[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbrHHsg6G9zw0Fz4QJS2cJJbRcyaW5wu6EDJLLkAeEgk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":140,"fingerprints":288},"blog-voyeur","Blog Voyeur","0.2","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>Use the cookie left after someone leaves a comment to identify their future visits to your blog.\u003C\u002Fp>\n","Log by name where and when users visit your blog.",10,4559,0,"2007-12-23T21:56:00.000Z","2.3.1","",[18,19,20,21],"log","privacy","stats","user","http:\u002F\u002Focaoimh.ie\u002Fblog-voyeur\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblog-voyeur.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"donncha",12,31620,91,4657,73,"2026-04-04T14:30:54.994Z",[37,59,79,95,113],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":16,"tags":52,"homepage":57,"download_link":58,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"chap-secure-login","Chap Secure Password Login","1.6.6","Enrico Rossomando","https:\u002F\u002Fprofiles.wordpress.org\u002Fredsend\u002F","\u003Cp>Whenever you try to login into your website, you can use this plugin to trasmit your password encrypted. The encryption process is done by the Chap protocol; this is particularly useful when you can’t use ssl or other kinds of secure protocols. By activating the ChapSecureLogin plugin, the only information transmitted unencrypted is the username; password is hided with a random number (nonce) generated by the session – and opportunely transformed by the SHA-256 algorithm.\u003Cbr \u002F>\nIn the first login there will be an error, but don’t worry is only a tecnical error. Indeed in the next login’s operation, if the values are correct, there will not be errors, but you give mind because the password will sended in unencrypted way.\u003Cbr \u002F>\nIf you want more details about this algorithm, check \u003Ca href=\"http:\u002F\u002Fwww.devarticles.com\u002Fc\u002Fa\u002FJavaScript\u002FBuilding-a-CHAP-Login-System-An-ObjectOriented-Approach\u002F\" rel=\"nofollow ugc\">“Building a CHAP Login System”\u003C\u002Fa>.\u003Cbr \u002F>\nThis is a zero-configuration plugin.\u003C\u002Fp>\n\u003Cp>Enrico Rossomando (redsend) this is my blog about programming, gaming and startup > \u003Ca href=\"https:\u002F\u002Fwww.mrred.it\u002F\" title=\"Blog about programming, gaming and startup\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.mrred.it\u003C\u002Fa>\u003C\u002Fp>\n","Do not show password, during login, on an insecure channel (without SSL). Use a SHA-256 hash algorithm.",700,58331,62,8,"2020-06-07T08:21:00.000Z","5.4.19","2.5",[53,54,55,19,56],"admin","login","password","username","https:\u002F\u002Fwww.mrred.it\u002Fchap-secure-login-a-wordpress-plugin-for-secure-password-authentication\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchap-secure-login.1.6.6.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":16,"tags":74,"homepage":77,"download_link":78,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"force-user-login-multisite","Force User Login Multisite","1.2.1","jamesdlow","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamesdlow\u002F","\u003Cp>Makes your wordpress blog private unless the user is logged in, optionally setting a minium user level. Modified from https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fforce-user-login\u002F\u003C\u002Fp>\n","Makes your wordpress blog private unless the user is logged in, optionally setting a minium user level. Modified from http:\u002F\u002Fwordpress.",20,5906,100,1,"2023-10-24T09:26:00.000Z","3.2.1","3.0.0",[75,54,55,19,76],"force-user-login","private","http:\u002F\u002Fjameslow.com\u002F2011\u002F10\u002F11\u002Fforce-user-login-multisite\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforce-user-login-multisite.1.2.1.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":13,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":16,"download_link":94,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"encrypt-my-login-password","Encrypt My Login Password","1.0.0","himansu1","https:\u002F\u002Fprofiles.wordpress.org\u002Fhimansu1\u002F","\u003Cp>Whenever you try to login into your website, you can use this plugin to encrypt your password.\u003C\u002Fp>\n","Do not show password on login page.",915,"2021-10-23T03:27:00.000Z","5.8.13","4.9","5.6",[53,54,93,19,56],"password-encryption","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fencrypt-my-login-password.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":13,"downloaded":103,"rating":13,"num_ratings":13,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":111,"download_link":112,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"stats-for-wp","Stats for WP","1.0.3","statsforwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fstatsforwp\u002F","\u003Cp>Stats for WP can help admin understand better about how users use your site, you will know each users view logs \u002F view history in backend, it is helpful to know why users stay on your site and why users go away, which page is user interesting on your site. When users logged in your site, we will log user ID, view pages, referrers URL, user IP, user agent, … and so on, if user did not logged in your site, we will show user ID as 0.