[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fh3z_Z6AuLVnhhF4nOBJ4xSuhDWldk9SZiPDrFNz55po":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":51,"analysis":143,"fingerprints":382},"wp-yandex-metrika","Yandex.Metrica","1.2.2","Yandex Metrika","https:\u002F\u002Fprofiles.wordpress.org\u002Fyandexmetrika\u002F","\u003Ch4>Yandex.Metrica\u003C\u002Fh4>\n\u003Cp>The free official Yandex.Metrica plugin for WordPress. This plugin helps you install a Yandex.Metrica tag on your site and configure the transfer of E-commerce data without manually editing the site’s code. It also transmits data about product views, additions to the basket, and sales.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Official Yandex.Metrica plugin\u003C\u002Fli>\n\u003Cli>E-commerce event tracking without manually editing the site’s code\u003C\u002Fli>\n\u003Cli>Quick installation\u003C\u002Fli>\n\u003Cli>Support for WordPress versions 5.2.9 and higher\u003C\u002Fli>\n\u003Cli>Scheduled updates\u003C\u002Fli>\n\u003Cli>Prompt support service\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>List of functions\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Automatically search for and configure installed Yandex.Metrica tags.\u003C\u002Fli>\n\u003Cli>Quickly add new Yandex.Metrica tags. The following parameters are set by default:\n\u003Cul>\n\u003Cli>E-commerce: Enabled\u003C\u002Fli>\n\u003Cli>Session Replay: Enabled (can be disabled if necessary)\u003C\u002Fli>\n\u003Cli>Click map: enabled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Transfer of e-commerce events according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fdata\u002Fe-commerce.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>:\n\u003Cul>\n\u003Cli>Adding an item to the basket\u003C\u002Fli>\n\u003Cli>Pageview of a product profile\u003C\u002Fli>\n\u003Cli>Removing an item from the basket\u003C\u002Fli>\n\u003Cli>Placing an order\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Detalization of transferred product data according to the \u003Ca href=\"https:\u002F\u002Fyandex.ru\u002Fsupport\u002Fmetrica\u002Fecommerce\u002Fdata.html\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Event logs with the following error codes:\n\u003Cul>\n\u003Cli>The WordPress version is deprecated\u003C\u002Fli>\n\u003Cli>The site lacks the brand taxonomy indicated by the user\u003C\u002Fli>\n\u003Cli>The theme doesn’t have the hook required for the plugin to work\u003C\u002Fli>\n\u003Cli>The tag number contains characters that aren’t numbers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Russian\u003C\u002Fli>\n\u003Cli>English\u003C\u002Fli>\n\u003C\u002Ful>\n","The free official Yandex.Metrica plugin for WordPress.",60000,262856,70,13,"2025-09-25T10:44:00.000Z","6.8.5","5.2.9","5.6.20",[20,21,22,23,24],"%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81","%d1%8f%d0%bd%d0%b4%d0%b5%d0%ba%d1%81-%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","%d0%bc%d0%b5%d1%82%d1%80%d0%b8%d0%ba%d0%b0","metrica","yandex","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-yandex-metrika\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-yandex-metrika.1.2.2.zip",78,1,"2025-12-07 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-63063","yandexmetrica-missing-authorization","Yandex.Metrica \u003C= 1.2.2 - Missing Authorization","The Yandex.Metrica plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.",null,"\u003C=1.2.2","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2025-12-10 16:02:32",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F83048a4b-b64f-43d4-8cd2-f45cccd636f4?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},"yandexmetrika",30,79,"2026-04-04T14:03:39.742Z",[52,74,91,108,122],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"wt-yandex-metrika","WT Yandex Metrika","1.1","Roman Kusty","https:\u002F\u002Fprofiles.wordpress.org\u002Fkustyrt\u002F","\u003Cp>С помощью этого плагина вы можете c легкость добавить на свой сайт счетчик \u003Cstrong>Яндекс.Метрика\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\" rel=\"nofollow ugc\">Яндекс.