[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMqYjjDehG_fiP3_KpL7ccuS_sHp78tcX_ZetwIUYhr4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":125,"fingerprints":472},"appstore","AppStore Links","4.5.2","Ste-Bi","https:\u002F\u002Fprofiles.wordpress.org\u002Fste-bi\u002F","\u003Cp>Use this Plugin if you are tired in changing URLs and prices on every Link to the AppStore on your page. This plugin updates all Data directly from the Apple Server.  You also can setup caching-times for images and the content. If you have an PHG-ID the plugin automatically creates Affiliate Links to the AppStore.\u003C\u002Fp>\n\u003Cp>You can easily add Links to the Apple AppStore with using [app ##idnumber##] in your posts, pages or comments. The ID number is the number from the official AppStore URL.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>[appimg ##idnumber##] gives you the screenshots!\u003C\u002Fli>\n\u003Cli>[appext ##idnumber##] gives you info, screenshots and a nice border.\u003C\u002Fli>\n\u003Cli>BETA (use with care): You can use something like: [app 307658513]\u003Cstrong>Developer:\u003C\u002Fstrong>{trackname}\u003Cbr \u002F>\n\u003Cstrong>Price:\u003C\u002Fstrong>{price} {dllink}\u003Cbr \u002F>\n[\u002Fapp]\u003C\u002Fli>\n\u003Cli>With these tags: {trackname}, {sellername}, {dllink}, {price}, {stars}, {description}, {artwork100}, {artwork60}\u003Cbr \u002F>\nYou can follow us for news on Twitter: http:\u002F\u002Ftwitter.com\u002FAppStore_plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin for easy linking to (Mac) AppStore Apps. You can use the PGH-ID for automatically creating Affiliate-Links",10,19172,100,2,"2014-02-26T13:00:00.000Z","3.7.41","2.8.0","",[20,4,21,22,23],"affiliate","ipad","iphone","ipod","http:\u002F\u002Ftirolercast.ste-bi.net\u002Fwordpress-plugins\u002Fappstore-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappstore.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"ste-bi",1,30,84,"2026-04-04T16:20:59.097Z",[38,55,72,88,102],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":13,"num_ratings":33,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":18,"tags":50,"homepage":53,"download_link":54,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"appstore-lookup","AppStore Lookup for WordPress","1.5.1","Adam D","https:\u002F\u002Fprofiles.wordpress.org\u002Fadamdionne\u002F","\u003Cp>The AppStore Lookup is a simple WordPress plugin that provides shortcodes for querying Apple’s Lookup API to get app data from iTunes or the Mac AppStore.  You can modify it as you wish, or use the built-in options to make it fit the needs of your site.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lookup and display data from Mac App Store and iPhone\u002FiPad App Store\u003C\u002Fli>\n\u003Cli>Display App icons\u003C\u002Fli>\n\u003Cli>Display App screenshots\u003C\u002Fli>\n\u003Cli>Up-to-date app ratings information\u003C\u002Fli>\n\u003Cli>Add Smart App Banners for iOS mobile Safari\u003C\u002Fli>\n\u003Cli>Use your Linkshare ID for download links and Smart App Banners\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fadamdionne.com\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n","Adds shortcodes that display data from iOS and Mac AppStore applications.",3206,"2017-02-09T21:02:00.000Z","4.7.32","4.0",[4,21,22,51,52],"itunes","mac","http:\u002F\u002Fadamdionne.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappstore-lookup.1.5.1.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":13,"num_ratings":33,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":70,"download_link":71,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"ipad-rubberneck-disrupter","iPad Rubberneck Disrupter","1.0.2","cubecolour","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumeeja\u002F","\u003Cp>When you login to your WordPress site on your iPad, iPhone or iPod Touch, each character of your password will be displayed as you enter it.