[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBNbBY9cyx3nXtyYyAeBmcLIpuBPvnURMETw_AR8T7Pc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":137,"fingerprints":229},"cc-update","CC-Update","1.0.0","Clearcode","https:\u002F\u002Fprofiles.wordpress.org\u002Fclearcodehq\u002F","\u003Cp>This plugin allows you to automatically send changes to your GIT repository, immediately after any update is made on your site.\u003C\u002Fp>\n\u003Cp>If you store the source code of your website in the GIT repository, you can use this plugin to automatically send changes in the website’s code to the repository after each update.\u003Cbr \u002F>\nThe plugin checks for updates (core, plugin, theme, translation) in a selected time interval, creates a new commit, and makes a push to the GIT repository.\u003Cbr \u002F>\nThe plugin supports automatic WordPress updates. After each action the plugin saves the status to logs which are available through wp-admin and also are sent by email to defined recipients.\u003C\u002Fp>\n","This plugin allows you to automatically send changes to your GIT repository, immediately after any update is made on your site.",0,1813,"2018-06-25T08:48:00.000Z","4.9.29","4.8.2","7.0",[18,19,20,21,22],"autoupdate","deploy","git","repository","update","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcc-update","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcc-update.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":25,"computed_at":35},"clearcodehq",16,220,87,30,"2026-04-05T13:40:38.230Z",[37,58,79,99,120],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":16,"tags":52,"homepage":56,"download_link":57,"security_score":47,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"deployer-for-git","Deployer for Git","1.0.10","alex91ckua","https:\u002F\u002Fprofiles.wordpress.org\u002Falex91ckua\u002F","\u003Cp>The Deployer for Git (and \u003Ca href=\"https:\u002F\u002Fdeployer-for-git.com\u002F\" rel=\"nofollow ugc\">Deployer for Git Pro\u003C\u002Fa>) are designed for developers who seek to simplify their website changes deployment. This tool seamlessly connects your WordPress site with various git repositories, enabling real-time updates and automated deployments directly from your commits. This plugin makes it easy — no FTP, no zipping files. Supports all popular services.\u003C\u002Fp>\n","Install and update plugins (and themes) hosted on your repo hosted on GitHub, Bitbucket, GitLab, or Gitea in a single click.",400,6404,100,12,"2026-02-13T17:31:00.000Z","6.9.4","4.4",[53,54,20,55],"automator","deployment","updater","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdeployer-for-git\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdeployer-for-git.1.0.10.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":47,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":77,"download_link":78,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"ajax-cart-autoupdate-for-woocommerce","Ajax Cart AutoUpdate for WooCommerce","1.5.5","taisho","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaisho\u002F","\u003Cp>A light plugin that automatically updates cart page and mini-cart when product quantity is changed. Removes the default “Update cart” button. Optionally turns off cart page notices.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Cart page and mini-cart widget are updated automatically on quantity change through Ajax (no page reloading).\u003C\u002Fli>\n\u003Cli>“Update cart” button is removed from the cart page.\u003C\u002Fli>\n\u003Cli>Both mouse and keyboard changes are supported.\u003C\u002Fli>\n\u003Cli>Works for custom dropdown lists with ‘qty’ class.\u003C\u002Fli>\n\u003Cli>Compatible with plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fqty-increment-buttons-for-woocommerce\u002F\" rel=\"ugc\">Qty Increment Buttons for WooCommerce\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Uses the default WooCommerce cart update event.\u003C\u002Fli>\n\u003Cli>Cart update is delayed by time in milliseconds since the last action affecting quantity, changeable in plugin settings, default 1000. It means that the update will fire only once when the customer is done with changes.\u003C\u002Fli>\n\u003Cli>Optionally change min quantity in the cart from 0 to 1, on by default.\u003C\u002Fli>\n\u003Cli>Optionally remove all notices from the cart page, on by default.\u003C\u002Fli>\n\u003C\u002Ful>\n","A light plugin that automatically updates cart page and mini-cart when product quantity is changed. Removes the default \"Update cart\" button &hellip;",9000,84819,214,"2021-03-30T21:37:00.000Z","5.7.15","4.6","5.4",[74,18,75,22,76],"ajax","cart","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-cart-autoupdate-for-woocommerce.1.5.5.