\u003C\u002Fp>\n\u003Cp>stats for WP  plugin will not trace bots, spiders, crawlers.\u003C\u002Fp>\n\u003Cp>We are still add more features for help you use the stats plugin more easier and get more informations in backend. Any feature request is very welcome.\u003C\u002Fp>\n","When users view your site, we will log user ID, view pages, referrers URL, user IP, user agent, ... and so on, to admin you understand how users worki &hellip;",971,"2018-07-18T13:29:00.000Z","4.9.29","3.2","5.2.4",[109,20,110],"logs","user-stats","https:\u002F\u002Fgithub.com\u002Fstatsforwp\u002FStats-for-WP","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstats-for-wp.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":135,"download_link":136,"security_score":137,"vuln_count":138,"unpatched_count":13,"last_vuln_date":139,"fetched_at":26},"simple-history","Simple History – Track, Log, and Audit WordPress Changes","5.24.1","Pär Thernström","https:\u002F\u002Fprofiles.wordpress.org\u002Feskapism\u002F","\u003Cp>Trusted by 300,000+ WordPress sites, rated 4.9 stars with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-history\u002Freviews\u002F?filter=5\" rel=\"ugc\">430+ five-star reviews\u003C\u002Fa>, actively developed for 10+ years, and translated into 15+ languages.\u003C\u002Fp>\n\u003Cp>Simple History is the complete audit log for WordPress. It tracks every meaningful change — content edits, user logins, plugin updates, security events, and more — so site owners, teams, agencies, and developers always know who did what and when. Just install and activate; no configuration required.\u003C\u002Fp>\n\u003Ch3>🔍 How Simple History Helps in Real Situations\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Track what’s happening on your site\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“Has anyone done anything today? Ah, Sarah uploaded the new press release and created an article for it. Great — now I don’t have to do that.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Identify issues and debug faster\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“The site feels slow since yesterday. Has anyone done anything special? … Ah, Steven activated ‘naughty-plugin-x’, that must be it.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Keep freelancers & agencies accountable\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“I hired a developer to optimize my site. But did they actually do anything? A quick glance at Simple History shows me exactly what they worked on.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spot suspicious activity early\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cem>“I see three failed logins from an unfamiliar IP address overnight. Let me click the IP to check all activity from that address — just those attempts, nothing else. Good to know.”\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>✨ What Simple History Tracks\u003C\u002Fh3>\n\u003Ch4>Security & Monitoring\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Failed user logins with IP tracking and filtering by type (wrong password vs. non-existent username)\u003C\u002Fli>\n\u003Cli>Core file integrity checks against official checksums\u003C\u002Fli>\n\u003Cli>Forced security auto-updates from WordPress.org\u003C\u002Fli>\n\u003Cli>Site Health status changes\u003C\u002Fli>\n\u003Cli>Admin page access denied events\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Content & Users\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Posts, pages, and custom post types — create, edit, delete, and homepage assignment\u003C\u002Fli>\n\u003Cli>Attachments with image edit details (crop, rotate, flip, scale) and thumbnail previews\u003C\u002Fli>\n\u003Cli>Taxonomies with detailed diffs of name, slug, description, and parent\u003C\u002Fli>\n\u003Cli>Comments, menus (with item-level detail), and widgets\u003C\u002Fli>\n\u003Cli>User profiles, logins, logouts, and role changes\u003C\u002Fli>\n\u003Cli>Notes — the collaboration feature in WordPress 6.9\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>System & Updates\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Plugin lifecycle: install, update, activate, deactivate, delete, and auto-update toggle\u003C\u002Fli>\n\u003Cli>Theme install, update, activate, switch, and delete\u003C\u002Fli>\n\u003Cli>WordPress core updates (manual and automatic)\u003C\u002Fli>\n\u003Cli>Translation and language pack updates\u003C\u002Fli>\n\u003Cli>Available update notifications\u003C\u002Fli>\n\u003Cli>Settings and option screen changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy & Compliance\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Privacy data export and user data erasure requests\u003C\u002Fli>\n\u003Cli>Privacy page changes\u003C\u002Fli>\n\u003Cli>IP addresses anonymized by default — no cookies, no external fonts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔌 Built-in Third-Party Plugin Support\u003C\u002Fh3>\n\u003Cp>Simple History includes built-in logging for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Jetpack\u003C\u002Fstrong> – Module