[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYf76r0GoYI_-MItMj-l8zOUjOIPayrPS75UIoexUyAw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":132,"fingerprints":294},"admin-php-eval","Admin PHP Eval","1.1","Jan Štětina","https:\u002F\u002Fprofiles.wordpress.org\u002Fzaantar\u002F","\u003Cp>This plugin allows to edit and store multiple PHP scripts within WordPress administration (Tools -> Admin PHP Eval) and execute them repeatedly with \u003Ccode>eval()\u003C\u002Fcode>. After evaluation the return value and echoed data is displayed.\u003C\u002Fp>\n","Storing and evaluating PHP scripts within WordPress administration.",10,2888,0,"","3.4.2","3.3",[18,19,20,21,22],"admin","eval","execute","php","script","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadmin-php-eval\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-php-eval.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"zaantar",8,200,87,30,85,"2026-04-05T17:15:52.349Z",[38,58,73,89,107],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":25,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":14,"tags":51,"homepage":55,"download_link":56,"security_score":35,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":57},"admin-ajax-php-no-thank-you","Admin Ajax dot php? No Thank You!","0.6.3","postpostmodern","https:\u002F\u002Fprofiles.wordpress.org\u002Fpostpostmodern\u002F","\u003Cp>Changes the wp-admin\u002Fadmin-ajax.php endpoint to \u002Fajax\u002F\u003Cbr \u002F>\nAdds an endpoint to the REST API at \u003Ccode>\u002Fwp-json\u002Fwp\u002Fv2\u002Fadmin-ajax\u003C\u002Fcode> that behaves exactly as wp-admin\u002Fadmin-ajax.php\u003Cbr \u002F>\n– requires PHP 5.3\u003C\u002Fp>\n","Changes the wp-admin\u002Fadmin-ajax.php endpoint to \u002Fajax\u002F",1688,1,"2017-10-06T15:21:00.000Z","4.8.28","4.0",[52,53,54],"admin-ajax-php","ajax","javascript","https:\u002F\u002Fgithub.com\u002Fpinecone-dot-website\u002Fadmin-ajax-dot-php-no-thank-you","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-ajax-php-no-thank-you.zip","2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":25,"num_ratings":47,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":14,"tags":70,"homepage":14,"download_link":72,"security_score":35,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":57},"byte-php-code","Byte's PHP Code Widget","0.4","ByteEnable","https:\u002F\u002Fprofiles.wordpress.org\u002Fbyteenable\u002F","\u003Cp>This is a widget plugin that allow’s you to mix PHP and html code with mobile\u003Cbr \u002F>\nsupport.  Two text area’s are provided.  The first is the standard “Title”.\u003Cbr \u002F>\nThe one named “Code:” can mix PHP and html.  Two checkboxes allow you to choose\u003Cbr \u002F>\nbefore and\u002For after posts.  No limit on the number of widgets.\u003C\u002Fp>\n\u003Cp>WordPress version 3.4 and higher has defined a function called wp_is_mobile().\u003Cbr \u002F>\nThis can be used inside your code mix to perform certain actions if the\u003Cbr \u002F>\nbrowser is mobile.  Mobile support is via wp_is_mobile() function which returns\u003Cbr \u002F>\ntrue if on a mobile browser.  See the WordPress API for more information.\u003C\u002Fp>\n\u003Cp>Dynamic title support means that you can name your widget using the title\u003Cbr \u002F>\nfield and not have it displayed in the output.  This is useful to give\u003Cbr \u002F>\nyour widgets meaningful names so you don’t lose track of what is going\u003Cbr \u002F>\non with your widgets.\u003C\u002Fp>\n\u003Cp>Two variables have been defined for use with Google Mobile Adsense:\u003C\u002Fp>\n\u003Cp>$myMobileAdsenseCode;\u003Cbr \u002F>\n$myMobileAdsenseSlot;\u003C\u002Fp>\n\u003Cp>This widget requires some knowledge of PHP and HTML coding.  Misuse could crash\u003Cbr \u002F>\nyour site or cause errors with Adsense.\u003C\u002Fp>\n\u003Cp>Examples:\u003C\u002Fp>\n\u003Cp>Output:\u003Cbr \u002F>\n5\u003C\u002Fp>\n\u003Cp>To use Google mobile adsense include the following in the “Code:” area:\u003C\u002Fp>\n\u003Cp>The plugin will take care of the rest.  Another check is made to ensure\u003Cbr \u002F>\nthat wp_is_mobile is true inside the plugin and that the Google Adsense variable\u003Cbr \u002F>\nhas a value.