[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXQrMRHwMw5yC2j6coblqiRkJGFy44YofRsXJc-e0NFA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":53,"analysis":148,"fingerprints":181},"0-day-analytics","0 Day Analytics","4.9.0","Golemiq","https:\u002F\u002Fprofiles.wordpress.org\u002Fawesomefootnotes\u002F","\u003Cp>\u003Cstrong>0 Day Analytics\u003C\u002Fstrong> is a comprehensive WordPress debugging and operational\u003Cbr \u002F>\nintelligence plugin. It is purpose-built for developers and site administrators\u003Cbr \u002F>\nwho need real-time visibility into their PHP errors, scheduled tasks, database\u003Cbr \u002F>\nstate, outgoing emails, HTTP requests, hook behaviour, and overall site health —\u003Cbr \u002F>\nall from a single admin interface.\u003C\u002Fp>\n\u003Cp>Unlike general monitoring services, 0 Day Analytics runs entirely inside your\u003Cbr \u002F>\nWordPress installation with no third-party data collection. Every module is\u003Cbr \u002F>\nopt-in and designed with performance in mind.\u003C\u002Fp>\n\u003Ch4>Error Log Manager\u003C\u002Fh4>\n\u003Cp>Read, search, filter, and manage your PHP\u002FWordPress error log without leaving\u003Cbr \u002F>\nthe admin. Engineered for very large (GB-sized) logs using a reverse-line reader\u003Cbr \u002F>\nthat never performs a full-file read. Supports code-context viewing (click any\u003Cbr \u002F>\nerror to see the surrounding source), per-severity filtering, log truncation,\u003Cbr \u002F>\nand download. Optionally randomise the log filename to reduce exposure.\u003C\u002Fp>\n\u003Ch4>PHP Fatal Error Tracker\u003C\u002Fh4>\n\u003Cp>Captures and stores PHP fatal errors in a dedicated database table, it records PHP errors even if the WP_DEBUG is turned off so they persist even after the log is rotated or overwritten. Each record includes\u003Cbr \u002F>\nerror type, file, line, stack trace, and timestamp — searchable and filterable\u003Cbr \u002F>\ndirectly in the admin.\u003C\u002Fp>\n\u003Ch4>Site Performance & Security Scanner\u003C\u002Fh4>\n\u003Cp>Runs 32+ automated checks across three categories — Security, Speed, and\u003Cbr \u002F>\nResources used — and presents a scored dashboard with actionable\u003Cbr \u002F>\nrecommendations. Checks include: PHP version, WordPress version, SSL\u003Cbr \u002F>\ncertificate, debug mode exposure, file permissions, database prefix, XML-RPC,\u003Cbr \u002F>\nlogin URL, active plugin count, autoloaded options, cron health, page caching,\u003Cbr \u002F>\nobject caching, gzip compression, lazy loading, image optimisation, and more.\u003C\u002Fp>\n\u003Ch4>Google PageSpeed & Core Web Vitals\u003C\u002Fh4>\n\u003Cp>Analyse any URL directly from the WordPress admin using the Google PageSpeed\u003Cbr \u002F>\nInsights API. Displays Performance, Accessibility, Best Practices, and SEO\u003Cbr \u002F>\nscores with Lighthouse category breakdowns for both desktop and mobile. For that you need to provide your own PageSpeed Google API key.\u003C\u002Fp>\n\u003Ch4>URL Tracker & Asset Analyser\u003C\u002Fh4>\n\u003Cp>Automatically tracks visited page URLs on your site. For each recorded URL,\u003Cbr \u002F>\nyou can collect all associated JS, CSS, and media assets (with file sizes), run\u003Cbr \u002F>\na Google PageSpeed analysis, and review visit counts — making it easy to audit\u003Cbr \u002F>\npage weight and performance regressions over time.\u003C\u002Fp>\n\u003Ch4>Cron Manager\u003C\u002Fh4>\n\u003Cp>View, search, edit, manually run, and delete WordPress scheduled tasks. Shows\u003Cbr \u002F>\nnext run time (UTC), recurrence interval, arguments, and last execution status.\u003Cbr \u002F>\nSupports bulk actions and advanced filtering.\u003C\u002Fp>\n\u003Ch4>Transients Manager\u003C\u002Fh4>\n\u003Cp>Browse, search, edit, and safely delete database transients. Displays expiry\u003Cbr \u002F>\ntime, serialised value (pretty-printed), and size. Bulk delete supports\u003Cbr \u002F>\nfiltered selections.\u003C\u002Fp>\n\u003Ch4>Outgoing HTTP Requests Viewer\u003C\u002Fh4>\n\u003Cp>Logs all outgoing \u003Ccode>wp_remote_*\u003C\u002Fcode> calls made by WordPress core, themes, and\u003Cbr \u002F>\nplugins. Records URL, method, status code, response time, triggering plugin,\u003Cbr \u002F>\nuser, and full request\u002Fresponse detail. Export to CSV for external analysis.