[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIeyrBqMLdR_IW8dWprpdzMOw6CUn1eWv2fap_WBww6I":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":135,"fingerprints":292},"better-plugins","Better Plugins Plugin","1.0.1","Russell Heimlich","https:\u002F\u002Fprofiles.wordpress.org\u002Fkingkool68\u002F","\u003Ch4>Quickly Find the Plugin You’re Looking For on the Plugins Screen\u003C\u002Fh4>\n\u003C\u002Fp>\n\u003Cp>When you have dozens of plugins it can be a pain to find the specific one you’re looking for in a long list. Now you can just start typing and the list of plugins will be filtered showing only the plugin names that match your search.\u003C\u002Fp>\n\u003Ch4>Compare the Active Plugins Between Two Sites\u003C\u002Fh4>\n\u003Cp>Have you ever wanted to compare which plugins are active between two sites? It used to take a lot of brain power. Now after installing this plugin on both sites simply copy and paste a line of text to see hwich plugins need to be activated to make the two sites match.\u003C\u002Fp>\n\u003Cp>If you’re on a multisite network just select the name of the site you want to compare from the drop down.\u003C\u002Fp>\n\u003Ch4>See Which Plugins Are Active on Each Site in a Multisite Network\u003C\u002Fh4>\n\u003Cp>Do you have plugins sitting around that you’re not sure if they’re being used on any sites in a multisite network? Use the Plugins Report feature located under the Network Admin Plugins section to see which sites a plugin is active on. It will even give you a list of plugins that aren’t activated on any site so you can safely delete those unused plugins.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>GitHub\u003C\u002Fstrong>\u003Cbr \u002F>\n  Pull requests and bug reports are \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkingkool68\u002Fwordpress-better-plugins-plugin\" rel=\"nofollow ugc\">welcomed on GitHub\u003C\u002Fa>. Please note GitHub is \u003Cem>not\u003C\u002Fem> a support forum and issues that aren’t properly qualified as bugs will be closed.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","This plugin makes your life easier by providing tools for filtering, comparing, and reporting plugins.",10,3197,100,2,"2015-09-05T03:32:00.000Z","4.3.34","3.0.1","",[20,21,22,23,24],"admin","filtering","management","plugins","tools","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbetter-plugins.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"kingkool68",1,30,84,"2026-04-04T04:59:21.661Z",[38,62,80,100,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":14,"last_vuln_date":61,"fetched_at":29},"administrator-z","Administrator Z","2026.03.02","Quý Lê 91","https:\u002F\u002Fprofiles.wordpress.org\u002Fquyle91\u002F","\u003Cp>Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur? Wordfence code: cki2dia7unnr9q1usvkozrauspcjrnaq\u003C\u002Fp>\n","Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore &hellip;",400,31402,7,"2026-03-02T15:45:00.000Z","6.9.4","6.0","8.0",[54,55,22,24,56],"adminz","custom-tools","wordpress-admin","http:\u002F\u002F#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadministrator-z.zip",49,6,"2025-04-16 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":27,"num_ratings":27,"last_updated":72,"tested_up_to":73,"requires_at_least":18,"requires_php":18,"tags":74,"homepage":18,"download_link":79,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"kd-submissions","KD Submissions","2.0.1","keydigital1","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeydigital1\u002F","\u003Cp>The KD Submissions plugin provides an all-in-one solution for managing and filtering submissions created by Elementor Submissions directly from the WordPress admin panel. It comes with features for efficient submission tracking and status management:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Assign multiple statuses to each submission.\u003C\u002Fli>\n\u003Cli>Filter submissions by form type, status, and creation date.\u003C\u002Fli>\n\u003Cli>Add, edit, or delete custom statuses.\u003C\u002Fli>\n\u003Cli>Include comments for submissions, displayed as customizable pills for clarity.\u003C\u002Fli>\n\u003Cli>Real-time updates for all actions, ensuring a smooth user experience.\u003C\u002Fli>\n\u003Cli>AJAX-powered operations for dynamic functionality without page reloads.