activations and deactivations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Custom Fields (ACF)\u003C\u002Fstrong> – Field group and field changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User Switching\u003C\u002Fstrong> – User switch events\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP Crontrol\u003C\u002Fstrong> – Cron event and schedule changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enable Media Replace\u003C\u002Fstrong> – File replacement details\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Limit Login Attempts\u003C\u002Fstrong> – Login attempts, lockouts, and config changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection\u003C\u002Fstrong> – Redirect and group changes, global settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Duplicate Post\u003C\u002Fstrong> – Post and page cloning\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Beaver Builder\u003C\u002Fstrong> – Layout, template, and settings saves\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Is your plugin missing? Plugin authors can add support using the \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fdocs\u002Flogging-api\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_logging_api\" rel=\"nofollow ugc\">logging API\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>💬 What Users Say\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-history\u002Freviews\u002F?filter=5\" rel=\"ugc\">430+ five-star reviews\u003C\u002Fa> on WordPress.org:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>“So far the best and most comprehensive logging plugin”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fso-far-the-best-and-most-comprehensive-logging-plugin\u002F\" rel=\"ugc\">@herrschuessler\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“The best history plugin I’ve found”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-best-history-plugin-ive-found\u002F\" rel=\"ugc\">Rich Mehta\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“Fantastic plugin I use on all sites”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Ffantastic-plugin-i-use-on-all-sites\u002F\" rel=\"ugc\">Duncan Michael-MacGregor\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cem>“It is a standard plugin for all of our sites”\u003C\u002Fem> – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-is-a-standard-plugin-for-all-of-our-sites\u002F\" rel=\"ugc\">Mr Tibbs\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🚀 View Your Log Everywhere\u003C\u002Fh3>\n\u003Cp>Simple History starts tracking instantly after activation — no setup needed. It even imports recent activity so your log isn’t empty on day one. Access your log from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Dashboard widget\u003C\u002Fstrong> – Activity stats summary and recent events\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bar quick view\u003C\u002Fstrong> – Dropdown with latest events on any admin page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Command palette\u003C\u002Fstrong> – Type “Simple History” to jump to the log for the current post\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dedicated admin page\u003C\u002Fstrong> – Full log with search, filters, and insights sidebar\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email reports\u003C\u002Fstrong> – Weekly summary delivered to your inbox\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS feed\u003C\u002Fstrong> – Password-protected feed for your favorite reader\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI\u003C\u002Fstrong> – Command-line access for automation and scripting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API\u003C\u002Fstrong> – Programmatic access for custom integrations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>📧 Weekly Email Reports – Stay Informed Without Logging In\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Ffeatures\u002Femail-reports-weekly\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_email_reports\" rel=\"nofollow ugc\">Weekly email reports\u003C\u002Fa> deliver a summary of your site’s activity every Monday morning — total activity, daily breakdown, key metrics (logins, content updates, plugin changes), and direct links to the full log.\u003C\u002Fp>\n\u003Cp>Perfect for site owners, agencies managing client sites, and teams who need regular updates without logging in. Enable it in settings and \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Ffeatures\u002Femail-reports-weekly\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_email_reports#example\" rel=\"nofollow ugc\">see what the email looks like\u003C\u002Fa> before turning it on.