[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQg6OPlx-ZxFC0YkBEO-MtlGMUXJjCTtobmT-ioV6ikw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":139,"fingerprints":179},"aitch-ref","aitch ref!","0.9.9","postpostmodern","https:\u002F\u002Fprofiles.wordpress.org\u002Fpostpostmodern\u002F","\u003Cp>Useful for switching between different development environments.  Attempts to replace any absolute urls, whether generated though WordPress option like ‘siteurl’ or ‘home’, or through hardcoded urls in posts.\u003C\u002Fp>\n","Remove most absolute urls in your html.  Useful for switching between development \u002F staging \u002F production environments and painless deployment.",10,2335,0,"2018-01-29T22:29:00.000Z","4.8.28","4.0","",[19,20],"href","url","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Faitch-ref\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faitch-ref.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},5,50,30,84,"2026-04-05T06:19:14.274Z",[34,53,70,94,118],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":11,"downloaded":42,"rating":13,"num_ratings":13,"last_updated":43,"tested_up_to":44,"requires_at_least":45,"requires_php":46,"tags":47,"homepage":51,"download_link":52,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"cc-link-shortcode","CC-Link-Shortcode","1.1.1","Clearcode","https:\u002F\u002Fprofiles.wordpress.org\u002Fclearcodehq\u002F","\u003Cp>This plugin adds the shortcode \u003Ccode>[a]\u003C\u002Fcode> to replace \u003Ccode>\u003Ca>\u003C\u002Fcode> html tag. Its primary function is to simplify internal linking. Now you don’t need to worry about changing the permalinks and correcting the appearance of the permalink in your posts\u002Fpages. You can only paste ID of post\u002Fpage into the shortcode and the plugin will handle everything for you. When opening a post\u002Fpage the shortcode renders the permalinks and titles of linked posts\u002Fpages based on the pasted IDs.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Basic: \u003Ccode>[a {post_ID}]\u003C\u002Fcode> Example: \u003Ccode>[a 123]\u003C\u002Fcode> Returns: \u003Ccode>\u003Ca href=\"{post_permalink}\">{post_title}\u003C\u002Fa>\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Custom link text: \u003Ccode>[a {post_ID}]{link}[\u002Fa]\u003C\u002Fcode> Example: \u003Ccode>[a 123]Example Post[\u002Fa]\u003C\u002Fcode> Returns: \u003Ccode>\u003Ca href=\"{post_permalink}\">Example Post\u003C\u002Fa>\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>External link: \u003Ccode>[a {url}]{link}[\u002Fa]\u003C\u002Fcode> Example: \u003Ccode>[a http:\u002F\u002Fexample.com]Example Link[\u002Fa]\u003C\u002Fcode> Returns: \u003Ccode>\u003Ca href=\"http:\u002F\u002Fexample.com\">Example Link\u003C\u002Fa>\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Additional parameters: \u003Ccode>[a {post_ID} {param_name}=\"{param_value}\"]\u003C\u002Fcode> Example: \u003Ccode>[a 123 target=\"_blank\"]\u003C\u002Fcode> Returns: \u003Ccode>\u003Ca href=\"{post_permalink}\" target=\"_blank\">{post_title}\u003C\u002Fa>\u003C\u002Fcode>\u003C\u002Fp>\n","This plugin adds the link shortcode to replace standard html tag. Its primary function is to simplify internal linking.",1465,"2022-03-16T14:45:00.000Z","5.9.13","4.9.2","7.0",[48,19,49,50,20],"a","link","permalink","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcc-link-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-link-shortcode.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":11,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":16,"requires_php":17,"tags":66,"homepage":68,"download_link":69,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"favicon-links","Favicon Links","1.2","whyte624","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhyte624\u002F","\u003Cp>The plugin adds favicons of websites to links which they lead to.\u003Cbr \u002F>\nIf a link has image inside (img tag), then favicon will not be added.\u003C\u002Fp>\n\u003Cp>To suppress favicon for your link add ‘data-no-favicon’ attribute to the a tag:\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fexample.com\" rel=\"nofollow ugc\">my link\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Uses Google S2 Favicon service.\u003C\u002Fp>\n\u003Cp>Report issues or\u002Fand contribute here: https:\u002F\u002Fgithub.com\u002Fwhyte624\u002Fwordpress-favicon-links.\u003C\u002Fp>\n","Adds favicons to links in posts to give them nice look.",2051,100,2,"2015-02-19T08:40:00.000Z","4.1.42",[48,67,19,49,20],"favicon","http:\u002F\u002Fwhyte624.ru\u002Fprj\u002Fwordpress-favicon-links","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffavicon-links.