[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fe8ekJH5iMRC28LIWqMyVvcrETcH0AqOHHx-ddLNsSbg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":241},"apoyl-grabweixin","[Aotuman] Grab WeChat Articles","2.0.0","apoyl","https:\u002F\u002Fprofiles.wordpress.org\u002Fapoyl\u002F","\u003Cp>Enter the WeChat Official Account article link in the editor, click “Grab WeChat Articles,” and the content will be automatically captured into the editor. This makes it very convenient for users to obtain WeChat article content.\u003C\u002Fp>\n\u003Ch3>Feature Overview\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Supports displaying a WeChat article link input field next to the editor\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Supports one-click grabbing of WeChat articles in both the block editor and classic editor\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Supports one-click grabbing of WeChat Official Account articles\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Supports one-click grabbing of images and text from WeChat Official Account articles\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Supports automatic localization and conversion of grabbed images\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of the above features are free. Click to purchase the paid version: \u003Ca href=\"http:\u002F\u002Fwww.girltm.com\u002F\" rel=\"nofollow ugc\">Aotuman Plugin\u003C\u002Fa>\u003Cbr \u002F>\nYou can also contact the developer via QQ: 3201361925 or email: 3201361925@qq.com\u003Cbr \u002F>\nThis plugin hereby declares: It is intended to help users grab compliant and original author-authorized WeChat content. Please do not use the articles for commercial or illegal purposes.\u003C\u002Fp>\n\u003Cp>Recommended Plugin Pairing\u003Cbr \u002F>\nAuto Sync Alibaba Cloud Object Storage OSS: Automatically syncs website images and attachments to Alibaba Cloud Object Storage OSS, separating images\u002Fattachments from website code and distributing traffic to make your website load faster.\u003C\u002Fp>\n","Enter the WeChat Official Account article link in the editor, click \"Grab WeChat Articles,\" and the content will be automatically captured i &hellip;",70,4885,0,"2025-09-29T08:15:00.000Z","6.8.5","6.0","7.4",[19,20,21,22,23],"crawl","grab","wechat-articles","wechat-official-account","weixin","http:\u002F\u002Fwww.girltm.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapoyl-grabweixin.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},27,710,30,94,"2026-04-04T16:12:42.566Z",[37,55,79,106,124],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":52,"download_link":53,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-jpost","WP-JPOST","2.1.0","_jerryjee","https:\u002F\u002Fprofiles.wordpress.org\u002F_jerryjee\u002F","\u003Cp>1、抓取采集网站固定内容并保存到Wordpress中。\u003Cbr \u002F>\n2、自动去除文章中的内链。\u003Cbr \u002F>\n3、可以替换目标站关键词。\u003Cbr \u002F>\n4、支持Linux的Cron，以及Windows的定时以实现自动采集功能。\u003Cbr \u002F>\n网址:https:\u002F\u002Fwww.jiloc.com\u002Fgo\u002Fwp-jpost\u003C\u002Fp>\n\u003Cp>1.Crawl content and store into wordpress.\u003Cbr \u002F>\n2.Auto remove all the content links.\u003Cbr \u002F>\n3.Auto save the content images.\u003Cbr \u002F>\nWebsite:https:\u002F\u002Fwww.jiloc.com\u002Fgo\u002Fwp-jpost\u003C\u002Fp>\n","1、抓取采集网站固定内容并保存到Wordpress中。",10,84526,"2023-04-23T02:46:00.000Z","6.1.10","",[19,51,20],"%e9%87%87%e9%9b%86","https:\u002F\u002Fuziwp.com\u002Fproduct\u002Fwp-jpost","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-jpost.2.1.0.zip",85,{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":77,"download_link":78,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"fast-indexing-api","Instant Indexing for Google","1.1.22","Rank Math SEO","https:\u002F\u002Fprofiles.wordpress.org\u002Frankmath\u002F","\u003Ch3>Get your website’s pages, and content crawled immediately! Use the Instant Indexing plugin to beat your competition and rank higher.\u003C\u002Fh3>\n\u003Cp>★★★★★\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: Google recommends that you use the Indexing API ONLY for Job Posting and Live Streaming websites. However, it works on any type of website and many of our users have seen great results already. Please proceed with caution.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Whether you are a novice blogger or a seasoned SEO – you know the importance of getting into the Google index. It is the very first step before your website can see any organic traffic coming from Google or any other search engine.