\u003C\u002Fp>\n\u003Cp>You can combine both regular and mobile adsense.  Be careful.\u003C\u002Fp>\n\u003Cp>The following snippet will either show mobile or regular ads depending on the\u003Cbr \u002F>\nbrowswer used by the end-user.\u003C\u002Fp>\n\u003Cp>\u003C ?php\u003Cbr \u002F>\nif ( !wp_is_mobile() ) {\u003Cbr \u002F>\necho '\u003Cbr \u002F>\n\u003C!-- after-content -->\u003C\u002Fp>\n\u003Cp>(adsbygoogle = window.adsbygoogle || []).push({});\u003Cbr \u002F>\n‘;}\u003Cbr \u002F>\nelse {\u003Cbr \u002F>\n$myMobileAdsenseClient=’ca-mb-pub-xxxxxxxxxxxx’;\u003Cbr \u002F>\n$myMobileAdsenseSlot=’xxxxxxxxxx’;\u003Cbr \u002F>\n}?>\u003C\u002Fp>\n\u003Cp>Ordered list:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Support for the mixing of PHP and HTML\u003C\u002Fli>\n\u003Cli>Support for mobile browsers\u003C\u002Fli>\n\u003Cli>Support for Google Adsense including mobilie\u003C\u002Fli>\n\u003Cli>Includes “before post” support\u003C\u002Fli>\n\u003Cli>Includes “after post” support\u003C\u002Fli>\n\u003Cli>No limit on the number of widgets\u003C\u002Fli>\n\u003Cli>Includes dynamic title support in sidebars\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unordered list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Support for the mixing of PHP and HTML\u003C\u002Fli>\n\u003Cli>Support for mobile browsers\u003C\u002Fli>\n\u003Cli>Support for Google adsense including mobile\u003C\u002Fli>\n\u003Cli>Includes support for “before post”\u003C\u002Fli>\n\u003Cli>Includes support for “after post”\u003C\u002Fli>\n\u003Cli>No limit on the number of widgets\u003C\u002Fli>\n\u003Cli>Include dynamic title support in sidebars\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Link to [WordPress](https:\u002F\u002Fwordpress.org\u002F \\”Your favorite software\\”) and one to [Markdown\\’s Syntax Documentation][markdown syntax].\u003C\u002Fp>\n","Mix HTML and PHP in a widget with mobile support.",2736,"2013-11-12T15:48:00.000Z","3.7.41","3.4",[19,20,21,71],"widget","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbyte-php-code.0.4.zip",{"slug":74,"name":75,"version":6,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":25,"num_ratings":47,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":14,"tags":84,"homepage":87,"download_link":88,"security_score":35,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":57},"dx-template-manager","DX Template Manager","Mario Peshev","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofearinc\u002F","\u003Cp>Create page templates like the ones in your theme folder but through a “DX Templates” menu in your Admin dashboard. Paste HTML, JS and PHP code which you could assign to your posts, pages or custom post types via a meta box dropdown. Create page templates and apply them to be evaluated.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: eval() function is used. However, it is available only for admin users to submit code and normally admin users could do a lot harm or upload external harmful plugins as well.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A complete demo is available here:\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FjtsbXfNi7ts?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Create page templates like the ones in your theme folder but through a \"DX Templates\" menu in your Admin dashboard - HTML, JS, PHP supported &hellip;",4248,"2014-09-08T15:01:00.000Z","4.0.38","3.3.1",[85,20,21,86],"evaluation","template","http:\u002F\u002Fdevrix.com\u002Ftemplate-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-template-manager.1.2.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":11,"downloaded":97,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":105,"download_link":106,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"lh-javascript-error-log","LH Javascript Error log","1.00","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>If you have reports of javascript errors in your visitors browsers they can be tricky to track down. This is because of the diversity of different browsers, versions, and visitor behaviour.