[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZOaccVT5RCyeRUsnJH6tanalidGsvPN6W-qOxH-njF8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":136,"fingerprints":274},"bleep-filter","Bleep Filter","1.2","nathanlampe","https:\u002F\u002Fprofiles.wordpress.org\u002Fnathanlampe\u002F","\u003Cp>The Bleep Filter plugin is a free and open source advanced content filtering plugin for WordPress. Commonly used as a bad word filter and swear filter, this plugin offers a variety of applications for your needs. Easily add the words you want to filter out and the plugin will find those words in your blog’s comments, posts, and rss feeds and passively replace them in a variety of styles.\u003C\u002Fp>\n\u003Cp>Using a highly advanced phonetic algorithm, not only is the spelling being detected but also how the word sounds. This makes it much more difficult for mischievous posters to bypass the filter intentionally.\u003C\u002Fp>\n\u003Cp>With the Bleep Filter plugin all you have to do is add your words and the plugin takes care of the rest.\u003C\u002Fp>\n","An advanced word and content filter perfect for passively eliminating profanity and spoilers.",10,2912,100,3,"2014-07-19T21:34:00.000Z","3.9.40","3.5.1","",[20,21,22,23,24],"content-filter","phonetic-filter","profanity-filter","swear-filter","word-filter","http:\u002F\u002Fwww.filterplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbleep-filter.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-05T01:32:29.249Z",[38,56,77,98,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":28,"num_ratings":28,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":18,"tags":50,"homepage":54,"download_link":55,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"post-filter-filter-any-contents-with-specific-words","Post Filter","1.1.0","cupcode","https:\u002F\u002Fprofiles.wordpress.org\u002Fcupcode\u002F","\u003Cp>This plugin searches for words that you have specified and replaces them with other word or changes post status to draft, if found any of them.\u003C\u002Fp>\n\u003Cp>You can choose between “Strict” and “Words Only” modes. If you choose “Strict” this plugins detects “able” in “Enable” and if you choose “Word Only” it detects “able” as a word and finds it a sentence like “Are you able to do this?”\u003C\u002Fp>\n\u003Cp>This plugin searches for blacklisted words in post title, permalink, content and excerpt.\u003C\u002Fp>\n","Post Filter allows you to replace all bad words with good ones in all post types with simple settings and easy to use interface.",1252,"2019-10-26T22:32:00.000Z","5.2.24","1.0.0",[51,52,53,20,22],"bad-word-filter","censor","content-censorship","https:\u002F\u002Fpostfilter.cupcode.ir","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-filter-filter-any-contents-with-specific-words.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":13,"downloaded":64,"rating":13,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":75,"download_link":76,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"string-replacer","String Replacer","1.4.3","BaiatuLuTata","https:\u002F\u002Fprofiles.wordpress.org\u002Fbaiatulutata\u002F","\u003Cp>String Replacer lets you define pairs of strings to search and replace across your WordPress site — including content, post titles, footer text, and outgoing emails. It works instantly and includes a simple admin interface for managing replacements.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Replace strings in:\n\u003Cul>\n\u003Cli>Post \u003Cstrong>titles\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Post \u003Cstrong>content\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Site-wide output (e.g., \u003Cstrong>footer\u003C\u002Fstrong>, \u003Cstrong>widgets\u003C\u002Fstrong>, etc.)\u003C\u002Fli>\n\u003Cli>Outgoing \u003Cstrong>emails\u003C\u002Fstrong> (\u003Ccode>wp_mail()\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Simple \u003Cstrong>admin UI\u003C\u002Fstrong> with:\n\u003Cul>\n\u003Cli>Add\u002Fremove rows\u003C\u002Fli>\n\u003Cli>Live search\u003C\u002Fli>\n\u003Cli>Pagination\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Replaces email addresses and works inside \u003Ccode>mailto:\u003C\u002Fcode> links\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Preserves leading and trailing spaces\u003C\u002Fstrong> in replacement strings\u003C\u002Fli>\n\u003Cli>Supports multilingual and branding replacement use cases\u003C\u002Fli>\n\u003Cli>Fully local, compliant with WordPress plugin guidelines\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>In the admin screen, add one or more rows:\n\u003Cul>\n\u003Cli>“Original String” (e.g., \u003Ccode>Hello\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>“Replacement String” (e.g., \u003Ccode>Bonjour\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Save your changes.