\u003C\u002Fp>\n\u003Cp>If your pages don’t get indexed, your website is essentially invisible to Google and all the visitors – visitors that would otherwise “see” your website in the search engines.\u003C\u002Fp>\n\u003Cp>So, it is pretty important that your new content gets crawled\u002Findexed fast, and it is equally important for your already published content to get updated in Google as well.\u003C\u002Fp>\n\u003Cp>How do you do one or the other? Or, how about doing them both?\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enter the Instant Indexing plugin by Rank Math\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When you publish new content or update old content on your WordPress website, the Instant Indexing plugin sends a crawl request to Google using the Google Indexing API.\u003C\u002Fp>\n\u003Cp>The result? \u003Cstrong>Almost immediate indexing of your content\u003C\u002Fstrong>. \u003Ca href=\"https:\u002F\u002Frankmath.com\u002Fblog\u002Fgoogle-indexing-api\u002F#proof\" rel=\"nofollow ugc\">Here is an example\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>There are a lot of plus points of having your content instantly crawled and indexed by the search engines, but, here are a few major advantages of using the Instant Indexing plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Rank faster\u003C\u002Fstrong> – Have that awesome content you know users will like? Get it in front of your audience faster.\u003C\u002Fli>\n\u003Cli>Increase your chances of ranking above your competition\u003C\u002Fli>\n\u003Cli>Keep search results up-to-date\u003C\u002Fli>\n\u003Cli>One-time Setup\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Submissions\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Manual Submissions\u003C\u002Fli>\n\u003Cli>Excludes Custom Post Types\u003C\u002Fli>\n\u003Cli>Send request to remove Post from Google SERPs\u003C\u002Fli>\n\u003Cli>Get Current Post Status\u003C\u002Fli>\n\u003Cli>Compatible with Any SEO WordPress Plugin\u003C\u002Fli>\n\u003Cli>Bulk Submissions (Up to 100 URLs)\u003C\u002Fli>\n\u003Cli>Completely FREE.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There is just no reason not to give it a try.\u003C\u002Fp>\n\u003Ch3>ABOUT THE DEVELOPER\u003C\u002Fh3>\n\u003Cp>The Instant Indexing plugin is created by the same brains that are behind the popular \u003Ca href=\"https:\u002F\u002Frankmath.com\u002Fwordpress\u002Fplugin\u002Fseo-suite\u002F\" rel=\"nofollow ugc\">Rank Math SEO\u003C\u002Fa> plugin. We created the Instant Indexing plugin to get your SEO friendly content crawled quickly. This, in turn, helps you rank faster and higher than you would if you didn’t use these plugins.\u003C\u002Fp>\n\u003Ch4>Getting Started:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>1. Setting up the Plugin:\u003C\u002Fstrong> Once you install and activate the Instant Indexing Plugin, head over to \u003Cstrong>Rank Math > Instant Indexing\u003C\u002Fstrong> and configure the settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fs.rankmath.com\u002Fgroupfb\" rel=\"nofollow ugc\">2. Facebook Group:\u003C\u002Fa>\u003C\u002Fstrong> In this group, you will find the team of Rank Math SEO plugin fairly active and ready to answer your SEO related queries.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Frankmath.com\u002Fblog\u002Fgoogle-indexing-api\u002F\" rel=\"nofollow ugc\">3. User Documentation:\u003C\u002Fa>\u003C\u002Fstrong> Although Instant Indexing plugin is already easy to set up, we’ve put together tutorial to help you set up and get started.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fs.rankmath.com\u002Fwp-errors-fixes\" rel=\"nofollow ugc\">4. Fixing Common Errors:\u003C\u002Fa>\u003C\u002Fstrong> Sometimes avoidable or common issues can get you stuck. We’ve created a common guide where we discuss all the common issues and how to fix them.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fs.rankmath.com\u002Fsupport\" rel=\"nofollow ugc\">5. Support Ticket Forum:\u003C\u002Fa>\u003C\u002Fstrong> Our dedicated forum is where you can get support for any issues that you face with Instant Indexing. In the forum, we’ll also try to answer some SEO queries. User experience is important to us, and our aim is to answer all the queries on the forum in a timely manner.