[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzPEBAqRh9IPt0NS0I4ZpIkIfW3Vl50kWMiRoaS-xZms":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":45,"crawl_stats":35,"alternatives":51,"analysis":162,"fingerprints":273},"chakra-test","Chakra test","1.0.2","Vikas Ratudi","https:\u002F\u002Fprofiles.wordpress.org\u002Fvikasratudi\u002F","\u003Cp>Welcome to chakra test create your question logics and give the user a chakra test.\u003C\u002Fp>\n\u003Cp>It make your page conversion\u002Ftraffic rate much higher.\u003C\u002Fp>\n\u003Cp>Try now it’s free\u003C\u002Fp>\n\u003Cp>You can suggest us if you want to add any addon features.\u003C\u002Fp>\n\u003Cp>Need help in chakra Contact us at vforminfo@gmail.com\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy To use\u003C\u002Fli>\n\u003Cli>Edit\u002F delete Features\u003C\u002Fli>\n\u003Cli>Add Question Groups\u003C\u002Fli>\n\u003Cli>Add Questions\u003C\u002Fli>\n\u003Cli>Add Question Inputs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>chakra test is absolutely free, positively the most beginner friendly for WordPress. It is both easy and powerful.\u003C\u002Fp>\n\u003Cp>Please feel free to follow me on Instagram for latest updates: \u003Ca href=\"https:\u002F\u002Fwww.instagram.com\u002Fratudi_vikas\u002F?r=nametag\" rel=\"nofollow ugc\">Follow\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you have any suggestion\u002Fquery just email us at:)  vforminfo@gmail.com.\u003C\u002Fp>\n","Welcome to chakra test create your question logics and give the user a chakra test.",10,2109,0,"2025-12-12T13:02:00.000Z","6.9.4","5.6","7.0",[19,4,20,21,22],"chakra","heal","vform","vikasratudi","\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchakra-test.1.0.2.zip",99,1,"2025-12-23 00:00:00","2026-03-15T15:16:48.613Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":6,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":44},"CVE-2025-68557","chakra-test-missing-authorization","Chakra test \u003C= 1.0.1 - Missing Authorization","The Chakra test plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.",null,"\u003C=1.0.1","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-01-06 14:37:12",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0f704143-8842-485c-b419-f78b903b4184?source=api-prod",15,{"slug":22,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":25,"avg_patch_time_days":48,"trust_score":49,"computed_at":50},7,540,8,93,"2026-04-03T21:27:03.455Z",[52,73,98,119,145],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":63,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":16,"tags":67,"homepage":68,"download_link":69,"security_score":70,"vuln_count":71,"unpatched_count":26,"last_vuln_date":72,"fetched_at":28},"health-check","Health Check & Troubleshooting","1.7.1","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>This plugin will perform a number of checks on your WordPress installation to detect common configuration errors and known issues, and also allows plugins and themes to add their own checks.\u003C\u002Fp>\n\u003Cp>The debug section, which allows you to gather information about your WordPress and server configuration that you may easily share with support representatives for themes, plugins or on the official WordPress.org support forums.\u003C\u002Fp>\n\u003Cp>Troubleshooting allows you to have a clean WordPress session, where all plugins are disabled, and a default theme is used, but only for your user until you disable it or log out.\u003C\u002Fp>\n\u003Cp>The Tools section allows you to check that WordPress files have not been tampered with, that emails can be sent, and if your plugins are compatible with any PHP version updates in the future.\u003C\u002Fp>\n\u003Cp>For a more extensive example of how to efficiently use the Health Check plugin, check out the \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fsupport\u002Fhandbook\u002Fappendix\u002Ftroubleshooting-using-the-health-check\u002F\" rel=\"nofollow ugc\">WordPress.org support team handbook page about this plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Feedback is welcome both through the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fhealth-check\" rel=\"ugc\">WordPress.org forums\u003C\u002Fa>, the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Fhealth-check\" rel=\"nofollow ugc\">GitHub project page\u003C\u002Fa>, or on \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fchat\" rel=\"nofollow ugc\">Slack\u003C\u002Fa> in either \u003Ca href=\"https:\u002F\u002Fwordpress.slack.com\u002Fmessages\u002Fforums\u002F\" rel=\"nofollow ugc\">#forums\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.slack.com\u002Fmessages\u002Fcore-site-health\u002F\" rel=\"nofollow ugc\">#core-site-health\u003C\u002Fa>.