[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjUkgWVFdzDJw7QJArQSWDXiELu22piB89urdl9WRy_o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":126,"fingerprints":1159},"wp-visitorflow","WP VisitorFlow","1.6.2","Friese","https:\u002F\u002Fprofiles.wordpress.org\u002Ffriese\u002F","\u003Cp>WP VisitorFlow provides detailed information about visitors to your website. With WP VisitorFlow you can see at a glance how visitors interact with your website: All paths taken by your visitors are summarized in a comprehensive flowchart.\u003C\u002Fp>\n\u003Ch4>Fast and Clear Visualization\u003C\u002Fh4>\n\u003Cp>WP VisitorFlow not only tracks the flow of visitors to your WordPress website, it  makes the flow visible. Detailed but still clear diagrams provide you with the full information about the visitor flow. See, how your visitors use your website. Learn, how changes in your website’s structure or new posts or pages influence the visitor flow. Use WP VisitorFlow to get feedback on your publishing actions and integrate it in your search engine optimization process.\u003C\u002Fp>\n\u003Ch4>Highly Performant, Independent and Privacy-Friendly\u003C\u002Fh4>\n\u003Cp>WP VisitorFlow has been developed with focus on website performance, usability and data privacy. Although tremendous amounts of data can arise from the flow on highly frequented websites, the plugin is optimized for minimized data storage and a minimum database load. All data is stored in your own WordPress database – no third party tool or service is necessary. Last but not least, the software has been developed to fulfill strict data privacy regulations.\u003C\u002Fp>\n\u003Ch4>Feature List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Storage of visitor data – Web browsers, operation systems, and IP address (encryption possible).\u003C\u002Fli>\n\u003Cli>Page views – Any view of any page on your WordPress website including date and time.\u003C\u002Fli>\n\u003Cli>Visualization of the visitor flow – Step-by-step diagrams providing at-a-glance information about your visitors’ routes on your website.\u003C\u002Fli>\n\u003Cli>Statistics on search engines, web crawlers, spiders and bots, including search key words.\u003C\u002Fli>\n\u003Cli>Encapsulated data storage – All data is stored only in your own WordPress database, no external source or additional service necessary. It is all yours, it stays yours.\u003C\u002Fli>\n\u003Cli>Data privacy – Optional anonymization of visitor data regarding data privacy rules in several countries.\u003C\u002Fli>\n\u003Cli>Data compression – Automatized compression (data aggregation) of older data to keep your database lean and your website performance up.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you find any bug, have a question or need a new feature, please post a short comment at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-visitorflow\" rel=\"ugc\">support forum\u003C\u002Fa>. We will come back to you as soon as possible.\u003C\u002Fp>\n\u003Cp>Developers, please have also a look at the official \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FOnnoGeorg\u002Fwordpress-plugin-wp-visitorflow\" rel=\"nofollow ugc\">repo on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Detailed web analytics and visualization of your website's visitor flow.",100,15898,3,"2021-02-08T10:14:00.000Z","5.6.17","3.5","5.5",[19,20,21,22,23],"analytics","statistics","stats","visits","web-analytics","https:\u002F\u002Fwww.datacodedesign.de\u002Findex.php\u002Fwp-visitorflow\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-visitorflow.1.6.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"friese",2,30,84,"2026-04-04T16:34:50.404Z",[38,56,74,85,108],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":27,"num_ratings":27,"last_updated":42,"tested_up_to":48,"requires_at_least":49,"requires_php":42,"tags":50,"homepage":53,"download_link":54,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":55},"omniture-sitecatalyst","Omniture – SiteCatalyst","0.1.0","","https:\u002F\u002Fprofiles.wordpress.org\u002Frudishumpert\u002F","\u003Cp>This plugin will add tracking features to your wordpress blog without have to know any PHP,\u003Cbr \u002F>\nedit code, or cut and paste tracking code to footers.  Also, if you change or update themes,\u003Cbr \u002F>\n you will not have to remember to update tracking code.  You will have to be able to upload your\u003Cbr \u002F>\nOmniture s_code.js file to directory on your web server.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enter all settings through admin screen\u003C\u002Fli>\n\u003Cli>Tracks all pages \u003C\u002Fli>\n\u003Cli>Captures logged in status of users\u003C\u002Fli>\n\u003Cli>Captures internal search terms\u003C\u002Fli>\n\u003Cli>Captures number of search results\u003C\u002Fli>\n\u003Cli>Captures 404 data\u003C\u002Fli>\n\u003Cli>Ability to track\u002Fnot track Administrators\u003C\u002Fli>\n\u003Cli>Ability to set event to track comments and to set event number in admin settings\u003C\u002Fli>\n\u003Cli>Added Reporting widgets from inside WordPress (Optional)\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin will add tracking features to your wordpress blog without have to know any PHP, edit code, or cut and paste tracking code to footers.",10,3829,"2.9.2","2.8",[51,20,21,52],"omniture-web-analytics","tracking","http:\u002F\u002Fwww.rudishumpert.com\u002Fprojects\u002Fwp-omniture\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fomniture-sitecatalyst.zip","2026-03-15T10:48:56.248Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":46,"downloaded":64,"rating":11,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":72,"download_link":73,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"personyze-web-analytics","Personyze WordPress Plugin","0.20","Personyze","https:\u002F\u002Fprofiles.wordpress.org\u002Fpersonyze\u002F","\u003Cp>Personyze combines artificial intelligence and powerful targeting to provide each visitor with a personalized, tailored experience that will keep them engaged, converting, and returning for more. This page will give you a summary of our personalization engine from top to bottom.\u003C\u002Fp>\n\u003Cp>Personyze plugin for WordPress allows you to to deeply integrate your WordPress content into Personzye personalization tools that include targeting and site AI based recommendation to deliver each visitor a personal experience.\u003C\u002Fp>\n\u003Cp>For instructions please visit https:\u002F\u002Fwiki.personyze.com\u002Fknowledgebase\u002Fwordpress-personalization-plugin\u002F\u003C\u002Fp>\n","Personyze is an advanced Web analytics and personalization tool.",3530,1,"2022-07-23T11:14:00.000Z","6.0.11","2.0.2","7.0",[71,19,20,21,23],"ab-testing","https:\u002F\u002Fwww.personyze.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpersonyze-web-analytics.0.20.zip",{"slug":75,"name":76,"version":77,"author":42,"author_profile":43,"description":78,"short_description":45,"active_installs":46,"downloaded":79,"rating":27,"num_ratings":27,"last_updated":80,"tested_up_to":48,"requires_at_least":49,"requires_php":42,"tags":81,"homepage":83,"download_link":84,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"ywa-yahoo-web-analytics","YWA – Yahoo Web Analytics","0.1.8","\u003Cp>This plugin will add tracking features to your wordpress blog without have to know any PHP,\u003Cbr \u002F>\nedit code, or cut and paste tracking code to footers.  