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":47,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":77,"download_link":98,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"disable-plugin-autoupdate-emails","Disable Plugin Autoupdate Emails","1.1.3","simshaun","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimshaun\u002F","\u003Cp>There’s not much to this plugin. It’s a couple barebones filters that turn off the plugin and theme autoupdate emails.\u003C\u002Fp>\n\u003Cp>On WordPress 5.5.0, plugin\u002Ftheme autoupdate emails are turned off regardless of whether or not they failed.\u003C\u002Fp>\n\u003Cp>Since WordPress 5.5.1, emails indicating update failures are allowed through.\u003C\u002Fp>\n","Getting too many \"plugin updated\" or \"theme updated\" emails since WordPress 5.5? This turns them off.",6000,39316,6,"2024-03-22T05:34:00.000Z","6.4.8","5.5","5.3",[95,96,97],"autoupdates","disable-autoupdate-email","updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-plugin-autoupdate-emails.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":47,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":77,"tags":113,"homepage":118,"download_link":119,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"css-live-reload","Css Live Reload","1.0.1","Moshe Harush","https:\u002F\u002Fprofiles.wordpress.org\u002Flocalghost-il\u002F","\u003Cp>A simple and powerful plugin. Often we simply edit a section on our style sheet file, so why reloading the entire page?! It creates many unnecessary requests and thus makes reloading slower, instead of just reloading the css files.\u003Cbr \u002F>\nNow, we can achieve that with a simple plugin, by simply clicking on f9 and then reload all Css resources on the page!\u003C\u002Fp>\n\u003Cp>As for mobile devices debugging, you can simply shake your phone and all Css files will be reloaded.\u003Cbr \u002F>\nNo cache, no unnecessary requests, no more slow reloading!\u003C\u002Fp>\n","Reload all CSS Files resources on your page by just one click (if surfing via mobile Phone - shake it) without refreshing the page.",70,2962,3,"2018-12-28T10:42:00.000Z","5.0.25","3.0.1",[18,114,115,116,117],"css","live","preview","reload","https:\u002F\u002Fwww.webstorm.co.il\u002Fcss-live-reload\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcss-live-reload.zip",{"slug":121,"name":122,"version":6,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":11,"num_ratings":11,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":16,"tags":132,"homepage":135,"download_link":136,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"deploy-webhook-github-actions","Deploy Webhook Github Actions","nicolasdra","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolasdra\u002F","\u003Ch3>DEPLOY WEBHOOK GITHUB ACTIONS PLUGIN\u003C\u002Fh3>\n\u003Cp>A WordPress plugin to manually trigger a deploy workflow via the Github Actions REST API after updating content.\u003C\u002Fp>\n\u003Ch3>FEATURE\u003C\u002Fh3>\n\u003Cp>Trigger a deploy workflow via Github Actions after updating content. Users with manage_capabilities are only allowed to perform the action from the the WordPress admin menu.\u003C\u002Fp>\n\u003Ch3>SETTINGS\u003C\u002Fh3>\n\u003Cp>Fill out the form with the data required on the Settings Page. Find a reference below:\u003C\u002Fp>\n\u003Cp>OWNER: The username or organization name that owns the repository.\u003Cbr \u002F>\nREPO: The name of the repository.\u003Cbr \u002F>\nWORKFLOW_ID: You can either write the full name of your .yml file, ie. “manual-trigger-workflow.yml” or the ID of the workflow that you want to trigger. You can find the ID of a workflow by going to the “Actions” tab of your repository on GitHub, clicking on the name of the workflow, and looking at the URL of the page. The ID is the number that appears after the last forward slash in the URL.\u003Cbr \u002F>\nPERSONAL_ACCESS_TOKEN: A personal access token (PAT) with the repo scope. You can create a PAT by going to “Settings” > “Developer settings” > “Personal access tokens” in your GitHub account.\u003Cbr \u002F>\nREF: The name of your repository’s main branch. Important: At the moment the plugin is able to create a webhook for a workflow_dispatch trigger without inputs. This feature is planned for later versions.\u003C\u002Fp>\n\u003Ch3>TO DO\u003C\u002Fh3>\n\u003Cp>Add feature: accept inputs.\u003C\u002Fp>\n\u003Ch3>AUTHOR\u003C\u002Fh3>\n\u003Cp>Created by Nicolás di Rago.