\u003C\u002Fli>\n\u003Cli>The plugin will handle replacements in frontend output and emails automatically.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Replace \u003Ccode>support@oldsite.com\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>help@newbrand.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Replace \u003Ccode>Hello\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>Bonjour\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Replace \u003Ccode>ACME Inc.\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>NewCorp\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Replace \u003Ccode>\"Hello \"\u003C\u002Fcode> (with a space) \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>\"Hi \"\u003C\u002Fcode> (space preserved)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters & Extensibility\u003C\u002Fh3>\n\u003Cp>This plugin hooks into:\u003Cbr \u002F>\n– \u003Ccode>the_title\u003C\u002Fcode> and \u003Ccode>the_content\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>template_redirect\u003C\u002Fcode> output buffering\u003Cbr \u002F>\n– \u003Ccode>wp_mail\u003C\u002Fcode> filter (subject, message, and headers)\u003C\u002Fp>\n\u003Cp>Developers can use \u003Ccode>STRIRE_replace_strings( $text )\u003C\u002Fcode> to apply replacements manually in custom contexts.\u003C\u002Fp>\n\u003Ch3>Author\u003C\u002Fh3>\n\u003Cp>Created by \u003Cstrong>Ionut Baldazar\u003C\u002Fstrong>\u003Cbr \u002F>\nGitHub: https:\u002F\u002Fgithub.com\u002Fbaiatulutata\u003Cbr \u002F>\nEmail: baiatulutata@woomag.ro\u003C\u002Fp>\n","Replace any string visible to site visitors or found in outgoing emails—titles, content, footers, and more. Comes with a dynamic admin interface.",956,2,"2025-12-08T08:39:00.000Z","6.9.4","5.0","7.2",[71,20,72,73,74],"admin-tool","email-filter","string-replace","translation","https:\u002F\u002Fgithub.com\u002Fbaiatulutata\u002Fstring-replacer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstring-replacer.1.4.3.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":28,"num_ratings":28,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":96,"download_link":97,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"spam-filter-for-elementor-form","Spam Filter For Elementor Form","1.4","wizbee IT","https:\u002F\u002Fprofiles.wordpress.org\u002Fwizbee\u002F","\u003Cp>Tired of spammy SEO pitches, fake marketing offers, and bot submissions flooding your Elementor Pro forms? By filtering only the message field, you can eliminate up to 95% spam submissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spam Filter For Elementor Form\u003C\u002Fstrong> do that and gives you the control you need to stop them, without relying on external services.\u003C\u002Fp>\n\u003Cp>This plugin filters the input field of your forms to block submissions containing unwanted words, suspicious URLs, or emails from unauthorized domains. You can block all URLs except those from your domain or specific domains you allow. If someone tries to submit a form with a disallowed link, they’ll see a clear error message asking them to remove it.\u003C\u002Fp>\n\u003Cp>Here’s the beauty of it: real visitors who want to share something useful will usually say, “I have a link to share, can you contact me so I can send it?” Spam bots, on the other hand, just drop links and hit submit. That’s where this filter stops them.\u003C\u002Fp>\n\u003Cp>Whether you want to block certain phrases, links, or reject emails from shady domains, this plugin lets you do it easily, right from the WordPress dashboard.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Enable or disable filtering for specific or all Elementor Pro forms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Block messages that contain specific words or patterns.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Reject any submission containing links—except those from allowed domains.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Block or allow email addresses based on domain (whitelist or blocklist mode).