Also, if you change or update themes,\u003Cbr \u002F>\n you will not have to remember to update tracking code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enter all settings through admin screen\u003C\u002Fli>\n\u003Cli>Tracks all pages \u003C\u002Fli>\n\u003Cli>Captures logged in status of users\u003C\u002Fli>\n\u003Cli>Captures internal search terms\u003C\u002Fli>\n\u003Cli>Captures number of search results\u003C\u002Fli>\n\u003Cli>Captures 404 data\u003C\u002Fli>\n\u003Cli>Ability to track\u002Fnot track Administrators\u003C\u002Fli>\n\u003Cli>Tracks Comments as Actions\u003C\u002Fli>\n\u003C\u002Ful>\n",3169,"2010-01-15T23:44:00.000Z",[20,21,52,82],"yahoo-web-analytics","http:\u002F\u002Fwww.rudishumpert.com\u002Fprojects","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fywa-yahoo-web-analytics.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":95,"num_ratings":96,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":104,"download_link":105,"security_score":106,"vuln_count":13,"unpatched_count":27,"last_vuln_date":107,"fetched_at":29},"burst-statistics","Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative)","3.2.3","Burst Statistics B.V.","https:\u002F\u002Fprofiles.wordpress.org\u002Fburstbv\u002F","\u003Ch4>Finally, analytics that you’ll actually use.\u003C\u002Fh4>\n\u003Cp>Google Analytics is overkill. Other WordPress statistics plugins are cluttered and confusing. You just want to know what’s happening on your site – without a data science degree.\u003C\u002Fp>\n\u003Cp>Burst Statistics gives you a clean, intuitive analytics dashboard focused on the metrics that actually matter. \u003Cstrong>No external accounts. No complex setup. Install, activate, and understand your traffic in seconds.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Trusted by \u003Cstrong>200,000+ WordPress sites\u003C\u002Fstrong>. Built by the experienced team behind UpdraftPlus, WP-Optimize, and All-In-One Security.\u003C\u002Fp>\n\u003Ch4>What our users are saying\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Finally, an analytics plugin I can actually explain to clients.”\u003Cbr \u002F>\n  — @anguskeystone on wordpress.org\u003C\u002Fp>\n\u003Cp>“I tried WP Statistics and Independent Analytics, but they’re overloaded and confusing. Burst’s UI is intuitive and focused on what matters to me.”\u003Cbr \u002F>\n  — @vallered on wordpress.org\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Why Burst Statistics?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Designed to be actionable\u003C\u002Fstrong>\u003Cbr \u002F>\nOther analytics plugins throw everything at you. Burst shows what matters — visitors, pageviews, referrers, top pages — in a dashboard you’ll actually use. No overload of data. No confusing menus.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy-first by design\u003C\u002Fstrong>\u003Cbr \u002F>\nAll statistics stay on your server. No external tracking. Your data is yours – we never see it without your explicit permission.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Zero setup friction\u003C\u002Fstrong>\u003Cbr \u002F>\nInstall, activate, done. No Google accounts, no tracking codes, no configuration headaches. Start seeing live visitors immediately.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Built for WordPress\u003C\u002Fstrong>\u003Cbr \u002F>\nNot a port from another platform. Designed specifically for WordPress with native performance and seamless integration.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fast and lightweight\u003C\u002Fstrong>\u003Cbr \u002F>\nOptimized database queries, no bloated scripts (\u003C4kb tracking script), no external dependencies slowing down your pages. Designed to track accurately even when using aggressive server-side caching.\u003C\u002Fp>\n\u003Cp>\u003Ch4>Features\u003C\u002Fh4>\n\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Understand your traffic\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View table of top performing pages and posts\u003C\u002Fli>\n\u003Cli>Track key metrics (Visitors, Sessions, Pageviews, Bounce Rate)\u003C\u002Fli>\n\u003Cli>Breakdown of visitors by device (Desktop, Tablet, Mobile)\u003C\u002Fli>\n\u003Cli>Filter data by custom date ranges\u003C\u002Fli>\n\u003Cli>Compare traffic over time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Real-time analytics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Identify the real-time source for live visitors\u003C\u002Fli>\n\u003Cli>View the specific pages users are visiting now\u003C\u002Fli>\n\u003Cli>See a live count of active users on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>See what content performs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Top pages and posts ranked by views\u003C\u002Fli>\n\u003Cli>Compare any date range\u003C\u002Fli>\n\u003Cli>Track individual page performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Custom conversion tracking\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Track views, clicks and hooks\u003C\u002Fli>\n\u003Cli>Track WooCommerce sales\u003C\u002Fli>\n\u003Cli>Track custom events or hooks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Privacy without compromise\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>100% self-hosted — all statistics stored locally in your WordPress database\u003C\u002Fli>\n\u003Cli>Cookieless tracking option (no consent banner required in some countries)\u003C\u002Fli>\n\u003Cli>Designed to support GDPR, CCPA, DSGVO, AVG, RGPD, and PECR compliance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Stay informed\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Weekly or monthly email reports delivered to your inbox\u003C\u002Fli>\n\u003Cli>Compare periods to spot trends\u003C\u002Fli>\n\u003Cli>Get notified when tracking does not work\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>From the creators of UpdraftPlus, WP Optimize and All In One Security\u003C\u002Fh4>\n\u003Cp>Burst Statistics was created by experienced developers who also created:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fupdraftplus\u002F\" rel=\"ugc\">UpdraftPlus: WP Backup & Migration Plugin\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fall-in-one-wp-security-and-firewall\u002F\" rel=\"ugc\">All-In-One Security (AIOS) – Security and Firewall\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-optimize\u002F\" rel=\"ugc\">WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Who is Burst for?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bloggers & content creators\u003C\u002Fstrong> — See which posts resonate with your audience\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Small business owners\u003C\u002Fstrong> — Understand your traffic without complexity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce stores\u003C\u002Fstrong> — Track visitor behavior and sales (Burst Pro – Business plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & freelancers\u003C\u002Fstrong> — Manage analytics for your clients (Burst Pro – Agency plan)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-conscious site owners\u003C\u002Fstrong> — GDPR-compliant stats without consent banners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone tired of Google Analytics\u003C\u002Fstrong> — Get clarity instead of confusion\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Unlock comprehensive insights into your website’s user behaviour with Burst Pro. Benefit from advanced features designed to improve performance, boost engagement, and drive conversions. \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Get Burst Pro now.