[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXmIDraZNwzFfkidDAWRdHr-YkKNOHNr0zGjL6WmA5bs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":192},"2mb-autocode","2MB Autocode","1.2.6","Michael","https:\u002F\u002Fprofiles.wordpress.org\u002Flilmike\u002F","\u003Cp>This plugin, developed by \u003Ca href=\"https:\u002F\u002F2mb.solutions\u002F\" rel=\"nofollow ugc\">2MB Solutions\u003C\u002Fa>, allows you to place predetermined text\u002Fhtml\u002Fphp at the top and\u002For bottom of each post. In addition, you can override the placing of text at the bottom and\u002For top of a specific post, override the placing of text on the homepage or on a post individually, or run arbitrary php inside a post.\u003C\u002Fp>\n\u003Cp>For more on 2MB, please visit (https:\u002F\u002F2mb.solutions\u002F).\u003C\u002Fp>\n\u003Cp>Note that all development now takes place at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F2mb-solutions\u002Fautocode\u002F\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin allows you to place predetermined text\u002Fhtml\u002Fphp at the top or bottom of posts.",100,39018,0,"2021-02-06T21:41:00.000Z","5.6.17","3.0","",[19,20,21,22,23],"autocode","automatic","code-placement","html","php","https:\u002F\u002F2mb.solutions\u002Fplugins\u002Fautocode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002F2mb-autocode.1.2.6.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"lilmike",1,30,84,"2026-04-04T09:06:56.880Z",[37,59,83,103,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"code-widget","Code Widget","1.0.15","Sharaz Shahid","https:\u002F\u002Fprofiles.wordpress.org\u002Fsharaz\u002F","\u003Cp>Code Widget is simple widget allows you to insert any arbitrary Text\u002FHTML  and run  PHP Code or Short Code. This Widget parses PHP code  into simple text and much more.\u003C\u002Fp>\n\u003Cp>Only users with the unfiltered_html role will be allowed to insert unfiltered HTML. This includes PHP code, so users without admin or editor permissions will not be able to use this to execute code, even if they have widget editing permissions.\u003Cbr \u002F>\nThis plugin is developed and maintained by \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fsharazghouri1\" rel=\"nofollow ugc\">Sharaz Shahid\u003C\u002Fa>\u003C\u002Fp>\n","Code widget help  to  add  Short Code, PHP Code, HTML, and Simple Text in widget.",4000,60271,98,35,"2022-06-11T11:06:00.000Z","6.1.0","4.0","7.0",[54,22,23,55,56],"code","short-code","widget","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcode-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-widget.1.0.15.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":11,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":79,"download_link":80,"security_score":81,"vuln_count":32,"unpatched_count":32,"last_vuln_date":82,"fetched_at":28},"append-extensions-on-pages","Append extensions on Pages","1.1.2","Suresh Kumar Mukhiya","https:\u002F\u002Fprofiles.wordpress.org\u002Fsureshhardiya\u002F","\u003Cp>This plugin helps to appends .html on the wordpress pages when used with permalink. If you are a developer then you can modify this plugin to use any extension you want.\u003C\u002Fp>\n\u003Cp>You can choose the extension you want to have on your pages when used with permalik. Availble choices are .jsp, .htm, .html, .asp, .ror. Every time new extension is used, please make sure to refresh permalink.\u003C\u002Fp>\n","This plugin helps to appends .html or .asp or .htm etc on the wordpress pages when used with permalink.",900,11890,7,"2017-09-09T10:53:00.000Z","4.8.28","3.1",[74,75,76,77,78],"html-on-permalink","add-aspx-on-pages","add-html-on-pages","add-php-on-pages","append-html-on-pages","http:\u002F\u002Fwww.skmukhiya.com.np","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappend-extensions-on-pages.zip",63,"2025-09-22 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":11,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":17,"tags":95,"homepage":98,"download_link":99,"security_score":100,"vuln_count":101,"unpatched_count":101,"last_vuln_date":102,"fetched_at":28},"dot-htmlphpxml-etc-pages","Dot html,php,xml etc pages","1.0","karimmughal","https:\u002F\u002Fprofiles.wordpress.org\u002Fkarimmughal\u002F","\u003Cp>This plugin allows you to create custom URLs for ur pages, for your WordPress blog. This Plugin Adds .php, html, .xml etc SIGNATURE Extension to Your Pages Like http:\u002F\u002Fwww.yoursitename.com\u002Fyourpage.php,.html,xml any signature. WARNING: FIRST DEACTIVATE THE OTHER EXTENSION PAGES PLUGIN.  