\u003Cbr \u002F>\nAdvanced filtering by domain, plugin, status, and date range.\u003C\u002Fp>\n\u003Ch4>Mail Logger & Composer\u003C\u002Fh4>\n\u003Cp>Records every email sent through \u003Ccode>wp_mail()\u003C\u002Fcode> — including headers, body,\u003Cbr \u002F>\nattachments, CC, and BCC — and stores it in a searchable log. View the\u003Cbr \u002F>\nrendered email body, resend any logged email, or compose and send new emails\u003Cbr \u002F>\ndirectly from the admin. Supports HTML and plain-text previews.\u003C\u002Fp>\n\u003Ch4>SMTP Configuration\u003C\u002Fh4>\n\u003Cp>Configure custom SMTP settings (host, port, encryption, username, password)\u003Cbr \u002F>\nwith a built-in test email tool. Optionally log SMTP debug output to the\u003Cbr \u002F>\nWordPress debug log.\u003C\u002Fp>\n\u003Ch4>WP Hooks Monitor\u003C\u002Fh4>\n\u003Cp>Define which WordPress actions and filters (core or custom) you want to\u003Cbr \u002F>\nobserve. The Hooks Capture module records each invocation with its parameters,\u003Cbr \u002F>\nreturn value (for filters), and a full stack backtrace. Organise monitoring\u003Cbr \u002F>\nrules into named groups, enable\u002Fdisable per hook, and review the captured\u003Cbr \u002F>\noutput in a dedicated list view.\u003C\u002Fp>\n\u003Ch4>DB Table Manager\u003C\u002Fh4>\n\u003Cp>Browse, search, edit, and delete records across any table in your\u003Cbr \u002F>\nWordPress database — including custom plugin tables. Displays table size,\u003Cbr \u002F>\nengine, collation, row count, and schema information. Supports full and\u003Cbr \u002F>\nfiltered truncation and table drop with confirmation.\u003C\u002Fp>\n\u003Ch4>Server Info & System Status\u003C\u002Fh4>\n\u003Cp>Displays real-time server metrics (CPU load, memory usage, disk space,\u003Cbr \u002F>\nPHP version, active extensions) as both admin-bar badges and a dashboard\u003Cbr \u002F>\nwidget. Also provides a detailed environment report useful for support tickets\u003Cbr \u002F>\nand deployment checks.\u003C\u002Fp>\n\u003Ch4>Plugin Version Switcher\u003C\u002Fh4>\n\u003Cp>Roll back or switch between any previously downloaded version of an installed\u003Cbr \u002F>\nplugin without leaving the admin. Useful for quickly reverting after a bad\u003Cbr \u002F>\nupdate. Supports only free plugins from the WordPress repo.\u003C\u002Fp>\n\u003Ch4>Code Snippets\u003C\u002Fh4>\n\u003Cp>Write, save, and execute custom PHP snippets from the admin. Snippets support\u003Cbr \u002F>\nshortcodes, can be enabled\u002Fdisabled individually, and are sandboxed before\u003Cbr \u002F>\nexecution. Useful for one-off data migrations, testing custom logic, or\u003Cbr \u002F>\ngenerating dynamic output without creating a custom plugin.\u003C\u002Fp>\n\u003Ch4>Recovery Mode\u003C\u002Fh4>\n\u003Cp>Generate single-use recovery links that can disable a specific plugin or\u003Cbr \u002F>\ntrigger a custom action — delivered via Slack, Telegram, or any configured\u003Cbr \u002F>\nwebhook channel. Designed for emergency recovery when the site is inaccessible\u003Cbr \u002F>\nthrough normal means. The recovery URLs are sent in Slack and Telegram channels for security.\u003C\u002Fp>\n\u003Ch4>Other Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Dark mode for all admin screens.\u003C\u002Fli>\n\u003Cli>CSV export on all list views (requests, errors, mails, hooks, etc.).\u003C\u002Fli>\n\u003Cli>Screen Options on every screen (configure columns, items per page).\u003C\u002Fli>\n\u003Cli>WP CLI compatible scaffolding for background operations.\u003C\u002Fli>\n\u003Cli>Multisite aware (note: recovery mode has core multisite limitations).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>All-in-one WordPress debug & operations toolkit: error log manager, PHP fatal\u003Cbr \u002F>\ntracker, cron & transient manager, mail logger, SMTP, outgoing requests viewer,\u003Cbr \u002F>\nDB table manager, site performance & security scanner, Google PageSpeed\u003Cbr \u002F>\nintegration, URL tracker, WP hooks monitor, code snippets, and recovery mode.