[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4BGJB4nGxVRSmhmbSOpTVehi2a0RxAjkMhoHmXDDZic":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":122,"fingerprints":232},"add-or-remove-www","Add or Remove Www","1.01","Miina Sikk","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiinasikk\u002F","\u003Cp>Add or Remove Www seeks to solve a common problem: preventing redirects from a www- version to a non-www version of a site — or vice-versa.\u003C\u002Fp>\n\u003Cp>It’s common that you’ll create a content link or include an image, linking to http:\u002F\u002FYourSiteNameHereForExample.com\u002FimageExample.jpg — but your server then redirects that to http:\u002F\u002Fwww.YourSiteNameHereForExample.com\u002FimageExample.jpg . That adds in an extra server request and delay to the user.\u003C\u002Fp>\n\u003Cp>One solution is to go through every image and link, one by one, and make sure they’re all consistent. Another solution is… to use our plugin.\u003C\u002Fp>\n\u003Cp>We plan on adding more options to be edited — if you have any other suggestions, please let us know! You can contact us via http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-add-or-remove-www\u002F\u003C\u002Fp>\n\u003Cp>For more information and support, check out: http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-add-or-remove-www\u002F\u003C\u002Fp>\n","Add or Remove Www lets you easily configure your WordPress site to always (or never) use the www. subdomain in all links of the posts and pages.",100,7818,0,"2015-12-12T00:37:00.000Z","4.4.34","3.0.1","",[19,20,21,22,23],"domain","domains","subdomain","subdomains","www","http:\u002F\u002Fwww.wpsos.io\u002Fwordpress-plugin-add-or-remove-www\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-or-remove-www.1.01.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"miinasikk",9,8050,30,84,"2026-04-04T19:11:55.481Z",[38,54,74,90,109],{"slug":22,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":11,"num_ratings":47,"last_updated":48,"tested_up_to":15,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":52,"download_link":53,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"Subdomains","2.0.1","Pankaj Anupam","https:\u002F\u002Fprofiles.wordpress.org\u002Fpankajanupam\u002F","\u003Cp>Subdomains allows users to setup there main categories as subdomains. It’s a lite and fast code that setup all main categories as subdomains.\u003C\u002Fp>\n\u003Cp>Please leave a commment at http:\u002F\u002Fpankajanupam.in\u002Fwordpress-plugins\u002Fsubdomains\u002F for any issue & help me to improve the plugin.\u003C\u002Fp>\n\u003Cp>I will reply within 4 hours.\u003C\u002Fp>\n\u003Cp>Note: Please set permalinks to \u002F%postname%\u002F\u003C\u002Fp>\n","Subdomains allows users to setup there main categories as subdomains. It's a lite and fast code.",90,19927,2,"2016-02-18T21:05:00.000Z","2.8",[51,21,22],"categories","http:\u002F\u002Fpankajanupam.com\u002Fwordpress-plugins\u002Fsubdomains\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubdomains.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":17,"tags":69,"homepage":72,"download_link":73,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-super-subdomains","WP Super Subdomains","1.1","Jam Viet","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcjambi\u002F","\u003Cp>If you do not like WordPress Multisite and do not want to separate Your database, WP Super Subdomains will help you, this plugin work like charm without complicate setting, just active it and enjoy !\u003C\u002Fp>\n\u003Cp>All your tag, Category, page or author will turn to subdomains and it depend on your setting !\u003C\u002Fp>\n\u003Cp>Works perfectly with cache plugin like W3C Total Cache or WP Super Cache ! And thanks to Erick Tampubolon ( http:\u002F\u002Fwww.lontongcorp.com ) for create \u003Ccode>WP subdomains revisited\u003C\u002Fcode> ! i have some idea from that plugin but my plugin run faster and better than his one !\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Setup main categories as subdomains\u003C\u002Fli>\n\u003Cli>Setup tag as subdomains\u003C\u002Fli>\n\u003Cli>Setup main pages as subdomains\u003C\u002Fli>\n\u003Cli>Setup author archive as subdomains\u003C\u002Fli>\n\u003Cli>Auto redirect to new links using 301 redirect ! Do not harm your Backlink or Visitor !