\u003C\u002Fp>\n\u003Cp>This plugin is the answer. Enable it and enable wordpress debug logging and all javasccript errors will be added to your wordpress error log, so you can review them at your leisure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like this plugin? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Flh-javascript-error-log\u002F\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Love this plugin or want to help the LocalHero Project? Please consider \u003Ca href=\"https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-javascript-error-log\u002F\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Log Javascript errors from your browser to your wordpress error log.",1016,"5.7.15","5.0","7.0",[52,102,103,104,54],"debug","error","error-log","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-javascript-error-log\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-javascript-error-log.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":100,"tags":122,"homepage":127,"download_link":128,"security_score":129,"vuln_count":130,"unpatched_count":13,"last_vuln_date":131,"fetched_at":57},"insert-php","Woody Code Snippets – Insert PHP, CSS, JS, and Header\u002FFooter Scripts","2.7.2","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Woody Code Snippets is a WordPress plugin that helps you insert code into your site without editing theme files.\u003C\u002Fp>\n\u003Cp>Many WordPress users still add PHP, JavaScript, CSS, tracking pixels, or ad scripts directly into functions.php, header.php, or footer.php. This approach breaks easily when themes update and becomes hard to manage as your site grows.\u003C\u002Fp>\n\u003Cp>Woody solves this by giving you a centralized code snippet manager where you can safely add header scripts, footer scripts, PHP snippets, custom CSS, JavaScript, and HTML from the WordPress admin.\u003C\u002Fp>\n\u003Cp>You can use Woody as a header and footer code manager, a PHP snippet plugin, or a way to reuse content and scripts across your site using shortcodes or automatic insertion.\u003C\u002Fp>\n\u003Cp>Each snippet can be enabled or disabled instantly, placed in specific locations like before content or after paragraphs, and shown only when certain conditions are met.\u003C\u002Fp>\n\u003Ch3>Quick Links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Fcollection\u002F2410-woody-code-snippets\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003C\u002Fp>\n\u003Cp>💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finsert-php\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Community help and expert support\u003C\u002Fp>\n\u003Cp>⭐ \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock advanced features and priority support\u003C\u002Fp>\n\u003Ch3>What Problems Does Woody Solve?\u003C\u002Fh3>\n\u003Cp>Woody is built for real WordPress workflows. It helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Insert code into headers and footers without editing theme files\u003C\u002Fli>\n\u003Cli>Add analytics scripts, tracking pixels, and ad code safely\u003C\u002Fli>\n\u003Cli>Manage PHP snippets without touching functions.php\u003C\u002Fli>\n\u003Cli>Reuse scripts and content across pages using shortcodes\u003C\u002Fli>\n\u003Cli>Control where code runs using placement rules and conditions\u003C\u002Fli>\n\u003Cli>Enable, disable, or roll back snippets without breaking your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you are building client sites, running marketing experiments, or maintaining your own project, Woody gives you control without unnecessary complexity.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cp>Woody lets you create code snippets and control where and when they run, all from the WordPress admin.\u003C\u002Fp>\n\u003Ch4>Example #1\u003C\u002Fh4>\n\u003Cp>Create a JavaScript snippet and add your analytics or tracking code.\u003Cbr \u002F>\nPlace it in the site header and add a condition to exclude administrators so your own visits are not tracked.\u003C\u002Fp>\n\u003Ch4>Example #2\u003C\u002Fh4>\n\u003Cp>Create a text snippet with reusable content or a shortcode.