\u003C\u002Fp>\n\u003Ch3>Requirements & Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 6.0+ (tested up to 6.9)\u003C\u002Fli>\n\u003Cli>PHP 7.4+ (compatible with PHP 8.0, 8.1, 8.2, 8.3, 8.4)\u003C\u002Fli>\n\u003Cli>MySQL 5.7+ \u002F MariaDB 10.3+\u003C\u002Fli>\n\u003Cli>Not intended as a primary multisite recovery tool (see FAQ)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Best Practices & Security Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Keep log files outside the webroot when possible, or restrict access via\u003Cbr \u002F>\nserver rules (.htaccess \u002F nginx) to prevent public exposure.\u003C\u002Fli>\n\u003Cli>Use the built-in “Randomise Log Filename” feature when logs must stay in the\u003Cbr \u002F>\nwebroot.\u003C\u002Fli>\n\u003Cli>All plugin capabilities are restricted to \u003Ccode>manage_options\u003C\u002Fcode> (administrators)\u003Cbr \u002F>\nby default. The menu can optionally be restricted to admins only.\u003C\u002Fli>\n\u003Cli>Sanitize and escape all output; nonces are enforced on all state-changing\u003Cbr \u002F>\nactions.\u003C\u002Fli>\n\u003Cli>Secure SMTP credentials using TLS\u002FSTARTTLS; credentials are stored in the\u003Cbr \u002F>\nWordPress options table.\u003C\u002Fli>\n\u003Cli>Set file permissions tightly (e.g., 600\u002F640) and restrict ownership to the\u003Cbr \u002F>\nweb server user.\u003C\u002Fli>\n\u003Cli>Backup database and files before using bulk delete or table truncation.\u003C\u002Fli>\n\u003Cli>Disable unused modules to reduce footprint and potential attack surface.\u003C\u002Fli>\n\u003Cli>Disable or throttle high-frequency background polling on high-load sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage Notes & Performance\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The Error Log viewer reads the last N lines (default 100, max configurable\u003Cbr \u002F>\nvia Screen Options) to avoid full-file reads on GB-sized logs.\u003C\u002Fli>\n\u003Cli>No pagination on error logs by design — pagination would force repeated\u003Cbr \u002F>\nexpensive full-file reads.\u003C\u002Fli>\n\u003Cli>The PHP Fatal Error Tracker uses its own DB table; apply a retention policy\u003Cbr \u002F>\nin Settings to avoid unbounded growth.\u003C\u002Fli>\n\u003Cli>The Hooks Capture module adds minimal overhead per captured hook invocation;\u003Cbr \u002F>\ndisable capturing on production when not actively debugging.\u003C\u002Fli>\n\u003Cli>The URL Tracker records page visits in a custom table; configure retention\u003Cbr \u002F>\nor pause tracking on high-traffic sites.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support & Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Secure log paths and consider randomising filenames in production.\u003C\u002Fli>\n\u003Cli>Disable unused modules to reduce footprint and attack surface.\u003C\u002Fli>\n\u003Cli>Recovery Mode has limitations on multisite — test before relying on it.\u003C\u002Fli>\n\u003Cli>For bugs or feature requests, open an issue on the plugin page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Live preview and full details:\u003Cbr \u002F>\nhttps:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\u003C\u002Fp>\n","0 Day Analytics is a comprehensive WordPress debugging and operational",40,5614,100,2,"2026-03-09T13:39:00.000Z","6.9.4","6.0","7.4",[20,21,22,23,24],"cron","debug","error-log","performance","transients","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F0-day-analytics.4.9.0.zip",99,1,0,"2025-11-12 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-64293","0-day-analytics-authenticated-administrator-sql-injection","0 Day Analytics \u003C= 4.0.0 - Authenticated (Administrator+) SQL Injection","The 0 Day Analytics plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=4.0.0","4.1.0","medium",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-11-17 18:14:56",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F63d93203-e8fb-4a88-9546-580944f03d9a?source=api-prod",6,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":51,"avg_security_score":13,"avg_patch_time_days":48,"trust_score":13,"computed_at":52},"awesomefootnotes",140,"2026-04-04T02:14:56.298Z",[54,75,92,109,131],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":13,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":74,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-healthcheck","WP Healthcheck","1.4.0","Tiago Hillebrandt","https:\u002F\u002Fprofiles.wordpress.org\u002Ftiagohillebrandt\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-healthcheck.com\" rel=\"nofollow ugc\">WP Healthcheck\u003C\u002Fa> is a plugin to check the health of your WordPress install.