\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Free vs Pro\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Burst Statistics (Free)\u003C\u002Fstrong> includes everything you need to understand your website traffic: visitors, pageviews, referrers, top content, device stats, goal tracking, email reports, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Burst Pro\u003C\u002Fstrong> adds advanced features for businesses and professionals:\u003C\u002Fp>\n\u003Cp>CREATOR PLAN\u003Cbr \u002F>\n* UTM campaign tracking — See which marketing efforts drive results\u003Cbr \u002F>\n* Geographic data — Country and city-level visitor insights\u003Cbr \u002F>\n* Advanced filtering — Segment data by any dimension\u003Cbr \u002F>\n* Data archiving settings — Keep your database lean automatically\u003Cbr \u002F>\n* Priority support — Direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Cp>BUSINESS PLAN\u003Cbr \u002F>\n* Everything in the creator plan +\u003Cbr \u002F>\n* Full sales dashboard — Understand what content brings in the most revenue\u003Cbr \u002F>\n* Revenue attribution — Connect WooCommerce sales to traffic sources\u003C\u002Fp>\n\u003Cp>AGENCY PLAN\u003Cbr \u002F>\n* Everything in the business plan +\u003Cbr \u002F>\n* Reporting — Generate shareable reports\u003C\u002Fp>\n\u003Cp>All Burst Pro plans include \u003Cstrong>priority support\u003C\u002Fstrong>.  You’ll have direct contact with our developers (You’ll speak to actual humans!)\u003C\u002Fp>\n\u003Ch4>Learn More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fburst-statistics-vs-google-analytics\u002F\" rel=\"nofollow ugc\">Burst Statistics vs Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fwhy-is-burst-privacy-friendly\u002F\" rel=\"nofollow ugc\">Privacy & GDPR Compliance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Burst Pro Pricing\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy and Data Sharing\u003C\u002Fh4>\n\u003Cp>Burst Statistics includes an \u003Cstrong>optional\u003C\u002Fstrong> data sharing program. It is disabled by default. You can enable it under Burst Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Data Sharing, and you can turn it off again at any time from the same location.\u003Cbr \u002F>\nWhen enabled, the plugin sends a small set of aggregated, anonymized metrics to Burst Statistics’ servers once per month. This includes traffic statistics (visitors, pageviews, bounce rate, session duration), database row counts and query performance timings. No personal data, IP addresses, domain names, or visitor information is ever transmitted. All data is aggregated on your server before it leaves, making it impossible to trace back to your website or any individual user.\u003C\u002Fp>\n\u003Cp>We use this data to:\u003Cbr \u002F>\n* build anonymous industry benchmarks so you can compare your site’s performance against peers;\u003Cbr \u002F>\n* understand which features are most used, so we can prioritize development effectively;\u003Cbr \u002F>\n* know which WordPress and PHP versions are in active use, so we can make informed support decisions;\u003Cbr \u002F>\n* identify slow database queries across real-world installs, so we can improve plugin performance for everyone.\u003C\u002Fp>\n\u003Cp>For the complete list of data fields collected and full details on how the data is used, please read our \u003Ca href=\"https:\u002F\u002Fburst-statistics.com\u002Fhow-we-handle-anonymous-usage-data\u002F\" rel=\"nofollow ugc\">Data Sharing Policy\u003C\u002Fa>.\u003Cbr \u002F>\nThis feature connects to: https:\u002F\u002Fapi.burst-statistics.com\u003C\u002Fp>\n\u003Ch4>Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Cstrong>Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003C\u002Fstrong> in your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Search for \u003Cstrong>Burst\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Install Now\u003C\u002Fstrong>, then \u003Cstrong>Activate\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Visit \u003Cstrong>Statistics \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Dashboard\u003C\u002Fstrong> to see your analytics\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>That’s it. No external accounts. No tracking codes to paste. Burst starts collecting statistics immediately.\u003C\u002Fp>\n","Analytics you'll actually use. Privacy-friendly, zero config, and designed to be actionable. Get insights, not just raw data.",200000,7013207,98,173,"2026-03-12T07:52:00.000Z","6.9.4","6.4","8.0",[19,102,103,20,21],"gdpr","privacy","https:\u002F\u002Fwww.wordpress.org\u002Fplugins\u002Fburst-statistics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fburst-statistics.3.2.3.zip",96,"2025-06-27 00:00:00",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":106,"num_ratings":118,"last_updated":119,"tested_up_to":98,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":124,"download_link":125,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"statify","Statify","1.8.5","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Statify provides a straightforward and compact access to the number of site views. It is privacy-friendly as it uses neither cookies nor a third party.\u003C\u002Fp>\n\u003Cp>An interactive chart is followed by lists of the most common reference sources and target pages. The period of statistics and length of lists can be set directly in the dashboard widget.\u003C\u002Fp>\n\u003Ch3>Data Privacy\u003C\u002Fh3>\n\u003Cp>In direct comparison to statistics services such as \u003Cem>Google Analytics\u003C\u002Fem>, \u003Cem>WordPress.com Stats\u003C\u002Fem> and \u003Cem>Matomo (Piwik)\u003C\u002Fem> \u003Cem>Statify\u003C\u002Fem> doesn’t process and store personal data as e.g. IP addresses – \u003Cem>Statify\u003C\u002Fem> counts site views, not visitors.\u003C\u002Fp>\n\u003Cp>Absolute privacy compliance coupled with transparent procedures: A locally in WordPress created database table consists of only four fields (ID, date, source, target) and can be viewed at any time, cleaned up and cleared by the administrator.\u003C\u002Fp>\n\u003Cp>Due to this tracking approach, Statify is 100% compliant with GDPR and serves as an lightweight alternative to other tracking services.\u003C\u002Fp>\n\u003Ch3>Display of the widget\u003C\u002Fh3>\n\u003Cp>The plugin configuration can be changed directly in the \u003Cem>Statify\u003C\u002Fem> Widget on the dashboard by clicking the \u003Cem>Configure\u003C\u002Fem> link.\u003C\u002Fp>\n\u003Cp>The amount of links shown in the \u003Cem>Statify\u003C\u002Fem> Widget can be set as well as the option to only count views from today. Of course, older entries are not deleted when changing this setting.\u003C\u002Fp>\n\u003Cp>The statistics for the dashboard widget are cached for four minutes.\u003C\u002Fp>\n\u003Ch3>Period of data saving\u003C\u002Fh3>\n\u003Cp>\u003Cem>Statify\u003C\u002Fem> stores the data only for a limited period (default: two weeks), longer intervals can be selected as option in the widget. Data which is older than the selected period is deleted by a daily cron job.