\u003Cbr \u002F>\nAdd conditions to show it only to logged-in users, then insert it anywhere using the snippet shortcode or automatic placement rules.\u003C\u002Fp>\n\u003Cp>This makes it easy to manage repeated logic and content without editing theme files.\u003C\u002Fp>\n\u003Ch3>Who Should Use Woody Code Snippets\u003C\u002Fh3>\n\u003Cp>Woody is designed for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Developers who want a structured way to manage custom code\u003C\u002Fli>\n\u003Cli>Marketers adding analytics, ads, and tracking scripts\u003C\u002Fli>\n\u003Cli>Solopreneurs who want flexibility without editing theme files\u003C\u002Fli>\n\u003Cli>Agencies managing multiple sites and shared snippets\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you regularly need to insert code into WordPress, Woody fits naturally into your workflow.\u003C\u002Fp>\n\u003Ch3>Supported Snippet Types\u003C\u002Fh3>\n\u003Cp>Woody supports multiple snippet types, so you can manage all custom code in one place. You can create:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>PHP snippets\u003C\u002Fstrong> for functions, hooks, classes, and global variables\u003C\u002Fli>\n\u003Cli>\u003Cstrong>JavaScript snippets\u003C\u002Fstrong> for analytics, integrations, and interactive features\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSS snippets\u003C\u002Fstrong> to add custom styles without editing theme files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HTML snippets\u003C\u002Fstrong> for markup and layout elements\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Text snippets\u003C\u002Fstrong> using the WordPress editor for reusable content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad snippets\u003C\u002Fstrong> for ads and banners\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal snippets\u003C\u002Fstrong> that combine PHP, HTML, CSS, and JavaScript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why do you need this plugin?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Insert Google AdSense Ads, Amazon Native Shopping Contextual Ads, Yandex Direct Ads, Media.net on your website.\u003C\u002Fli>\n\u003Cli>Insert Google Analytic Tracking code, Yandex Metrika Tracking Code, Yandex Counter to Header, Footer.\u003C\u002Fli>\n\u003Cli>Insert PHP Code Snippets and execute on your website. Register PHP functions, classes, global variables everywhere.\u003C\u002Fli>\n\u003Cli>Insert Social media widgets, add any external resources widgets.\u003C\u002Fli>\n\u003Cli>Insert Facebook Pixels, Facebook Scripts, Facebook og:image Tag, Google Conversion Pixels, Vk Pixels.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Header and Footer Code Management\u003C\u002Fh3>\n\u003Cp>Woody works as a full header and footer code manager.\u003C\u002Fp>\n\u003Cp>You can insert snippets:\u003Cbr \u002F>\n– Into the site header before the closing  tag\u003Cbr \u002F>\n– Into the site footer before the closing  tag\u003C\u002Fp>\n\u003Cp>Common examples include analytics scripts, tracking pixels, verification tags, and global JavaScript or CSS.\u003C\u002Fp>\n\u003Ch3>Advanced Placement Options\u003C\u002Fh3>\n\u003Cp>Beyond headers and footers, Woody lets you insert snippets into specific locations.\u003C\u002Fp>\n\u003Cp>You can place code:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Before or after post or page content  \u003C\u002Fli>\n\u003Cli>Before or after a specific paragraph  \u003C\u002Fli>\n\u003Cli>Before or after a post  \u003C\u002Fli>\n\u003Cli>Inside archives, categories, and taxonomy pages  \u003C\u002Fli>\n\u003Cli>Between posts on archive pages  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce Pages\u003C\u002Fh4>\n\u003Cp>Woody supports automatic snippet placement on WooCommerce pages.\u003C\u002Fp>\n\u003Cp>You can insert snippets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Before or after the product list  \u003C\u002Fli>\n\u003Cli>Before or after a single product  \u003C\u002Fli>\n\u003Cli>Before or after the single product summary  \u003C\u002Fli>\n\u003Cli>After the product title, price, or excerpt  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Common use cases include conversion tracking, promotional banners, custom JavaScript, and trust notices.