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":46,"tags":85,"homepage":17,"download_link":91,"security_score":92,"vuln_count":11,"unpatched_count":13,"last_vuln_date":93,"fetched_at":25},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,96,2101,"2026-01-12T08:47:00.000Z","6.9.4","4.1",[86,87,88,89,90],"custom-login-url","login","rename","wp-login","wp-login-php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":104,"num_ratings":105,"last_updated":106,"tested_up_to":83,"requires_at_least":107,"requires_php":17,"tags":108,"homepage":114,"download_link":115,"security_score":116,"vuln_count":63,"unpatched_count":13,"last_vuln_date":117,"fetched_at":25},"better-search-replace","Better Search Replace","1.4.10","WP Engine","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpengine\u002F","\u003Cp>When moving your WordPress site to a new domain or server, you will likely run into a need to run a search\u002Freplace on the database for everything to work correctly. Fortunately, there are several plugins available for this task, however, all have a different approach to a few key features. This plugin consolidates the best features from these plugins, incorporating the following features in one simple plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Serialization support for all tables\u003C\u002Fli>\n\u003Cli>The ability to select specific tables\u003C\u002Fli>\n\u003Cli>The ability to run a “dry run” to see how many fields will be updated\u003C\u002Fli>\n\u003Cli>No server requirements aside from a running installation of WordPress\u003C\u002Fli>\n\u003Cli>WordPress Multisite support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Time-saving features available in the Pro version:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View exactly what changed during a search\u002Freplace\u003C\u002Fli>\n\u003Cli>Backup and import the database while running a search\u002Freplace\u003C\u002Fli>\n\u003Cli>Priority email support from the developer of the plugin\u003C\u002Fli>\n\u003Cli>Save or load custom profiles for quickly repeating a search\u002Freplace in the future\u003C\u002Fli>\n\u003Cli>Support and updates for 1 year\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fbettersearchreplace.com\u002F\" rel=\"nofollow ugc\">Learn more about Better Search Replace Pro\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The search and replace functionality is heavily based on interconnect\u002Fit’s great and open-source Search Replace DB script, modified to use WordPress native database functions to ensure compatibility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Feel free to open an issue or submit a pull request on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdeliciousbrains\u002Fbetter-search-replace\u002F\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","A simple plugin to update URLs or other text in a database.",1000000,17311737,86,541,"2025-12-08T17:21:00.000Z","3.0.1",[109,110,111,112,113],"search-and-replace","search-replace","search-replace-database","update-database-urls","update-live-url","https:\u002F\u002Fbettersearchreplace.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-search-replace.1.4.10.zip",98,"2024-01-24 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":80,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":136,"download_link":137,"security_score":138,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"custom-post-type-permalinks","Custom Post Type Permalinks","3.5.3","Toro_Unit (Hiroshi Urabe)","https:\u002F\u002Fprofiles.wordpress.org\u002Ftoro_unit\u002F","\u003Cp>Custom Post Type Permalinks allow you edit the permalink structure of custom post type.\u003C\u002Fp>\n\u003Cp>Change custom taxonomy archive’s permalink to “example.org\u002Fpost_type\u002Ftaxonomy_name\u002Fterm_slug”. Can disable this fix.\u003C\u002Fp>\n\u003Cp>And support \u003Ccode>wp_get_archives( 'post_type=foo' )\u003C\u002Fcode> and post type date archive (ex. \u003Ccode>example.com\u002Fpost_type_slug\u002Fdate\u002F2010\u002F01\u002F01\u003C\u002Fcode> ).\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftorounit\u002Fcustom-post-type-permalinks\" rel=\"nofollow ugc\">This Plugin published on GitHub.