\u003C\u002Fp>\n\u003Cp>An increase in the database volume can be expected because all statistic values are collected and managed in the local WordPress database (especially if you increase the period of data saving).\u003C\u002Fp>\n\u003Ch3>JavaScript tracking for caching compatibility\u003C\u002Fh3>\n\u003Cp>For compatibility with caching plugins like \u003Ca href=\"http:\u002F\u002Fcachify.de\" rel=\"nofollow ugc\">Cachify\u003C\u002Fa> \u003Cem>Statify\u003C\u002Fem> offers an optional switchable tracking via JavaScript. This function allows reliable count of cached blog pages.\u003C\u002Fp>\n\u003Cp>For this to work correctly, the active theme has to call \u003Ccode>wp_footer()\u003C\u002Fcode>, typically in a file named \u003Ccode>footer.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch3>Skip tracking for spam referrers\u003C\u002Fh3>\n\u003Cp>The comment blacklist can be enabled to skip tracking for views with a referrer URL listed in comment blacklist, i. e. which considered as spam.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>If you’ve problems or think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fstatify\" rel=\"ugc\">support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fstatify\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fstatify\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Visitor statistics for WordPress with focus on data protection, transparency and clarity. Perfect as a widget in your WordPress Dashboard.",100000,2377836,50,"2025-12-21T16:02:00.000Z","4.7","5.2",[19,123,103,20,21],"pageviews","https:\u002F\u002Fstatify.pluginkollektiv.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstatify.1.8.5.zip",{"attackSurface":127,"codeSignals":207,"taintFlows":951,"riskAssessment":1147,"analyzedAt":1158},{"hooks":128,"ajaxHandlers":185,"restRoutes":186,"shortcodes":205,"cronEvents":206,"entryPointCount":13,"unprotectedCount":13},[129,135,140,144,149,153,157,161,165,170,174,177,181],{"type":130,"name":131,"callback":132,"file":133,"line":134},"action","admin_footer","_js_vars","includes\\classes\\class-wp-list-table-wpvf.php",145,{"type":130,"name":136,"callback":137,"file":138,"line":139},"admin_menu","adminMenu","includes\\classes\\class-wp-visitorflow-admin.php",34,{"type":130,"name":141,"callback":142,"file":138,"line":143},"wp_dashboard_setup","dashboardWidget",37,{"type":145,"name":146,"callback":147,"priority":46,"file":138,"line":148},"filter","plugin_action_links","addSettingsLink",40,{"type":145,"name":150,"callback":151,"file":138,"line":152},"manage_posts_columns","postsAddWpVisitorColumn",43,{"type":130,"name":154,"callback":155,"priority":46,"file":138,"line":156},"manage_posts_custom_column","postsWpVisitorColumn",44,{"type":145,"name":158,"callback":159,"file":138,"line":160},"manage_pages_columns","pagesAddWpVisitorColumn",47,{"type":130,"name":162,"callback":163,"priority":46,"file":138,"line":164},"manage_pages_custom_column","pagesWpVisitorColumn",48,{"type":130,"name":166,"callback":167,"file":168,"line":169},"admin_notices","wp_visitorflow_php_notice","wp-visitorflow.php",58,{"type":130,"name":171,"callback":172,"file":168,"line":173},"init","wp_visitorflow_internationalization",128,{"type":130,"name":166,"callback":175,"file":168,"line":176},"wp_visitorflow_error_notice",139,{"type":130,"name":178,"callback":179,"file":168,"line":180},"shutdown","wp_visitorflow_record_action",151,{"type":130,"name":182,"callback":183,"file":168,"line":184},"wp_footer","wp_visitorflow_frontend_action",156,[],[187,195,200],{"namespace":188,"route":189,"methods":190,"callback":192,"permissionCallback":28,"file":193,"line":194},"wp-visitorflow\u002Fv1","\u002Fregister",[191],"GET","wp_visitorflow_rest_register","includes\\functions\\wp-visitorflow-rest-api.php",9,{"namespace":188,"route":196,"methods":197,"callback":198,"permissionCallback":28,"file":193,"line":199},"\u002Fstats",[191],"wp_visitorflow_rest_stats",19,{"namespace":188,"route":201,"methods":202,"callback":203,"permissionCallback":28,"file":193,"line":204},"\u002Ffavicon",[191],"wp_visitorflow_rest_favicon",26,[],[],{"dangerousFunctions":208,"sqlUsage":209,"outputEscaping":308,"fileOperations":949,"externalRequests":27,"nonceChecks":27,"capabilityChecks":656,"bundledLibraries":950},[],{"prepared":210,"raw":152,"locations":211},97,[212,216,220,222,224,226,227,229,231,232,234,236,238,240,242,244,246,248,250,252,254,256,260,262,264,266,268,270,272,274,276,278,280,282,286,289,291,293,294,297,300,302,305],{"file":213,"line":214,"context":215},"includes\\classes\\class-wp-visitorflow-admin-single.php",119,"$wpdb->get_row() with variable interpolation",{"file":217,"line":218,"context":219},"includes\\classes\\class-wp-visitorflow-analysis.php",74,"$wpdb->get_var() with variable interpolation",{"file":217,"line":221,"context":219},76,{"file":217,"line":223,"context":219},79,{"file":217,"line":225,"context":219},82,{"file":217,"line":26,"context":219},{"file":217,"line":228,"context":219},89,{"file":217,"line":230,"context":219},93,{"file":217,"line":210,"context":215},{"file":217,"line":233,"context":219},103,{"file":217,"line":235,"context":219},105,{"file":217,"line":237,"context":219},108,{"file":217,"line":239,"context":219},111,{"file":217,"line":241,"context":219},114,{"file":217,"line":243,"context":219},118,{"file":217,"line":245,"context":219},122,{"file":217,"line":247,"context":219},127,{"file":217,"line":249,"context":219},129,{"file":217,"line":251,"context":219},130,{"file":217,"line":253,"context":219},131,{"file":217,"line":255,"context":219},132,{"file":257,"line":258,"context":259},"includes\\classes\\class-wp-visitorflow-maintenance.php",144,"$wpdb->query() with variable interpolation",{"file":257,"line":261,"context":259},158,{"file":263,"line":255,"context":215},"includes\\classes\\class-wp-visitorflow-setup.php",{"file":263,"line":265,"context":215},147,{"file":263,"line":267,"context":215},163,{"file":263,"line":269,"context":259},215,{"file":263,"line":271,"context":259},216,{"file":263,"line":273,"context":259},217,{"file":263,"line":275,"context":259},218,{"file":263,"line":277,"context":259},219,{"file":263,"line":279,"context":219},234,{"file":263,"line":281,"context":219},245,{"file":283,"line":284,"context":285},"includes\\views\\analysis\\website-pages.php",29,"$wpdb->get_results() with variable