\u003C\u002Fli>\n\u003C\u002Ful>\n","An intuitive WordPress plugin for managing submissions created by Elementor Submissions, statuses, and comments with seamless admin tools. ---",90,1321,"2025-12-17T09:16:00.000Z","6.7.5",[75,76,22,77,78],"admin-tools","comments","statuses","submissions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkd-submissions.2.0.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":13,"num_ratings":33,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":18,"download_link":99,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"bulk-delete-users-by-keyword","Bulk Delete Users by Keyword","2.0","Shiek Md Anwar Hussain Mizan (Sheikh MiZan)","https:\u002F\u002Fprofiles.wordpress.org\u002Fsheikhmizanbd\u002F","\u003Cp>The \u003Cstrong>Bulk Delete Users by Keyword\u003C\u002Fstrong> plugin provides administrators with a powerful tool for cleaning up user databases by allowing bulk deletion based on specific keywords. Perfect for removing spam accounts, inactive users, or performing database maintenance.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Advanced keyword filtering across multiple user fields (username, email, display name)\u003Cbr \u002F>\n– Batch processing for handling large user databases efficiently\u003Cbr \u002F>\n– Real-time progress tracking during deletion operations\u003Cbr \u002F>\n– Comprehensive safety warnings and confirmations\u003Cbr \u002F>\n– Customizable batch sizes for optimal performance\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced Functionality in Version 2.0:\u003C\u002Fstrong>\u003Cbr \u002F>\n– AJAX-powered processing for smooth operation\u003Cbr \u002F>\n– Detailed progress reporting\u003Cbr \u002F>\n– Support for multiple search fields\u003Cbr \u002F>\n– Improved user interface\u003Cbr \u002F>\n– Better error handling and notifications\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Core Functionality\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Keyword-based user filtering and deletion\u003C\u002Fli>\n\u003Cli>Batch processing for large datasets\u003C\u002Fli>\n\u003Cli>Multi-field search (username, email, display name, nickname)\u003C\u002Fli>\n\u003Cli>Progress tracking during operations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Safety Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Explicit warning messages\u003C\u002Fli>\n\u003Cli>Confirmation dialogs\u003C\u002Fli>\n\u003Cli>Nonce verification for all operations\u003C\u002Fli>\n\u003Cli>Capability checks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Optimized database queries\u003C\u002Fli>\n\u003Cli>Configurable batch sizes\u003C\u002Fli>\n\u003Cli>Memory-efficient processing\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>GNU General Public License v2.0 or later\u003C\u002Fp>\n\u003Ch3>Privacy Notice\u003C\u002Fh3>\n\u003Cp>This plugin does not collect any user data or transmit information to external servers. All operations occur entirely within your WordPress installation.\u003C\u002Fp>\n","Efficiently manage your WordPress users with keyword-based bulk deletion capabilities.",70,1036,"2025-06-22T10:42:00.000Z","6.8.5","5.5","7.4",[75,95,96,97,98],"bulk-delete","delete-users","keyword-based-deletion","user-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-delete-users-by-keyword.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":27,"num_ratings":27,"last_updated":110,"tested_up_to":50,"requires_at_least":111,"requires_php":93,"tags":112,"homepage":116,"download_link":117,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"multisite-usage-scanner","Multisite Usage Scanner","1.0.2","Dominic Johnson","https:\u002F\u002Fprofiles.wordpress.org\u002Fdominicmiramediacouk\u002F","\u003Cp>Multisite Usage Scanner helps WordPress network administrators audit plugin usage across all sites in a multisite installation.\u003C\u002Fp>\n\u003Cp>It provides a simple admin interface to:\u003Cbr \u002F>\n* List all active plugins per site\u003Cbr \u002F>\n* Identify unused plugins across the network\u003Cbr \u002F>\n* Export usage data for reporting or cleanup\u003C\u002Fp>\n\u003Cp>This tool is especially useful for large networks with legacy plugins or unclear usage patterns.