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Donation: Please send \u003Ca href=\"http:\u002F\u002Fwww.amazon.co.jp\u002Fregistry\u002Fwishlist\u002FCOKSXS25MVQV\" rel=\"nofollow ugc\">My Wishlist\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.paypal.me\u002Ftorounit\" rel=\"nofollow ugc\">Paypal\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Japanese(ja) – \u003Ca href=\"http:\u002F\u002Fwww.torounit.com\u002F\" rel=\"nofollow ugc\">Toro_Unit\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>French(fr_FR) – \u003Ca href=\"http:\u002F\u002Fgeoffrey.crofte.fr\u002F\" rel=\"nofollow ugc\">Geoffrey Crofte\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Russian(ru_RU) – \u003Ca href=\"http:\u002F\u002Folart.ru\" rel=\"nofollow ugc\">Olart\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fnatali_z\" rel=\"nofollow ugc\">Natali_Z\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Also checkout\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-post-type-permalinks\u002F\" rel=\"ugc\">Simple Post Type Permalinks\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Setting on Code\u003C\u002Fh3>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>register_post_type( 'foo',\n    array(\n        'public' => true,\n        'has_archive' => true,\n        'rewrite' => array(\n            \"with_front\" => true\n        ),\n        'cptp_permalink_structure' => '%post_id%'\n    )\n);\u003C\u002Fpre>\n\u003Ch4>Exclude specific post type\u003C\u002Fh4>\n\u003Cpre>add_filter(  'cptp_is_rewrite_supported_by_foo',  '__return_false' );\n\n\u002F\u002F or\n\nadd_filter(  'cptp_is_rewrite_supported', function ( $support , $post_type ) {\n    if ( 'foo' === $post_type ) {\n        return false;\n    }\n    return $support;\n}, 10, 2);\u003C\u002Fpre>\n","Edit the permalink of custom post type.",200000,1713689,71,"2024-10-10T06:12:00.000Z","6.6.5","6.1","7.4",[134,135,49,50,20],"address","custom-post-type","https:\u002F\u002Fgithub.com\u002Ftorounit\u002Fcustom-post-type-permalinks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-type-permalinks.3.5.3.zip",92,{"attackSurface":140,"codeSignals":152,"taintFlows":167,"riskAssessment":168,"analyzedAt":178},{"hooks":141,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":13,"unprotectedCount":13},[142],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","admin_notices","anonymous","_plugin.php",12,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":157,"outputEscaping":159,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":166},[154],{"fn":155,"file":146,"line":147,"context":156},"create_function","add_action('admin_notices', create_function(\"\", 'function(){",{"prepared":13,"raw":13,"locations":158},[],{"escaped":160,"rawEcho":161,"locations":162},6,1,[163],{"file":164,"line":161,"context":165},"views\\admin\\options-general_footer.php","raw output",[],[],{"summary":169,"deductions":170},"The \"aitch-ref\" plugin v0.9.9 exhibits a strong security posture in several key areas.  The absence of any recorded vulnerabilities, including CVEs, is a significant positive indicator.  Furthermore, the plugin demonstrates good practices by utilizing prepared statements for all its SQL queries and achieving a high percentage of properly escaped output.  The static analysis reveals a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and critically, none of these entry points appear to be unprotected.\n\nHowever, there are notable concerns. The presence of the `create_function` function is a critical red flag. While the static analysis did not identify any taint flows, the use of `create_function` is inherently risky as it allows for the dynamic creation of PHP code, which can be a vector for remote code execution if any user-controlled input is passed into it without strict sanitization.  Additionally, the complete lack of nonce checks and capability checks across all potential (though currently non-existent) entry points, coupled with the absence of taint analysis data, suggests a potential blind spot if the plugin were to evolve and introduce user-facing features or interactions in the future. The vulnerability history is excellent, but the static code issues require attention.\n\nIn conclusion, while the plugin is currently very secure due to its limited functionality and lack of known vulnerabilities, the use of `create_function` introduces a significant, albeit theoretical, risk that should be addressed. The absence of security checks like nonces and capabilities indicates a lack of defensive programming that could become problematic if the plugin's attack surface expands.",[171,174,176],{"reason":172,"points":173},"Use of dangerous function: create_function",15,{"reason":175,"points":28},"No nonce checks detected",{"reason":177,"points":28},"No capability checks detected","2026-03-17T00:46:09.068Z",{"wat":180,"direct":189},{"assetPaths":181,"generatorPatterns":184,"scriptPaths":185,"versionParams":186},[182,183],"\u002Fwp-content\u002Fplugins\u002Faitch-ref\u002Faitch-ref.css","\u002Fwp-content\u002Fplugins\u002Faitch-ref\u002Faitch-ref.js",[],[183],[187,188],"aitch-ref.css?ver=","aitch-ref.js?ver=",{"cssClasses":190,"htmlComments":192,"htmlAttributes":194,"restEndpoints":196,"jsGlobals":197,"shortcodeOutput":199},[191],"aitch-ref-container",[193],"\u003C!-- aitch-ref -->\u003C!-- wp_enqueue_script('aitch-ref-js'); -->",[195],"data-aitch-ref-id",[],[198],"aitchRefGlobal",[200],"\u003Cdiv class=\"aitch-ref-container\">"]