Just Activate The Plugin And Setting The Pages Through Setting->Dot html,php,xml etc pages.\u003C\u002Fp>\n\u003Ch3>Powered By\u003C\u002Fh3>\n\u003Cp>KSM (http:\u002F\u002Fksmughal.com)\u003C\u002Fp>\n","Dot html,php,xml etc pages This plugin create any format of pages.",8616,"2012-08-19T08:55:00.000Z","3.4.2","2.3",[22,96,23,97],"pages","signature","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdot-htmlphpxml-etc-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdot-htmlphpxml-etc-pages.zip",42,2,"2025-07-07 00:00:00",{"slug":104,"name":105,"version":86,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":13,"num_ratings":13,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":17,"tags":115,"homepage":117,"download_link":118,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"safe-php-code-widget","Safe PHP Code Widget","k0tik","https:\u002F\u002Fprofiles.wordpress.org\u002Fk0tik\u002F","\u003Cp>The usual Text widget allows you to insert arbitrary Text and\u002For HTML code. This allows that too, but also parses any PHP or JavaScript code in the text widget and executes it.\u003C\u002Fp>\n\u003Cp>This plugin is based on “PHP Code Widget”, but now available for use by site administrators ONLY, which makes it more secure.\u003C\u002Fp>\n\u003Cp>All PHP code must be enclosed in the standard php opening and closing tags ( \u003Ccode>\u003C?php\u003C\u002Fcode> and \u003Ccode>?>\u003C\u002Fcode> ) for it to be recognized and executed. Also JavaScript code must be enclosed in the \u003Ccode>\u003Cscript>\u003C\u002Fcode> and \u003Ccode>\u003C\u002Fscript>\u003C\u002Fcode> tags, as usual.\u003C\u002Fp>\n","Adds a secure and simple widget in which you can use PHP and JavaScript code. Also you can use unfiltered HTML or just Text. Admin Use Only.",70,2248,"2019-01-09T01:28:00.000Z","5.0.25","2.8",[54,22,116,23,56],"javascript","https:\u002F\u002Fnewbiz.online\u002Fwp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-php-code-widget.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":11,"num_ratings":101,"last_updated":129,"tested_up_to":71,"requires_at_least":130,"requires_php":17,"tags":131,"homepage":135,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"html-php-pages-and-posts","Custom HTML\u002FPHP Post Templates","2.0.0","Stephen AfamO","https:\u002F\u002Fprofiles.wordpress.org\u002Fstephenafamo\u002F","\u003Cp>This plugin allows you to use any HTML or PHP file as the template for any page or post.\u003C\u002Fp>\n\u003Cp>Simply upload the file and select it.\u003Cbr \u002F>\nYou can upload custom js and css files into the media library and link to them from the HTML file.\u003C\u002Fp>\n\u003Cp>Options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Overwrite All: You overwrite the entire theme and use your custom file\u003C\u002Fli>\n\u003Cli>Overwrite Content: Keeps the header, footer, sidebar, e.t.c. Simply overwrites the body of the page or post\u003C\u002Fli>\n\u003Cli>Above Content: Your custom content is simply added to the top of the page content\u003C\u002Fli>\n\u003Cli>Below Content: You custom content is placed just beneath the page content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Adding support for custom post types\u003C\u002Fh4>\n\u003Cp>By default the pulugin works with pages and posts, however, go to the settings to enable it on any other registered post type.\u003C\u002Fp>\n\u003Cp>use the \u003Ccode>hppp_post_types\u003C\u002Fcode> filter to add more post types.