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"#faq-header\" rel=\"nofollow ugc\">6. Frequently Asked Questions:\u003C\u002Fa>\u003C\u002Fstrong> Here we’ve answered the most commonly asked questions about Instant Indexing by Rank Math.\u003C\u002Fp>\n","A very efficient yet simple plugin to take care of your indexing woos and helps get your content crawled by search bots instantly.",200000,2514380,72,36,"2025-11-21T09:24:00.000Z","6.6.5","5.6","7.2.5",[72,73,74,75,76],"crawling","fast-indexing","indexing-api","job-posting","live-streaming","https:\u002F\u002Frankmath.com\u002Fwordpress\u002Fplugin\u002Finstant-indexing\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffast-indexing-api.1.1.22.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":101,"download_link":102,"security_score":103,"vuln_count":104,"unpatched_count":13,"last_vuln_date":105,"fetched_at":28},"email-address-encoder","Email Address Encoder","1.0.24","Till Krüss","https:\u002F\u002Fprofiles.wordpress.org\u002Ftillkruess\u002F","\u003Cp>A lightweight plugin that protects plain email addresses and mailto links from email-harvesting robots, by encoding them into decimal and hexadecimal entities. Has an effect on the posts, pages, comments, excerpts, text widgets and other filtered content. Works without JavaScript — just simple spam protection.\u003C\u002Fp>\n\u003Cp>To see whether all your email addresses are properly protected, use the free \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fscanner?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">page scanner\u003C\u002Fa> tool.\u003C\u002Fp>\n\u003Cp>Other content (like phone numbers) can be protected using \u003Ccode>[encode]\u003C\u002Fcode> shortcode:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[encode]+1 (555) 123-4567[\u002Fencode]\n[encode link=\"tel:+15551234567\"]+1 (555) 123-4567[\u002Fencode]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Premium Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full-page protection\u003C\u002Fstrong> that catches all email addresses\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hardened protection\u003C\u002Fstrong> using JavaScript and CSS techniques\u003C\u002Fli>\n\u003Cli>Improved \u003Cstrong>phone number\u003C\u002Fstrong> protection\u003C\u002Fli>\n\u003Cli>Built-in plugin support for \u003Cstrong>ACF\u003C\u002Fstrong>, \u003Cstrong>Jetpack\u003C\u002Fstrong>, \u003Cstrong>WooCommerce\u003C\u002Fstrong> and many others\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check out the \u003Ca href=\"https:\u002F\u002Fencoder.till.im\u002Fdownload?utm_source=wp-plugin&utm_medium=readme\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> version of Email Address Encoder.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fcoderisk.com\u002Fwp\u002Fplugin\u002Femail-address-encoder\u002FRIPS-r0bJqKvBws\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n","A lightweight plugin that protects email addresses from email-harvesting robots, by encoding them into decimal and hexadecimal entities.",100000,1552799,84,160,"2025-01-20T21:35:00.000Z","6.7.5","2.0","5.3",[96,97,98,99,100],"block","crawler","encryption","protection","spam","https:\u002F\u002Fencoder.till.im\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Femail-address-encoder.1.0.24.zip",91,2,"2024-08-26 00:00:00",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":87,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":94,"requires_php":119,"tags":120,"homepage":122,"download_link":123,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"indexnow","IndexNow Plugin","1.0.3","bingwebmastertools","https:\u002F\u002Fprofiles.wordpress.org\u002Fbingwebmastertools\u002F","\u003Cp>IndexNow Plugin for WordPress enables automated submission of URLs from WordPress sites to the multiple search engines without the need to register and verify your site with them. Once installed, the plugin will automatically generate and host the API key on your site. It detects page creation\u002Fupdate\u002F deletion in WordPress and automatically submits the URLs in the background. This ensures that search engines will always have the latest updates about your site. This plugin submits URLs to a generic end point \u003Ccode>https:\u002F\u002Fapi.indexnow.org\u002Findexnow\u003C\u002Fcode> and these URLs are shared to all participating search engines.