[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9HJu2HvCH1MbfBqog2FcoQU84W8u2Tjz8YxpWlGFnRE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":131,"fingerprints":358},"add-link","Add Link","1.1","ctltwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fctltwp\u002F","\u003Cp>Add Link enables your users to add links to your blog.\u003Cbr \u002F>\nThis is a simple plugin that enables users to add a sidebar widget to submit links to the blogroll.\u003C\u002Fp>\n\u003Cp>You can enable Login users to managed thier links. Usefull for populating the a blogroll.\u003C\u002Fp>\n","Add Link enables your users to add links to your blog.",10,7733,0,"2010-04-15T23:12:00.000Z","2.9.2","2.8","",[4,19,20,21,22],"blogroll","user","wordpress-mu","wpmu","http:\u002F\u002Fblogs.ubc.ca\u002Fsupport\u002Fplugins\u002Fadd-links-widget\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-link.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},15,5800,84,34,77,"2026-04-04T17:14:55.493Z",[37,54,72,92,113],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":17,"download_link":53,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"blog-topics","Blog Topics For WPMU","1.2","DeannaS","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeannas\u002F","\u003Cp>This plugin creates site-wide topics. Each blog can be identified as belonging to a single topic. Blog owners can select a topic for their blog at creation time, and through a menu under settings. Blog owners can also choose whether or not to include their content in any site-wide aggregated content via the Blog Topics Settings menu.\u003C\u002Fp>\n\u003Cp>Site Admins can set up the site-wide topics, select a “featured topic,” and manage blog’s topic settings through the Site Admin -> Blogs -> Edit menu.\u003C\u002Fp>\n\u003Cp>This plugin comes with 5 optional widgets (in the widgets subdirectory).\u003C\u002Fp>\n\u003Col>\n\u003Cli>BT – Topic Name – displays the name of the topic of the current blog.\u003C\u002Fli>\n\u003Cli>BT – Related Blogs – displays a linked list of other blogs in the same topic.\u003C\u002Fli>\n\u003Cli>BT – Related Posts – displays the title of the N most recent posts in the same topic as the current blog.\u003C\u002Fli>\n\u003Cli>BT – Featured Topic w\u002FPosts – displays the N most recent posts from the “featured” topic.\u003C\u002Fli>\n\u003Cli>BT – Topics w\u002FPosts – displays the N most recent posts from each topic, with the option of excluding selected topics.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Some of the widgets rely on theme code for topic listing pages and site listing pages, referred to as “portal links.” All portal links can be turned on and off in the widgets. This plugin comes with a sample theme to help you learn how to modify your own theme to incorporate the portal elements.\u003C\u002Fp>\n","Allows users to categorize blogs by topic. Allows users to categorize blogs by topic. Includes multiple optional widgets and optional sample theme cod &hellip;",7710,"2011-04-19T16:25:00.000Z","3.1.4","2.9",[50,21,51,52],"wmpu-site-wide-categories","wordpress-multiuser","wpmu-site-wide-topics","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-topics.zip",{"slug":55,"name":56,"version":57,"author":41,"author_profile":42,"description":58,"short_description":59,"active_installs":11,"downloaded":60,"rating":61,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":70,"download_link":71,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wpmu-plugin-stats","WPMU Plugin Stats","3.0.1","\u003Cblockquote>\n\u003Cp>The plugin is deprecated and reaches a hard end-of-life date on 31. January 2018!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Alternative\u003C\u002Fh4>\n\u003Cp>You should switch to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultisite-enhancements\u002F\" rel=\"ugc\">Multisite Enhancements\u003C\u002Fa>. It provides the same functionality and is actively maintained.\u003C\u002Fp>\n\u003Cp>This plugin gives you a count and the listing of sites using your installed plugins.\u003C\u002Fp>\n\u003Cp>Usage data is cached in a Transient (non-autoloading) but the data collection process can be a very expensive operation depending on plugin and (especially) site count.\u003Cbr \u002F>\nCheck the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpmu-plugin-stats\u002Ffaq\u002F\" title=\"Frequently Asked Questions\" rel=\"ugc\">FAQ\u003C\u002Fa> for more details on caching.