Метрика\u003C\u002Fa> — инструмент для оценки посещаемости сайтов, анализа поведения посетителей и эффективности рекламы. Метрика работает по традиционному принципу интернет-счетчиков: код, установленный на страницах вашего сайта, регистрирует каждое посещение, собирая о нем данные.\u003C\u002Fp>\n\u003Ch4>Возможности плагина\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Выбор расположения кода счетчика: Header \u002F Footer\u003C\u002Fli>\n\u003Cli>Отключение счетчика при посещении сайта администратором\u003C\u002Fli>\n\u003Cli>Активация счетчика в панели администратора\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>После установки и активации плагина в \u003Cstrong>настройках сайта\u003C\u002Fstrong> появится раздел \u003Cstrong>WT Яндекс Метрика\u003C\u002Fstrong>, в котором необходимо вставить код счетчика и настроить отображение.\u003C\u002Fp>\n\u003Ch4>Поддержка\u003C\u002Fh4>\n\u003Cp>Домашняя страница и документация плагина: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress\u002F\" rel=\"nofollow ugc\">WT Yandex Metrika\u003C\u002Fa>.\u003Cbr \u002F>\nРазработка и поддержка: \u003Ca href=\"https:\u002F\u002Fweb-technology.biz\" rel=\"nofollow ugc\">АИТ “Web Technology”\u003C\u002Fa>.\u003Cbr \u002F>\nСообщество Вконтакте: \u003Ca href=\"https:\u002F\u002Fvk.com\u002Fagency_web_technology\" rel=\"nofollow ugc\">vk.com\u002Fagency_web_technology\u003C\u002Fa>.\u003C\u002Fp>\n","Простое добавление на сайт счетчика Яндекс.Метрика",6000,45465,100,2,"2020-05-25T14:17:00.000Z","5.4.19","3.9","",[20,21,22,69],"yandex-metrika","https:\u002F\u002Fweb-technology.biz\u002Fcms-wordpress\u002Fplugin-wt-yandex-metrika-for-cms-wordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-yandex-metrika.zip",85,0,{"slug":75,"name":76,"version":6,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":66,"requires_php":67,"tags":87,"homepage":88,"download_link":89,"security_score":90,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"easy-yandex-metrica","Easy Yandex Metrica","abwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fabwp\u002F","\u003Cp>The Easy Yandex Metrica plugin allows you to view some Yandex Metrica data directly in your WordPress admin panel\u003C\u002Fp>\n\u003Ch4>What is Yandex Metrica\u003C\u002Fh4>\n\u003Cp>Yandex Metrica is a free tool for evaluating site traffic and analyzing user behavior. Learn all the features of the service\u003Cbr \u002F>\nyou can on the official \u003Ca href=\"https:\u002F\u002Fmetrica.yandex.com\u002F\" rel=\"nofollow ugc\">page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>The Easy Yandex Metrica plugin adds a graphical display of the following data to the administrative panel\u003Cbr \u002F>\n– the number of visitors to the site\u003Cbr \u002F>\n– sources, summary\u003Cbr \u002F>\n– summary of transitions from search engines\u003Cbr \u002F>\n– summary of transitions from sites\u003Cbr \u002F>\n– summary of transitions from social networks\u003C\u002Fp>\n\u003Cp>This plugin does not add the tracking counter code to the site, if you need a simple installation of the code – use our plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fabwp-simple-counter\u002F\" rel=\"ugc\">Simple Counter\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>The plugin is available in the following languages:\u003Cbr \u002F>\n– English (en_US), built-in\u003Cbr \u002F>\n– Russian (ru_RU), native support\u003C\u002Fp>\n\u003Cp>You can help with translation to other languages-the plugin is completely ready for translation!\u003C\u002Fp>\n","Easily add statistics display Yandex Metrica to the Wordpress admin panel.",1000,15557,74,3,"2024-04-22T12:35:00.000Z","6.5.8",[21,22,24,69],"https:\u002F\u002Fab-wp.com\u002Fplugins\u002Feasy-yandex-metrica\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-yandex-metrica.1.2.2.zip",92,{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":73,"num_ratings":73,"last_updated":101,"tested_up_to":16,"requires_at_least":102,"requires_php":103,"tags":104,"homepage":106,"download_link":107,"security_score":62,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"fast-yandex-metrika","Fast Yandex Metrika","1.1.5","Sergey Parshin","https:\u002F\u002Fprofiles.wordpress.org\u002Fpss777\u002F","\u003Cp>Plugin for configuring the counter and Yandex Metrica goals.