[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fadzfi9x2FLbnzFLxuw5-im_0XFIa0rLE-362vhhkGrk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":142,"fingerprints":346},"cawaii-admin","Cawaii Admin","0.2.0","ShinichiN","https:\u002F\u002Fprofiles.wordpress.org\u002Fshinichin\u002F","\u003Cp>This plugin enables you to look the WordPress admin panel cawaii.\u003Cbr \u002F>\nYou can choose where to locate the menu, how the background looks, and change the color of links, boxes and so on.\u003Cbr \u002F>\nYou can also change Logos of the admin panel and login page, you can choose which metaboxes to remove from dashboard and post-new pages.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Make your admin panel cawaii!!",90,6180,0,"2012-02-23T05:44:00.000Z","3.3.2","3.2.1","",[19,20,21,22,23],"admin","background","cawaii","dashboard","logo","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcawaii-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcawaii-admin.0.2.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"shinichin",4,260,30,84,"2026-04-05T02:04:11.563Z",[38,57,76,93,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":55,"download_link":56,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"custom-admin-login","Custom Admin Login","1.0.8","Javier Prieto","https:\u002F\u002Fprofiles.wordpress.org\u002Fjprieton\u002F","\u003Cp>Custom Admin Login is a free plugin that allows you to customize the WordPress login page.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>You can:\u003Cbr \u002F>\n* Set the color and\u002For image background.\u003Cbr \u002F>\n* Replaces the WordPress logo for a custon image contained in a area 320 x 84 pixels (if it’s bigger, it’s scaled to fit).\u003Cbr \u002F>\n* Set URL and caption of the logo image.\u003Cbr \u002F>\n* Set font color outside of login form.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>Have a bug? Please create an issue on GitHub \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjprieton\u002Fcustom-admin-login\u002Fissues\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n","Allows you to customize the background, logo, font color, url and caption on the WordPress login page.",70,4403,"2022-05-27T12:52:00.000Z","6.0.11","5.2","5.6",[19,20,53,54,23],"custom","login","https:\u002F\u002Fgithub.com\u002Fjprieton\u002Fcustom-admin-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-admin-login.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":67,"tested_up_to":68,"requires_at_least":50,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"background-color-changer","Background Color Changer","1.0.1","Deboraj Datta","https:\u002F\u002Fprofiles.wordpress.org\u002Fraj009\u002F","\u003Cp>This is a simple plugin to change the background color, text color, and heading color of the theme. This plugin provides a customizer option in the theme.\u003C\u002Fp>\n\u003Cp>Plugin Documentation: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fraj009\" rel=\"nofollow ugc\">About Author\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>You can change\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Background Color (Unlimited colors).\u003C\u002Fli>\n\u003Cli>Text Color (Unlimited colors).\u003C\u002Fli>\n\u003Cli>Heading Color (Unlimited colors).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can make my day by submitting a positive review on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F\" rel=\"ugc\">\u003Cstrong>WordPress.org!\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Go to your Customizer Option after installation and activation of the plugin. The Background Color Changer Plugin will be available there under the name Background Customization.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Very easy installation\u003C\u002Fli>\n\u003Cli>Flexible and easy to use for admin\u003C\u002Fli>\n\u003Cli>Unlimited colors for the background, text, and heading\u003C\u002Fli>\n\u003C\u002Ful>\n","This is a simple plugin to change the background color, text color, and heading color of the theme. This plugin provides a customizer option in the th &hellip;",20,934,"2023-09-23T17:07:00.000Z","6.3.8","7.2",[58,71,72,73],"theme-background-color-change-for-admin","theme-background-color-changer-from-dashboard","theme-color-changer","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbackground-color-changer.