\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you want to create login page like this: \u003Ccode>login.domain.com\u003C\u002Fcode> please do something in wp-config.php file !\u003C\u002Fp>\n\u003Cp>Please go to \u003Ca href=\"http:\u002F\u002Fwww.jamviet.com\u002F2016\u002F03\u002Fplugin-wp-super-subdomains-create-subdomains-second.html\" rel=\"nofollow ugc\">My English Post\u003C\u002Fa> to read more, or if you have a new idea please tell me there !\u003C\u002Fp>\n\u003Ch3>Instructions\u003C\u002Fh3>\n\u003Cp>Remember to read instruction in Setting Page\u003C\u002Fp>\n","This plugin allow you create subdomain without using Wordpress Multisite ! Setup your main categories, tag, pages, and authors as subdomains !",50,7839,40,4,"2016-09-19T02:43:00.000Z","4.7.32","3.0",[51,70,71,21,22],"post","posts","http:\u002F\u002Fwww.jamviet.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-super-subdomains.1.1.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":34,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":68,"requires_php":17,"tags":87,"homepage":88,"download_link":89,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-subdomains-revisited","WP Subdomains (Revisited)","0.9.3","lontongcorp","https:\u002F\u002Fprofiles.wordpress.org\u002Flontongcorp\u002F","\u003Cp>An updated modification of “\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwordpress-subdomains\u002F\" rel=\"ugc\">WP Subdomains\u003C\u002Fa>” 0.6.9 to make subdomains for Categories, Pages and Authors without or inside Multisite.\u003Cbr \u002F>\nThe original description is at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwordpress-subdomains\u002F\" rel=\"ugc\">original plugin’s page\u003C\u002Fa>, but you MUST also read \u003Ca href=\"other_notes\u002F\" rel=\"nofollow ugc\">\u003Cstrong>INSTRUCTIONS\u003C\u002Fstrong>\u003C\u002Fa> sections.\u003C\u002Fp>\n\u003Cp>Works perfectly as CDNs, likewise with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fw3-total-cache\u002F\" rel=\"ugc\">W3 Total Cache\u003C\u002Fa>, to increase performances without any additional technical problems.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Setup main categories as subdomains\u003C\u002Fli>\n\u003Cli>Setup main pages as subdomains\u003C\u002Fli>\n\u003Cli>Setup author archives as subdomains\u003C\u002Fli>\n\u003Cli>Custom themes for each subdomains\u003C\u002Fli>\n\u003Cli>Tie pages to categories\u003C\u002Fli>\n\u003Cli>Contextual help screen\u003C\u002Fli>\n\u003Cli>Widgets\u003C\u002Fli>\n\u003Cli>Localization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Instructions\u003C\u002Fh3>\n\u003Cp>Read the original instructions at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwordpress-subdomains\u002F\" rel=\"ugc\">Original Plugin\u003C\u002Fa>.\u003Cbr \u002F>\nRead the instructions on plugins help screen on plugins backend.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.lontongcorp.com\" rel=\"nofollow ugc\">Erick Tampubolon\u003C\u002Fa> of \u003Ca href=\"http:\u002F\u002Fwww.igits.co.id\" rel=\"nofollow ugc\">IGITS\u003C\u002Fa> (Author)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fselnomeria\" rel=\"nofollow ugc\">selnomeria\u003C\u002Fa> (Commiter)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdemp.se\u002Fy\u002F2008\u002F04\u002F11\u002Fcategory-subdomains-plugin-for-wordpress-25\u002F\" rel=\"nofollow ugc\">Adam Dempsey\u003C\u002Fa> (Contributor)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fblog.youontop.com\u002Fwordpress\u002Fwordpress-category-as-subdomain-plugin-41.html\" rel=\"nofollow ugc\">Gilad Gafni\u003C\u002Fa> (Contributor)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fcasualgenius.com\" rel=\"nofollow ugc\">Alex Stansfield\u003C\u002Fa> of \u003Ca href=\"http:\u002F\u002Fcasualgenius.com\" rel=\"nofollow ugc\">Casual Genius\u003C\u002Fa> (Original Author)\u003C\u002Fli>\n\u003Cli>Based on the \u003Ca href=\"http:\u002F\u002Fwww.biggnuts.com\u002Fwordpress-subdomains-plugin\u002F\" rel=\"nofollow ugc\">Subster Rejunevation\u003C\u002Fa> wordpress plugin by \u003Ca href=\"http:\u002F\u002Fwww.biggnuts.com\u002F\" rel=\"nofollow ugc\">Dax Herrera\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Setup your main categories, pages, and authors as subdomains with custom themes. Surely will come for more options...",14273,94,3,"2013-02-26T08:51:00.000Z","3.5.2",[51,70,71,21,22],"http:\u002F\u002Fwww.lontongcorp.com\u002F2012\u002F03\u002F16\u002Fwp-subdomains\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-subdomains-revisited.0.9.3.