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Supports the following counter settings:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>whether to collect data for a click map;\u003C\u002Fli>\n\u003Cli>track clicks on outbound links;\u003C\u002Fli>\n\u003Cli>accurate bounce rate;\u003C\u002Fli>\n\u003Cli>whether to use Session Replay (Webvisor 2.0);\u003C\u002Fli>\n\u003Cli>hash tracking in the browser’s address bar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Loading by event:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>scroll: when the page starts scrolling (recommended if the counter script affects the speed of the site);\u003C\u002Fli>\n\u003Cli>ready: after building the HTML document, but before loading external resources: styles, scripts, images, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Embedding in HTML:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>adding before \u003C\u002Fhead>;\u003C\u002Fli>\n\u003Cli>adding after \u003Cbody>;\u003C\u002Fli>\n\u003Cli>adding before \u003C\u002Fbody>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Easy goal setting for:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>phone;\u003C\u002Fli>\n\u003Cli>form;\u003C\u002Fli>\n\u003Cli>button;\u003C\u002Fli>\n\u003Cli>link;\u003C\u002Fli>\n\u003Cli>HTML tag.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Error control\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When working with goals on the user side, the plugin monitors the correct indication of CSS selectors.\u003Cbr \u002F>\nJavaScript with a syntax violation does not cause an error, but fixes it in the browser console (F12).\u003C\u002Fp>\n\u003Cp>\u003Cem>Goal #1. SyntaxError: Failed to execute ‘querySelectorAll’ on ‘Document’: ‘.class 777’ is not a valid selector.\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>To see information about errors, in the plugin settings, enable the “Error control in the browser console” option.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Ftr9teIOTOqk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Plugin for configuring the counter and Yandex Metrica goals.",200,4412,"2025-04-15T12:14:00.000Z","6.8","8.1",[20,22,23,105,24],"metrika","https:\u002F\u002Fru.wordpress.org\u002Fplugins\u002Ffast-yandex-metrika\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast-yandex-metrika.1.1.5.zip",{"slug":109,"name":110,"version":111,"author":77,"author_profile":78,"description":112,"short_description":113,"active_installs":81,"downloaded":114,"rating":62,"num_ratings":63,"last_updated":115,"tested_up_to":86,"requires_at_least":66,"requires_php":67,"tags":116,"homepage":118,"download_link":119,"security_score":120,"vuln_count":28,"unpatched_count":28,"last_vuln_date":121,"fetched_at":30},"abwp-simple-counter","Simple Counter","1.0.3","\u003Cp>The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.\u003C\u002Fp>\n\u003Cp>Tools webmaster:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebmaster.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Webmaster\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fwebmasters\u002Ftools\u002F\" rel=\"nofollow ugc\">Google Search Console\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Code counters:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetrika.yandex.ru\u002F\" rel=\"nofollow ugc\">Yandex.Metrika\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.google.com\u002Fanalytics\u002F\" rel=\"nofollow ugc\">Google Analytics\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","The installation of the counter of Yandex.Metrics and Google Analytics on the website without editing the files of the selected theme.",11365,"2024-04-22T19:17:00.000Z",[20,22,105,117,24],"statistics","https:\u002F\u002Fab-wp.com\u002Fplugins\u002Fsimple-counter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabwp-simple-counter.1.0.3.zip",71,"2023-12-19 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":90,"vuln_count":73,"unpatched_count":73,"last_vuln_date":37,"fetched_at":30},"yandex-metrica","Yandex Metrica","2.0.2","Mustafa Uysal","https:\u002F\u002Fprofiles.wordpress.org\u002Fm_uysl\u002F","\u003Cp>The best Yandex Metrica plugin for WordPress.