\u003C\u002Fp>\n\u003Ch3>Shortcodes and Reusable Content\u003C\u002Fh3>\n\u003Cp>Woody supports shortcodes so you can insert snippets exactly where you need them. You can place snippets inside posts, pages, widgets, and page builders.\u003C\u002Fp>\n\u003Cp>With \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_shortcode\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>, you can define custom shortcode names that are readable and portable across sites.\u003C\u002Fp>\n\u003Ch3>Conditional Logic for Code Snippets\u003C\u002Fh3>\n\u003Cp>Woody allows you to control when a snippet is displayed.\u003C\u002Fp>\n\u003Cp>[FREE] Available in the free version:\u003Cbr \u002F>\n– User role and registration date\u003Cbr \u002F>\n– Page, post type, or taxonomy\u003Cbr \u002F>\n– Referrer or cookie value\u003C\u002Fp>\n\u003Cp>[PRO] Advanced conditions available in \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_conditions\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>:\u003Cbr \u002F>\n– Device type, browser, and operating system\u003Cbr \u002F>\n– JavaScript availability or ad blocker detection\u003Cbr \u002F>\n– User country, visit depth, time of day, and total visits\u003C\u002Fp>\n\u003Cp>Conditions can be combined using AND and OR logic.\u003C\u002Fp>\n\u003Cp>Unlock advanced conditions with \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_conditions\" rel=\"nofollow ugc\">Woody Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Snippet Management and Organization\u003C\u002Fh3>\n\u003Cp>Woody includes features to keep snippets organized and easy to manage.\u003C\u002Fp>\n\u003Cp>You can:\u003Cbr \u002F>\n– Enable or disable snippets instantly\u003Cbr \u002F>\n– Control execution order using priorities\u003Cbr \u002F>\n– Tag and clone snippets\u003Cbr \u002F>\n– Import and export snippets between sites\u003C\u002Fp>\n\u003Ch3>Code Revisions and Rollback [PRO]\u003C\u002Fh3>\n\u003Cp>With \u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_restore\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>, Woody automatically saves snippet revisions. You can view previous versions, compare changes, and restore earlier revisions if something goes wrong.\u003C\u002Fp>\n\u003Cp>This adds an extra layer of safety when working with custom code.\u003C\u002Fp>\n\u003Ch3>Cloud Templates and Sync [PRO]\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwoodysnippet.com\u002Fupgrade\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody_cloud\" rel=\"nofollow ugc\">Woody Pro\u003C\u002Fa> includes cloud-based snippet templates.\u003C\u002Fp>\n\u003Cp>You can save snippets as templates and reuse them across multiple sites, which is especially useful for agencies and developers managing repeated setups.\u003C\u002Fp>\n\u003Ch3>Settings and Developer Options\u003C\u002Fh3>\n\u003Cp>Woody includes advanced settings for fine-grained control.\u003C\u002Fp>\n\u003Cp>You can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Preserve HTML entities without automatic conversion  \u003C\u002Fli>\n\u003Cli>Execute shortcodes inside snippets  \u003C\u002Fli>\n\u003Cli>Enable error email notifications  \u003C\u002Fli>\n\u003Cli>Automatically activate snippets on save  \u003C\u002Fli>\n\u003Cli>Fully remove plugin data on uninstall  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Code Editor\u003C\u002Fh4>\n\u003Cp>The built-in editor includes:\u003Cbr \u002F>\n– Syntax highlighting and line numbers\u003Cbr \u002F>\n– Configurable indentation and tab size\u003Cbr \u002F>\n– Optional line wrapping\u003Cbr \u002F>\n– Automatic bracket and quote closing\u003Cbr \u002F>\n– Highlighting of matching variables and functions\u003C\u002Fp>\n\u003Ch3>Use This Plugin Responsibly\u003C\u002Fh3>\n\u003Cp>Woody allows you to run custom PHP, JavaScript, and CSS on your site. Always make sure you understand the code you add. Using unverified or outdated scripts may affect site security or stability. On multisite installations, only trusted administrators should have access to snippet creation.