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":11,"num_ratings":100,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":17,"tags":104,"homepage":107,"download_link":108,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"automatic-subdomains","Automatic Subdomains","1.2","The Jake Group","https:\u002F\u002Fprofiles.wordpress.org\u002Fthe-jake-group\u002F","\u003Cp>The purpose of this plugin is to facilitate deployment of subdomain links to\u003Cbr \u002F>\nlanding pages on a WordPress website. The plugin automatically maps subdomains\u003Cbr \u002F>\nto page and post permalinks based on the post_name field in the database.\u003Cbr \u002F>\nThere are no administrative settings.\u003C\u002Fp>\n\u003Cp>This plugin DOES NOT edit DNS zone files. Subdomain DNS records themselves\u003Cbr \u002F>\neither need to be set up individually or as a wildcard record in the DNS zone\u003Cbr \u002F>\nfile to map to the website directory. Once the request reaches the WordPress\u003Cbr \u002F>\nsystem, the plugin will automatically check to see if the subdomain matches a\u003Cbr \u002F>\npage or post name. If so, the WordPress query is edited to get that page\u002Fpost\u003Cbr \u002F>\nat its permalink. The WordPress siteurl is excluded, as is the naked\u003Cbr \u002F>\nsecond-level domain.\u003C\u002Fp>\n\u003Cp>Example mappings:\u003C\u002Fp>\n\u003Cp>URL → Mapping\u003Cbr \u002F>\nhttp:\u002F\u002Fexample.com → default homepage (no remapping)\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.example.com → default homepage (no remapping)\u003Cbr \u002F>\nhttp:\u002F\u002Ftest-page.example.com → example.com\u002Ftest-page\u002F\u003Cbr \u002F>\nhttp:\u002F\u002Fmypost.example.com → example.com\u002Fmypost\u002F\u003C\u002Fp>\n","Automatically maps subdomains to page and post permalinks based on post slug.",20,11077,1,"2013-04-11T20:31:00.000Z","3.4.2","2.3",[105,106,22],"landing-pages","permalinks","http:\u002F\u002Fwww.thejakegroup.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-subdomains.zip",{"slug":110,"name":111,"version":112,"author":41,"author_profile":42,"description":17,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":47,"last_updated":117,"tested_up_to":118,"requires_at_least":49,"requires_php":17,"tags":119,"homepage":120,"download_link":121,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"html-in-author-bios","html in author bios","1.0","html in autor bios",10,1830,60,"2015-01-24T04:06:00.000Z","4.1.42",[51,21,22],"http:\u002F\u002Fpankajanupam.com\u002Fwordpress-plugins\u002Fhtml-in-author-bios","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhtml-in-author-bios.zip",{"attackSurface":123,"codeSignals":149,"taintFlows":165,"riskAssessment":223,"analyzedAt":231},{"hooks":124,"ajaxHandlers":145,"restRoutes":146,"shortcodes":147,"cronEvents":148,"entryPointCount":13,"unprotectedCount":13},[125,131,135,141],{"type":126,"name":127,"callback":128,"priority":114,"file":129,"line":130},"filter","content_save_pre","mm2_modify_content_urls","settings-functions.php",51,{"type":126,"name":132,"callback":133,"priority":114,"file":129,"line":134},"plugin_row_meta","mm2_set_plugin_meta",65,{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","mm2_add_settings_menu","settings-page.php",21,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_head","mm2_display_custom_css",66,[],[],[],[],{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":153,"fileOperations":13,"externalRequests":13,"nonceChecks":100,"capabilityChecks":13,"bundledLibraries":164},[],{"prepared":13,"raw":13,"locations":152},[],{"escaped":13,"rawEcho":65,"locations":154},[155,158,160,162],{"file":139,"line":156,"context":157},32,"raw