\u003C\u002Fp>\n\u003Cp>It detects some useful information regarding your site health, like the number of active transients and autoload options, and then displays them conveniently via the WordPress Dashboard.\u003C\u002Fp>\n\u003Cp>This plugin can help you improve your site performance by cleaning up the transients and deactivating autoload options.\u003C\u002Fp>\n\u003Cp>WP Healthcheck also verifies the software versions in use by your server. We maintain information about software minimum requirements up to date in our systems. This allows the plugin to retrieve this information from our external API and compare versus the ones installed in your server.\u003C\u002Fp>\n\u003Cp>SSL certificate expiration dates are also checked and notifications for expired or near expiration SSL certificates are provided conveniently via the WordPress Dashboard.\u003C\u002Fp>\n\u003Ch4>WP-CLI Extension\u003C\u002Fh4>\n\u003Cp>WP Healthcheck also includes a WP-CLI extension. If you want to see all the CLI commands available in the plugin, go ahead and run \u003Ccode>wp healthcheck\u003C\u002Fcode> in your site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp healthcheck autoload [--deactivate=\u003Coption-name>] [--history]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp healthcheck transient [--delete-expired] [--delete-all]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp healthcheck server\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp healthcheck ssl\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n","WP Healthcheck is a plugin to check the health of your WordPress install.",1000,26475,3,"2024-07-16T05:30:00.000Z","6.6.5","5.0","7.0",[70,20,71,23,24],"autoload","healthcheck","https:\u002F\u002Fwp-healthcheck.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-healthcheck.1.4.0.zip",92,{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":29,"num_ratings":29,"last_updated":25,"tested_up_to":85,"requires_at_least":17,"requires_php":18,"tags":86,"homepage":89,"download_link":90,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":91},"wploadgraph","WpLoadGraph – Log and display server load of your WP site","0.2.3","Tekod lab.","https:\u002F\u002Fprofiles.wordpress.org\u002Ftekod\u002F","\u003Cp>This plugin will track all incoming requests to your server that triggers loading WordPress core:\u003Cbr \u002F>\n– regular pages\u003Cbr \u002F>\n– 404 page\u003Cbr \u002F>\n– login, register and lost-password pages\u003Cbr \u002F>\n– ajax, rest & xmlrpc requests\u003Cbr \u002F>\n– cron requests\u003C\u002Fp>\n\u003Cp>Somewhat similar to “access log” feature most servers already has,\u003Cbr \u002F>\nbut with one important improvement – it stores how long each process executes!\u003Cbr \u002F>\nThat information is essential for analyzing stress test results.\u003C\u002Fp>\n\u003Cp>Now we can visualize what requests was ran in parallel with other requests, competing for resources of the same CPU.\u003Cbr \u002F>\nNow you can see are your pages loading so slow because there is cronjob working in background.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Simply install and activate plugin. No settings are available.\u003C\u002Fp>\n\u003Cp>Plugin will add new menu item in admin dashboard, in “Tools” menu, sub-page “WpLoadGraph”.\u003Cbr \u002F>\nIt has nicely styled timeline graph and filter to specify period of time you interested in.\u003C\u002Fp>\n\u003Cp>Requests are grouped by “session id” to make visual analysing easier, and coloured according to their type.\u003Cbr \u002F>\nGraph has “zoom” ability (use mouse wheel to zoom in and zoom out) and “pan” ability (mouse drag left and right).\u003C\u002Fp>\n\u003Cp>There is a limitation of javascript library used for displaying events – it can contain maximum of 5000 elements,\u003Cbr \u002F>\nso only first 5000 entries will be shown in graph if you selected too wide range in filter.\u003C\u002Fp>\n\u003Cp>To avoid storing too large log file plugin will periodically check it size and strip off the oldest entries to keep it in reasonable size.\u003Cbr \u002F>\nBy default, that limit is 200Mb, but can be modified using filter hook “wploadgraph-max_trace_size”.