\u003C\u002Fp>\n\u003Ch3>🛠️ For Developers & Power Users\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>WP-CLI\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Ffeatures\u002Fwp-cli-commands\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_wp_cli_commands\" rel=\"nofollow ugc\">List, search, and export events\u003C\u002Fa> from the command line — perfect for automation and managing multiple sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API\u003C\u002Fstrong> – Full programmatic access to query the log and add custom events. See the \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fdocs\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_overview\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logging API\u003C\u002Fstrong> – \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fdocs\u002Flogging-api\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_logging_api\" rel=\"nofollow ugc\">Log your own events\u003C\u002Fa> from themes and plugins with a single line of code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS feed\u003C\u002Fstrong> – Subscribe to changes using any feed reader\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AI & agent-friendly\u003C\u002Fstrong> – The REST API and RSS feed make Simple History accessible to AI agents and automated workflows like Claude Code\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stealth Mode\u003C\u002Fstrong> – Run Simple History completely hidden from the admin interface via code; \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fpremium?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_stealth_mode\" rel=\"nofollow ugc\">Premium\u003C\u002Fa> adds a GUI. Ideal for agencies and client sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔆 Extend with Add-ons\u003C\u002Fh3>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fpremium?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=documentation&utm_content=readme_doc_premium\" rel=\"nofollow ugc\">Simple History Premium\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Alerts & Notifications\u003C\u002Fstrong> – Get notified instantly via Email, Slack, Discord, or Telegram when important events occur. Start quickly with preset rules for common scenarios or build custom rules filtered by event type, user, role, and log level.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Log Forwarding\u003C\u002Fstrong> – Stream events to external destinations: local log files, syslog servers (UDP\u002FTCP\u002FTLS), Datadog, Splunk, webhooks, or external MySQL\u002FMariaDB databases. Perfect for centralized logging, compliance, and backup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced Controls\u003C\u002Fstrong> – Custom retention periods (or keep logs forever), CSV\u002FJSON export of filtered search results, post activity panel in the block editor, custom log entries for team decisions, stealth mode GUI, logger control to fine-tune which events are recorded, and an ad-free experience.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fwoocommerce\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=addons&utm_content=readme_addon_woocommerce\" rel=\"nofollow ugc\">WooCommerce Logger\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Track WooCommerce activity: orders, refunds, stock changes, product updates, pricing adjustments, settings modifications, and coupon usage.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fadd-ons\u002Fdebug-and-monitor\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=addons&utm_content=readme_addon_debug_monitor\" rel=\"nofollow ugc\">Debug and Monitor\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Monitor outgoing HTTP requests and emails, debug API calls, and see what’s happening under the hood. Essential for developers and support teams.\u003C\u002Fp>\n\u003Ch3>💚 Sponsor this project\u003C\u002Fh3>\n\u003Cp>If you like this plugin please consider \u003Ca href=\"https:\u002F\u002Fsimple-history.com\u002Fsponsor\u002F?utm_source=wordpress_org&utm_medium=plugin_directory&utm_campaign=sponsorship&utm_content=readme_sponsor_footer\" rel=\"nofollow ugc\">sponsoring the development of the free plugin\u003C\u002Fa>. The plugin has been free for over 10 years and will continue to be free.\u003C\u002Fp>\n","Track changes and user activities on your WordPress site. See who created a page, uploaded an attachment, and more, for a complete audit trail.",300000,11308682,98,461,"2026-03-14T20:29:00.000Z","6.9.4","6.3","7.4",[130,131,132,133,134],"activity","audit-log","event-log","history","user-tracking","https:\u002F\u002Fsimple-history.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-history.5.24.1.zip",96,4,"2025-06-05 21:58:10",{"attackSurface":141,"codeSignals":170,"taintFlows":211,"riskAssessment":272,"analyzedAt":287},{"hooks":142,"ajaxHandlers":166,"restRoutes":167,"shortcodes":168,"cronEvents":169,"entryPointCount":13,"unprotectedCount":13},[143,149,153,157,161],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","admin_menu","voyeur_add_pages","voyeur.php",56,{"type":144,"name":150,"callback":151,"file":147,"line":152},"init","voyeur_log_cookies",146,{"type":144,"name":154,"callback":155,"file":147,"line":156},"comment_form","voyeur_comment_form",153,{"type":144,"name":158,"callback":159,"file":147,"line":160},"wp_footer","voyeur_footer",167,{"type":162,"name":163,"callback":164,"file":147,"line":165},"filter","the_content","voyeur_feed",204,[],[],[],[],{"dangerousFunctions":171,"sqlUsage":172,"outputEscaping":194,"fileOperations":70,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":210},[],{"prepared":13,"raw":48,"locations":173},[174,177,180,182,185,187,190,192],{"file":147,"line":175,"context":176},32,"$wpdb->get_var() with