[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuCeqXQs1j6AoJF-twOWODVkr_FszPbUO3jrELPDKCHA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":21,"download_link":22,"security_score":23,"vuln_count":24,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":33,"analysis":34,"fingerprints":127},"advanced-wpmu-plugin-manager","Advanced WPMU Plugin Manager","1.0","anthakkar08","https:\u002F\u002Fprofiles.wordpress.org\u002Fanthakkar08\u002F","\u003Cp>In WordPress Network\u002FWPMU we have option for Enabling plugins for network wide but we don’t have option to customize it for some specific Blog\u002Fsite\u003C\u002Fp>\n\u003Cp>so with the help of this plugin you can have that feature.so if you want to enable plugin in some site not throughout the network then with the help of this plugin you can do that very easily\u003C\u002Fp>\n","A plugin which Enable Network admin\u002FSuper admin to manage the Plugins for Individual Blog in the Multi site network.",10,3755,60,2,"2012-08-31T05:29:00.000Z","3.4.2","3.3","",[20],"wpmu-plugin-managment","http:\u002F\u002Fwww.phpconsultant.co\u002Fwp-plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-wpmu-plugin-manager.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},20,30,84,"2026-04-04T09:15:21.216Z",[],{"attackSurface":35,"codeSignals":59,"taintFlows":87,"riskAssessment":113,"analyzedAt":126},{"hooks":36,"ajaxHandlers":44,"restRoutes":55,"shortcodes":56,"cronEvents":57,"entryPointCount":58,"unprotectedCount":58},[37],{"type":38,"name":39,"callback":40,"priority":41,"file":42,"line":43},"action","network_admin_menu","awpm_network_admin_menu",50,"init.php",15,[45,49,52],{"action":46,"nopriv":47,"callback":46,"hasNonce":47,"hasCapCheck":47,"file":42,"line":48},"awpm_load_site_plugin",false,177,{"action":50,"nopriv":47,"callback":50,"hasNonce":47,"hasCapCheck":47,"file":42,"line":51},"awpm_activate_plugin",208,{"action":53,"nopriv":47,"callback":53,"hasNonce":47,"hasCapCheck":47,"file":42,"line":54},"awpm_deactivate_plugin",222,[],[],[],3,{"dangerousFunctions":60,"sqlUsage":61,"outputEscaping":64,"fileOperations":24,"externalRequests":24,"nonceChecks":24,"capabilityChecks":24,"bundledLibraries":86},[],{"prepared":62,"raw":24,"locations":63},1,[],{"escaped":24,"rawEcho":65,"locations":66},9,[67,70,72,74,76,78,80,82,84],{"file":42,"line":68,"context":69},127,"raw output",{"file":42,"line":71,"context":69},132,{"file":42,"line":73,"context":69},135,{"file":42,"line":75,"context":69},142,{"file":42,"line":77,"context":69},145,{"file":42,"line":79,"context":69},148,{"file":42,"line":81,"context":69},153,{"file":42,"line":83,"context":69},182,{"file":42,"line":85,"context":69},195,[],[88,104],{"entryPoint":89,"graph":90,"unsanitizedCount":62,"severity":103},"awpm_load_site_plugin (init.php:179)",{"nodes":91,"edges":101},[92,96],{"id":93,"type":94,"label":95,"file":42,"line":85},"n0","source","$_REQUEST['blog_id']",{"id":97,"type":98,"label":99,"file":42,"line":85,"wp_function":100},"n1","sink","echo() [XSS]","echo",[102],{"from":93,"to":97,"sanitized":47},"medium",{"entryPoint":105,"graph":106,"unsanitizedCount":62,"severity":112},"\u003Cinit> (init.php:0)",{"nodes":107,"edges":110},[108,109],{"id":93,"type":94,"label":95,"file":42,"line":85},{"id":97,"type":98,"label":99,"file":42,"line":85,"wp_function":100},[111],{"from":93,"to":97,"sanitized":47},"low",{"summary":114,"deductions":115},"The 'advanced-wpmu-plugin-manager' v1.0 plugin exhibits a concerning security posture despite its lack of recorded vulnerabilities. The static analysis reveals a significant attack surface with 3 AJAX handlers, all of which lack authentication checks. This presents a clear risk of unauthorized actions being performed if an attacker can trigger these handlers.  Furthermore, the analysis indicates a critical flaw in output sanitization, with 0% of outputs being properly escaped. This means that user-supplied data could potentially be injected into the output without sanitization, leading to cross-site scripting (XSS) vulnerabilities. While the plugin uses prepared statements for its SQL queries and has no recorded CVEs, the critical findings in the AJAX endpoints and output escaping overshadow these positive aspects.",[116,118,121,124],{"reason":117,"points":11},"AJAX handlers without authentication checks",{"reason":119,"points":120},"No output escaping",8,{"reason":122,"points":123},"No nonce checks",5,{"reason":125,"points":123},"No capability checks","2026-03-17T01:19:39.992Z",{"wat":128,"direct":136},{"assetPaths":129,"generatorPatterns":133,"scriptPaths":134,"versionParams":135},[130,131,132],"\u002Fwp-content\u002Fplugins\u002Fadvanced-wpmu-plugin-manager\u002Fimg\u002Ffacebook.png","\u002Fwp-content\u002Fplugins\u002Fadvanced-wpmu-plugin-manager\u002Fimg\u002Ftwitter.png","\u002Fwp-content\u002Fplugins\u002Fadvanced-wpmu-plugin-manager\u002Fimg\u002Fwordpress.png",[],[],[],{"cssClasses":137,"htmlComments":142,"htmlAttributes":143,"restEndpoints":146,"jsGlobals":147,"shortcodeOutput":148},[138,139,140,141],"col1","col2","social","loading",[],[144,145],"plugin","data-plugin",[],[46,50,53],[]]