\u003C\u002Fp>\n","Scan your WordPress multisite network to identify which plugins are actively used across sites. Helps admins safely clean up unused plugins.",60,356,"2026-01-01T09:54:00.000Z","5.0",[75,113,114,115],"diagnostics","multisite","plugin-management","https:\u002F\u002Fgithub.com\u002Fdominicjjohnson\u002Fplugin.multisite-usage-scanner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-usage-scanner.1.0.2.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":27,"num_ratings":27,"last_updated":128,"tested_up_to":50,"requires_at_least":129,"requires_php":93,"tags":130,"homepage":133,"download_link":134,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"devbrothers-admin-panel","DevBrothers Admin Panel","1.0.0","DevBrothers","https:\u002F\u002Fprofiles.wordpress.org\u002Flzolotarev\u002F","\u003Cp>DevBrothers Admin Panel is a base plugin for managing the DevBrothers plugin ecosystem. It provides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Single access point to all DevBrothers plugins\u003C\u002Fli>\n\u003Cli>Beautiful and intuitive interface\u003C\u002Fli>\n\u003Cli>Centralized settings management\u003C\u002Fli>\n\u003Cli>Information dashboard with statistics\u003C\u002Fli>\n\u003Cli>Automatic integration with other DevBrothers plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin integrates with Google Translate service when the “DevBrothers Simple Translator” plugin is installed and active. This integration enables language switching functionality in the admin panel header.\u003C\u002Fp>\n\u003Cp>The plugin loads the Google Translate JavaScript library from translate.google.com when the Simple Translator plugin is active. This is used to provide real-time translation of the WordPress admin interface.\u003C\u002Fp>\n\u003Cp>The following data is sent to Google Translate:\u003Cbr \u002F>\n* The page content when a user selects a different language in the admin panel header\u003Cbr \u002F>\n* The selected language preference\u003C\u002Fp>\n\u003Cp>This service is provided by Google LLC: Terms of Service (https:\u002F\u002Fpolicies.google.com\u002Fterms), Privacy Policy (https:\u002F\u002Fpolicies.google.com\u002Fprivacy).\u003C\u002Fp>\n\u003Cp>Note: This external service is only used when the “DevBrothers Simple Translator” plugin is installed and active. If the plugin is not installed, no data is sent to Google Translate.\u003C\u002Fp>\n","Centralized admin panel for all DevBrothers plugins.",20,128,"2025-12-17T12:47:00.000Z","5.8",[20,131,22,23,132],"dashboard","settings","https:\u002F\u002Fdevbrothers.ru\u002Fadmin-panel\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevbrothers-admin-panel.1.0.0.zip",{"attackSurface":136,"codeSignals":160,"taintFlows":226,"riskAssessment":276,"analyzedAt":291},{"hooks":137,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":27,"unprotectedCount":27},[138,144,149,152],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_footer-plugins.php","bpp_plugins_footer","better-plugins-plugin.php",35,{"type":139,"name":145,"callback":146,"file":147,"line":148},"admin_enqueue_scripts","register_admin_styles","bpp-compare-site-plugins.php",17,{"type":139,"name":150,"callback":150,"file":147,"line":151},"admin_menu",18,{"type":139,"name":153,"callback":153,"file":154,"line":155},"network_admin_menu","bpp-plugins-report.php",16,[],[],[],[],{"dangerousFunctions":161,"sqlUsage":166,"outputEscaping":168,"fileOperations":27,"externalRequests":27,"nonceChecks":33,"capabilityChecks":27,"bundledLibraries":225},[162],{"fn":163,"file":147,"line":164,"context":165},"unserialize",127,"$other_sites_plugins = unserialize( base64_decode( $_POST['plugins'] ) );",{"prepared":27,"raw":27,"locations":167},[],{"escaped":48,"rawEcho":169,"locations":170},27,[171,174,176,178,180,182,184,186,188,190,192,194,195,197,199,201,203,205,207,209,211,213,215,217,219,221,223],{"file":147,"line":172,"context":173},106,"raw output",{"file":147,"line":175,"context":173},116,{"file":147,"line":177,"context":173},147,{"file":147,"line":179,"context":173},197,{"file":147,"line":181,"context":173},222,{"file":147,"line":183,"context":173},236,{"file":147,"line":185,"context":173},251,{"file":147,"line":187,"context":173},303,{"file":147,"line":189,"context":173},318,{"file":147,"line":191,"context":173},343,{"file":147,"line":193,"context":173},355,{"file":147,"line":193,"context":173},{"file":147,"line":196,"context":173},391,{"file":147,"line":198,"context":173},392,{"file":147,"line":200,"context":173},393,{"file":147,"line":202,"context":173},394,{"file":154,"line":204,"context":173},61,{"file":154,"line":206,"context":173},66,{"file":154,"line":208,"context":173},134,{"file":154,"line":210,"context":173},136,{"file":154,"line":212,"context":173},137,{"file":154,"line":214,"context":173},160,{"file":154,"line":216,"context":173},162,{"file":154,"line":218,"context":173},173,{"file":154,"line":220,"context":173},176,{"file":154,"line":222,"context":173},196,{"file":154,"line":224,"context":173},198,[],[227,245,263],{"entryPoint":228,"graph":229,"unsanitizedCount":33,"severity":244},"bulk_activate_plugins (bpp-compare-site-plugins.php:289)",{"nodes":230,"edges":241},[231,236],{"id":232,"type":233,"label":234,"file":147,"line":235},"n0","source","$_POST",295,{"id":237,"type":238,"label":239,"file":147,"line":189,"wp_function":240},"n1","sink","echo() [XSS]","echo",[242],{"from":232,"to":237,"sanitized":243},false,"medium",{"entryPoint":246,"graph":247,"unsanitizedCount":27,"severity":262},"\u003Cbpp-compare-site-plugins> (bpp-compare-site-plugins.php:0)",{"nodes":248,"edges":258},[249,251,253,256],{"id":232,"type":233,"label":250,"file":147,"line":164},"$_POST['plugins']",{"id":237,"type":238,"label":252,"file":147,"line":164,"wp_function":163},"unserialize() [Object Injection]",{"id":254,"type":233,"label":255,"file":147,"line":164},"n2","$_POST (x6)",{"id":257,"type":238,"label":239,"file":147,"line":177,"wp_function":240},"n3",[259,261],{"from":232,"to":237,"sanitized":260},true,{"from":254,"to":257,"sanitized":260},"low",{"entryPoint":264,"graph":265,"unsanitizedCount":60,"severity":275},"admin_page_step_2 (bpp-compare-site-plugins.php:125)",{"nodes":266,"edges":272},[267,268,269,271],{"id":232,"type":233,"label":250,"file":147,"line":164},{"id":237,"type":238,"label":252,"file":147,"line":164,"wp_function":163},{"id":254,"type":233,"label":270,"file":147,"line":164},"$_POST (x5)",{"id":257,"type":238,"label":239,"file":147,"line":177,"wp_function":240},[273,274],{"from":232,"to":237,"sanitized":243},{"from":254,"to":257,"sanitized":243},"high",{"summary":277,"deductions":278},"The \"better-plugins\" v1.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query execution, exclusively using prepared statements, and it has no recorded vulnerability history (CVEs), suggesting a potentially stable and well-maintained codebase. The static analysis also indicates a contained attack surface with no direct AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication, and a single nonce check is present.\n\nHowever, significant concerns arise from the code analysis. The presence of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution (RCE) vulnerabilities if used with untrusted input. This is further corroborated by the taint analysis, which identified one high-severity flow with unsanitized paths. Additionally, the plugin has a concerningly low rate of output escaping (21%), meaning a substantial portion of its output might be vulnerable to Cross-Site Scripting (XSS) attacks. The absence of capability checks in the available data also means that potentially sensitive actions might not be properly authorized.\n\nWhile the lack of a vulnerability history is reassuring, it does not negate the inherent risks identified in the code. The `unserialize` function, combined with unsanitized inputs, presents a credible threat. The poor output escaping is a widespread vulnerability that could affect many users. Therefore, despite its strengths in other areas, the plugin requires immediate attention due to these identified risks.",[279,282,285,288],{"reason":280,"points":281},"Unsanitized taint flow with high severity",12,{"reason":283,"points":284},"Use of unserialize function",15,{"reason":286,"points":287},"Low percentage of properly escaped output",8,{"reason":289,"points":290},"No capability checks found",5,"2026-03-17T00:46:39.989Z",{"wat":293,"direct":300},{"assetPaths":294,"generatorPatterns":296,"scriptPaths":297,"versionParams":298},[295],"\u002Fwp-content\u002Fplugins\u002Fbetter-plugins-plugin\u002Fcss\u002Fbpp-compare-site-plugins.css",[],[],[299],"\u002Fwp-content\u002Fplugins\u002Fbetter-plugins-plugin\u002Fcss\u002Fbpp-compare-site-plugins.css?ver=",{"cssClasses":301,"htmlComments":305,"htmlAttributes":306,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":312},[302,303,304],"nav-tab-wrapper","nav-tab","nav-tab-active",[],[307],"onclick=\"this.select()\"",[],[310,311],"jQuery","$",[]]