\u003C\u002Fp>\n","Health Check identifies common problems, and helps you troubleshoot plugin and theme conflicts.",300000,5255588,72,179,"2024-07-25T21:43:00.000Z","6.6.5","4.4",[53],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhealth-check\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhealth-check.1.7.1.zip",57,5,"2025-12-15 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":17,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":94,"download_link":95,"security_score":96,"vuln_count":26,"unpatched_count":13,"last_vuln_date":97,"fetched_at":28},"performance-lab","Performance Lab","4.1.0","WordPress Performance Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fperformanceteam\u002F","\u003Cp>The Performance Lab plugin is a collection of features focused on enhancing the performance of your site, most of which should eventually be merged into WordPress core. The plugin facilitates the discovery and activation of the individual performance feature plugins which the performance team is developing. In this way you can test the features to get their benefits before they become available in WordPress core. You can also play an important role by providing feedback to further improve the solutions.\u003C\u002Fp>\n\u003Cp>The feature plugins which are currently featured by this plugin are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembed-optimizer\u002F\" rel=\"ugc\">Embed Optimizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-sizes\u002F\" rel=\"ugc\">Enhanced Responsive Images\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdominant-color-images\u002F\" rel=\"ugc\">Image Placeholders\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-prioritizer\u002F\" rel=\"ugc\">Image Prioritizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnocache-bfcache\u002F\" rel=\"ugc\">Instant Back\u002FForward\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwebp-uploads\u002F\" rel=\"ugc\">Modern Image Formats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foptimization-detective\u002F\" rel=\"ugc\">Optimization Detective\u003C\u002Fa> (dependency for Embed Optimizer and Image Prioritizer)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fperformant-translations\u002F\" rel=\"ugc\">Performant Translations\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fspeculation-rules\u002F\" rel=\"ugc\">Speculative Loading\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fview-transitions\u002F\" rel=\"ugc\">View Transitions\u003C\u002Fa> \u003Cem>(experimental)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These plugins can also be installed separately from installing Performance Lab, but having the Performance Lab plugin also active will ensure you find out about new performance features as they are developed.\u003C\u002Fp>\n","Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.",200000,3452248,86,50,"2026-02-27T20:19:00.000Z","6.6","7.2",[89,90,91,92,93],"diagnostics","measurement","optimization","performance","site-health","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fperformance-lab.4.1.0.zip",100,"2023-05-18 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":96,"num_ratings":108,"last_updated":109,"tested_up_to":15,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":117,"download_link":118,"security_score":96,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"version-info","Version Info – Server Health Monitor, PHP & MySQL Version Display, Environment Indicators","2.0.0","Brandon Ernst","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandonfire\u002F","\u003Ch4>🛡️ THE ESSENTIAL TECHNICAL HUD FOR EVERY WORDPRESS PROFESSIONAL\u003C\u002Fh4>\n\u003Cp>Stop digging through hidden menus or leaving insecure \u003Ccode>phpinfo()\u003C\u002Fcode> files on your server. \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002F\" title=\"Visit the Version Info website\" rel=\"nofollow ugc\">Version Info\u003C\u002Fa>\u003C\u002Fstrong> is the essential technical dashboard that brings your site’s most vital environment data directly into your daily workflow — the admin footer, the admin bar, or a dedicated dashboard widget.\u003C\u002Fp>\n\u003Cp>Whether you’re a freelancer managing dozens of client sites, a developer debugging a complex plugin conflict, or an agency maintaining a portfolio of high-value properties, having instant access to your \u003Cstrong>PHP version\u003C\u002Fstrong>, \u003Cstrong>MySQL version\u003C\u002Fstrong>, \u003Cstrong>WordPress version\u003C\u002Fstrong>, and \u003Cstrong>web server type\u003C\u002Fstrong> is a mission-critical utility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Version Info\u003C\u002Fstrong> has been trusted by WordPress professionals since 2015 and is now supercharged with a complete PRO + Agency suite for serious site monitoring. Learn more at \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002F\" title=\"Version Info official website\" rel=\"nofollow ugc\">versioninfoplugin.com\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>✨ What Makes Version Info Different?