type":382,"label":383,"file":229,"line":384},"n0","source","$_POST (x3)",9,{"id":386,"type":387,"label":388,"file":229,"line":389,"wp_function":390},"n1","sink","update_option() [Settings Manipulation]",22,"update_option",{"id":392,"type":382,"label":393,"file":229,"line":394},"n2","$_POST",10,{"id":396,"type":387,"label":397,"file":229,"line":235,"wp_function":398},"n3","echo() [XSS]","echo",[400,402],{"from":381,"to":386,"sanitized":401},true,{"from":392,"to":396,"sanitized":401},"low",{"summary":405,"deductions":406},"The wp-stats plugin v2.56 presents a mixed security posture.  While the static analysis reveals a relatively small attack surface with no unprotected entry points and a recent history of no currently unpatched vulnerabilities, several concerning patterns emerge from the code analysis.  A significant concern is the complete lack of prepared statements for all 13 SQL queries, making it highly susceptible to SQL injection attacks. Furthermore, only 8% of output escaping is properly implemented, indicating a broad risk of Cross-Site Scripting (XSS) vulnerabilities across various output points.  The presence of a past medium severity CSRF vulnerability, even if patched, suggests a historical tendency for security oversights in the plugin's development.\n\nDespite the absence of critical taint flows and dangerous functions, the widespread use of raw SQL and inadequate output escaping, combined with a single past CSRF vulnerability, indicates a plugin that requires careful attention. The lack of capability checks on any of the identified entry points is also a notable weakness. While the plugin appears to have addressed its past vulnerabilities and has no known current issues, the fundamental coding practices regarding SQL and output sanitization leave it exposed to common web attack vectors. A user of this plugin should be aware of these underlying risks.",[407,409,411,413],{"reason":408,"points":394},"All SQL queries use raw statements, not prepared",{"reason":410,"points":226},"Low percentage of properly escaped output",{"reason":412,"points":162},"No capability checks on entry points",{"reason":414,"points":162},"Past medium severity CSRF vulnerability","2026-03-16T18:26:55.072Z",{"wat":417,"direct":423},{"assetPaths":418,"generatorPatterns":420,"scriptPaths":421,"versionParams":422},[419],"\u002Fwp-content\u002Fplugins\u002Fwp-stats\u002Fstats-css.css",[],[],[],{"cssClasses":424,"htmlComments":426,"htmlAttributes":427,"restEndpoints":428,"jsGlobals":429,"shortcodeOutput":430},[425],"wrap",[],[],[],[],[]]