\u003C\u002Fp>\n\u003Cp>This is not ideal when you login to a WordPress site from your iPad as part of a presentation or screencast, or when you login in a public place and someone might be looking over your shoulder.\u003C\u002Fp>\n\u003Cp>This plugin obscures the password as you type it on your iPad; It causes each character of the password to appear as a plain disc.\u003C\u002Fp>\n\u003Cp>Note:\u003Cbr \u002F>\nThe iPad’s soft keys highlight to indicate a keystroke. If you are presenting on an external screen or projector, in addition to masking the password with this plugin, it is recommended to use a bluetooth keyboard paired to your iPad so that the soft keyboard does not appear on the screen.\u003C\u002Fp>\n","Hides the WordPress login password as it is typed on your iPad or other IOS device.",9653,"2025-06-23T10:00:00.000Z","6.8.5","3.5",[68,21,22,23,69],"ios","password","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fipad-rubberneck-disrupter\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fipad-rubberneck-disrupter.1.0.2.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":81,"num_ratings":33,"last_updated":82,"tested_up_to":16,"requires_at_least":83,"requires_php":18,"tags":84,"homepage":18,"download_link":87,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"push-notifications-ios","Push Notification iOS","0.3","zedamin","https:\u002F\u002Fprofiles.wordpress.org\u002Fzedamin\u002F","\u003Cp>This plugin allows you to send notifications directly from your WordPress site with payload (JSON) to all devices, that have installed your app to notify users about something new.\u003C\u002Fp>\n\u003Cp>Now, go to Installation section to find out how to install and use plugin.\u003C\u002Fp>\n","This plugin allows you to send Push Notifications directly from your WordPress site to your iOS app.",1739,40,"2013-11-22T14:08:00.000Z","3.6",[68,21,22,85,86],"ipod-touch","push-notifications","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpush-notifications-ios.zip",{"slug":89,"name":89,"version":90,"author":89,"author_profile":91,"description":92,"short_description":93,"active_installs":11,"downloaded":94,"rating":27,"num_ratings":27,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":98,"homepage":100,"download_link":101,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp2phone","0.1.6","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp2phone\u002F","\u003Cp>wp2phone plugin allows you to create, design and manage the content of a native iPhone & iPad app, directly in WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Plugin key features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Design & customize the appearance of your app in WordPress (tab bar menu, cell colors, header images).\u003C\u002Fli>\n\u003Cli>Select posts, pages, categories, tags to publish.\u003C\u002Fli>\n\u003Cli>Push notifications on new posts.\u003C\u002Fli>\n\u003Cli>Full integration with WordPress dashboard.\u003C\u002Fli>\n\u003Cli>No programming knowledge required.\u003C\u002Fli>\n\u003Cli>No developer account required.\u003C\u002Fli>\n\u003Cli>Use your Flurry ID to measure the audience of your app.\u003C\u002Fli>\n\u003Cli>Use your AdMob ID to monetize.\u003C\u002Fli>\n\u003Cli>Define your own Ad, pushed on app launch.\u003C\u002Fli>\n\u003Cli>Smart App Banners to promote your app on your website (Safari iOS 6 only).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Your app key features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Universal app (iPhone & iPad).\u003C\u002Fli>\n\u003Cli>Customized app icon.\u003C\u002Fli>\n\u003Cli>Customized splash screen.\u003C\u002Fli>\n\u003Cli>Share content via Facebook, Twitter or Email.\u003C\u002Fli>\n\u003Cli>Support of iOS 4, 5, 6.\u003C\u002Fli>\n\u003Cli>Modify appearance and contents, even when available on the App Store.\u003C\u002Fli>\n\u003Cli>Optimized for iPhone 5.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Full preview of your app available via the free \u003Ca href=\"http:\u002F\u002Fitunes.apple.com\u002Fus\u002Fapp\u002Fwp2phone\u002Fid483679543?mt=8\" rel=\"nofollow ugc\">wp2phone app\u003C\u002Fa> on the App Store.