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":91,"download_link":92,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-login-logo-changer-by-ahmad-awais","WP Login Logo Changer","1.2.0","Ahmad Awais","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrahmadawais\u002F","\u003Cp>Add your custom logo at login screen with one simple step.\u003C\u002Fp>\n","Add your custom logo at login screen with one simple step.",10,6846,"2020-03-07T21:35:00.000Z","5.4.0","3.0",[90,19,53,22,23],"add","https:\u002F\u002FAhmadAwais.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-login-logo-changer-by-ahmad-awais.1.2.0.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":113,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":13,"last_vuln_date":117,"fetched_at":28},"admin-menu-editor","Admin Menu Editor","1.15","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>Admin Menu Editor lets you manually edit the Dashboard menu. You can reorder the menus, show\u002Fhide specific items, change permissions, and more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change menu titles, URLs, icons, CSS classes and so on.\u003C\u002Fli>\n\u003Cli>Organize menu items via drag & drop.\u003C\u002Fli>\n\u003Cli>Change menu permissions by setting the required capability or role.\u003C\u002Fli>\n\u003Cli>Move a menu item to a different submenu. \u003C\u002Fli>\n\u003Cli>Create custom menus that point to any part of the Dashboard or an external URL.\u003C\u002Fli>\n\u003Cli>Hide\u002Fshow any menu or menu item. A hidden menu is invisible to all users, including administrators.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The \u003Ca href=\"http:\u002F\u002Fw-shadow.com\u002FAdminMenuEditor\u002F\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> lets you set per-role menu permissions, hide a menu from everyone except a specific user, export your admin menu, drag items between menu levels, make menus open in a new window and more. \u003Ca href=\"http:\u002F\u002Famedemo.com\u002Fwpdemo\u002Fdemo.php\" rel=\"nofollow ugc\">Try online demo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Additional Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Despite the name, this plugin is not limited to just editing the admin menu. You can also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create login redirects and logout redirects.\u003C\u002Fli>\n\u003Cli>Allow\u002Fdeny access to specific posts based on user roles.\u003C\u002Fli>\n\u003Cli>Hide plugins on the \u003Cem>Plugins -> Installed Plugins\u003C\u002Fem> page from other users.\u003C\u002Fli>\n\u003Cli>Edit the display name, description, and other plugin details shown on the \u003Cem>Plugins -> Installed Plugins\u003C\u002Fem> page (e.g. for white-labelling).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The plugin provides a few utility shortcodes. These are mainly intended to help with creating login\u002Flogout redirects, but you can also use them in posts and pages.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[ame-wp-admin]\u003C\u002Fcode> – URL of the WordPress dashboard (with a trailing slash).\u003C\u002Fli>\n\u003Cli>\u003Ccode>[ame-home-url]\u003C\u002Fcode> – Site URL. Usually, this is the same as the URL in the “Site Address” field in \u003Cem>Settings -> General\u003C\u002Fem>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>[ame-user-info field=\"...\"]\u003C\u002Fcode> – Information about the logged-in user. Parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>field\u003C\u002Fcode> – The part of user profile to display. Supported fields include: \u003Ccode>ID\u003C\u002Fcode>, \u003Ccode>user_login\u003C\u002Fcode>, \u003Ccode>display_name\u003C\u002Fcode>, \u003Ccode>locale\u003C\u002Fcode>, \u003Ccode>user_nicename\u003C\u002Fcode>, \u003Ccode>user_url\u003C\u002Fcode>, and so on.\u003C\u002Fli>\n\u003Cli>\u003Ccode>placeholder\u003C\u002Fcode> – Optional. Text that will be shown if the visitor is not logged in.