interpolation",{"file":287,"line":288,"context":285},"includes\\views\\analysis\\website-referrers.php",28,{"file":290,"line":199,"context":285},"includes\\views\\settings\\logfile.php",{"file":292,"line":106,"context":259},"includes\\views\\settings\\maintenance.php",{"file":292,"line":239,"context":259},{"file":295,"line":296,"context":285},"includes\\views\\tables\\table-bots.php",13,{"file":298,"line":299,"context":215},"includes\\views\\tables\\table-exclusions.php",120,{"file":298,"line":301,"context":215},140,{"file":303,"line":304,"context":285},"includes\\views\\tables\\table-keywords.php",12,{"file":306,"line":307,"context":285},"includes\\views\\tables\\table-uastrings.php",11,{"escaped":309,"rawEcho":310,"locations":311},35,411,[312,315,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,357,359,360,363,365,366,368,370,372,374,376,378,380,382,384,385,387,388,390,392,394,396,398,400,402,404,406,409,411,412,414,415,417,418,420,422,423,425,427,429,430,431,432,433,434,435,437,438,439,440,442,444,446,448,449,450,451,452,453,454,456,457,458,460,461,462,463,464,466,468,470,472,473,474,476,477,479,482,483,484,485,486,487,488,489,491,492,494,495,497,498,499,500,502,503,504,506,507,509,511,513,514,516,518,520,522,523,525,527,529,531,534,536,538,540,542,544,546,547,549,550,552,554,555,557,558,560,561,563,564,566,567,569,570,572,573,575,576,578,580,582,584,586,588,590,591,593,595,597,599,601,603,605,607,609,611,613,615,617,619,621,623,625,626,627,628,629,631,633,635,637,638,639,640,641,643,645,647,649,651,653,655,657,658,659,661,663,665,666,667,668,669,671,673,674,676,677,678,680,682,684,686,688,689,690,691,692,693,695,697,699,700,702,704,705,707,709,710,712,713,714,715,717,719,721,722,724,726,728,730,732,734,736,737,738,739,740,742,744,747,748,749,750,751,752,753,755,756,757,758,760,761,762,763,764,765,766,767,768,769,770,771,773,774,776,777,779,781,783,785,787,789,790,791,792,794,795,797,798,800,802,804,806,807,808,809,810,812,813,815,817,819,820,822,823,825,826,827,828,829,830,831,833,834,836,838,839,841,842,843,844,845,847,848,849,850,852,853,855,857,859,860,861,862,864,865,866,868,869,871,872,874,876,877,879,880,881,882,883,885,887,889,890,892,894,896,897,898,899,900,901,903,905,906,907,908,909,910,911,912,913,914,915,916,917,918,921,923,924,925,926,928,929,930,932,933,934,935,937,938,939,940,941,942,944,945,946,947,948],{"file":133,"line":313,"context":314},348,"raw output",{"file":133,"line":313,"context":314},{"file":133,"line":317,"context":314},349,{"file":133,"line":319,"context":314},395,{"file":133,"line":321,"context":314},446,{"file":133,"line":323,"context":314},447,{"file":133,"line":325,"context":314},448,{"file":133,"line":327,"context":314},453,{"file":133,"line":329,"context":314},826,{"file":133,"line":331,"context":314},1062,{"file":133,"line":333,"context":314},1077,{"file":133,"line":335,"context":314},1086,{"file":133,"line":337,"context":314},1160,{"file":133,"line":339,"context":314},1233,{"file":133,"line":341,"context":314},1236,{"file":133,"line":343,"context":314},1244,{"file":133,"line":345,"context":314},1245,{"file":133,"line":347,"context":314},1246,{"file":133,"line":349,"context":314},1249,{"file":133,"line":351,"context":314},1250,{"file":133,"line":353,"context":314},1251,{"file":355,"line":356,"context":314},"includes\\classes\\class-wp-visitorflow-admin-export.php",55,{"file":355,"line":358,"context":314},57,{"file":355,"line":169,"context":314},{"file":361,"line":362,"context":314},"includes\\classes\\class-wp-visitorflow-admin-overview.php",39,{"file":361,"line":364,"context":314},41,{"file":361,"line":152,"context":314},{"file":361,"line":367,"context":314},53,{"file":361,"line":369,"context":314},56,{"file":361,"line":371,"context":314},134,{"file":361,"line":373,"context":314},135,{"file":361,"line":375,"context":314},141,{"file":361,"line":377,"context":314},142,{"file":361,"line":379,"context":314},148,{"file":361,"line":381,"context":314},149,{"file":361,"line":383,"context":314},155,{"file":361,"line":184,"context":314},{"file":361,"line":386,"context":314},162,{"file":361,"line":267,"context":314},{"file":361,"line":389,"context":314},169,{"file":361,"line":391,"context":314},170,{"file":361,"line":393,"context":314},337,{"file":361,"line":395,"context":314},338,{"file":361,"line":397,"context":314},339,{"file":361,"line":399,"context":314},353,{"file":361,"line":401,"context":314},368,{"file":361,"line":403,"context":314},369,{"file":361,"line":405,"context":314},370,{"file":407,"line":408,"context":314},"includes\\classes\\class-wp-visitorflow-admin-page-metabox.php",123,{"file":410,"line":371,"context":314},"includes\\classes\\class-wp-visitorflow-admin-page-timeframe.php",{"file":410,"line":373,"context":314},{"file":410,"line":413,"context":314},136,{"file":410,"line":375,"context":314},{"file":410,"line":416,"context":314},154,{"file":410,"line":416,"context":314},{"file":410,"line":419,"context":314},160,{"file":410,"line":421,"context":314},161,{"file":410,"line":267,"context":314},{"file":410,"line":424,"context":314},164,{"file":410,"line":426,"context":314},166,{"file":428,"line":225,"context":314},"includes\\classes\\class-wp-visitorflow-admin-page.php",{"file":428,"line":35,"context":314},{"file":428,"line":26,"context":314},{"file":428,"line":299,"context":314},{"file":428,"line":408,"context":314},{"file":428,"line":383,"context":314},{"file":428,"line":261,"context":314},{"file":436,"line":367,"context":314},"includes\\classes\\class-wp-visitorflow-admin-plots.php",{"file":436,"line":367,"context":314},{"file":436,"line":367,"context":314},{"file":436,"line":358,"context":314},{"file":436,"line":441,"context":314},59,{"file":436,"line":443,"context":314},60,{"file":436,"line":445,"context":314},75,{"file":436,"line":447,"context":314},80,{"file":436,"line":176,"context":314},{"file":436,"line":176,"context":314},{"file":436,"line":176,"context":314},{"file":436,"line":176,"context":314},{"file":436,"line":377,"context":314},{"file":436,"line":134,"context":314},{"file":436,"line":455,"context":314},146,{"file":436,"line":421,"context":314},{"file":436,"line":424,"context":314},{"file":436,"line":459,"context":314},213,{"file":436,"line":459,"context":314},{"file":436,"line":459,"context":314},{"file":436,"line":273,"context":314},{"file":436,"line":277,"context":314},{"file":436,"line":465,"context":314},220,{"file":436,"line":467,"context":314},237,{"file":469,"line":441,"context":314},"includes\\classes\\class-wp-visitorflow-admin-settings.php",{"file":469,"line":471,"context":314},61,{"file":469,"line":447,"context":314},{"file":213,"line":180,"context":314},{"file":213,"line":475,"context":314},159,{"file":138,"line":96,"context":314},{"file":138,"line":478,"context":314},189,{"file":480,"line":481,"context":314},"includes\\views\\analysis\\flow-per-page.php",113,{"file":480,"line":481,"context":314},{"file":480,"line":243,"context":314},{"file":480,"line":243,"context":314},{"file":480,"line":408,"context":314},{"file":480,"line":408,"context":314},{"file":480,"line":173,"context":314},{"file":480,"line":173,"context":314},{"file":480,"line":490,"context":314},133,{"file":480,"line":490,"context":314},{"file":480,"line":493,"context":314},138,{"file":480,"line":493,"context":314},{"file":480,"line":496,"context":314},168,{"file":480,"line":496,"context":314},{"file":480,"line":96,"context":314},{"file":480,"line":96,"context":314},{"file":480,"line":501,"context":314},186,{"file":480,"line":271,"context":314},{"file":480,"line":271,"context":314},{"file":480,"line":505,"context":314},223,{"file":480,"line":279,"context":314},{"file":480,"line":508,"context":314},235,{"file":480,"line":510,"context":314},259,{"file":480,"line":512,"context":314},336,{"file":480,"line":397,"context":314},{"file":480,"line":515,"context":314},340,{"file":480,"line":517,"context":314},343,{"file":480,"line":519,"context":314},344,{"file":480,"line":521,"context":314},347,{"file":480,"line":313,"context":314},{"file":480,"line":524,"context":314},351,{"file":480,"line":526,"context":314},352,{"file":480,"line":528,"context":314},355,{"file":480,"line":530,"context":314},359,{"file":532,"line":533,"context":314},"includes\\views\\analysis\\flow-per-step.php",