\u003C\u002Fp>\n\u003Cp>Some other handy features included in the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Toggle the automatic submission feature.\u003C\u002Fli>\n\u003Cli>Manually submit a URL to IndexNow.\u003C\u002Fli>\n\u003Cli>View list of recent URL submissions from the plugin.\u003C\u002Fli>\n\u003Cli>Retry any failed submissions from the recent submissions list.\u003C\u002Fli>\n\u003Cli>Download recent URL submissions for analysis.\u003C\u002Fli>\n\u003Cli>Status on recent successful and failed submissions.\u003C\u002Fli>\n\u003Cli>View IndexNow insights and more in Bing Webmaster tools.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can browse the code at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Findexnow-wordpress-plugin\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin was developed with love and coffee by the Bing Webmaster team.\u003C\u002Fp>\n","IndexNow Plugin for WordPress enables site owners to instantly and automatically submit their new\u002Fupdated pages to supporting search engines.",555138,64,43,"2026-02-03T12:18:00.000Z","6.9.4","5.6.20",[72,121],"seo","https:\u002F\u002Fwww.bing.com\u002Fwebmaster","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Findexnow.zip",{"slug":125,"name":126,"version":127,"author":110,"author_profile":111,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":118,"requires_at_least":94,"requires_php":119,"tags":135,"homepage":122,"download_link":136,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bing-webmaster-tools","Bing URL Submissions Plugin","1.0.13","\u003Cp>\u003Cstrong>Boost your site’s visibility with IndexNow! Submit URL updates instantly to Bing and other search engines for faster indexing. \u003Ca href=\"https:\u002F\u002Fwww.indexnow.org\u002F\" rel=\"nofollow ugc\">Learn More about IndexNow\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Bing URL Submission Plugin for WordPress enables automated submission of URLs from WordPress sites to the Bing index. Once installed and configured with an API key obtained from Bing Webmaster portal, the plugin detects page creation\u002Fupdate in WordPress and automatically submits the URL behind the scenes ensuring that the site pages are always fresh in the Bing index.\u003C\u002Fp>\n\u003Cp>Additionally, for an even faster and more efficient way to keep your site indexed, we recommend exploring \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Findexnow\u002F\" rel=\"ugc\">IndexNow\u003C\u002Fa>. By leveraging the power of this API, your WordPress site can instantly notify Bing and other search engines about new or updated content, accelerating the indexing process. It’s an excellent way to enhance your site’s visibility across multiple search engines in real-time, complementing the Bing URL Submission Plugin’s functionality.\u003C\u002Fp>\n\u003Cp>Some other handy features included in the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Toggle the automatic submission feature.\u003C\u002Fli>\n\u003Cli>Manually submit a URL to Bing Index.\u003C\u002Fli>\n\u003Cli>View list of recent URL submissions from the plugin.\u003C\u002Fli>\n\u003Cli>Retry any failed submissions from the recent submissions list.\u003C\u002Fli>\n\u003Cli>Download recent URL submissions for analysis.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can browse the code at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fbing-wordpress-url-submission-plugin\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This plugin was developed with love and coffee by the Bing Webmaster team.\u003C\u002Fp>\n\u003Cp>This plugin currently does not support WordPress multisite feature.\u003C\u002Fp>\n","Bing URL Submission Plugin for WordPress enables site owners to instantly and automatically submit their new\u002Fupdated pages to the Bing index.",40000,322028,66,21,"2026-02-03T12:28:00.000Z",[72,121],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbing-webmaster-tools.zip",{"attackSurface":138,"codeSignals":161,"taintFlows":181,"riskAssessment":228,"analyzedAt":240},{"hooks":139,"ajaxHandlers":152,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":160,"unprotectedCount":160},[140,146,149],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","plugins_loaded","anonymous","includes\\grabweixin.php",44,{"type":141,"name":147,"callback":143,"file":144,"line":148},"admin_menu",50,{"type":141,"name":150,"callback":143,"file":144,"line":151},"admin_init",52,[153],{"action":154,"nopriv":155,"callback":143,"hasNonce":155,"hasCapCheck":155,"file":144,"line":156},"apoyl_grabweixin_ajax",false,53,[],[],[],1,{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":13,"externalRequests":160,"nonceChecks":160,"capabilityChecks":13,"bundledLibraries":180},[],{"prepared":13,"raw":13,"locations":164},[],{"escaped":166,"rawEcho":167,"locations":168},9,4,[169,172,175,178],{"file":170,"line":34,"context":171},"admin\\admin.php","raw