\u003C\u002Fli>\n\u003Cli>\u003Ccode>encoding\u003C\u002Fcode> – Optional. How to encode or escape the output. This is useful if you want to use the shortcode in your own HTML or JS code. Supported values: \u003Ccode>auto\u003C\u002Fcode> (default), \u003Ccode>html\u003C\u002Fcode>, \u003Ccode>attr\u003C\u002Fcode>, \u003Ccode>js\u003C\u002Fcode>, \u003Ccode>none\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you delete any of the default menus they will reappear after saving. This is by design. To get rid of a menu for good, either hide it or change it’s access permissions.\u003C\u002Fli>\n\u003Cli>In the free version, it’s not possible to give a role access to a menu item that it couldn’t see before. You can only restrict menu access further.\u003C\u002Fli>\n\u003Cli>In case of emergency, you can reset the menu configuration back to the default by going to http:\u002F\u002Fexample.com\u002Fwp-admin\u002F?reset_admin_menu=1 (replace example.com with your site URL). You must be logged in as an Administrator to do this.\u003C\u002Fli>\n\u003C\u002Ful>\n","Lets you edit the WordPress admin menu. You can re-order, hide or rename menus, add custom menus and more.",400000,7768111,92,311,"2026-02-20T11:36:00.000Z","6.9.4","5.9","7.4",[19,22,110,111,112],"menu","security","wpmu","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2008\u002F12\u002F20\u002Fadmin-menu-editor-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-menu-editor.1.15.zip",96,3,"2026-03-10 00:00:00",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":137,"download_link":138,"security_score":139,"vuln_count":140,"unpatched_count":13,"last_vuln_date":141,"fetched_at":28},"white-label-cms","White Label CMS","2.7.8","Video User Manuals","https:\u002F\u002Fprofiles.wordpress.org\u002Fvideousermanuals\u002F","\u003Cp>The White Label CMS plugin is for developers who want to give their clients a more personalised and less confusing content management system.\u003C\u002Fp>\n\u003Cp>For a overview of the changes in 2.0 version of the plugin please visit the Video User Manuals website.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customize the login page\u003C\u002Fli>\n\u003Cli>Add your branding to the header and footer\u003C\u002Fli>\n\u003Cli>Customize the dashboard\u003C\u002Fli>\n\u003Cli>Control which menus appear for your client\u003C\u002Fli>\n\u003Cli>Setting up a customized dashboard can be done in seconds using the White Label CMS Wizard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Customize The Login Page\u003C\u002Fh4>\n\u003Cp>Impress your clients with a branded login page. Add yours or your client’s logo, add a background image and even control the CSS if you wish. Personalising the back end of WordPress will give your client the feeling that this is their website, not a generic website.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FLESxAuRdjBw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Add Your Branding to the Header and Footer\u003C\u002Fh4>\n\u003Cp>Stay top of mind with your client by adding your branding to the admin bar, menu or footer.\u003C\u002Fp>\n\u003Ch4>Customize the Dashboard\u003C\u002Fh4>\n\u003Cp>Are you tired of telling your clients to ignore everything on the Dashboard, but then still receive questions because they’re confused or have broken something?\u003C\u002Fp>\n\u003Cp>With White Label CMS you can clear everything from the dashboard and add in your own dashboard panel. You can even add your own RSS feed so your clients can be kept up to date with what you are doing in your business. Which is much more relevant to your client than where and when the next WordPress Meetup is.\u003C\u002Fp>\n\u003Cp>Add your own welcome dashboard, and now you can use an Elementor or Beaver Builder template to make it look beautiful.\u003C\u002Fp>\n\u003Ch4>Control with Menus Appear for Your Client\u003C\u002Fh4>\n\u003Cp>We have created a new feature called the White Label CMS admin which allows you to hide menus for other users. Setup is simple and gives clients admin access with some restrictions making it harder for them to stumble across settings and mess up the site.\u003C\u002Fp>\n\u003Ch4>Setup a Site in Seconds Using the Wizard\u003C\u002Fh4>\n\u003Cp>Setting up a customized dashboard is easy and quick using the White Label CMS Wizard. With just a few clicks, you can add your branding and your client’s details and be up and running in seconds.