\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.nicolasdirago.com\u002F\u003C\u002Fp>\n","DEPLOY WEBHOOK GITHUB ACTIONS PLUGIN",10,915,"2023-05-31T08:57:00.000Z","6.1.10","5.0",[19,133,134],"github-actions","hooks","https:\u002F\u002Fgithub.com\u002FNicolasdRa\u002Fgithub-actions-deploy-webhook","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdeploy-webhook-github-actions.zip",{"attackSurface":138,"codeSignals":144,"taintFlows":214,"riskAssessment":215,"analyzedAt":228},{"hooks":139,"ajaxHandlers":140,"restRoutes":141,"shortcodes":142,"cronEvents":143,"entryPointCount":11,"unprotectedCount":11},[],[],[],[],[],{"dangerousFunctions":145,"sqlUsage":154,"outputEscaping":156,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":213},[146,151],{"fn":147,"file":148,"line":149,"context":150},"exec","includes\\Cron.php",83,"exec( $git . ' status --porcelain 2>&1', $diff );",{"fn":147,"file":148,"line":152,"context":153},101,"exec( $git . ' ' . $command . ' 2>&1', $logs, $code );",{"prepared":109,"raw":11,"locations":155},[],{"escaped":157,"rawEcho":158,"locations":159},2,27,[160,164,166,168,170,172,174,176,179,182,184,186,188,189,191,193,195,196,197,199,201,203,204,206,208,209,211],{"file":161,"line":162,"context":163},"includes\\Settings.php",135,"raw output",{"file":161,"line":165,"context":163},142,{"file":161,"line":167,"context":163},155,{"file":161,"line":169,"context":163},160,{"file":161,"line":171,"context":163},165,{"file":161,"line":173,"context":163},178,{"file":161,"line":175,"context":163},227,{"file":177,"line":178,"context":163},"includes\\Table.php",55,{"file":180,"line":181,"context":163},"plugin.php",58,{"file":183,"line":157,"context":163},"templates\\admin-bar.php",{"file":185,"line":157,"context":163},"templates\\code.php",{"file":187,"line":109,"context":163},"templates\\config.php",{"file":187,"line":109,"context":163},{"file":190,"line":157,"context":163},"templates\\cron.php",{"file":190,"line":192,"context":163},4,{"file":194,"line":109,"context":163},"templates\\input.php",{"file":194,"line":192,"context":163},{"file":194,"line":192,"context":163},{"file":194,"line":198,"context":163},5,{"file":194,"line":200,"context":163},9,{"file":202,"line":157,"context":163},"templates\\link.php",{"file":202,"line":157,"context":163},{"file":205,"line":109,"context":163},"templates\\logs.php",{"file":207,"line":157,"context":163},"templates\\menu.php",{"file":207,"line":157,"context":163},{"file":210,"line":157,"context":163},"templates\\pre.php",{"file":212,"line":157,"context":163},"templates\\section.php",[],[],{"summary":216,"deductions":217},"The \"cc-update\" plugin v1.0.0 presents a mixed security posture.  On the positive side, it exhibits no known CVEs, no recorded vulnerabilities, and avoids direct file operations and external HTTP requests.  Furthermore, all SQL queries are properly prepared, and there are no recorded taint flows or unsanitized paths, indicating a potentially clean codebase in these areas. However, significant concerns arise from the static analysis. The presence of two instances of the `exec` function is a critical red flag, as it can be used for arbitrary command execution if not handled with extreme caution and robust input validation, which is notably absent.  Additionally, the plugin lacks any nonce checks or capability checks, leaving its entry points (even though none are explicitly listed in the attack surface) potentially vulnerable to CSRF or unauthorized access if they were to be introduced in future versions or if the static analysis missed something.\n\nThe absence of any historical vulnerabilities is a positive indicator, suggesting that the developers have either been diligent or that the plugin's current functionality does not expose common attack vectors. However, this should not overshadow the identified risks. The low percentage of properly escaped output (7%) is also a concern, suggesting a potential for XSS vulnerabilities if user-supplied data is rendered directly to the browser without adequate sanitization.  The total lack of an attack surface reported in the static analysis is unusual for a plugin and might indicate either a very simple plugin or a limitation in the analysis tool's ability to detect all entry points.  Overall, while the plugin has a clean vulnerability history, the presence of the `exec` function and inadequate output escaping, coupled with a lack of authorization checks, creates significant potential risks.",[218,221,223,226],{"reason":219,"points":220},"Dangerous function (exec) used",18,{"reason":222,"points":89},"Low percentage of properly escaped output",{"reason":224,"points":225},"Missing nonce checks",7,{"reason":227,"points":225},"Missing capability checks","2026-03-17T07:01:02.338Z",{"wat":230,"direct":239},{"assetPaths":231,"generatorPatterns":234,"scriptPaths":235,"versionParams":236},[232,233],"\u002Fwp-content\u002Fplugins\u002Fcc-update\u002Fassets\u002Fcss\u002Flogs.css","\u002Fwp-content\u002Fplugins\u002Fcc-update\u002Fassets\u002Fcss\u002Fadmin-bar.css",[],[],[237,238],"cc-update\u002Fassets\u002Fcss\u002Flogs.css?ver=","cc-update\u002Fassets\u002Fcss\u002Fadmin-bar.css?ver=",{"cssClasses":240,"htmlComments":242,"htmlAttributes":245,"restEndpoints":246,"jsGlobals":247,"shortcodeOutput":248},[241],"cc-update-admin-bar",[243,244],"Copyright (C) 2018 by Clearcode","This file is part of CC-Update.",[],[],[],[]]