\u003C\u002Fp>\n\u003Ch4>What is Metrica\u003C\u002Fh4>\n\u003Cp>Metrica is an analytics tool like just like google analytics. You can learn more about from \u003Ca href=\"https:\u002F\u002Fmetrica.yandex.com\" rel=\"nofollow ugc\">official website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to manage counter’s  tracking options.\u003C\u002Fli>\n\u003Cli>Role based user tracking\u003C\u002Fli>\n\u003Cli>Dashboard widget that displays Metrica graphics,, summary of site usage, top pages etc..\u003C\u002Fli>\n\u003Cli>Role based user access for the displaying dashboard widget\u003C\u002Fli>\n\u003Cli>Basic mode is ready! If you don’t want to give API access, you can try basic mode.\u003C\u002Fli>\n\u003Cli>i18n support: Completely translation ready!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (en_US), built-in\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR), native support\u003C\u002Fli>\n\u003Cli>Russian (ru_RU), \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Foleg0789\" rel=\"nofollow ugc\">oleg0789\u003C\u002Fa> and Ксения Рыбка\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributing\u003C\u002Fh4>\n\u003Cp>Pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmustafauysal\u002Fyandex-metrica\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you like Yandex Metrica, then consider checking out my other projects:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F3WIGUTg\" rel=\"friend nofollow ugc\">Powered Cache\u003C\u002Fa> – Caching and Optimization for WordPress – Easily Improve PageSpeed & Web Vitals Score\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F4ag2OAc\" rel=\"friend nofollow ugc\">Magic Login Pro\u003C\u002Fa> – Easy, secure, and passwordless authentication for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F3wAFSxM\" rel=\"friend nofollow ugc\">Easy Text-to-Speech for WordPress\u003C\u002Fa> – Transform your textual content into high-quality synthesized speech with Amazon Polly.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F4bk1Tjp\" rel=\"friend nofollow ugc\">Handywriter\u003C\u002Fa> – AI-powered writing assistant that can help you create content for your WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbit.ly\u002F44GZOf8\" rel=\"friend nofollow ugc\">PaddlePress PRO\u003C\u002Fa> – Paddle Plugin for WordPress\u003C\u002Fli>\n\u003C\u002Ful>\n","Easy way to use Yandex Metrica on your WordPress site.",20000,421614,76,33,"2025-02-23T12:49:00.000Z","6.7.5","5.0","5.6",[139,23,105,140,24],"analytics","stats","https:\u002F\u002Fgithub.com\u002Fmustafauysal\u002Fyandex-metrica","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fyandex-metrica.2.0.2.zip",{"attackSurface":144,"codeSignals":295,"taintFlows":350,"riskAssessment":368,"analyzedAt":381},{"hooks":145,"ajaxHandlers":276,"restRoutes":291,"shortcodes":292,"cronEvents":293,"entryPointCount":294,"unprotectedCount":294},[146,152,155,159,163,167,171,173,175,179,181,184,186,189,191,193,195,197,199,202,204,206,208,210,212,214,219,224,228,232,235,239,243,246,250,253,255,257,258,260,265,269,272],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","admin_menu","createAdminPage","includes\\class.ya-metrika-backend.php",12,{"type":147,"name":153,"callback":154,"file":150,"line":14},"admin_init","registerSettings",{"type":147,"name":156,"callback":157,"file":150,"line":158},"admin_enqueue_scripts","registerAssets",14,{"type":147,"name":160,"callback":161,"file":150,"line":162},"admin_head","addLibraries",15,{"type":147,"name":164,"callback":165,"file":150,"line":166},"wp_head","addFrontendMeta",16,{"type":147,"name":168,"callback":157,"priority":28,"file":169,"line":170},"wp_enqueue_scripts","includes\\class.ya-metrika-clickToChat.php",9,{"type":147,"name":168,"callback":157,"priority":28,"file":172,"line":170},"includes\\class.ya-metrika-contactFormSeven.php",{"type":147,"name":168,"callback":157,"priority":28,"file":174,"line":170},"includes\\class.ya-metrika-elementor.php",{"type":147,"name":176,"callback":177,"priority":28,"file":178,"line":170},"init","onInit","includes\\class.ya-metrika-frontend.php",{"type":147,"name":168,"callback":157,"priority":28,"file":178,"line":180},10,{"type":147,"name":168,"callback":182,"priority":63,"file":178,"line":183},"registerInlineScripts",11,{"type":147,"name":164,"callback":185