\u003C\u002Fp>\n\u003Cp>There is so much that you can do with White Label CMS, but we want the experience to be simple. The Wizard allows you to set up a clutter-free, customized dashboard without having to scroll through all of the options that are available to you.\u003C\u002Fp>\n","Customise dashboard panels and branding, hide menus plus lots more.",200000,4279722,94,114,"2025-05-01T06:37:00.000Z","6.8.5","3.3","5.4",[19,135,136,53,22],"branding","cms","https:\u002F\u002Fwww.videousermanuals.com\u002Fwhite-label-cms\u002F?utm_campaign=wlcms&utm_medium=plugin&utm_source=readme-txt","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhite-label-cms.2.7.8.zip",93,7,"2024-08-16 00:00:00",{"attackSurface":143,"codeSignals":221,"taintFlows":318,"riskAssessment":337,"analyzedAt":345},{"hooks":144,"ajaxHandlers":217,"restRoutes":218,"shortcodes":219,"cronEvents":220,"entryPointCount":13,"unprotectedCount":13},[145,151,155,159,163,167,170,172,175,178,182,185,189,193,196,200,203,207,211,214],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","plugins_loaded","cawaii_I18n","cawaii-admin.php",16,{"type":146,"name":152,"callback":153,"file":149,"line":154},"admin_head-settings_page_cawaii-admin\u002Fcawaii-admin","cawaii_update_option",100,{"type":146,"name":156,"callback":157,"file":149,"line":158},"admin_menu","cawaii_remove_menus",109,{"type":146,"name":160,"callback":161,"file":149,"line":162},"adminmenu","cawaii_header_menu_all",110,{"type":146,"name":164,"callback":165,"file":149,"line":166},"admin_head","cawaii_admin_noside_css",111,{"type":146,"name":164,"callback":168,"file":149,"line":169},"cawaii_dropdown_js",112,{"type":146,"name":160,"callback":171,"file":149,"line":129},"cawaii_header_half",{"type":146,"name":164,"callback":173,"file":149,"line":174},"cawaii_admin_side_css",116,{"type":146,"name":164,"callback":176,"file":149,"line":177},"cawaii_output_bg_css",148,{"type":146,"name":164,"callback":179,"priority":180,"file":149,"line":181},"cawaii_admin_base_css",11,154,{"type":146,"name":164,"callback":183,"priority":180,"file":149,"line":184},"cawaii_admin_color_css",166,{"type":146,"name":186,"callback":187,"file":149,"line":188},"login_head","cawaii_login_css",222,{"type":146,"name":190,"callback":191,"file":149,"line":192},"wp_dashboard_setup","cawaii_rmv_dshbrd",265,{"type":146,"name":156,"callback":194,"file":149,"line":195},"remove_default_post_screen_metaboxes",306,{"type":146,"name":197,"callback":198,"file":149,"line":199},"do_meta_boxes","remove_image_box",321,{"type":146,"name":156,"callback":201,"file":149,"line":202},"cawaii_admin_subpage",376,{"type":146,"name":204,"callback":205,"file":149,"line":206},"admin_print_scripts-settings_page_cawaii-admin\u002Fcawaii-admin","my_admin_scripts",378,{"type":146,"name":208,"callback":209,"file":149,"line":210},"admin_print_styles-settings_page_cawaii-admin\u002Fcawaii-admin","my_admin_styles",379,{"type":146,"name":152,"callback":212,"file":149,"line":213},"media_up_by_firegoby",380,{"type":146,"name":208,"callback":215,"file":149,"line":216},"cawaii_admin_setting_page_css",429,[],[],[],[],{"dangerousFunctions":222,"sqlUsage":223,"outputEscaping":225,"fileOperations":13,"externalRequests":13,"nonceChecks":316,"capabilityChecks":13,"bundledLibraries":317},[],{"prepared":13,"raw":13,"locations":224},[],{"escaped":226,"rawEcho":227,"locations":228},54,50,[229,232,233,235,237,239,241,242,244,246,248,250,252,254,256,258,260,262,263,265,266,268,270,271,272,274,275,277,279,281,283,285,287,289,290,292,294,296,298,299,300,301,302,305,306,307,309,311,312,314],{"file":149,"line":230,"context":231},131,"raw output",{"file":149,"line":230,"context":231},{"file":149,"line":234,"context":231},152,{"file":149,"line":236,"context":231},159,{"file":149,"line":238,"context":231},162,{"file":149,"line":240,"context":231},196,{"file":149,"line":240,"context":231},{"file":149,"line":243,"context":231},202,{"file":149,"line":245,"context":231},204,{"file":149,"line":247,"context":231},209,{"file":149,"line":249,"context":231},213,{"file":149,"line":251,"context":231},216,{"file":149,"line":253,"context":231},348,{"file":149,"line":255,"context":231},351,{"file":149,"line":257,"context":231},395,{"file":149,"line":259,"context":231},425,{"file":261,"