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Custom error messages shown directly inside the form.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>No third-party services or APIs—fully local and lightweight.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Built exclusively for Elementor Pro forms.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Perfect for any site owner who’s fed up with form spam and wants a simple, effective way to stop it.\u003C\u002Fp>\n\u003Ch3>How to Use:\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Enable Filtering:\u003C\u002Fstrong>\u003Cbr \u002F>\nGo to \u003Cstrong>Elementor \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Contact Form Filter\u003C\u002Fstrong> and check the “Enable Spam Filter” option.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Target the Right Form:\u003C\u002Fstrong>\u003Cbr \u002F>\nEnter the name of the form you want to filter in the “Form Name” setting. This must match the “Form Name” from your Elementor Pro form settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Set Blocked Words:\u003C\u002Fstrong>\u003Cbr \u002F>\nAdd a list of blocked words (one per line). Any form submission containing these words will be rejected.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Filter URLs:\u003C\u002Fstrong>\u003Cbr \u002F>\nOnly allow URLs from specific domains. Other links will trigger a validation error.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Control Email Domains:\u003C\u002Fstrong>\u003Cbr \u002F>\nEnable email filtering and choose between whitelist or blocklist mode. Add domains or full email addresses to control who can submit the form.\u003C\u002Fp>\n\u003Ch3>Enjoying the Plugin?\u003C\u002Fh3>\n\u003Cp>If you find \u003Cstrong>Spam Filter For Elementor Form\u003C\u002Fstrong> helpful, please consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felementor-form-spam-filter\u002F#reviews\" rel=\"ugc\">review on WordPress.org\u003C\u002Fa>. Your feedback helps us improve and reach more users.\u003C\u002Fp>\n\u003Ch3>Other useful and absolutely free plugins from WizBee IT\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-duplicate-woo-order\u002F\" rel=\"ugc\">Easy Duplicate Woo Order\u003C\u002Fa>: Adds a custom action to duplicate WooCommerce orders easily.\u003Cbr \u002F>\n  \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-product-in-woo-order\u002F\" rel=\"ugc\">Custom Product in Woo Order\u003C\u002Fa>: Add custom one-time items directly to WooCommerce orders without adding them to the catalog.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Visit our website for more at \u003Ca href=\"https:\u002F\u002Fwww.wizbeeit.com\u002F\" rel=\"nofollow ugc\">WizBee IT\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later license. For more information, see https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n","A simple yet powerful plugin that adds advanced spam and content filtration to your Elementor Pro forms.",90,421,"2025-07-24T16:06:00.000Z","6.8.5","6.6","7.8",[92,93,94,95,24],"anti-spam","block-spam","elementor-pro-form","spam-filter","https:\u002F\u002Fwww.wizbeeit.com\u002Fspam-filter-for-elementor-form\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-filter-for-elementor-form.1.4.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":34,"downloaded":106,"rating":107,"num_ratings":33,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":18,"download_link":115,"security_score":116,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"anti-spam-filter-gravity-forms","Anti-Spam Filter for Gravity Forms","1.0.1","teamtp","https:\u002F\u002Fprofiles.wordpress.org\u002Fteamtp\u002F","\u003Cp>\u003Cstrong>Anti-Spam Filter for Gravity Forms\u003C\u002Fstrong> is a lightweight yet powerful tool designed to protect your Gravity Forms from spam submissions. This plugin integrates seamlessly with \u003Cstrong>Gravity Forms\u003C\u002Fstrong> and adds advanced anti-spam features to your form submissions.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: This plugin requires Gravity Forms 2.5 or higher to function properly.\u003C\u002Fp>\n\u003Cp>The plugin automatically detects and filters out spam submissions based on customizable settings. It ensures that only legitimate entries are received by your forms. Whether you’re dealing with keyword-based spam, Cyrillic text, or want to add an extra layer of security, this plugin has you covered.