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Requires a WordPress Multisite Installation\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>JavaScript is required to toggle the list of sites using a plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>The plugin has reached its end-of-life. No updates and\u002For support after 2018-01-31\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>GitHub Repository: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-repository\u002Fwpmu-plugin-stats\" rel=\"nofollow ugc\">wpmu-plugin-stats\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Gives network admins an easy way to see what plugins are actively used on the sites of a multisite installation",17612,60,2,"2018-08-30T09:46:00.000Z","4.9.29","3.8","5.3",[68,69,21,51,22],"multisite","plugin-stats","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpmu-plugin-stats\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpmu-plugin-stats.3.0.1.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":11,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":17,"tags":86,"homepage":90,"download_link":91,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-user-gravatar","Disable User Gravatar","3.1","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>This is a very simple and lightweight plugin that anonymizes default avatars and prevents the user’s gravatar being automatically obtained from gravatar.com based on their registered email. This would be useful for sites where users require an extra layer of privacy, or if you just want to prevent potentially silly or embarrasing avatar accidents.\u003C\u002Fp>\n\u003Cp>If you’re using Identicons or any other generated default avatar, the user should keep a consistent avatar unless they change their registered email.\u003C\u002Fp>\n\u003Cp>You can also disable Gravatar completely and choose a default image to display.\u003C\u002Fp>\n\u003Cp>This plugin is also compatible with other avatar customization plugins such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Favatar-manager\u002F\" rel=\"ugc\">Avatar Manager\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress\u002F\" rel=\"ugc\">BuddyPress\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadd-new-default-avatar\u002F\" rel=\"ugc\">Add New Default Avatar\u003C\u002Fa>, since this plugin specifically prevents the gravatar of a specific user email being used and reverts to the default or user-defined avatar.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important 3.0 Update – BuddyPress users should visit the Settings > Discussion page on your dashboard and choose one of the Disable Gravatar options to restore previous behavior.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have any issues or suggestions, please visit our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-user-gravatar\" rel=\"ugc\">support forums\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you find this plugin useful and would like to say thanks, please leave us a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fdisable-user-gravatar?filter=5\" rel=\"ugc\">5 star review\u003C\u002Fa>!\u003C\u002Fp>\n","Stops WordPress from grabbing a user avatar using their registrated email from gravatar.com.",3000,40294,100,"2022-11-01T16:00:00.000Z","6.1.10","2.7",[87,88,89,21,22],"activity-stream","avatar","gravatar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-user-gravatar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-user-gravatar.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":82,"num_ratings":102,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":17,"tags":106,"homepage":111,"download_link":112,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"activate-update-services","Activate Update Services","1.0.7","feedmeastraycat","https:\u002F\u002Fprofiles.wordpress.org\u002Ffeedmeastraycat\u002F","\u003Cp>WordPress removes the Update Services ability (Settings – Writing) when you create a network (aka enables WordPress MU\u002FMultisite).\u003Cbr \u002F>\nActivate this plugin to get it back.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> This is only for WordPress setups with a network, aka multiple sites, aka multisites,\u003Cbr \u002F>\naka WPMU in WordPress 3 and later.\u003C\u002Fp>\n\u003Cp>This plugin \u003Cem>might\u003C\u002Fem> work with older WordPress MU sites. I haven’t tested it though. If you do, please\u003Cbr \u002F>\nlet me know how it turned out.\u003C\u002Fp>\n\u003Ch3>Files\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u002Factivate-update-services\u002Factivate-update-services.php\u003C\u002Fli>\n\u003Cli>\u002Factivate-update-services\u002FREADME.txt\u003C\u002Fli>\n\u003C\u002Ful>\n","WordPress removes the Update Services ability when you create a network. Activate this plugin to get it back.",200,39787,1,"2016-05-21T21:05:00.000Z","4.5.33","3.0.0",[107,108,109,110,22],"multiusers","network","ping","update-service","http:\u002F\u002Fwww.feedmeastraycat.net\u002Fprojects\u002Frandom-wordpress-plugins\u002Factivate-update-services\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Factivate-update-services.1.0.7.zip",{"slug":114,"name":115,"version":95,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":82,"downloaded":120,"rating":82,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":17,"tags":125,"homepage":129,"download_link":130,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"multisite-user-role-manager","Multisite User Role Manager","OzTheGreat","https:\u002F\u002Fprofiles.wordpress.org\u002Fozthegreat\u002F","\u003Cp>For WordPress Multisite (WPMU) installs, allows Super Admins to easily manage each users roles and blogs from one\u003Cbr \u002F>\nscreen in the Network Admin menu.