,"priority":162,"file":178,"line":151},"printPageCounters",{"type":147,"name":187,"callback":188,"priority":28,"file":178,"line":14},"wp_footer","printPagePixels",{"type":147,"name":168,"callback":157,"priority":28,"file":190,"line":170},"includes\\class.ya-metrika-mailchimpWoocommerce.php",{"type":147,"name":168,"callback":157,"priority":28,"file":192,"line":170},"includes\\class.ya-metrika-mailpoet.php",{"type":147,"name":168,"callback":157,"priority":28,"file":194,"line":170},"includes\\class.ya-metrika-mc4wp.php",{"type":147,"name":168,"callback":157,"priority":28,"file":196,"line":170},"includes\\class.ya-metrika-newsletter.php",{"type":147,"name":168,"callback":157,"priority":28,"file":198,"line":170},"includes\\class.ya-metrika-ninjaForms.php",{"type":147,"name":200,"callback":201,"file":198,"line":180},"admin_notices","printAlert",{"type":147,"name":168,"callback":157,"priority":28,"file":203,"line":170},"includes\\class.ya-metrika-popupMaker.php",{"type":147,"name":168,"callback":157,"priority":28,"file":205,"line":170},"includes\\class.ya-metrika-whatsappme.php",{"type":147,"name":168,"callback":157,"priority":28,"file":207,"line":151},"includes\\class.ya-metrika-woocommerce.php",{"type":147,"name":209,"callback":182,"priority":63,"file":207,"line":14},"wp_print_footer_scripts",{"type":147,"name":164,"callback":211,"priority":166,"file":207,"line":158},"registerCommonData",{"type":147,"name":176,"callback":213,"priority":28,"file":207,"line":162},"my_setcookie",{"type":147,"name":215,"callback":216,"priority":217,"file":207,"line":218},"the_post","onThePost",10000,18,{"type":220,"name":221,"callback":222,"priority":28,"file":207,"line":223},"filter","wc_get_template_part","onGetTemplatePart",19,{"type":220,"name":225,"callback":226,"priority":28,"file":207,"line":227},"woocommerce_blocks_product_grid_item_html","onBlockGridProduct",20,{"type":147,"name":229,"callback":230,"priority":180,"file":207,"line":231},"woocommerce_after_cart_item_quantity_update","onQuantityUpdate",29,{"type":147,"name":233,"callback":234,"priority":180,"file":207,"line":48},"woocommerce_add_to_cart","onAddToCart",{"type":147,"name":236,"callback":237,"priority":180,"file":207,"line":238},"woocommerce_remove_cart_item","onRemoveFromCart",31,{"type":147,"name":240,"callback":241,"priority":227,"file":207,"line":242},"woocommerce_cart_item_restored","onItemsRestored",32,{"type":147,"name":244,"callback":245,"priority":180,"file":207,"line":133},"woocommerce_before_thankyou","onPurchase",{"type":147,"name":247,"callback":248,"file":207,"line":249},"shutdown","checkHooks",36,{"type":147,"name":209,"callback":251,"priority":28,"file":207,"line":252},"closure",464,{"type":147,"name":209,"callback":251,"priority":28,"file":207,"line":254},589,{"type":147,"name":168,"callback":157,"priority":28,"file":256,"line":170},"includes\\class.ya-metrika-wpforms.php",{"type":147,"name":200,"callback":201,"file":256,"line":180},{"type":147,"name":168,"callback":157,"priority":28,"file":259,"line":170},"includes\\class.ya-metrika-yith-woocommerce-wishlist.php",{"type":147,"name":261,"callback":262,"file":263,"line":264},"plugins_loaded","loadTextDomain","includes\\class.ya-metrika.php",22,{"type":147,"name":266,"callback":267,"priority":180,"file":263,"line":268},"plugin_action_links","onActionsLinks",23,{"type":147,"name":200,"callback":270,"file":263,"line":271},"onNotices",25,{"type":147,"name":273,"callback":274,"file":263,"line":275},"current_screen","onScreen",26,[277,281,283,287,288],{"action":278,"nopriv":279,"callback":280,"hasNonce":279,"hasCapCheck":279,"file":207,"line":264},"yam_get_cart_items",false,"ajaxGetCartItems",{"action":278,"nopriv":282,"callback":280,"hasNonce":279,"hasCapCheck":279,"file":207,"line":268},true,{"action":284,"nopriv":279,"callback":285,"hasNonce":279,"hasCapCheck":279,"file":207,"line":286},"yam_get_purchase","ajaxGetPurchase",24,{"action":284,"nopriv":282,"callback":285,"hasNonce":279,"hasCapCheck":279,"file":207,"line":271},{"action":289,"nopriv":279,"callback":290,"hasNonce":279,"hasCapCheck":279,"file":263,"line":286},"yam_dismiss_message","onDismissMessage",[],[],[],5,{"dangerousFunctions":296,"sqlUsage":297,"outputEscaping":299,"fileOperations":63,"externalRequests":73,"nonceChecks":73,"capabilityChecks":73,"bundledLibraries":349},[],{"prepared":73,"raw":73,"locations":298},[],{"escaped":300,"rawEcho":286,"locations":301},59,[302,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,342,343,345,346,348],{"file":150,"line":303,"context":304},422,"raw