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>:\u003Cbr \u002F>\n– \u003Cstrong>Gravity Forms Integration\u003C\u002Fstrong>: Works seamlessly with Gravity Forms to protect your forms from spam.\u003Cbr \u002F>\n– \u003Cstrong>Keyword-Based Spam Filtering\u003C\u002Fstrong>: Block form submissions containing specified keywords you define.\u003Cbr \u002F>\n– \u003Cstrong>Cyrillic Text Detection\u003C\u002Fstrong>: Automatically filter out submissions with Cyrillic characters, commonly used in spam.\u003Cbr \u002F>\n– \u003Cstrong>Customizable Subject Prefix\u003C\u002Fstrong>: Add a customizable prefix (e.g., “SPAM Alert”) to flagged form submissions.\u003Cbr \u002F>\n– \u003Cstrong>Multiple Form Protection\u003C\u002Fstrong>: Specify which Gravity Forms to protect by defining form IDs.\u003Cbr \u002F>\n– \u003Cstrong>Simple Configuration\u003C\u002Fstrong>: Easy-to-use interface with toggle switches to enable or disable features.\u003C\u002Fp>\n\u003Cp>Ensure your Gravity Forms stay clean, secure, and spam-free with \u003Cstrong>Anti-Spam Filter for Gravity Forms\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the full license at \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","A lightweight anti-spam solution for Gravity Forms that blocks unwanted submissions using keyword filtering and Cyrillic text detection.",625,40,"2025-01-22T10:49:00.000Z","6.7.5","6.5",[92,112,113,114,95],"form-protection","gravity-forms","keyword-filtering","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam-filter-gravity-forms.1.0.1.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":28,"num_ratings":28,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":18,"tags":130,"homepage":134,"download_link":135,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-infobox","WP-Infobox","0.8","windyjonas","https:\u002F\u002Fprofiles.wordpress.org\u002Fwindyjonas\u002F","\u003Cp>Add an info box to posts. Only displayed on single posts pages, You can include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Title\u003C\u002Fli>\n\u003Cli>Lead in, free text below title\u003C\u002Fli>\n\u003Cli>Bullet list, max number of items is configurable\u003C\u002Fli>\n\u003Cli>Copy, free text below list\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use the included css, or put your own wp-infobox.css in your theme directory.\u003C\u002Fp>\n\u003Cp>Requires php5!\u003C\u002Fp>\n","Add an info box to individual posts",20,5630,"2012-07-25T14:19:00.000Z","3.4.2","3.0",[20,131,132,133],"info-box","infobox","more-info","http:\u002F\u002Fjonasnordstrom.se\u002Fplugins\u002Fwp-infobox\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-infobox.0.8.zip",{"attackSurface":137,"codeSignals":227,"taintFlows":237,"riskAssessment":265,"analyzedAt":273},{"hooks":138,"ajaxHandlers":223,"restRoutes":224,"shortcodes":225,"cronEvents":226,"entryPointCount":28,"unprotectedCount":28},[139,146,149,152,154,157,160,163,166,169,172,175,178,181,183,188,191,194,198,200,203,207,210,214,217,220],{"type":140,"name":141,"callback":142,"priority":143,"file":144,"line":145},"filter","the_content","word_filter",50,"phoneticbleepfilter.class.php",15,{"type":140,"name":147,"callback":142,"priority":143,"file":144,"line":148},"the_excerpt",16,{"type":140,"name":150,"callback":142,"priority":143,"file":144,"line":151},"the_title",17,{"type":140,"name":153,"callback":142,"priority":143,"file":144,"line":125},"the_content_rss",{"type":140,"name":155,"callback":142,"priority":143,"file":144,"line":156},"the_excerpt_rss",21,{"type":140,"name":158,"callback":142,"priority":143,"file":144,"line":159},"the_title_rss",22,{"type":140,"name":161,"callback":142,"priority":143,"file":144,"line":162},"comment_text",26,{"type":140,"name":164,"callback":142,"priority":143,"file":144,"line":165},"comment_excerpt",27,{"type":140,"name":167,"callback":142,"priority":143,"file":144,"line":168},"comment_text_rss",31,{"type":140,"name":170,"callback":142,"priority":143,"file":144,"line":171},"comment_excerpt_rss",32,{"type":140,"name":173,"callback":142,"priority":143,"file":144,"line":174},"bbp_get_topic_content",37,{"type":140,"name":176,"callback":142,"priority":143,"file":144,"line":177},"bbp_get_topic_title",38,{"type":140,"name":179,"callback":142,"priority":143,"file":144,"line":180},"bbp_get_reply