\u003C\u002Fp>\n\u003Cp>You no longer have to go to each blog to change the user’s role. It’s also\u003Cbr \u002F>\nmuch easier to see which sites a user is associated with.\u003C\u002Fp>\n","Manage user roles for each blog from a single screen on multisite (WPMU) setups",30215,3,"2017-11-07T14:04:00.000Z","4.8.28","4.0",[126,68,127,128,22],"management","roles","users","https:\u002F\u002Fwpartisan.me\u002Fplugins\u002Fmultisite-user-role-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-user-role-manager.1.0.7.zip",{"attackSurface":132,"codeSignals":147,"taintFlows":278,"riskAssessment":352,"analyzedAt":357},{"hooks":133,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":13,"unprotectedCount":13},[134,140],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","widgets_init","olt_add_link_load_widgets","add-link.php",33,{"type":135,"name":141,"callback":142,"file":138,"line":33},"admin_enqueue_scripts","olt_add_link_admin_js",[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":152,"fileOperations":13,"externalRequests":13,"nonceChecks":62,"capabilityChecks":13,"bundledLibraries":277},[],{"prepared":150,"raw":13,"locations":151},4,[],{"escaped":153,"rawEcho":154,"locations":155},20,75,[156,159,161,163,165,167,169,170,172,173,175,177,178,180,182,183,185,187,188,190,192,193,195,197,198,200,202,204,206,207,209,210,211,212,214,216,218,219,220,222,224,225,226,228,230,231,232,234,236,237,238,240,242,244,245,247,248,249,250,252,253,255,257,259,260,261,263,264,266,268,269,271,273,274,275],{"file":138,"line":157,"context":158},184,"raw output",{"file":138,"line":160,"context":158},213,{"file":138,"line":162,"context":158},245,{"file":138,"line":164,"context":158},250,{"file":138,"line":166,"context":158},255,{"file":138,"line":168,"context":158},260,{"file":138,"line":168,"context":158},{"file":138,"line":171,"context":158},262,{"file":138,"line":171,"context":158},{"file":138,"line":174,"context":158},263,{"file":138,"line":176,"context":158},268,{"file":138,"line":176,"context":158},{"file":138,"line":179,"context":158},269,{"file":138,"line":181,"context":158},276,{"file":138,"line":181,"context":158},{"file":138,"line":184,"context":158},277,{"file":138,"line":186,"context":158},284,{"file":138,"line":186,"context":158},{"file":138,"line":189,"context":158},285,{"file":138,"line":191,"context":158},292,{"file":138,"line":191,"context":158},{"file":138,"line":194,"context":158},293,{"file":138,"line":196,"context":158},301,{"file":138,"line":196,"context":158},{"file":138,"line":199,"context":158},302,{"file":138,"line":201,"context":158},312,{"file":138,"line":203,"context":158},325,{"file":138,"line":205,"context":158},332,{"file":138,"line":205,"context":158},{"file":138,"line":208,"context":158},337,{"file":138,"line":208,"context":158},{"file":138,"line":208,"context":158},{"file":138,"line":208,"context":158},{"file":138,"line":213,"context":158},354,{"file":138,"line":215,"context":158},453,{"file":138,"line":217,"context":158},454,{"file":138,"line":217,"context":158},{"file":138,"line":217,"context":158},{"file":138,"line":221,"context":158},459,{"file":138,"line":223,"context":158},461,{"file":138,"line":223,"context":158},{"file":138,"line":223,"context":158},{"file":138,"line":227,"context":158},483,{"file":138,"line":229,"context":158},484,{"file":138,"line":229,"context":158},{"file":138,"line":229,"context":158},{"file":138,"line":233,"context":158},488,{"file":138,"line":235,"context":158},489,{"file":138,"line":235,"context":158},{"file":138,"line":235,"context":158},{"file":138,"line":239,"context":158},510,{"file":138,"line":241,"context":158},522,{"file":138,"line":243,"context":158},523,{"file":138,"line":243,"context":158},{"file":138,"line":246,"context":158},530,{"file":138,"line":246,"context":158},{"file":138,"line":246,"context":158},{"file":138,"line":246,"context":158},{"file":138,"line":251,"context":158},535,{"file":138,"line":251,"context":158},{"file":138,"line":254,"context":158},536,{"file":138,"line":256,"context":158},539,{"file":138,"line":258,"context":158},540,{"file":138,"line":258,"context":158},{"file":138,"line":258,"context":158},{"file":138,"line":262,"context":158},544,{"file":138,"line":262,"context":158},{"file":138,"line":265,"context":158},545,{"file":138,"line":267,"context":158},564,{"file":138,"line":267,"context":158},{"file":138,"line":270,"context":158},573,{"file":138,"line":272,"context":158},574,{"file":138,"line":272,"context":158},{"file":138,"line":272,"context":158},{"file":138,"line":276,"context":158},581,[],[279,329],{"entryPoint":280,"graph":281,"unsanitizedCount":13,"severity":328},"widget (add-link.php:86)",{"nodes":282,"edges":320},[283,288,293,296,300,303,305,308,310,313,315,318],{"id":284,"type":285,"label":286,"file":138,"line":287},"n0","source","$_GET['id']",225,{"id":289,"type":290,"label":291,"file":138,"line":287,"wp_function":292},"n1","sink","get_var() [SQLi]","get_var",{"id":294,"type":285,"label":295,"file":138,"line":174},"n2","$_POST['add-link-widget-link']",{"id":297,"type":290,"label":298,"file":138,"line":174,"wp_function":299},"n3","echo() [XSS]","echo",{"id":301,"type":285,"label":302,"file":138,"line":179},"n4","$_POST['add-link-widget-name']",{"id":304,"type":290,"label":298,"file":138,"line":179,"wp_function":299},"n5",{"id":306,"type":285,"label":307,"file":138,"line":184},"n6","$_POST['add-link-widget-description']",{"id":309,"type":290,"label":298,"file":138,"line":184,"wp_function":299},"n7",{"id":311,"type":285,"label":312,"file":138,"line":189},"n8","$_POST['add-link-widget-feed']",{"id":314,"type":290,"label":298,"file":138,"line":189,"wp_function":299},"n9",{"id":316,"type":285,"label":317,"file":138,"line":194},"n10","$_POST['add-link-widget-notes']",{"id":319,"type":290,"label":298,"file":138,"line":194,"wp_function":299},"n11",[321,323,324,325,326,327],{"from":284,"to":289,"sanitized":322},true,{"from":294,"to":297,"sanitized":322},{"from":301,"to":304,"sanitized":322},{"from":306,"to":309,"sanitized":322},{"from":311,"to":314,"sanitized":322},{"from":316,"to":319,"sanitized":322},"low",{"entryPoint":330,"graph":331,"unsanitizedCount":13,"severity":328},"\u003Cadd-link> (add-link.php:0)",{"nodes":332,"edges":345},[333,334,335,336,337,338,339,340,341,342,343,344],{"id":284,"type":285,"label":286,"file":138,"line":287},{"id":289,"type":290,"label":291,"file":138,"line":287,"wp_function":292},{"id":294,"type":285,"label":295,"file":138,"line":174},{"id":297,"type":290,"label":298,"file":138,"line":174,"wp_function":299},{"id":301,"type":285,"label":302,"file":138,"line":179},{"id":304,"type":290,"label":298,"file":138,"line":179,"wp_function":299},{"id":306,"type":285,"label":307,"file":138,"line":184},{"id":309,"type":290,"label":298,"file":138,"line":184,"wp_function":299},{"id":311,"type":285,"label":312,"file":138,"line":189},{"id":314,"type":290,"label":298,"file":138,"line":189,"wp_function":299},{"id":316,"type":285,"label":317,"file":138,"line":194},{"id":319,"type":290,"label":298,"file":138,"line":194,"wp_function":299},[346,347,348,349,350,351],{"from":284,"to":289,"sanitized":322},{"from":294,"to":297,"sanitized":322},{"from":301,"to":304,"sanitized":322},{"from":306,"to":309,"sanitized":322},{"from":311,"to":314,"sanitized":322},{"from":316,"to":319,"sanitized":322},{"summary":353,"deductions":354},"The \"add-link\" plugin v1.1 demonstrates a strong security posture in several key areas. The absence of identified CVEs and a clean vulnerability history are positive indicators. The code also utilizes prepared statements for all SQL queries and has a negligible attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. This suggests a focus on secure coding practices by the developers.  However, a significant concern lies in the output escaping, with only 21% of outputs being properly escaped. This leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks if user-supplied data is ever rendered directly in the output without proper sanitization.  While taint analysis shows no critical or high severity unsanitized flows, the low percentage of proper output escaping is a notable weakness that could be exploited.",[355],{"reason":356,"points":30},"Low percentage of properly escaped outputs","2026-03-17T01:38:00.723Z",{"wat":359,"direct":366},{"assetPaths":360,"generatorPatterns":363,"scriptPaths":364,"versionParams":365},[361,362],"\u002Fwp-content\u002Fplugins\u002Fadd-link\u002Fadd-link.js","\u002Fwp-content\u002Fplugins\u002Fadd-link\u002Fadd-link.css",[],[361],[],{"cssClasses":367,"htmlComments":368,"htmlAttributes":371,"restEndpoints":380,"jsGlobals":381,"shortcodeOutput":383},[4],[369,370],"\u003C!-- ADD LINK -->","\u003C!-- DELETE LINK -->",[372,373,374,375,376,377,378,379],"data-add-link-widget-password","data-add-link-widget-link","data-add-link-widget-name","data-add-link-widget-description","data-add-link-widget-feed","data-add-link-widget-notes","data-add-link-widget-id","data-add-link-widget-nonce",[],[382],"window.add_link_ajax_url",[]]