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>Please, send bug reports and feature requests to \u003Ca href=\"mailto:office@tekod.com\" rel=\"nofollow ugc\">office@tekod.com\u003C\u002Fa>\u003C\u002Fp>\n","Stress testing tool for logging and measuring all requests to your WordPress website and displaying in timeline format.",10,1338,"6.5.8",[20,21,23,87,88],"server","stress-test","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwploadgraph","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwploadgraph.0.2.3.zip","2026-03-15T10:48:56.248Z",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":29,"downloaded":100,"rating":29,"num_ratings":29,"last_updated":101,"tested_up_to":102,"requires_at_least":67,"requires_php":18,"tags":103,"homepage":107,"download_link":108,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"cron-error-silence","Cron Error Silence","1.0.2","Pierre Stephan","https:\u002F\u002Fprofiles.wordpress.org\u002Fpierrestephan\u002F","\u003Cp>\u003Cstrong>Tired of “undefined index” or “could_not_set” warnings in your debug.log file?\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Cron Error Silence\u003C\u002Fstrong> is a lightweight, zero-impact WordPress plugin that automatically suppresses non-critical cron-related PHP warnings while keeping all scheduled tasks running perfectly.\u003C\u002Fp>\n\u003Cp>Ideal for developers, staging environments, or performance-focused admins who want readable logs without breaking functionality.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🔇 Suppresses “Undefined array key” cron warnings\u003C\u002Fli>\n\u003Cli>🛡️ Prevents “could_not_set” cron errors from cluttering logs\u003C\u002Fli>\n\u003Cli>💯 Keeps WordPress cron system fully functional\u003C\u002Fli>\n\u003Cli>✨ No performance loss\u003C\u002Fli>\n\u003Cli>⚙️ Works alongside caching and optimization plugins\u003C\u002Fli>\n\u003Cli>✅ Fully automatic and safe to use\u003C\u002Fli>\n\u003C\u002Ful>\n","Silence noisy WordPress cron-related error messages and clean up your debug logs – without affecting core functionality.",266,"2025-06-21T16:16:00.000Z","6.8.5",[20,104,105,106,23],"debugging","errors","logs","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcron-error-silence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcron-error-silence.1.0.2.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":16,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":64,"unpatched_count":29,"last_vuln_date":130,"fetched_at":31},"wp-crontrol","WP Crontrol","1.21.0","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>WP Crontrol enables you to take control of the scheduled cron events on your WordPress website or WooCommerce store. From the admin screens you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View all scheduled cron events along with their arguments, schedule, callback functions, and when they are next due.\u003C\u002Fli>\n\u003Cli>Edit, delete, pause, resume, and immediately run cron events.\u003C\u002Fli>\n\u003Cli>Add new cron events.\u003C\u002Fli>\n\u003Cli>Bulk delete cron events.\u003C\u002Fli>\n\u003Cli>Add and remove custom cron schedules.\u003C\u002Fli>\n\u003Cli>Export and download cron event lists as a CSV file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP Crontrol is aware of timezones, will alert you to events that have no actions or that have missed their schedule, and will show you a helpful warning message if it detects any problems with your cron system.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to the \u003Ccode>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cron Events\u003C\u002Fcode> menu to manage cron events.\u003C\u002Fli>\n\u003Cli>Go to the \u003Ccode>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cron Schedules\u003C\u002Fcode> menu to manage cron schedules.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Fdocs\u002Fhow-to-use\u002F\" rel=\"nofollow ugc\">Extensive documentation on how to use WP Crontrol and how to get help for error messages that it shows is available on the WP Crontrol website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>For site owners\u003C\u002Fh3>\n\u003Cp>Owners of WordPress websites and WooCommerce stores use WP Crontrol to ensure that scheduled cron events run correctly and efficiently. By providing complete control over cron events, WP Crontrol helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Improve reliability\u003C\u002Fstrong>: Address missed or failed cron events, ensuring your website or WooCommerce store continues to function as expected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhance security\u003C\u002Fstrong>: Monitor and control cron events to ensure automatic update checks are performed as they should.