_content",39,{"type":140,"name":182,"callback":142,"priority":143,"file":144,"line":107},"bbp_get_reply_title",{"type":184,"name":185,"callback":186,"file":187,"line":11},"action","init","register_post_types","wpadmin.class.php",{"type":184,"name":185,"callback":189,"file":187,"line":190},"register_custom_menu",13,{"type":184,"name":192,"callback":193,"file":187,"line":148},"admin_menu","bleep_filter_menu",{"type":184,"name":195,"callback":196,"file":187,"line":197},"admin_init","jquery_admin",19,{"type":184,"name":192,"callback":199,"file":187,"line":159},"register_bleep_filter_settings",{"type":184,"name":192,"callback":201,"file":187,"line":202},"register_bleep_filter_import",25,{"type":140,"name":204,"callback":205,"priority":65,"file":187,"line":206},"plugin_action_links","bleep_filter_words_settings_link",28,{"type":184,"name":208,"callback":209,"file":187,"line":168},"wp_enqueue_scripts","bleep_filter_stylesheet",{"type":184,"name":211,"callback":212,"file":187,"line":213},"add_meta_boxes","add_bleep_replace",34,{"type":184,"name":215,"callback":216,"file":187,"line":174},"save_post","save_replacements",{"type":140,"name":218,"callback":219,"file":187,"line":107},"enter_title_here","change_default_title",{"type":184,"name":195,"callback":221,"file":187,"line":222},"bleep_filter_settings_store",103,[],[],[],[],{"dangerousFunctions":228,"sqlUsage":229,"outputEscaping":231,"fileOperations":33,"externalRequests":28,"nonceChecks":33,"capabilityChecks":65,"bundledLibraries":236},[],{"prepared":28,"raw":28,"locations":230},[],{"escaped":14,"rawEcho":33,"locations":232},[233],{"file":187,"line":234,"context":235},266,"raw output",[],[238,255],{"entryPoint":239,"graph":240,"unsanitizedCount":33,"severity":254},"bleep_filter_import (wpadmin.class.php:259)",{"nodes":241,"edges":251},[242,246],{"id":243,"type":244,"label":245,"file":187,"line":234},"n0","source","$_FILES",{"id":247,"type":248,"label":249,"file":187,"line":234,"wp_function":250},"n1","sink","echo() [XSS]","echo",[252],{"from":243,"to":247,"sanitized":253},false,"medium",{"entryPoint":256,"graph":257,"unsanitizedCount":28,"severity":264},"\u003Cwpadmin.class> (wpadmin.class.php:0)",{"nodes":258,"edges":261},[259,260],{"id":243,"type":244,"label":245,"file":187,"line":234},{"id":247,"type":248,"label":249,"file":187,"line":234,"wp_function":250},[262],{"from":243,"to":247,"sanitized":263},true,"low",{"summary":266,"deductions":267},"The bleep-filter v1.2 plugin exhibits a strong security posture based on the static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface.  Furthermore, the code signals indicate good security practices, with no dangerous functions, all SQL queries using prepared statements, and the presence of nonce and capability checks.  The vulnerability history is also clear, with no known CVEs, suggesting a mature and well-maintained codebase.\n\nHowever, there is one area of concern identified in the taint analysis: a flow with an unsanitized path. While no critical or high severity issues were flagged, this represents a potential entry point for attacks if not properly handled.  The single file operation, without further context, also warrants attention as it could be a vector for malicious activity if not secured.  The output escaping, while mostly proper, has a quarter of outputs not being escaped, which could lead to cross-site scripting vulnerabilities if user-controlled data is displayed without sanitization.\n\nOverall, bleep-filter v1.2 is a securely coded plugin with a clean vulnerability history. The lack of known vulnerabilities and the generally robust security practices are commendable. The primary areas for improvement are addressing the identified unsanitized path flow and ensuring all outputs are properly escaped to mitigate potential XSS risks.",[268,271],{"reason":269,"points":270},"Flow with unsanitized path",8,{"reason":272,"points":14},"Output escaping not fully implemented","2026-03-17T01:00:15.072Z",{"wat":275,"direct":282},{"assetPaths":276,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[277],"\u002Fwp-content\u002Fplugins\u002Fbleep-filter\u002Fcss\u002Fbleep_style.css",[],[],[281],"bleep-filter\u002Fcss\u002Fbleep_style.css?ver=",{"cssClasses":283,"htmlComments":284,"htmlAttributes":285,"restEndpoints":288,"jsGlobals":289,"shortcodeOutput":290},[],[],[286,287],"id=\"bleep_replace_field\"","name=\"bleep_replace_field\"",[],[],[]]