output",{"file":150,"line":306,"context":304},445,{"file":150,"line":308,"context":304},483,{"file":150,"line":310,"context":304},514,{"file":150,"line":312,"context":304},555,{"file":150,"line":314,"context":304},583,{"file":150,"line":316,"context":304},587,{"file":150,"line":318,"context":304},595,{"file":150,"line":320,"context":304},619,{"file":150,"line":322,"context":304},626,{"file":150,"line":324,"context":304},653,{"file":150,"line":326,"context":304},723,{"file":150,"line":328,"context":304},746,{"file":150,"line":330,"context":304},749,{"file":150,"line":332,"context":304},751,{"file":150,"line":334,"context":304},753,{"file":150,"line":336,"context":304},762,{"file":178,"line":338,"context":304},95,{"file":340,"line":341,"context":304},"includes\\class.ya-metrika-logs.php",42,{"file":198,"line":218,"context":304},{"file":207,"line":344,"context":304},157,{"file":256,"line":218,"context":304},{"file":347,"line":271,"context":304},"view\\index.php",{"file":347,"line":275,"context":304},[],[351],{"entryPoint":352,"graph":353,"unsanitizedCount":73,"severity":367},"\u003Cclass.ya-metrika> (includes\\class.ya-metrika.php:0)",{"nodes":354,"edges":365},[355,360],{"id":356,"type":357,"label":358,"file":263,"line":359},"n0","source","$_POST",65,{"id":361,"type":362,"label":363,"file":263,"line":132,"wp_function":364},"n1","sink","echo() [XSS]","echo",[366],{"from":356,"to":361,"sanitized":282},"low",{"summary":369,"deductions":370},"The wp-yandex-metrika plugin, version 1.2.2, exhibits a concerning security posture primarily due to its unprotected attack surface. All five identified AJAX handlers lack authorization checks, presenting a significant risk for unauthorized actions. While the static analysis shows no dangerous functions or raw SQL queries, and external HTTP requests are absent, the lack of basic security controls on entry points is a major weakness. The plugin's vulnerability history, including a known unpatched medium-severity vulnerability (dated in the future, likely a placeholder), indicates a recurring pattern of security oversights, specifically missing authorization. This suggests a need for more robust security practices during development and testing to prevent potential exploits targeting these unprotected AJAX endpoints. Despite the absence of critical taint flows and the proper use of prepared statements, the unprotected entry points and historical vulnerabilities create a notable risk.",[371,373,375,377,379],{"reason":372,"points":180},"AJAX handlers without auth checks",{"reason":374,"points":180},"Unprotected entry points (all AJAX)",{"reason":376,"points":294},"No nonce checks on AJAX handlers",{"reason":378,"points":162},"One unpatched medium severity CVE",{"reason":380,"points":294},"Missing capability checks","2026-03-16T17:15:30.294Z",{"wat":383,"direct":396},{"assetPaths":384,"generatorPatterns":388,"scriptPaths":389,"versionParams":392},[385,386,387],"\u002Fwp-content\u002Fplugins\u002Fwp-yandex-metrika\u002Fassets\u002Fadmin.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-yandex-metrika\u002Fassets\u002Ffonts\u002Ffonts.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-yandex-metrika\u002Fassets\u002Fadmin.min.js",[],[390,391],"https:\u002F\u002Fcdn.jsdelivr.net\u002Fnpm\u002Fselect2@4.1.0-rc.0\u002Fdist\u002Fjs\u002Fselect2.min.js","https:\u002F\u002Fcdn.jsdelivr.net\u002Fnpm\u002Fselect2@4.1.0-rc.0\u002Fdist\u002Fjs\u002Fi18n\u002Fru.js",[393,394,395],"\u002Fwp-content\u002Fplugins\u002Fwp-yandex-metrika\u002Fassets\u002Fadmin.min.css?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-yandex-metrika\u002Fassets\u002Ffonts\u002Ffonts.min.css?ver=","\u002Fwp-content\u002Fplugins\u002Fwp-yandex-metrika\u002Fassets\u002Fadmin.min.js?ver=",{"cssClasses":397,"htmlComments":398,"htmlAttributes":399,"restEndpoints":401,"jsGlobals":402,"shortcodeOutput":405},[],[],[400],"data-input-type=\"number\"",[],[403,404],"YAM_SLUG","YAM_VER",[]]