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simplify management\u003C\u002Fstrong>: Add, edit, delete, and pause cron events from a user-friendly interface, without needing to write any code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gain insights\u003C\u002Fstrong>: Export cron event data for analysis or reporting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Action Scheduler compatibility\u003C\u002Fstrong>: Full support for the Action Scheduler system in WooCommerce, which is used to process recurring payments, subscriptions, and background orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clarity of times and timezones\u003C\u002Fstrong>: All times are shown with a clear and accurate indication of which timezone applies. No more guesswork!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For developers\u003C\u002Fh3>\n\u003Cp>Developers use WP Crontrol to streamline and debug their WordPress development process:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced debugging\u003C\u002Fstrong>: Identify and troubleshoot issues with scheduled tasks, ensuring your scheduled events and their callbacks run as expected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom schedules\u003C\u002Fstrong>: Create and manage custom cron schedules to fit the specific needs of your website, plugins, or themes, providing greater flexibility than just the core schedules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Efficient workflow\u003C\u002Fstrong>: Add, edit, and delete cron events directly from the WordPress admin interface, saving time and reducing the need for manual coding.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Insightful monitoring\u003C\u002Fstrong>: Get insight into the performance and behavior of your scheduled tasks, allowing for optimization and better resource management.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accurate debugging\u003C\u002Fstrong>: WP Crontrol goes to great lengths to ensure that running an event manually does so in a manner which exactly matches how WordPress core runs schdeuled events. This ensures that you can debug events accurately and with confidence.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> is the developer tools panel for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>WP Crontrol is private by default and always will be. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">WP Crontrol’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>WP Crontrol aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">WP Crontrol’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","WP Crontrol enables you to take control of the cron events on your WordPress website.",300000,7578206,90,163,"2026-01-28T21:40:00.000Z","6.4",[20,124,21,125,126],"crontrol","woocommerce","wp-cron","https:\u002F\u002Fwp-crontrol.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-crontrol.1.21.0.zip",96,"2025-08-21 00:00:00",{"slug":132,"name":133,"version":134,"author":113,"author_profile":114,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":16,"requires_at_least":142,"requires_php":18,"tags":143,"homepage":146,"download_link":147,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"query-monitor","Query Monitor – The developer tools panel for WordPress","3.20.2","\u003Cp>Query Monitor is the developer tools panel for WordPress and WooCommerce. It enables debugging of database queries, PHP errors, hooks and actions, block editor blocks, enqueued scripts and stylesheets, HTTP API calls, and more.\u003C\u002Fp>\n\u003Cp>It includes some advanced features such as debugging of Ajax calls, REST API calls, user capability checks, and full support for block themes and full site editing. It includes the ability to narrow down much of its output by plugin or theme, allowing you to quickly determine poorly performing plugins, themes, or functions.