\u003C\u002Fp>\n\u003Cp>Woody includes safeguards such as snippet disabling, revisions, and error notifications, but it cannot validate third-party code you choose to run.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the WordPress \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Finsert-php\u002F\" rel=\"ugc\">support forum\u003C\u002Fa>, and we will be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Learn how to make the most of Woody with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Fcollection\u002F2410-woody-code-snippets\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Woody is backed by \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=woody\" rel=\"nofollow ugc\">Themeisle\u003C\u002Fa>, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Insert PHP, JavaScript, CSS, HTML, ads, and tracking code into WordPress headers, footers, pages, and content using conditional logic, without editing &hellip;",60000,1711938,90,220,"2026-01-27T15:40:00.000Z","6.9.4","5.6",[123,124,125,108,126],"code-snippets","custom-code","header-footer-scripts","snippet","https:\u002F\u002Fwoodysnippet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finsert-php.2.7.2.zip",91,7,"2024-06-14 20:26:37",{"attackSurface":133,"codeSignals":148,"taintFlows":167,"riskAssessment":281,"analyzedAt":293},{"hooks":134,"ajaxHandlers":144,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":13,"unprotectedCount":13},[135,141],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","init","load_textdomain","admin-php-eval.php",27,{"type":136,"name":142,"callback":142,"file":139,"line":143},"admin_menu",28,[],[],[],[],{"dangerousFunctions":149,"sqlUsage":154,"outputEscaping":156,"fileOperations":13,"externalRequests":13,"nonceChecks":165,"capabilityChecks":13,"bundledLibraries":166},[150],{"fn":151,"file":139,"line":152,"context":153},"create_function",309,"$cmp = create_function( '$a,$b',",{"prepared":13,"raw":13,"locations":155},[],{"escaped":157,"rawEcho":158,"locations":159},29,2,[160,163],{"file":139,"line":161,"context":162},149,"raw output",{"file":139,"line":164,"context":162},155,5,[],[168,222,263,272],{"entryPoint":169,"graph":170,"unsanitizedCount":165,"severity":221},"page (admin-php-eval.php:50)",{"nodes":171,"edges":211},[172,177,181,186,190,192,194,198,201,204,207,209],{"id":173,"type":174,"label":175,"file":139,"line":176},"n0","source","$_POST (x2)",58,{"id":178,"type":179,"label":180,"file":139,"line":176},"n1","transform","→ page_edit()",{"id":182,"type":183,"label":184,"file":139,"line":164,"wp_function":185},"n2","sink","echo() [XSS]","echo",{"id":187,"type":174,"label":188,"file":139,"line":189},"n3","$_GET['name']",64,{"id":191,"type":179,"label":180,"file":139,"line":189},"n4",{"id":193,"type":183,"label":184,"file":139,"line":164,"wp_function":185},"n5",{"id":195,"type":174,"label":196,"file":139,"line":197},"n6","$_POST",72,{"id":199,"type":179,"label":200,"file":139,"line":197},"n7","→ page_eval()",{"id":202,"type":183,"label":184,"file":139,"line":203,"wp_function":185},"n8",184,{"id":205,"type":174,"label":188,"file":139,"line":206},"n9",81,{"id":208,"type":179,"label":200,"file":139,"line":206},"n10",{"id":210,"type":183,"label":184,"file":139,"line":203,"wp_function":185},"n11",[212,214,215,216,217,218,219,220],{"from":173,"to":178,"sanitized":213},false,{"from":178,"to":182,"sanitized":213},{"from":187,"to":191,"sanitized":213},{"from":191,"to":193,"sanitized":213},{"from":195,"to":199,"sanitized":213},{"from":199,"to":202,"sanitized":213},{"from":205,"to":208,"sanitized":213},{"from":208,"to":210,"sanitized":213},"medium",{"entryPoint":223,"graph":224,"unsanitizedCount":165,"severity":221},"\u003Cadmin-php-eval> (admin-php-eval.php:0)",{"nodes":225,"edges":251},[226,229,230,233,235,236,237,238,239,240,241,242,243,245,247,249],{"id":173,"type":174,"label":227,"file":139,"line":228},"$_REQUEST['page']",116,{"id":178,"type":183,"label":184,"file":139,"line":228,"wp_function":185},{"id":182,"type":174,"label":231,"file":139,"line":232},"$_REQUEST",308,{