\u003C\u002Fp>\n\u003Cp>wp2phone is an easy, fast, cheap and reliable solution to create your native app.\u003C\u002Fp>\n\u003Cp>For more information visit: \u003Ca href=\"http:\u002F\u002Fwp2phone.com\" rel=\"nofollow ugc\">wp2phone.com\u003C\u002Fa>\u003C\u002Fp>\n","wp2phone plugin allows you to create, design and manage the content of a native iPhone & iPad app, directly in WordPress dashboard.",4559,"2012-10-13T17:47:00.000Z","3.4.2","2.9",[68,99,21,22,23],"ios4","http:\u002F\u002Fwp2phone.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp2phone.0.1.6.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":117,"tags":118,"homepage":122,"download_link":123,"security_score":124,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"multi-device-switcher","Multi Device Switcher","1.8.6","thingsym","https:\u002F\u002Fprofiles.wordpress.org\u002Fthingsym\u002F","\u003Cp>Multi Device Switcher plugin allows you to set a separate theme for device (Smart Phone, Tablet PC, Mobile Phone, Game and custom).\u003Cbr \u002F>\nThis plugin detects if your site is being viewed by UserAgent, and switches to selected theme.\u003Cbr \u002F>\nThe Custom Switcher can add every device.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set a separate theme for device (Smart Phone, Tablet PC, Mobile Phone, Game), switches to selected theme.\u003C\u002Fli>\n\u003Cli>Add every device by the \u003Cstrong>Custom Switcher\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Add links ‘Mobile’ or ‘PC’ in the theme by the \u003Cstrong>PC Switcher\u003C\u002Fstrong>, switch to the default theme.\u003C\u002Fli>\n\u003Cli>Switch the content of the post or page for each device by the \u003Cstrong>Display Switcher\u003C\u002Fstrong> Shortcode.\u003C\u002Fli>\n\u003Cli>Disable the switching of the theme for each url by the \u003Cstrong>Disable Switcher\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Can be using \u003Cstrong>is_multi_device()\u003C\u002Fstrong> function that detect of the device.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi Device Switcher Command\u003C\u002Fstrong> command-line tool (required WP-CLI)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you have any trouble, you can use the forums or report bugs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forum: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmulti-device-switcher\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmulti-device-switcher\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Issues: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher\u002Fissues\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribution\u003C\u002Fh4>\n\u003Cp>Small patches and bug reports can be submitted a issue tracker in Github. Forking on Github is another good way. You can send a pull request.\u003C\u002Fp>\n\u003Cp>Translating a plugin takes a lot of time, effort, and patience. I really appreciate the hard work from these contributors.\u003C\u002Fp>\n\u003Cp>If you have created or updated your own language pack, you can send gettext PO and MO files to author. I can bundle it into plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher\" rel=\"nofollow ugc\">VCS – GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmulti-device-switcher\u002F\" rel=\"ugc\">Homepage – WordPress Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fmulti-device-switcher\" rel=\"nofollow ugc\">Translate Multi Device Switcher into your language.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also contribute by answering issues on the forums.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forum: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmulti-device-switcher\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fmulti-device-switcher\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Issues: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher\u002Fissues\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Patches and Bug Fixes\u003C\u002Fh4>\n\u003Cp>Forking on Github is another good way. You can send a pull request.