\u003C\u002Fp>\n\u003Cp>Query Monitor focuses heavily on presenting its information in a useful manner, for example by showing aggregate database queries grouped by the plugins, themes, or functions that are responsible for them. It adds an admin toolbar menu showing an overview of the current page, with complete debugging information shown in panels once you select a menu item.\u003C\u002Fp>\n\u003Cp>Query Monitor supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Cp>For complete information, please see \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002F\" rel=\"nofollow ugc\">the Query Monitor website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here’s an overview of what’s shown for each page load:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Database queries, including notifications for slow, duplicate, or erroneous queries. Allows filtering by query type (\u003Ccode>SELECT\u003C\u002Fcode>, \u003Ccode>UPDATE\u003C\u002Fcode>, \u003Ccode>DELETE\u003C\u002Fcode>, etc), responsible component (plugin, theme, WordPress core), and calling function, and provides separate aggregate views for each.\u003C\u002Fli>\n\u003Cli>The template filename, the complete template hierarchy, and names of all template parts that were loaded or not loaded (for block themes and classic themes).\u003C\u002Fli>\n\u003Cli>PHP errors presented nicely along with their responsible component and call stack, and a visible warning in the admin toolbar.\u003C\u002Fli>\n\u003Cli>Usage of “Doing it Wrong” or “Deprecated” functionality in the code on your site.\u003C\u002Fli>\n\u003Cli>Blocks and associated properties within post content and within full site editing (FSE).\u003C\u002Fli>\n\u003Cli>Matched rewrite rules, associated query strings, and query vars.\u003C\u002Fli>\n\u003Cli>Enqueued scripts and stylesheets, along with their dependencies, dependents, and alerts for broken dependencies.\u003C\u002Fli>\n\u003Cli>Language settings and loaded translation files (MO files and JSON files) for each text domain.\u003C\u002Fli>\n\u003Cli>HTTP API requests, with response code, responsible component, and time taken, with alerts for failed or erroneous requests.\u003C\u002Fli>\n\u003Cli>User capability checks, along with the result and any parameters passed to the capability check.\u003C\u002Fli>\n\u003Cli>Environment information, including detailed information about PHP, the database, WordPress, and the web server.\u003C\u002Fli>\n\u003Cli>The values of all WordPress conditional functions such as \u003Ccode>is_single()\u003C\u002Fcode>, \u003Ccode>is_home()\u003C\u002Fcode>, etc.\u003C\u002Fli>\n\u003Cli>Transients that were updated.\u003C\u002Fli>\n\u003Cli>Usage of \u003Ccode>switch_to_blog()\u003C\u002Fcode> and \u003Ccode>restore_current_blog()\u003C\u002Fcode> on Multisite installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Whenever a redirect occurs, Query Monitor adds an HTTP header containing the call stack, so you can use your favourite HTTP inspector or browser developer tools to trace what triggered the redirect.\u003C\u002Fli>\n\u003Cli>The response from any jQuery-initiated Ajax request on the page will contain various debugging information in its headers. PHP errors also get output to the browser’s developer console.\u003C\u002Fli>\n\u003Cli>The response from an authenticated WordPress REST API request will contain an overview of performance information and PHP errors in its headers, as long as the authenticated user has permission to view Query Monitor’s output. An \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Fusing-the-rest-api\u002Fglobal-parameters\u002F#_envelope\" rel=\"nofollow ugc\">an enveloped REST API request\u003C\u002Fa> will include even more debugging information in the \u003Ccode>qm\u003C\u002Fcode> property of the response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default, Query Monitor’s output is only shown to Administrators on single-site installations, and Super Admins on Multisite installations.\u003C\u002Fp>\n\u003Cp>In addition to this, you can set an authentication cookie which allows you to view Query Monitor output when you’re not logged in (or if you’re logged in as a non-Administrator). See the Settings panel for details.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor is private by default and always will be. It does not persistently store any of the data that it collects. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Query Monitor’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">Query Monitor’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","Query Monitor is the developer tools panel for WordPress and WooCommerce.",200000,19156533,98,463,"2025-12-11T22:16:00.000Z","6.1",[21,144,145,23,132],"debug-bar","development","https:\u002F\u002Fquerymonitor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-monitor.3.20.2.zip",{"attackSurface":149,"codeSignals":155,"taintFlows":166,"riskAssessment":167,"analyzedAt":180},{"hooks":150,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":154,"entryPointCount":29,"unprotectedCount":29},[],[],[],[],[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":159,"fileOperations":29,"externalRequests":29,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":165},[],{"prepared":29,"raw":29,"locations":158},[],{"escaped":29,"rawEcho":28,"locations":160},[161],{"file":162,"line":163,"context":164},"advanced-analytics.php",68,"raw output",[],[],{"summary":168,"deductions":169},"The plugin '0-day-analytics' v4.9.0 presents a mixed security posture.  On the positive side, the static analysis reveals a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, all SQL queries are reported as using prepared statements, and there are no indications of file operations, external HTTP requests, or bundled libraries that could introduce known vulnerabilities.  The absence of critical or high-severity taint flows is also a good sign.\n\nHowever, a significant concern arises from the output escaping.  With one total output and 0% properly escaped, any data processed by this plugin and displayed to users is highly susceptible to Cross-Site Scripting (XSS) attacks.  Additionally, the vulnerability history, despite having no currently unpatched CVEs, shows a past medium-severity SQL injection vulnerability.  The fact that this was a medium severity issue and the plugin has a history of such vulnerabilities suggests a need for ongoing vigilance.  The complete lack of nonce and capability checks on any potential (though unreported) entry points is also a weakness, leaving the door open for unauthorized actions or manipulation if any entry points are discovered or added in the future.",[170,173,176,178],{"reason":171,"points":172},"Unescaped output detected",8,{"reason":174,"points":175},"Past medium severity SQL injection vulnerability",5,{"reason":177,"points":175},"Lack of nonce checks",{"reason":179,"points":175},"Lack of capability checks","2026-03-16T22:18:10.843Z",{"wat":182,"direct":193},{"assetPaths":183,"generatorPatterns":185,"scriptPaths":186,"versionParams":187},[184],"\u002Fwp-content\u002Fplugins\u002F0-day-analytics\u002Fadvanced-analytics.php",[],[],[188,189,190,191,192],"0-day-analytics\u002Fadvanced-analytics.php?ver=","0-day-analytics\u002Fvendor\u002Fassets\u002Fjs\u002Fadmin.js?ver=","0-day-analytics\u002Fvendor\u002Fassets\u002Fcss\u002Fadmin.css?ver=","0-day-analytics\u002Fvendor\u002Fassets\u002Fcss\u002Fsettings.css?ver=","0-day-analytics\u002Fvendor\u002Fassets\u002Fjs\u002Fsettings.js?ver=",{"cssClasses":194,"htmlComments":195,"htmlAttributes":196,"restEndpoints":217,"jsGlobals":223,"shortcodeOutput":235},[],[],[197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216],"data-advana-logs-url","data-advana-api-nonce","data-advana-url-tracker-nonce","data-advana-snippets-nonce","data-advana-mail-smtp-nonce","data-advana-settings-nonce","data-advana-request-url","data-advana-request-method","data-advana-request-args","data-advana-request-headers","data-advana-request-body","data-advana-mail-to","data-advana-mail-subject","data-advana-mail-body","data-advana-mail-headers","data-advana-mail-attachments","data-advana-url-tracker-id","data-advana-snippet-id","data-advana-mail-smtp-id","data-advana-setting-key",[218,219,220,221,222],"\u002Fwp-json\u002F0-day-analytics\u002Fv1\u002Flogs","\u002Fwp-json\u002F0-day-analytics\u002Fv1\u002Furl-tracker","\u002Fwp-json\u002F0-day-analytics\u002Fv1\u002Fsnippets","\u002Fwp-json\u002F0-day-analytics\u002Fv1\u002Fmail-smtp","\u002Fwp-json\u002F0-day-analytics\u002Fv1\u002Fsettings",[224,225,226,227,228,229,230,231,232,233,234],"ADVAN_Settings","ADVAN_AJAX_URL","ADVAN_NONCE","ADVAN_REST_URL","ADVAN_VERSION","ADVAN_LOCALE","ADVAN_ADMIN_URL","ADVAN_URL_TRACKER_NONCE","ADVAN_SNIPPETS_NONCE","ADVAN_MAIL_SMTP_NONCE","ADVAN_SETTINGS_NONCE",[]]