output",{"file":139,"line":159,"context":157},45,{"file":139,"line":161,"context":157},55,{"file":139,"line":163,"context":157},81,[],[166,190,204,212],{"entryPoint":167,"graph":168,"unsanitizedCount":84,"severity":189},"mm2_display_settings_page (settings-page.php:26)",{"nodes":169,"edges":185},[170,174,179,183],{"id":171,"type":172,"label":173,"file":139,"line":156},"n0","source","$_SERVER['REQUEST_URI']",{"id":175,"type":176,"label":177,"file":139,"line":156,"wp_function":178},"n1","sink","echo() [XSS]","echo",{"id":180,"type":172,"label":181,"file":139,"line":182},"n2","$_SERVER (x2)",27,{"id":184,"type":176,"label":177,"file":139,"line":159,"wp_function":178},"n3",[186,188],{"from":171,"to":175,"sanitized":187},false,{"from":180,"to":184,"sanitized":187},"medium",{"entryPoint":191,"graph":192,"unsanitizedCount":13,"severity":203},"mm2_save_settings (settings-functions.php:5)",{"nodes":193,"edges":200},[194,197],{"id":171,"type":172,"label":195,"file":129,"line":196},"$_POST['www-url']",7,{"id":175,"type":176,"label":198,"file":129,"line":196,"wp_function":199},"update_option() [Settings Manipulation]","update_option",[201],{"from":171,"to":175,"sanitized":202},true,"low",{"entryPoint":205,"graph":206,"unsanitizedCount":13,"severity":203},"\u003Csettings-functions> (settings-functions.php:0)",{"nodes":207,"edges":210},[208,209],{"id":171,"type":172,"label":195,"file":129,"line":196},{"id":175,"type":176,"label":198,"file":129,"line":196,"wp_function":199},[211],{"from":171,"to":175,"sanitized":202},{"entryPoint":213,"graph":214,"unsanitizedCount":84,"severity":203},"\u003Csettings-page> (settings-page.php:0)",{"nodes":215,"edges":220},[216,217,218,219],{"id":171,"type":172,"label":173,"file":139,"line":156},{"id":175,"type":176,"label":177,"file":139,"line":156,"wp_function":178},{"id":180,"type":172,"label":181,"file":139,"line":182},{"id":184,"type":176,"label":177,"file":139,"line":159,"wp_function":178},[221,222],{"from":171,"to":175,"sanitized":187},{"from":180,"to":184,"sanitized":187},{"summary":224,"deductions":225},"The 'add-or-remove-www' plugin v1.01 exhibits a generally strong security posture based on the static analysis.  It boasts a remarkably small attack surface with no identifiable AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, all SQL queries are properly prepared, and there are no file operations or external HTTP requests, significantly reducing common attack vectors. The presence of a nonce check is also a positive sign for input validation. However, a significant concern arises from the taint analysis, which revealed two flows with unsanitized paths. This indicates a potential weakness where user-supplied or external data might be processed in a way that could lead to unintended actions or information disclosure, even if the severity of these flows wasn't classified as critical or high. The lack of output escaping on all four identified outputs is another notable weakness, potentially exposing the site to Cross-Site Scripting (XSS) vulnerabilities if any of these outputs contain user-controlled data.\n\nThe plugin's vulnerability history is a strong positive, showing zero known CVEs and no historical vulnerabilities. This suggests a well-maintained codebase or a lack of exploitation in the past.  Combined with the minimal attack surface, this historical data contributes to a perception of safety.  Despite the absence of historical vulnerabilities, the identified taint flows and the complete lack of output escaping are real, evidence-backed concerns that should not be overlooked. Therefore, while the plugin demonstrates good practices in many areas, the identified taint flow issues and unescaped output warrant attention to ensure a robust security profile.",[226,228],{"reason":227,"points":114},"Unsanitized paths in taint flows",{"reason":229,"points":230},"No output escaping",8,"2026-03-16T20:50:47.308Z",{"wat":233,"direct":238},{"assetPaths":234,"generatorPatterns":235,"scriptPaths":236,"versionParams":237},[],[],[],[],{"cssClasses":239,"htmlComments":240,"htmlAttributes":241,"restEndpoints":242,"jsGlobals":243,"shortcodeOutput":244},[],[],[],[],[],[]]