[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiYMFMYVBHve0P5szroaijU9hJWjVheOIspzGMUkRhYw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":33,"analysis":34,"fingerprints":178},"cellarweb-multisite-site-notes-and-site-expire","CellarWeb Multisite Site Notes and Site Expire","1.00","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>This plugin allows the multi-site administrator to automatically expire a site on a specific date. This is useful for subsites that require regular payments to keep the site active.\u003C\u002Fp>\n\u003Cp>If your multisite has a yearly subscription, for example, then you can set a subsite (blog) to automatically expire on a certain date – say one year plus a ‘grace’ period. If the next subscription payment is not received by that date, then the site will automatically be ‘deleted’ from public view. (A ‘deleted’ site’s data is still available and can be ‘un-deleted’ by the super-admin by changing the site expiration date. A ‘deleted’ site is not purged.)\u003C\u002Fp>\n\u003Cp>Once the subscription payment is made, it is easy to change the expiration date.\u003C\u002Fp>\n\u003Cp>There is a setting to specify the ‘redirect’ URL for deleted sites. You could set this URL to a ‘that site is no longer available’ page on your main site (or any site). By default, the redirect will go to your site’s 404 page.\u003C\u002Fp>\n\u003Cp>There is also a ‘notes’ area where you can put site notes.\u003C\u002Fp>\n\u003Cp>All settings are via a ‘Notes’ tab on the Edit Site screen, which is only available to the super-admin. Blogs (sub-sites) do not see any of these settings. There is a Settings page for the plugin, but it is only information about the plugin settings. All settings are done via the Network, Sites, Edit Site page.\u003C\u002Fp>\n\u003Cp>The networks’ “main” site only displays the “Notes” textarea, as you don’t want your main site to expire.\u003C\u002Fp>\n","For multisites, adds ability of the network super-admin to 'expire' a blog (subsite) automatically. Will redirect the expired site to anothe &hellip;",0,1796,"2024-04-10T22:27:00.000Z","6.5.8","5.2","7.2",[18],"multisite-notes-expire-expiration","https:\u002F\u002Fwww.cellarweb.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcellarweb-multisite-site-notes-and-site-expire.1.00.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"rhellewellgmailcom",16,1040,91,30,88,"2026-04-04T14:46:40.177Z",[],{"attackSurface":35,"codeSignals":105,"taintFlows":130,"riskAssessment":168,"analyzedAt":177},{"hooks":36,"ajaxHandlers":101,"restRoutes":102,"shortcodes":103,"cronEvents":104,"entryPointCount":11,"unprotectedCount":11},[37,43,47,50,53,57,61,66,69,73,77,81,85,88,92,96],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_init","CWMN_disable_plugin","cellarweb-multisite-site-notes-and-site-expire.php",49,{"type":38,"name":44,"callback":45,"file":41,"line":46},"admin_notices","CWMN_show_notice_disabled_plugin",50,{"type":38,"name":48,"callback":40,"file":41,"line":49},"network_admin_init",51,{"type":38,"name":51,"callback":45,"file":41,"line":52},"network_admin_notices",52,{"type":38,"name":54,"callback":55,"file":41,"line":56},"admin_menu","CWMN_add_plugin_page",117,{"type":38,"name":58,"callback":59,"file":41,"line":60},"init","CWMN_init",209,{"type":62,"name":63,"callback":64,"file":41,"line":65},"filter","plugins_loaded","CWMN_blog_deleted",305,{"type":38,"name":44,"callback":67,"file":41,"line":68},"CWMN_admin_redirect_notice",325,{"type":62,"name":70,"callback":71,"file":41,"line":72},"network_site_info_form","CWMN_add_form_message",354,{"type":62,"name":74,"callback":75,"file":41,"line":76},"network_edit_site_nav_links","CWMN_new_siteinfo_tab",365,{"type":38,"name":78,"callback":79,"file":41,"line":80},"network_admin_menu","CWMN_new_page",381,{"type":38,"name":82,"callback":83,"file":41,"line":84},"network_admin_edit_notesupdate","CWMN_save",446,{"type":38,"name":51,"callback":86,"file":41,"line":87},"CWMN_notice",474,{"type":38,"name":89,"callback":90,"file":41,"line":91},"current_screen","CWMN_double_check",492,{"type":62,"name":93,"callback":94,"file":41,"line":95},"manage_sites-network_columns","CWMN_add_expired_date_column",514,{"type":38,"name":97,"callback":98,"priority":99,"file":41,"line":100},"manage_sites_custom_column","CWMN_exipred_date_data",10,515,[],[],[],[],{"dangerousFunctions":106,"sqlUsage":107,"outputEscaping":109,"fileOperations":11,"externalRequests":11,"nonceChecks":128,"capabilityChecks":11,"bundledLibraries":129},[],{"prepared":11,"raw":11,"locations":108},[],{"escaped":110,"rawEcho":111,"locations":112},27,7,[113,116,118,120,122,124,126],{"file":41,"line":114,"context":115},72,"raw