"id":187,"type":183,"label":234,"file":139,"line":152,"wp_function":151},"create_function() [RCE]",{"id":191,"type":174,"label":175,"file":139,"line":176},{"id":193,"type":179,"label":180,"file":139,"line":176},{"id":195,"type":183,"label":184,"file":139,"line":164,"wp_function":185},{"id":199,"type":174,"label":188,"file":139,"line":189},{"id":202,"type":179,"label":180,"file":139,"line":189},{"id":205,"type":183,"label":184,"file":139,"line":164,"wp_function":185},{"id":208,"type":174,"label":196,"file":139,"line":197},{"id":210,"type":179,"label":200,"file":139,"line":197},{"id":244,"type":183,"label":184,"file":139,"line":203,"wp_function":185},"n12",{"id":246,"type":174,"label":188,"file":139,"line":206},"n13",{"id":248,"type":179,"label":200,"file":139,"line":206},"n14",{"id":250,"type":183,"label":184,"file":139,"line":203,"wp_function":185},"n15",[252,254,255,256,257,258,259,260,261,262],{"from":173,"to":178,"sanitized":253},true,{"from":182,"to":187,"sanitized":253},{"from":191,"to":193,"sanitized":213},{"from":193,"to":195,"sanitized":213},{"from":199,"to":202,"sanitized":213},{"from":202,"to":205,"sanitized":213},{"from":208,"to":210,"sanitized":213},{"from":210,"to":244,"sanitized":213},{"from":246,"to":248,"sanitized":213},{"from":248,"to":250,"sanitized":213},{"entryPoint":264,"graph":265,"unsanitizedCount":13,"severity":271},"page_default (admin-php-eval.php:102)",{"nodes":266,"edges":269},[267,268],{"id":173,"type":174,"label":227,"file":139,"line":228},{"id":178,"type":183,"label":184,"file":139,"line":228,"wp_function":185},[270],{"from":173,"to":178,"sanitized":253},"low",{"entryPoint":273,"graph":274,"unsanitizedCount":47,"severity":280},"prepare_items (admin-php-eval.php:293)",{"nodes":275,"edges":278},[276,277],{"id":173,"type":174,"label":231,"file":139,"line":232},{"id":178,"type":183,"label":234,"file":139,"line":152,"wp_function":151},[279],{"from":173,"to":178,"sanitized":213},"critical",{"summary":282,"deductions":283},"The 'admin-php-eval' plugin v1.1 exhibits a mixed security posture.  On the positive side, it has no known CVEs, a clean vulnerability history, and a strong adherence to prepared statements for SQL queries, proper output escaping for the vast majority of outputs, and a good number of nonce checks.  It also lacks external HTTP requests and file operations, which are common sources of vulnerabilities.\n\nHowever, the static analysis reveals significant concerns. The presence of the `create_function` dangerous function is a critical red flag, as it can be exploited for code injection if user input is improperly handled.  Furthermore, the taint analysis indicates three flows with unsanitized paths, one of which is classified as critical severity. This suggests a potential for attackers to inject malicious code or commands through certain inputs, despite the lack of direct entry points like AJAX handlers or REST API routes.  The complete absence of capability checks is also a notable weakness, meaning that even if an attacker manages to leverage an input flow, there are no WordPress user role checks to prevent them from performing administrative actions.\n\nWhile the plugin's vulnerability history is clean, this might be due to its limited attack surface or simply a lack of public discovery. The critical taint flow and the dangerous function are serious indicators of potential vulnerabilities that warrant immediate attention. The plugin's strengths lie in its good practices for database and output handling, but these are overshadowed by the critical code execution risk.",[284,287,289,291],{"reason":285,"points":286},"Critical severity taint flow found",15,{"reason":288,"points":11},"Unsanitized paths in taint flows",{"reason":290,"points":286},"Use of dangerous function create_function",{"reason":292,"points":11},"No capability checks on entry points","2026-03-16T23:23:59.905Z",{"wat":295,"direct":300},{"assetPaths":296,"generatorPatterns":297,"scriptPaths":298,"versionParams":299},[],[],[],[],{"cssClasses":301,"htmlComments":302,"htmlAttributes":303,"restEndpoints":304,"jsGlobals":305,"shortcodeOutput":306},[],[],[],[],[],[]]