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Fork \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher\" rel=\"nofollow ugc\">Multi Device Switcher\u003C\u002Fa> from GitHub repository\u003C\u002Fli>\n\u003Cli>Create a feature branch: git checkout -b my-new-feature\u003C\u002Fli>\n\u003Cli>Commit your changes: git commit -am ‘Add some feature’\u003C\u002Fli>\n\u003Cli>Push to the branch: git push origin my-new-feature\u003C\u002Fli>\n\u003Cli>Create new Pull Request\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Contribute guidlines\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, here are some notes and guidlines.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All development happens on the \u003Cstrong>develop\u003C\u002Fstrong> branch, so it is always the most up-to-date\u003C\u002Fli>\n\u003Cli>The \u003Cstrong>master\u003C\u002Fstrong> branch only contains tagged releases\u003C\u002Fli>\n\u003Cli>If you are going to be submitting a pull request, please submit your pull request to the \u003Cstrong>develop\u003C\u002Fstrong> branch\u003C\u002Fli>\n\u003Cli>See about \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Farticles\u002Ffork-a-repo\u002F\" rel=\"nofollow ugc\">forking\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Farticles\u002Fusing-pull-requests\u002F\" rel=\"nofollow ugc\">pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Test Matrix\u003C\u002Fh4>\n\u003Cp>For operation compatibility between PHP version and WordPress version, see below \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher\u002Factions\" rel=\"nofollow ugc\">Github Actions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Known bugs\u003C\u002Fh4>\n\u003Cp>WordPress Core version 6.4 – 6.4.1\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Theme doesn’t switch properly\u003C\u002Fli>\n\u003Cli>Bug report: https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F59847\u003C\u002Fli>\n\u003Cli>It seems to have been caused by a change (breaking change) at https:\u002F\u002Fcore.trac.wordpress.org\u002Fchangeset\u002F56635. The bug is fixed in https:\u002F\u002Fcore.trac.wordpress.org\u002Fchangeset\u002F57129 (fixed in WordPress 6.4.2)\u003C\u002Fli>\n\u003C\u002Ful>\n","Multi Device Switcher plugin allows you to set a separate theme for device (Smart Phone, Tablet PC, Mobile Phone, Game and custom).",20000,290715,86,11,"2025-01-17T07:15:00.000Z","6.7.5","4.9","5.6",[119,21,22,120,121],"android","switcher","theme","https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fmulti-device-switcher","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmulti-device-switcher.1.8.6.zip",92,{"attackSurface":126,"codeSignals":196,"taintFlows":269,"riskAssessment":456,"analyzedAt":471},{"hooks":127,"ajaxHandlers":180,"restRoutes":181,"shortcodes":182,"cronEvents":195,"entryPointCount":169,"unprotectedCount":27},[128,134,139,143,147,151,155,159,162,166,170,174,177],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","admin_menu","AppStore_options","AppStore.php",463,{"type":135,"name":136,"callback":137,"file":132,"line":138},"filter","mce_external_plugins","appstore_register",705,{"type":135,"name":140,"callback":141,"priority":27,"file":132,"line":142},"mce_buttons","appstore_add_button",706,{"type":129,"name":144,"callback":145,"file":132,"line":146},"wp_print_scripts","WPWall_ScriptsAction",708,{"type":129,"name":148,"callback":149,"file":132,"line":150},"wp_head","AppStoreLinks_SetSyle",709,{"type":129,"name":152,"callback":153,"file":132,"line":154},"admin_head","admin_register_head",710,{"type":135,"name":156,"callback":157,"file":132,"line":158},"comment_text","do_shortcode",716,{"type":135,"name":160,"callback":157,"file":132,"line":161},"the_content_rss",717,{"type":135,"name":163,"callback":164,"file":165,"line":14},"rewrite_rules_array","wp_insertAppStoreRewriteRules","rewrite.php",{"type":135,"name":167,"callback":168,"file":165,"line":169},"query_vars","wp_insertAppStoreRewriteQueryVars",3,{"type":135,"name":171,"callback":172,"file":165,"line":173},"init","flushRules",4,{"type":129,"name":148,"callback":175,"file":176,"line":11},"recent_widget_style","widget.php",{"type":129,"name":171,"callback":178,"priority":33,"file":176,"line":179},"wp_AppStoreWidget_init",196,[],[],[183,187,191],{"tag":184,"callback":185,"file":132,"line":186},"app","appstore_process",712,{"tag":188,"callback":189,"file":132,"line":190},"appext","appstore_process_ext",713,{"tag":192,"callback":193,"file":132,"line":194},"appimg","appstore_process_img",714,[],{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":204,"fileOperations":267,"externalRequests":33,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":268},[],{"prepared":199,"raw":33,"locations":200},6,[201],{"file":132,"line":202,"context":203},422,"$wpdb->get_var() with variable interpolation",{"escaped":33,"rawEcho":205,"locations":206},35,[207,211,213,215,217,219,221,223,225,227,230,232,234,236,238,239,240,241,243,244,245,246,248,249,250,252,254,256,257,258,260,262,264,265,266],{"file":208,"line":209,"context":210},"AppFunctions.php",317,"raw output",{"file":208,"line":212,"context":210},320,{"file":208,"line":214,"context":210},322,{"file":208,"line":216,"context":210},324,{"file":132,"line":218,"context":210},352,{"file":132,"line":220,"context":210},395,{"file":132,"line":222,"context":210},670,{"file":132,"line":224,"context":210},678,{"file":132,"line":226,"context":210},686,{"file":228,"line":229,"context":210},"class.imagemask.php",469,{"file":176,"line":231,"context":210},26,{"file":176,"line":233,"context":210},73,{"file":176,"line":235,"context":210},75,{"file":176,"line":237,"context":210},149,{"file":176,"line":237,"context":210},{"file":176,"line":237,"context":210},{"file":176,"line":237,"context":210},{"file":176,"line":242,"context":210},150,{"file":176,"line":242,"context":210},{"file":176,"line":242,"context":210},{"file":176,"line":242,"context":210},{"file":176,"line":247,"context":210},151,{"file":176,"line":247,"context":210},{"file":176,"line":247,"context":210},{"file":176,"line":251,"context":210},155,{"file":176,"line":253,"context":210},159,{"file":176,"line":255,"context":210},165,{"file":176,"line":255,"context":210},{"file":176,"line":255,"context":210},{"file":176,"line":259,"context":210},169,{"file":176,"line":261,"context":210},173,{"file":176,"line":263,"context":210},180,{"file":176,"line":263,"context":210},{"file":176,"line":263,"context":210},{"file":176,"line":263,"context":210},7,[],[270,294,304,417],{"entryPoint":271,"graph":272,"unsanitizedCount":33,"severity":293},"insertStatistik (AppFunctions.php:244)",{"nodes":273,"edges":289},[274,279,283],{"id":275,"type":276,"label":277,"file":208,"line":278},"n0","source","$_SERVER['REMOTE_ADDR']",247,{"id":280,"type":281,"label":282,"file":208,"line":278},"n1","transform","→ get_remote_file()",{"id":284,"type":285,"label":286,"file":208,"line":287,"wp_function":288},"n2","sink","file_get_contents() [SSRF\u002FLFI]",60,"file_get_contents",[290,292],{"from":275,"to":280,"sanitized":291},false,{"from":280,"to":284,"sanitized":291},"medium",{"entryPoint":295,"graph":296,"unsanitizedCount":33,"severity":293},"\u003CAppFunctions> (AppFunctions.php:0)",{"nodes":297,"edges":301},[298,299,300],{"id":275,"type":276,"label":277,"file":208,"line":278},{"id":280,"type":281,"label":282,"file":208,"line":278},{"id":284,"type":285,"label":286,"file":208,"line":287,"wp_function":288},[302,303],{"from":275,"to":280,"sanitized":291},{"from":280,"to":284,"sanitized":291},{"entryPoint":305,"graph":306,"unsanitizedCount":416,"severity":293},"\u003CAppStore> (AppStore.php:0)",{"nodes":307,"edges":400},[308,311,314,317,319,323,325,328,332,336,340,344,346,350,352,356,358,362,364,368,370,374,376,380,382,386,388,392,394,398],{"id":275,"type":276,"label":309,"file":132,"line":310},"$_REQUEST['appid']",323,{"id":280,"type":285,"label":312,"file":132,"line":310,"wp_function":313},"header() [Header