line":116,"context":231},"inc\\cawaii-admin-header-menu.php",{"file":261,"line":32,"context":231},{"file":261,"line":264,"context":231},6,{"file":261,"line":140,"context":231},{"file":261,"line":267,"context":231},8,{"file":261,"line":269,"context":231},9,{"file":261,"line":84,"context":231},{"file":261,"line":180,"context":231},{"file":261,"line":273,"context":231},14,{"file":261,"line":150,"context":231},{"file":261,"line":276,"context":231},17,{"file":261,"line":278,"context":231},18,{"file":261,"line":280,"context":231},21,{"file":261,"line":282,"context":231},23,{"file":261,"line":284,"context":231},24,{"file":261,"line":286,"context":231},27,{"file":261,"line":288,"context":231},29,{"file":261,"line":34,"context":231},{"file":261,"line":291,"context":231},31,{"file":261,"line":293,"context":231},34,{"file":261,"line":295,"context":231},36,{"file":297,"line":282,"context":231},"inc\\cawaii-admin-header.php",{"file":297,"line":282,"context":231},{"file":297,"line":286,"context":231},{"file":297,"line":286,"context":231},{"file":297,"line":288,"context":231},{"file":303,"line":304,"context":231},"inc\\cawaii_admin_setting_page.php",22,{"file":303,"line":282,"context":231},{"file":303,"line":284,"context":231},{"file":303,"line":308,"context":231},25,{"file":303,"line":310,"context":231},26,{"file":303,"line":286,"context":231},{"file":303,"line":313,"context":231},55,{"file":303,"line":315,"context":231},63,1,[],[319],{"entryPoint":320,"graph":321,"unsanitizedCount":13,"severity":336},"\u003Ccawaii-admin> (cawaii-admin.php:0)",{"nodes":322,"edges":333},[323,327],{"id":324,"type":325,"label":326,"file":149,"line":308},"n0","source","$_POST (x8)",{"id":328,"type":329,"label":330,"file":149,"line":331,"wp_function":332},"n1","sink","update_option() [Settings Manipulation]",73,"update_option",[334],{"from":324,"to":328,"sanitized":335},true,"low",{"summary":338,"deductions":339},"The \"cawaii-admin\" plugin v0.2.0 demonstrates a generally good security posture, with no recorded vulnerabilities or critical security flaws identified in static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface, and importantly, the plugin reports zero unprotected entry points.  Furthermore, all SQL queries are properly prepared, indicating a strong defense against SQL injection. The presence of a nonce check is also a positive indicator for input validation.\n\nHowever, a significant concern is the output escaping, with only 52% of outputs being properly escaped. This leaves a considerable portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks. While the taint analysis shows no unsanitized paths, this is based on a very limited analysis (1 flow), and the low percentage of properly escaped output is a more reliable indicator of potential risk. The plugin also lacks any capability checks, meaning actions performed by the plugin may not be restricted to authorized users, which could be a concern depending on the plugin's functionality.\n\nIn conclusion, the plugin has a strong foundation due to its small attack surface and secure database interactions. The primary weakness lies in the insufficient output escaping, which presents a moderate risk of XSS vulnerabilities. The lack of capability checks is another area for improvement. Given the lack of historical vulnerabilities, this suggests the developers are generally security-conscious, but the output escaping needs immediate attention.",[340,342],{"reason":341,"points":267},"Low output escaping percentage",{"reason":343,"points":344},"No capability checks",5,"2026-03-16T21:16:33.342Z",{"wat":347,"direct":355},{"assetPaths":348,"generatorPatterns":352,"scriptPaths":353,"versionParams":354},[349,350,351],"\u002Fwp-content\u002Fplugins\u002Fcawaii-admin\u002Finc\u002Fcawaii-style-base.css","\u002Fwp-content\u002Fplugins\u002Fcawaii-admin\u002Finc\u002Fcawaii-style-fonts-cold.css","\u002Fwp-content\u002Fplugins\u002Fcawaii-admin\u002Finc\u002Fcawaii-style-fonts-warm.css",[],[],[],{"cssClasses":356,"htmlComments":358,"htmlAttributes":359,"restEndpoints":361,"jsGlobals":362,"shortcodeOutput":367},[357],"cawaii-select-img",[],[360],"data-cawaii-admin-nonce",[],[363,364,365,366],"cawaii_login_url","cawaii_header_url","cawaii_header_width","cawaii_header_height",[]]