variable interpolation",{"file":147,"line":178,"context":179},71,"$wpdb->get_results() with variable interpolation",{"file":147,"line":181,"context":179},80,{"file":147,"line":183,"context":184},95,"$wpdb->get_row() with variable interpolation",{"file":147,"line":186,"context":176},125,{"file":147,"line":188,"context":189},136,"$wpdb->query() with variable interpolation",{"file":147,"line":191,"context":184},181,{"file":147,"line":193,"context":179},185,{"escaped":13,"rawEcho":195,"locations":196},7,[197,200,202,204,205,207,209],{"file":147,"line":198,"context":199},65,"raw output",{"file":147,"line":201,"context":199},110,{"file":147,"line":203,"context":199},161,{"file":147,"line":203,"context":199},{"file":147,"line":206,"context":199},186,{"file":147,"line":208,"context":199},190,{"file":147,"line":208,"context":199},[],[212,230,242,253],{"entryPoint":213,"graph":214,"unsanitizedCount":70,"severity":229},"voyeur_welcome (voyeur.php:169)",{"nodes":215,"edges":226},[216,221],{"id":217,"type":218,"label":219,"file":147,"line":220},"n0","source","$_COOKIE",177,{"id":222,"type":223,"label":224,"file":147,"line":206,"wp_function":225},"n1","sink","echo() [XSS]","echo",[227],{"from":217,"to":222,"sanitized":228},false,"medium",{"entryPoint":231,"graph":232,"unsanitizedCount":70,"severity":241},"voyeur_manage_page (voyeur.php:58)",{"nodes":233,"edges":239},[234,236],{"id":217,"type":218,"label":235,"file":147,"line":178},"$_GET['email']",{"id":222,"type":223,"label":237,"file":147,"line":178,"wp_function":238},"get_results() [SQLi]","get_results",[240],{"from":217,"to":222,"sanitized":228},"high",{"entryPoint":243,"graph":244,"unsanitizedCount":70,"severity":241},"voyeur_log_cookies (voyeur.php:113)",{"nodes":245,"edges":251},[246,248],{"id":217,"type":218,"label":247,"file":147,"line":188},"$_COOKIE[?]",{"id":222,"type":223,"label":249,"file":147,"line":188,"wp_function":250},"query() [SQLi]","query",[252],{"from":217,"to":222,"sanitized":228},{"entryPoint":254,"graph":255,"unsanitizedCount":271,"severity":241},"\u003Cvoyeur> (voyeur.php:0)",{"nodes":256,"edges":267},[257,258,259,261,263,265],{"id":217,"type":218,"label":235,"file":147,"line":178},{"id":222,"type":223,"label":237,"file":147,"line":178,"wp_function":238},{"id":260,"type":218,"label":247,"file":147,"line":188},"n2",{"id":262,"type":223,"label":249,"file":147,"line":188,"wp_function":250},"n3",{"id":264,"type":218,"label":219,"file":147,"line":220},"n4",{"id":266,"type":223,"label":224,"file":147,"line":206,"wp_function":225},"n5",[268,269,270],{"from":217,"to":222,"sanitized":228},{"from":260,"to":262,"sanitized":228},{"from":264,"to":266,"sanitized":228},3,{"summary":273,"deductions":274},"The \"blog-voyeur\" plugin v0.2 exhibits a mixed security posture.  On the positive side, it has a minimal attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, the absence of known vulnerabilities in its history is a strong indicator of good past development practices and a potentially stable codebase.  However, the static analysis reveals significant underlying risks. All SQL queries are executed without prepared statements, posing a high risk of SQL injection. Additionally, all output escaping is missing, making the plugin vulnerable to cross-site scripting (XSS) attacks. The taint analysis further highlights these concerns with three high-severity flows involving unsanitized paths, suggesting potential for code execution or sensitive data exposure.\n\nWhile the plugin's limited attack surface and lack of recorded CVEs are encouraging, the critical findings in the code analysis regarding raw SQL and unescaped output, coupled with high-severity taint flows, present immediate and serious security threats. The absence of nonce and capability checks on the limited entry points (though there are none identified as unprotected) is a notable weakness. The plugin's current state, despite its clean history, requires careful consideration due to these fundamental security flaws. Prioritizing remediation of the SQL injection and XSS vulnerabilities is paramount.",[275,277,280,282,285],{"reason":276,"points":11},"All SQL queries use raw SQL",{"reason":278,"points":279},"No output escaping detected",15,{"reason":281,"points":279},"3 High severity taint flows",{"reason":283,"points":284},"No nonce checks",5,{"reason":286,"points":284},"No capability checks","2026-03-17T01:29:25.705Z",{"wat":289,"direct":298},{"assetPaths":290,"generatorPatterns":293,"scriptPaths":294,"versionParams":295},[291,292],"\u002Fwp-content\u002Fplugins\u002Fblog-voyeur\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fblog-voyeur\u002Fscript.js",[],[292],[296,297],"blog-voyeur\u002Fstyle.css?ver=","blog-voyeur\u002Fscript.js?ver=",{"cssClasses":299,"htmlComments":301,"htmlAttributes":304,"restEndpoints":305,"jsGlobals":306,"shortcodeOutput":307},[300],"voyeurcommentform",[302,303],"\u003C!--\n\tdocument.getElementById('voyeurcommentform').innerHTML = '\u003Cp>\u003Cimg src=\"'; -->","\u003C!-- TODO -->",[],[],[],[]]