Injection]","header",{"id":284,"type":276,"label":315,"file":132,"line":316},"$_REQUEST['appsearch']",327,{"id":318,"type":285,"label":286,"file":132,"line":316,"wp_function":288},"n3",{"id":320,"type":276,"label":321,"file":132,"line":322},"n4","$_REQUEST['searchDetail']",357,{"id":324,"type":285,"label":286,"file":132,"line":322,"wp_function":288},"n5",{"id":326,"type":276,"label":327,"file":132,"line":322},"n6","$_REQUEST",{"id":329,"type":285,"label":330,"file":132,"line":220,"wp_function":331},"n7","echo() [XSS]","echo",{"id":333,"type":276,"label":334,"file":132,"line":335},"n8","$_POST['AppStore_country']",483,{"id":337,"type":285,"label":338,"file":132,"line":335,"wp_function":339},"n9","update_option() [Settings Manipulation]","update_option",{"id":341,"type":276,"label":342,"file":132,"line":343},"n10","$_POST['AppStore_language']",484,{"id":345,"type":285,"label":338,"file":132,"line":343,"wp_function":339},"n11",{"id":347,"type":276,"label":348,"file":132,"line":349},"n12","$_POST['AppStore_picCache']",485,{"id":351,"type":285,"label":338,"file":132,"line":349,"wp_function":339},"n13",{"id":353,"type":276,"label":354,"file":132,"line":355},"n14","$_POST['AppStore_dataCache']",486,{"id":357,"type":285,"label":338,"file":132,"line":355,"wp_function":339},"n15",{"id":359,"type":276,"label":360,"file":132,"line":361},"n16","$_POST['AppStore_dlLinkname']",487,{"id":363,"type":285,"label":338,"file":132,"line":361,"wp_function":339},"n17",{"id":365,"type":276,"label":366,"file":132,"line":367},"n18","$_POST['AppStore_tdlink']",488,{"id":369,"type":285,"label":338,"file":132,"line":367,"wp_function":339},"n19",{"id":371,"type":276,"label":372,"file":132,"line":373},"n20","$_POST['AppStore_style']",489,{"id":375,"type":285,"label":338,"file":132,"line":373,"wp_function":339},"n21",{"id":377,"type":276,"label":378,"file":132,"line":379},"n22","$_POST['AppStore_showRatings']",490,{"id":381,"type":285,"label":338,"file":132,"line":379,"wp_function":339},"n23",{"id":383,"type":276,"label":384,"file":132,"line":385},"n24","$_POST['AppStore_enableStats']",491,{"id":387,"type":285,"label":338,"file":132,"line":385,"wp_function":339},"n25",{"id":389,"type":276,"label":390,"file":132,"line":391},"n26","$_POST['AppStore_customAffURL']",492,{"id":393,"type":285,"label":338,"file":132,"line":391,"wp_function":339},"n27",{"id":395,"type":276,"label":396,"file":132,"line":397},"n28","$_POST['AppStore_PHGToken']",493,{"id":399,"type":285,"label":338,"file":132,"line":397,"wp_function":339},"n29",[401,402,403,404,405,406,407,408,409,410,411,412,413,414,415],{"from":275,"to":280,"sanitized":291},{"from":284,"to":318,"sanitized":291},{"from":320,"to":324,"sanitized":291},{"from":326,"to":329,"sanitized":291},{"from":333,"to":337,"sanitized":291},{"from":341,"to":345,"sanitized":291},{"from":347,"to":351,"sanitized":291},{"from":353,"to":357,"sanitized":291},{"from":359,"to":363,"sanitized":291},{"from":365,"to":369,"sanitized":291},{"from":371,"to":375,"sanitized":291},{"from":377,"to":381,"sanitized":291},{"from":383,"to":387,"sanitized":291},{"from":389,"to":393,"sanitized":291},{"from":395,"to":399,"sanitized":291},15,{"entryPoint":418,"graph":419,"unsanitizedCount":113,"severity":455},"AppStore_options_page (AppStore.php:478)",{"nodes":420,"edges":443},[421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442],{"id":275,"type":276,"label":334,"file":132,"line":335},{"id":280,"type":285,"label":338,"file":132,"line":335,"wp_function":339},{"id":284,"type":276,"label":342,"file":132,"line":343},{"id":318,"type":285,"label":338,"file":132,"line":343,"wp_function":339},{"id":320,"type":276,"label":348,"file":132,"line":349},{"id":324,"type":285,"label":338,"file":132,"line":349,"wp_function":339},{"id":326,"type":276,"label":354,"file":132,"line":355},{"id":329,"type":285,"label":338,"file":132,"line":355,"wp_function":339},{"id":333,"type":276,"label":360,"file":132,"line":361},{"id":337,"type":285,"label":338,"file":132,"line":361,"wp_function":339},{"id":341,"type":276,"label":366,"file":132,"line":367},{"id":345,"type":285,"label":338,"