478,{"file":532,"line":535,"context":314},487,{"file":532,"line":537,"context":314},495,{"file":532,"line":539,"context":314},499,{"file":532,"line":541,"context":314},507,{"file":532,"line":543,"context":314},517,{"file":532,"line":545,"context":314},519,{"file":532,"line":545,"context":314},{"file":532,"line":548,"context":314},524,{"file":532,"line":548,"context":314},{"file":532,"line":551,"context":314},530,{"file":532,"line":553,"context":314},532,{"file":532,"line":553,"context":314},{"file":532,"line":556,"context":314},537,{"file":532,"line":556,"context":314},{"file":532,"line":559,"context":314},542,{"file":532,"line":559,"context":314},{"file":532,"line":562,"context":314},547,{"file":532,"line":562,"context":314},{"file":532,"line":565,"context":314},552,{"file":532,"line":565,"context":314},{"file":532,"line":568,"context":314},557,{"file":532,"line":568,"context":314},{"file":532,"line":571,"context":314},562,{"file":532,"line":571,"context":314},{"file":532,"line":574,"context":314},567,{"file":532,"line":574,"context":314},{"file":532,"line":577,"context":314},583,{"file":532,"line":579,"context":314},593,{"file":532,"line":581,"context":314},597,{"file":532,"line":583,"context":314},602,{"file":532,"line":585,"context":314},630,{"file":532,"line":587,"context":314},635,{"file":532,"line":589,"context":314},636,{"file":532,"line":589,"context":314},{"file":532,"line":592,"context":314},662,{"file":532,"line":594,"context":314},663,{"file":532,"line":596,"context":314},664,{"file":532,"line":598,"context":314},682,{"file":532,"line":600,"context":314},683,{"file":532,"line":602,"context":314},688,{"file":532,"line":604,"context":314},758,{"file":532,"line":606,"context":314},759,{"file":532,"line":608,"context":314},760,{"file":532,"line":610,"context":314},784,{"file":532,"line":612,"context":314},787,{"file":532,"line":614,"context":314},788,{"file":532,"line":616,"context":314},789,{"file":532,"line":618,"context":314},794,{"file":532,"line":620,"context":314},800,{"file":622,"line":164,"context":314},"includes\\views\\analysis\\single-timeline.php",{"file":622,"line":624,"context":314},69,{"file":283,"line":118,"context":314},{"file":283,"line":269,"context":314},{"file":283,"line":277,"context":314},{"file":283,"line":465,"context":314},{"file":283,"line":630,"context":314},222,{"file":283,"line":632,"context":314},229,{"file":283,"line":634,"context":314},248,{"file":283,"line":636,"context":314},249,{"file":287,"line":235,"context":314},{"file":287,"line":269,"context":314},{"file":287,"line":275,"context":314},{"file":287,"line":277,"context":314},{"file":287,"line":642,"context":314},221,{"file":287,"line":644,"context":314},228,{"file":287,"line":646,"context":314},251,{"file":287,"line":648,"context":314},271,{"file":287,"line":650,"context":314},272,{"file":287,"line":652,"context":314},317,{"file":654,"line":199,"context":314},"includes\\views\\analysis\\website-single-flow.php",{"file":654,"line":656,"context":314},20,{"file":654,"line":445,"context":314},{"file":654,"line":221,"context":314},{"file":654,"line":660,"context":314},77,{"file":654,"line":662,"context":314},78,{"file":654,"line":664,"context":314},83,{"file":654,"line":35,"context":314},{"file":654,"line":11,"context":314},{"file":654,"line":233,"context":314},{"file":654,"line":235,"context":314},{"file":654,"line":670,"context":314},107,{"file":672,"line":356,"context":314},"includes\\views\\analysis\\website-visitors.php",{"file":672,"line":441,"context":314},{"file":672,"line":675,"context":314},62,{"file":672,"line":447,"context":314},{"file":672,"line":241,"context":314},{"file":672,"line":679,"context":314},180,{"file":672,"line":681,"context":314},301,{"file":672,"line":683,"context":314},318,{"file":685,"line":656,"context":314},"includes\\views\\export\\table.php",{"file":685,"line":687,"context":314},27,{"file":685,"line":139,"context":314},{"file":685,"line":379,"context":314},{"file":685,"line":496,"context":314},{"file":685,"line":391,"context":314},{"file":685,"line":96,"context":314},{"file":685,"line":694,"context":314},175,{"file":685,"line":696,"context":314},183,{"file":685,"line":698,"context":314},184,{"file":685,"line":698,"context":314},{"file":685,"line":701,"context":314},185,{"file":685,"line":703,"context":314},191,{"file":685,"line":703,"context":314},{"file":685,"line":706,"context":314},192,{"file":292,"line":708,"context":314},23,{"file":292,"line":118,"context":314},{"file":292,"line":711,"context":314},64,{"file":292,"line":445,"context":314},{"file":292,"line":381,"context":314},{"file":292,"line":421,"context":314},{"file":292,"line":716,"context":314},167,{"file":292,"line":718,"context":314},179,{"file":292,"line":720,"context":314},188,{"file":292,"line":465,"context":314},{"file":292,"line":723,"context":314},242,{"file":292,"line":725,"context":314},277,{"file":292,"line":727,"context":314},283,{"file":292,"line":729,"context":314},285,{"file":292,"line":731,"context":314},308,{"file":292,"line":733,"context":314},311,{"file":292,"line":735,"context":314},312,{"file":292,"line":512,"context":314},{"file":292,"line":397,"context":314},{"file":292,"line":515,"context":314},{"file":292,"line":519,"context":314},{"file":292,"line":741,"context":314},372,{"file":292,"line":743,"context":314},430,{"file":745,"line":746,"context":314},"includes\\views\\settings\\privacy.php",31,{"file":745,"line":358,"context":314},{"file":745,"line":471,"context":314},{"file":745,"line":26,"context":314},{"file":745,"line":228,"context":314},{"file":745,"line":493,"context":314},{"file":745,"line":176,"context":314},{"file":745,"line":754,"context":314},157,{"file":745,"line":261,"context":314},{"file":745,"line":421,"context":314},{"file":745,"line":386,"context":314},{"file":759,"line":235,"context":314},"includes\\views\\settings\\storage.php",{"file":759,"line":253,"context":314},{"file":759,"line":371,"context":314},{"file":759,"line":413,"context":314},{"file":759,"line":377,"context":314},{"file":759,"line":134,"context":314},{"file":759,"line":265,"context":314},{"file":759,"line":416,"context":314},{"file":759,"line":754,"context":314},{"file":759,"line":261,"context":314},{"file":759,"line":716,"context":314},{"file":759,"line":391,"context":314},{"file":759,"line":772,"context":314},171,{"file":759,"line":96,"context":314},{"file":759,"line":775,"context":314},174,{"file":759,"line":706,"context":314},{"file":759,"line":778,"context":314},195,{"file":759,"line":780,"context":314},196,{"file":759,"line":782,"context":314},201,{"file":759,"line":784,"context":314},204,{"file":759,"line":786,"context":314},205,{"file":759,"line":788,"context":314},211,{"file":759,"line":271,"context":314},{"file":759,"line":277,"context":314},{"file":759,"line":465,"context":314},{"file":759,"line":793,"context":314},239,{"file":759,"line":723,"context":314},{"file":759,"line":796,"context":314},243,{"file":759,"line":634,"context":314},{"file":759,"line":799,"context":314},253,{"file":759,"line":801,"context":314},256,{"file":759,"line":803,"context":314},257,{"file":759,"line":805,"context":314},273,{"file":759,"line":727,"context":314},{"file":759,"line":727,"context":314},{"file":759,"line":729,"context":314},{"file":759,"line":729,"context":314},{"file":759,"line":811,"context":314},286,{"file":759,"line":811,"context":314},{"file":759