\u003C\u002Fp>\n\u003Cp>Like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>    public function post_type_modify ($post_types) {\n        $post_types[] = 'custom_post_type';\n        return $post_types;\n    }\n\n    add_filter( 'hppp_post_types', 'post_type_modify' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Use your HTML or PHP files for any page or post.",60,8262,"2017-07-09T19:42:00.000Z","3.0.1",[132,133,134,22,23],"custom-pages","custom-posts","custom-templates","http:\u002F\u002Fwww.github.com\u002Fstephenafamo\u002Fhtml-php-pages-and-posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-php-pages-and-posts.2.0.0.zip",{"attackSurface":138,"codeSignals":171,"taintFlows":184,"riskAssessment":185,"analyzedAt":191},{"hooks":139,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":13,"unprotectedCount":13},[140,147,151,155,159,163],{"type":141,"name":142,"callback":143,"priority":144,"file":145,"line":146},"filter","the_content","twomb_autocode_modify_content",8,"2mb-autocode.php",11,{"type":148,"name":142,"callback":149,"priority":13,"file":145,"line":150},"action","twomb_autocode_do_php",163,{"type":148,"name":152,"callback":153,"file":145,"line":154},"admin_menu","twomb_autocode_init_admin_menu",177,{"type":148,"name":156,"callback":157,"file":145,"line":158},"admin_init","twomb_autocode_init_settings",229,{"type":148,"name":160,"callback":161,"file":145,"line":162},"add_meta_boxes","twomb_autocode_add_meta_box",363,{"type":148,"name":164,"callback":165,"file":145,"line":166},"save_post","twomb_autocode_save_meta_box_data",432,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":13,"externalRequests":13,"nonceChecks":32,"capabilityChecks":182,"bundledLibraries":183},[],{"prepared":13,"raw":13,"locations":174},[],{"escaped":101,"rawEcho":101,"locations":176},[177,180],{"file":145,"line":178,"context":179},303,"raw output",{"file":145,"line":181,"context":179},325,3,[],[],{"summary":186,"deductions":187},"The \"2mb-autocode\" v1.2.6 plugin exhibits a generally positive security posture based on the provided static analysis. The absence of identified attack surface points like AJAX handlers, REST API routes, shortcodes, and cron events, especially those without authentication checks, suggests a limited exposure to common attack vectors. Furthermore, the code signals indicate good practices with 100% of SQL queries using prepared statements and the presence of nonce and capability checks, which are crucial for securing WordPress operations. The lack of identified dangerous functions, file operations, or external HTTP requests also contributes to its favorable security profile.\n\nHowever, a notable concern is the 50% rate of improperly escaped output. This means that out of the four identified output points, two are not properly sanitized. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is directly outputted without adequate escaping. The absence of taint analysis results is not necessarily a negative, but it limits the ability to identify complex data flow vulnerabilities. The plugin's vulnerability history is clean, with no recorded CVEs, which is a strong indicator of a well-maintained and secure code base over time.\n\nIn conclusion, \"2mb-autocode\" v1.2.6 demonstrates strengths in secure coding practices, particularly in its handling of database interactions and access control. The primary area for improvement lies in ensuring all output is properly escaped to mitigate potential XSS risks. The clean vulnerability history is a significant positive, suggesting a low risk of past security flaws. The overall risk is low, with the primary concern being the unescaped output.",[188],{"reason":189,"points":190},"Output not properly escaped",6,"2026-03-16T21:13:02.802Z",{"wat":193,"direct":198},{"assetPaths":194,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[],[],[],[],{"cssClasses":199,"htmlComments":200,"htmlAttributes":201,"restEndpoints":202,"jsGlobals":203,"shortcodeOutput":204},[],[],[],[],[],[205,206],"[php]","[\u002Fphp]"]