output",{"file":173,"line":174,"context":171},"admin\\partials\\editorsetting.php",14,{"file":176,"line":177,"context":171},"admin\\partials\\setting.php",23,{"file":176,"line":179,"context":171},31,[],[182,205,215],{"entryPoint":183,"graph":184,"unsanitizedCount":160,"severity":204},"apoyl_grabweixin_ajax (admin\\admin.php:75)",{"nodes":185,"edges":201},[186,191,195],{"id":187,"type":188,"label":189,"file":170,"line":190},"n0","source","$_POST",80,{"id":192,"type":193,"label":194,"file":170,"line":190},"n1","transform","→ httpGet()",{"id":196,"type":197,"label":198,"file":170,"line":199,"wp_function":200},"n2","sink","wp_remote_get() [SSRF]",111,"wp_remote_get",[202,203],{"from":187,"to":192,"sanitized":155},{"from":192,"to":196,"sanitized":155},"medium",{"entryPoint":206,"graph":207,"unsanitizedCount":160,"severity":204},"\u003Cadmin> (admin\\admin.php:0)",{"nodes":208,"edges":212},[209,210,211],{"id":187,"type":188,"label":189,"file":170,"line":190},{"id":192,"type":193,"label":194,"file":170,"line":190},{"id":196,"type":197,"label":198,"file":170,"line":199,"wp_function":200},[213,214],{"from":187,"to":192,"sanitized":155},{"from":192,"to":196,"sanitized":155},{"entryPoint":216,"graph":217,"unsanitizedCount":13,"severity":227},"\u003Csetting> (admin\\partials\\setting.php:0)",{"nodes":218,"edges":224},[219,220],{"id":187,"type":188,"label":189,"file":176,"line":174},{"id":192,"type":197,"label":221,"file":176,"line":222,"wp_function":223},"update_option() [Settings Manipulation]",17,"update_option",[225],{"from":187,"to":192,"sanitized":226},true,"low",{"summary":229,"deductions":230},"The \"apoyl-grabweixin\" v2.0.0 plugin presents a mixed security posture.  While it shows strengths such as the absence of known CVEs and a complete lack of raw SQL queries, indicating good practices in database interaction, there are significant concerns regarding its attack surface and input sanitization.  The presence of one unprotected AJAX handler is a critical vulnerability, as it represents a direct entry point for malicious actors without any authentication or authorization checks. Furthermore, the taint analysis revealed two flows with unsanitized paths, suggesting potential for code injection or data manipulation if these flows are triggered by user-supplied input.  The output escaping, while not entirely poor, is not perfect, with a substantial percentage of outputs not being properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities.\n\nThe plugin's vulnerability history being completely clear is a positive indicator, suggesting either robust development practices or a lack of targeted attacks thus far. However, this history does not negate the immediate risks identified in the static analysis. The absence of capability checks on the AJAX handler is a critical oversight. The plugin demonstrates strengths in areas like SQL handling and a clean CVE record, but the unprotected AJAX endpoint and unsanitized input paths are significant weaknesses that require immediate attention to mitigate potential exploitation.",[231,233,235,237],{"reason":232,"points":45},"Unprotected AJAX handler",{"reason":234,"points":45},"Flows with unsanitized paths",{"reason":236,"points":167},"Insufficient output escaping",{"reason":238,"points":239},"Missing capability checks on AJAX",5,"2026-03-16T21:34:10.455Z",{"wat":242,"direct":250},{"assetPaths":243,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[244,245],"\u002Fwp-content\u002Fplugins\u002Fapoyl-grabweixin\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fapoyl-grabweixin\u002Fadmin\u002Fjs\u002Fadmin.js",[],[],[249],"apoyl-grabweixin?ver=",{"cssClasses":251,"htmlComments":253,"htmlAttributes":254,"restEndpoints":256,"jsGlobals":258,"shortcodeOutput":259},[252],"apoyl-grabweixin-editor-url",[],[255],"id=\"apoyl-grabweixin-editor-url\"",[257],"\u002Fwp-json\u002Fapoyl-grabweixin\u002Fv1\u002Fsome-endpoint",[],[]]