,"line":814,"context":314},287,{"file":759,"line":816,"context":314},335,{"file":759,"line":818,"context":314},377,{"file":295,"line":164,"context":314},{"file":295,"line":821,"context":314},49,{"file":295,"line":118,"context":314},{"file":295,"line":824,"context":314},51,{"file":295,"line":356,"context":314},{"file":295,"line":221,"context":314},{"file":295,"line":660,"context":314},{"file":295,"line":662,"context":314},{"file":295,"line":223,"context":314},{"file":295,"line":228,"context":314},{"file":832,"line":307,"context":314},"includes\\views\\tables\\table-dbinfo.php",{"file":832,"line":304,"context":314},{"file":832,"line":835,"context":314},15,{"file":832,"line":837,"context":314},17,{"file":832,"line":708,"context":314},{"file":832,"line":840,"context":314},33,{"file":832,"line":309,"context":314},{"file":832,"line":362,"context":314},{"file":832,"line":118,"context":314},{"file":832,"line":367,"context":314},{"file":832,"line":846,"context":314},54,{"file":832,"line":846,"context":314},{"file":832,"line":441,"context":314},{"file":832,"line":675,"context":314},{"file":832,"line":851,"context":314},63,{"file":832,"line":851,"context":314},{"file":832,"line":854,"context":314},68,{"file":832,"line":856,"context":314},71,{"file":832,"line":858,"context":314},72,{"file":832,"line":858,"context":314},{"file":832,"line":660,"context":314},{"file":832,"line":447,"context":314},{"file":832,"line":863,"context":314},81,{"file":832,"line":863,"context":314},{"file":832,"line":26,"context":314},{"file":832,"line":867,"context":314},86,{"file":832,"line":228,"context":314},{"file":832,"line":870,"context":314},90,{"file":832,"line":230,"context":314},{"file":832,"line":873,"context":314},94,{"file":298,"line":875,"context":314},14,{"file":298,"line":835,"context":314},{"file":298,"line":878,"context":314},16,{"file":298,"line":837,"context":314},{"file":298,"line":443,"context":314},{"file":298,"line":851,"context":314},{"file":298,"line":711,"context":314},{"file":298,"line":884,"context":314},67,{"file":298,"line":886,"context":314},70,{"file":298,"line":888,"context":314},106,{"file":298,"line":237,"context":314},{"file":298,"line":891,"context":314},109,{"file":298,"line":893,"context":314},112,{"file":298,"line":895,"context":314},115,{"file":298,"line":253,"context":314},{"file":298,"line":255,"context":314},{"file":298,"line":490,"context":314},{"file":298,"line":371,"context":314},{"file":298,"line":180,"context":314},{"file":298,"line":902,"context":314},152,{"file":298,"line":904,"context":314},153,{"file":298,"line":416,"context":314},{"file":298,"line":421,"context":314},{"file":298,"line":496,"context":314},{"file":303,"line":288,"context":314},{"file":303,"line":284,"context":314},{"file":303,"line":34,"context":314},{"file":303,"line":746,"context":314},{"file":303,"line":846,"context":314},{"file":303,"line":356,"context":314},{"file":303,"line":369,"context":314},{"file":303,"line":856,"context":314},{"file":303,"line":858,"context":314},{"file":303,"line":662,"context":314},{"file":919,"line":920,"context":314},"includes\\views\\tables\\table-summary.php",91,{"file":919,"line":922,"context":314},92,{"file":919,"line":230,"context":314},{"file":919,"line":230,"context":314},{"file":919,"line":873,"context":314},{"file":919,"line":927,"context":314},95,{"file":919,"line":106,"context":314},{"file":919,"line":233,"context":314},{"file":919,"line":931,"context":314},104,{"file":919,"line":931,"context":314},{"file":919,"line":235,"context":314},{"file":919,"line":888,"context":314},{"file":919,"line":936,"context":314},110,{"file":919,"line":239,"context":314},{"file":919,"line":239,"context":314},{"file":919,"line":893,"context":314},{"file":919,"line":481,"context":314},{"file":306,"line":309,"context":314},{"file":306,"line":943,"context":314},36,{"file":306,"line":143,"context":314},{"file":306,"line":367,"context":314},{"file":306,"line":675,"context":314},{"file":306,"line":851,"context":314},{"file":306,"line":854,"context":314},8,[],[952,990,1010,1023,1054,1071,1086,1118,1131],{"entryPoint":953,"graph":954,"unsanitizedCount":988,"severity":989},"search_box (includes\\classes\\class-wp-list-table-wpvf.php:332)",{"nodes":955,"edges":982},[956,960,965,969,971,974,976,980],{"id":957,"type":958,"label":959,"file":133,"line":397},"n0","source","$_REQUEST['orderby']",{"id":961,"type":962,"label":963,"file":133,"line":397,"wp_function":964},"n1","sink","echo() [XSS]","echo",{"id":966,"type":958,"label":967,"file":133,"line":968},"n2","$_REQUEST['order']",341,{"id":970,"type":962,"label":963,"file":133,"line":968,"wp_function":964},"n3",{"id":972,"type":958,"label":973,"file":133,"line":517},"n4","$_REQUEST['post_mime_type']",{"id":975,"type":962,"label":963,"file":133,"line":517,"wp_function":964},"n5",{"id":977,"type":958,"label":978,"file":133,"line":979},"n6","$_REQUEST['detached']",345,{"id":981,"type":962,"label":963,"file":133,"line":979,"wp_function":964},"n7",[983,985,986,987],{"from":957,"to":961,"sanitized":984},false,{"from":966,"to":970,"sanitized":984},{"from":972,"to":975,"sanitized":984},{"from":977,"to":981,"sanitized":984},4,"medium",{"entryPoint":991,"graph":992,"unsanitizedCount":33,"severity":989},"main (includes\\classes\\class-wp-visitorflow-admin-single.php:34)",{"nodes":993,"edges":1005},[994,997,1000,1001,1004],{"id":957,"type":958,"label":995,"file":213,"line":996},"$_GET (x2)",73,{"id":961,"type":962,"label":998,"file":213,"line":221,"wp_function":999},"get_row() [SQLi]","get_row",{"id":966,"type":958,"label":995,"file":213,"line":265},{"id":970,"type":1002,"label":1003,"file":213,"line":265},"transform","→ printHeader()",{"id":972,"type":962,"label":963,"file":428,"line":26,"wp_function":964},[1006,1008,1009],{"from":957,"to":961,"sanitized":1007},true,{"from":966,"to":970,"sanitized":984},{"from":970,"to":972,"sanitized":984},{"entryPoint":1011,"graph":1012,"unsanitizedCount":33,"severity":989},"\u003Cclass-wp-visitorflow-admin-single> (includes\\classes\\class-wp-visitorflow-admin-single.php:0)",{"nodes":1013,"edges":1019},[1014,1015,1016,1017,1018],{"id":957,"type":958,"label":995,"file":213,"line":996},{"id":961,"type":962,"label":998,"file":213,"line":221,"wp_function":999},{"id":966,"type":958,"label":995,"file":213,"line":265},{"id":970,"type":1002,"label":1003,"file":213,"line":265},{"id":972,"type":962,"label":963,"file":428,"line":26,"wp_function":964},[1020,1021,1022],{"from":957,"to":961,"sanitized":1007},{"from":966,"to":970,"sanitized":984},{"from":970,"to":972,"sanitized":984},{"entryPoint":1024,"graph":1025,"unsanitizedCount":949,"severity":1053},"\u003Cflow-per-step> (includes\\views\\analysis\\flow-per-step.php:0)",{"nodes":1026,"edges":1047},[1027,1029,1033,1035,1036,1038,1039,1042,1044],{"id":957,"type":958,"label":1028,"file":532,"line":169},"$_POST (x2)",{"id":961,"type":962,"label":1030,"file":532,"line":1031,"wp_function":1032},"get_results() [SQLi]",297,"get_results",{"id":966,"type":958,"label":1034,"file":532,"line":169},"$_POST (x7)",{"id":970,"type":962,"label":963,"file":532,"line":535,"wp_function":964},{"id":972,"type":958,"label":1037,"file":532,"line":148},"$_GET",{"id":975,"type":962,"label":963,"file":532,"line":592,"wp_function":964},{"id":977,"type":958,"label":1040,"file":532,"line":1041},"$_POST",461,{"id":981,"type":1002,"label":1043,"file":532,"line":1041},"→ wpvf_getSankeyLinks()",{"id":1045,"type":962,"label":1030,"file":532,"line":1046,"wp_function":1032},"n8",900,[1048,1049,1050,1051,1052],{"from":957,"to":961,"sanitized":1007},{"from":966,"to":970,"sanitized":984},{"from":972,"to":975,"sanitized":984},{"from":977,"to":981,"sanitized":984},{"from":981,"to":1045,"sanitized":1007},"low",{"entryPoint":1055,"graph":1056,"unsanitizedCount":27,"severity":1053},"\u003Ctable> (includes\\views\\export\\table.php:0)",{"nodes":1057,"edges":1067},[1058,1059,1060,1061,1064,1066],{"id":957,"type":958,"label":1040,"file":685,"line":46},{"id":961,"type":962,"label":1030,"file":685,"line":225,"wp_function":1032},{"id":966,"type":958,"label":1040,"file":685,"line":46},{"id":970,"type":962,"label":1062,"file":685,"line":134,"wp_function":1063},"fopen() [File Access]","fopen",{"id":972,"type":958,"label":1065,"file":685,"line":46},"$_POST (x5)",{"id":975,"type":962,"label":963,"file":685,"line":379,"wp_function":964},[1068,1069,1070],{"from":957,"to":961,"sanitized":1007},{"from":966,"to":970,"sanitized":1007},{"from":972,"to":975,"sanitized":1007},{"entryPoint":1072,"graph":1073,"unsanitizedCount":27,"severity":1053},"\u003Cmaintenance> (includes\\views\\settings\\maintenance.php:0)",{"nodes":1074,"edges":1083},[1075,1076,1077,1079],{"id":957,"type":958,"label":1034,"file":292,"line":441},{"id":961,"type":962,"label":963,"file":292,"line":711,"wp_function":964},{"id":966,"type":958,"label":1078,"file":292,"line":441},"$_POST (x4)",{"id":970,"type":962,"label":1080,"file":292,"line":1081,"wp_function":1082},"query() [SQLi]",87,"query",[1084,1085],{"from":957,"to":961,"sanitized":1007},{"from":966,"to":970,"sanitized":1007},{"entryPoint":1087,"graph":1088,"unsanitizedCount":1116,"severity":1117},"\u003Cclass-wp-list-table-wpvf> (includes\\classes\\class-wp-list-table-wpvf.php:0)",{"nodes":1089,"edges":1109},[1090,1091,1092,1093,1094,1095,1096,1097,1098,1101,1103,1105],{"id":957,"type":958,"label":959,"file":133,"line":397},{"id":961,"type":962,"label":963,"file":133,"line":397,"wp_function":964},{"id":966,"type":958,"label":967,"file":133,"line":968},{"id":970,"type":962,"label":963,"file":133,"line":968,"wp_function":964},{"id":972,"type":958,"label":973,"file":133,"line":517},{"id":975,"type":962,"label":963,"file":133,"line":517,"wp_function":964},{"id":977,"type":958,"label":978,"file":133,"line":979},{"id":981,"type":962,"label":963,"file":133,"line":979,"wp_function":964},{"id":1045,"type":958,"label":1099,"file":133,"line":1100},"$_SERVER",1003,{"id":1102,"type":962,"label":963,"file":133,"line":341,"wp_function":964},"n9",{"id":1104,"type":958,"label":1099,"file":133,"line":1100},"n10",{"id":1106,"type":962,"label":1107,"file":133,"line":341,"wp_function":1108},"n11","call_user_func() [RCE]","call_user_func",[1110,1111,1112,1113,1114,1115],{"from":957,"to":961,"sanitized":984},{"from":966,"to":970,"sanitized":984},{"from":972,"to":975,"sanitized":984},{"from":977,"to":981,"sanitized":984},{"from":1045,"to":1102,"sanitized":984},{"from":1104,"to":1106,"sanitized":984},6,"high",{"entryPoint":1119,"graph":1120,"unsanitizedCount":33,"severity":1117},"\u003Cwebsite-single-flow> (includes\\views\\analysis\\website-single-flow.php:0)",{"nodes":1121,"edges":1128},[1122,1123,1126,1127],{"id":957,"type":958,"label":1037,"file":654,"line":1116},{"id":961,"type":962,"label":1124,"file":654,"line":194,"wp_function":1125},"get_var() [SQLi]","get_var",{"id":966,"type":958,"label":1037,"file":654,"line":1116},{"id":970,"type":962,"label":963,"file":654,"line":656,"wp_function":964},[1129,1130],{"from":957,"to":961,"sanitized":984},{"from":966,"to":970,"sanitized":984},{"entryPoint":1132,"graph":1133,"unsanitizedCount":1146,"severity":1117},"\u003Cwebsite-visitors> (includes\\views\\analysis\\website-visitors.php:0)",{"nodes":1134,"edges":1142},[1135,1137,1138,1139,1140,1141],{"id":957,"type":958,"label":995,"file":672,"line":1136},46,{"id":961,"type":962,"label":963,"file":672,"line":675,"wp_function":964},{"id":966,"type":958,"label":1037,"file":672,"line":1136},{"id":970,"type":962,"label":1030,"file":672,"line":996,"wp_function":1032},{"id":972,"type":958,"label":995,"file":672,"line":1136},{"id":975,"type":962,"label":1080,"file":672,"line":445,"wp_function":1082},[1143,1144,1145],{"from":957,"to":961,"sanitized":984},{"from":966,"to":970,"sanitized":984},{"from":972,"to":975,"sanitized":984},5,{"summary":1148,"deductions":1149},"The wp-visitorflow plugin version 1.6.2 presents a moderate security risk primarily due to its unprotected entry points into the REST API. While the plugin has a clean vulnerability history with no known CVEs, the static analysis reveals significant concerns regarding data sanitization and authorization.  The high percentage of REST API routes lacking permission callbacks (3 out of 3) exposes these endpoints to unauthenticated access, creating a substantial attack surface. Coupled with a concerning number of taint flows with unsanitized paths (7 out of 9), especially the 3 identified as high severity, there's a strong potential for attackers to inject malicious data or exploit logic flaws.\n\nThe plugin also shows weaknesses in output escaping, with only 8% of outputs being properly escaped. This, combined with the lack of nonce checks, further amplifies the risk of cross-site scripting (XSS) vulnerabilities.  While the plugin doesn't utilize dangerous functions and has a reasonable number of capability checks, the identified issues with the REST API and unsanitized data flows are critical and require immediate attention. The absence of known vulnerabilities thus far is positive but does not negate the inherent risks identified in the code.  Therefore, while the plugin demonstrates some good practices like using prepared statements for most SQL queries, the unprotected REST API and unsanitized taint flows represent significant weaknesses.",[1150,1152,1154,1156],{"reason":1151,"points":46},"REST API routes without permission callbacks",{"reason":1153,"points":304},"Taint flows with unsanitized paths (high severity)",{"reason":1155,"points":949},"Low percentage of properly escaped output",{"reason":1157,"points":1146},"No nonce checks","2026-03-16T20:47:12.901Z",{"wat":1160,"direct":1171},{"assetPaths":1161,"generatorPatterns":1165,"scriptPaths":1166,"versionParams":1167},[1162,1163,1164],"\u002Fwp-content\u002Fplugins\u002Fwp-visitorflow\u002Fincludes\u002Fcss\u002Fwp-visitorflow.css","\u002Fwp-content\u002Fplugins\u002Fwp-visitorflow\u002Fincludes\u002Fjs\u002Fwp-visitorflow-frontend.js","\u002Fwp-content\u002Fplugins\u002Fwp-visitorflow\u002Fincludes\u002Fjs\u002Fwp-visitorflow-backend.js",[],[1163,1164],[1168,1169,1170],"wp-visitorflow\u002Fincludes\u002Fcss\u002Fwp-visitorflow.css?ver=","wp-visitorflow\u002Fincludes\u002Fjs\u002Fwp-visitorflow-frontend.js?ver=","wp-visitorflow\u002Fincludes\u002Fjs\u002Fwp-visitorflow-backend.js?ver=",{"cssClasses":1172,"htmlComments":1176,"htmlAttributes":1180,"restEndpoints":1183,"jsGlobals":1185,"shortcodeOutput":1187},[1173,1174,1175],"wp-visitorflow-overview","wpvf-frontend-script","wpvf-backend-script",[1177,1178,1179],"\u003C!-- WP VisitorFlow -->","\u003C!-- END WP VisitorFlow -->","\u003C!-- START WP VisitorFlow -->",[1181,1182],"data-wpvf-post-id","data-wpvf-type",[1184],"\u002Fwp-json\u002Fwp-visitorflow\u002F",[1186],"wp_visitorflow_data",[]]