output",{"file":41,"line":117,"context":115},74,{"file":41,"line":119,"context":115},134,{"file":41,"line":121,"context":115},258,{"file":41,"line":123,"context":115},268,{"file":41,"line":125,"context":115},396,{"file":41,"line":127,"context":115},412,1,[],[131,158],{"entryPoint":132,"graph":133,"unsanitizedCount":156,"severity":157},"CWMN_page_callback (cellarweb-multisite-site-notes-and-site-expire.php:390)",{"nodes":134,"edges":151},[135,140,145,148],{"id":136,"type":137,"label":138,"file":41,"line":139},"n0","source","$_REQUEST (x2)",392,{"id":141,"type":142,"label":143,"file":41,"line":125,"wp_function":144},"n1","sink","echo() [XSS]","echo",{"id":146,"type":137,"label":147,"file":41,"line":139},"n2","$_REQUEST (x5)",{"id":149,"type":142,"label":143,"file":41,"line":150,"wp_function":144},"n3",398,[152,154],{"from":136,"to":141,"sanitized":153},false,{"from":146,"to":149,"sanitized":155},true,2,"medium",{"entryPoint":159,"graph":160,"unsanitizedCount":11,"severity":167},"\u003Ccellarweb-multisite-site-notes-and-site-expire> (cellarweb-multisite-site-notes-and-site-expire.php:0)",{"nodes":161,"edges":165},[162,164],{"id":136,"type":137,"label":163,"file":41,"line":139},"$_REQUEST (x7)",{"id":141,"type":142,"label":143,"file":41,"line":125,"wp_function":144},[166],{"from":136,"to":141,"sanitized":155},"low",{"summary":169,"deductions":170},"The \"cellarweb-multisite-site-notes-and-site-expire\" plugin v1.00 exhibits a generally positive security posture based on the static analysis. The absence of direct AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code demonstrates good practices by utilizing prepared statements for all SQL queries and including a nonce check. The lack of file operations and external HTTP requests also reduces potential avenues for exploitation.\n\nHowever, a concern arises from the taint analysis, which identified one flow with an unsanitized path. While classified as low severity (0 critical, 0 high), unsanitized paths can still lead to vulnerabilities if they interact with sensitive operations or user-controlled input. The plugin also has a reasonably high percentage of properly escaped outputs (79%), but this means approximately 21% of outputs might not be adequately sanitized, potentially leading to XSS vulnerabilities if user-controlled data is outputted without proper escaping.\n\nThe plugin's vulnerability history is clean, with no known CVEs. This, combined with the limited attack surface and good SQL handling, suggests a developer who is mindful of security. The primary risk is the identified unsanitized path and the potential for XSS through less-than-perfect output escaping. The plugin's strengths lie in its minimal attack surface and strong data handling for SQL, while the weaknesses are confined to potential input sanitization gaps.",[171,174],{"reason":172,"points":173},"Unsanitized path in taint flow",5,{"reason":175,"points":176},"Incomplete output escaping (21%)",4,"2026-03-17T07:06:45.474Z",{"wat":179,"direct":185},{"assetPaths":180,"generatorPatterns":182,"scriptPaths":183,"versionParams":184},[181],"\u002Fwp-content\u002Fplugins\u002Fcellarweb-multisite-site-notes-and-site-expire\u002Fassets\u002Fbanner-1000x200.jpg",[],[],[],{"cssClasses":186,"htmlComments":192,"htmlAttributes":194,"restEndpoints":201,"jsGlobals":202,"shortcodeOutput":203},[187,188,189,190,191],"CWMN_header","CWMN_shadow","CWMN_options","CWMN_sidebar","CWMN_footer",[193],"\u003C!-- not sure why this one is needed ... -->",[195,196,197,198,199,200],"class='CWMN_header'","alt=''","class='CWMN_shadow'","class=\"CWMN_options\"","class='CWMN_sidebar'","class=\"CWMN_footer\"",[],[],[]]