file":132,"line":367,"wp_function":339},{"id":347,"type":276,"label":372,"file":132,"line":373},{"id":351,"type":285,"label":338,"file":132,"line":373,"wp_function":339},{"id":353,"type":276,"label":378,"file":132,"line":379},{"id":357,"type":285,"label":338,"file":132,"line":379,"wp_function":339},{"id":359,"type":276,"label":384,"file":132,"line":385},{"id":363,"type":285,"label":338,"file":132,"line":385,"wp_function":339},{"id":365,"type":276,"label":390,"file":132,"line":391},{"id":369,"type":285,"label":338,"file":132,"line":391,"wp_function":339},{"id":371,"type":276,"label":396,"file":132,"line":397},{"id":375,"type":285,"label":338,"file":132,"line":397,"wp_function":339},[444,445,446,447,448,449,450,451,452,453,454],{"from":275,"to":280,"sanitized":291},{"from":284,"to":318,"sanitized":291},{"from":320,"to":324,"sanitized":291},{"from":326,"to":329,"sanitized":291},{"from":333,"to":337,"sanitized":291},{"from":341,"to":345,"sanitized":291},{"from":347,"to":351,"sanitized":291},{"from":353,"to":357,"sanitized":291},{"from":359,"to":363,"sanitized":291},{"from":365,"to":369,"sanitized":291},{"from":371,"to":375,"sanitized":291},"low",{"summary":457,"deductions":458},"The \"appstore\" plugin version 4.5.2 presents a mixed security posture.  On the positive side, there are no reported vulnerabilities (CVEs) in its history, suggesting a generally stable and well-maintained codebase.  Furthermore, the plugin does not rely on bundled libraries, which can often introduce security risks if outdated.  The majority of SQL queries (86%) utilize prepared statements, indicating a good practice in database interaction to prevent SQL injection.\n\nHowever, significant concerns arise from the static analysis.  The most alarming finding is the complete lack of nonce checks and capability checks across all entry points.  This means that any user, regardless of their privileges, can trigger actions through the plugin's shortcodes.  Additionally, the output escaping is severely lacking, with only 3% of outputs being properly escaped. This opens the door to cross-site scripting (XSS) vulnerabilities, where malicious code could be injected and executed in the user's browser. The taint analysis also identified four flows with unsanitized paths, which, while not classified as critical or high severity, still represent potential security weaknesses in how file paths are handled.\n\nIn conclusion, while the absence of known vulnerabilities is a strong positive, the critical omissions of nonce and capability checks, coupled with poor output escaping and unsanitized path handling, create a substantial attack surface that is not adequately protected. The plugin's reliance on shortcodes as its sole entry point, without any authentication or authorization, is a particularly dangerous oversight that requires immediate attention.",[459,461,463,466,469],{"reason":460,"points":11},"Missing nonce checks on all entry points",{"reason":462,"points":11},"Missing capability checks on all entry points",{"reason":464,"points":465},"Low percentage of properly escaped output",8,{"reason":467,"points":468},"Unsanitized paths found in taint analysis",5,{"reason":470,"points":169},"SQL queries with potential for raw execution (14%)","2026-03-17T00:00:13.111Z",{"wat":473,"direct":481},{"assetPaths":474,"generatorPatterns":478,"scriptPaths":479,"versionParams":480},[475,476,477],"\u002Fwp-content\u002Fplugins\u002Fappstore\u002Fimages\u002Fstars.png","\u002Fwp-content\u002Fplugins\u002Fappstore\u002Fimages\u002Fupdate.png","\u002Fwp-content\u002Fplugins\u002Fappstore\u002FAppStore.php",[],[],[],{"cssClasses":482,"htmlComments":484,"htmlAttributes":486,"restEndpoints":488,"jsGlobals":489,"shortcodeOutput":492},[483],"apps",[485],"\u002F\u002F ToDo: Checken ob Thickbox installiert ist",[487],"data-appstore-id",[],[490,491],"APPSTORE_DL_LINKNAME","PLUGIN_BASE_DIRECTORY",[493,494,495,496,497],"\u003Ca href=\"","\" rel=\"nofollow\" target=\"_blank\" >","\u003C\u002Fa>","\u003Cimg class=\"apps\" src=\"",".png\" alt=\""]