\u003C\u002Fh4>\n\u003Cp>Most server info plugins show you a wall of data you don’t need. Version Info is designed around \u003Cstrong>the data you actually use every day\u003C\u002Fstrong>, placed exactly where you need it — no extra pages, no bloat, no performance impact.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero Configuration\u003C\u002Fstrong> — Install, activate, done. Versions appear in your footer immediately.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Surgical Precision\u003C\u002Fstrong> — Only shows WP, PHP, MySQL, and Server versions. No fluff.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance First\u003C\u002Fstrong> — Uses native WordPress APIs. Literally zero impact on page load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks\u003C\u002Fstrong> — Every data point is filterable for custom integrations. See the \u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fadvanced-configuration-hooks-and-filters\" title=\"Version Info developer documentation\" rel=\"nofollow ugc\">developer docs\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🚀 Core Features (100% Free, Forever)\u003C\u002Fh4>\n\u003Cp>These features will always be free. No bait-and-switch.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🛠️ \u003Cstrong>Admin Footer Display\u003C\u002Fstrong> — See WordPress, PHP, MySQL, and Web Server versions at the bottom of every admin page. Includes a one-click update link when a new WP version is available.\u003C\u002Fli>\n\u003Cli>🚦 \u003Cstrong>WP-Admin Bar Nodes\u003C\u002Fstrong> — Pin your version stack to the admin bar for instant visibility while navigating between pages, posts, and settings.\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Dashboard Widget\u003C\u002Fstrong> — A dedicated “At a Glance” style widget showing your complete technical stack. Enable it via Screen Options.\u003C\u002Fli>\n\u003Cli>🔄 \u003Cstrong>Core Update Alerts\u003C\u002Fstrong> — Automatically compares your WP version with the latest available and shows an update link right in the footer.\u003C\u002Fli>\n\u003Cli>💻 \u003Cstrong>Server Detection\u003C\u002Fstrong> — Instantly identify Apache, Nginx, LiteSpeed, or any other server software without leaving WordPress.\u003C\u002Fli>\n\u003Cli>🌐 \u003Cstrong>Translation Ready\u003C\u002Fstrong> — Fully localized with translations in 13+ languages including Spanish, German, French, Japanese, Chinese, and more. \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fversion-info\u002F\" title=\"Translate Version Info on WordPress.org\" rel=\"nofollow ugc\">Help translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔥 PRO Plan — Advanced Site Intelligence\u003C\u002Fh4>\n\u003Cp>Unlock real-time performance monitoring, environment safety, and proactive health checks. Built for developers who take their stack seriously.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002Fpricing\" title=\"Version Info PRO pricing\" rel=\"nofollow ugc\">Upgrade to PRO \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fstrong> Starting at $19\u002Fyear.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>📈 \u003Cstrong>Real-Time CPU & RAM Monitoring\u003C\u002Fstrong> — See your server’s pulse, live. Visual percentage bars that auto-refresh every 60 seconds via the WordPress Heartbeat API. Cross-platform: uses \u003Ccode>sys_getloadavg()\u003C\u002Fcode> on Linux, COM objects on Windows, and \u003Ccode>\u002Fproc\u002Fmeminfo\u003C\u002Fcode> for system memory. Fully cached with Transients to prevent server strain.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>💾 \u003Cstrong>Database Size Tracking\u003C\u002Fstrong> — Know exactly how bloated your database is before it becomes a problem. Breaks down \u003Ccode>data_length\u003C\u002Fcode> vs. \u003Ccode>index_length\u003C\u002Fcode> for all tables matching your \u003Ccode>$wpdb->prefix\u003C\u002Fcode>. Results cached for 12 hours with a \u003Cstrong>“Scan Now” AJAX button\u003C\u002Fstrong> for on-demand fresh data. Perfect for monitoring WooCommerce database growth during peak sales.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🚨 \u003Cstrong>Smart Environment Indicators\u003C\u002Fstrong> — Never accidentally run a destructive query on production again. High-visibility color-coded badges in the admin bar: \u003Cstrong>Red\u003C\u002Fstrong> for Production, \u003Cstrong>Orange\u003C\u002Fstrong> for Staging, \u003Cstrong>Green\u003C\u002Fstrong> for Development\u002FLocal. Auto-detects \u003Ccode>WP_ENVIRONMENT_TYPE\u003C\u002Fcode>, Bedrock (\u003Ccode>WP_ENV\u003C\u002Fcode>), Kinsta, WP Engine, Pantheon, Flywheel, and more. Optional: highlight the entire admin bar border to match the environment color.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📜 \u003Cstrong>Audit Log of Version History\u003C\u002Fstrong> — A persistent timeline tracking every shift in your WordPress core, PHP, MySQL, plugin, and theme versions. Hooks into \u003Ccode>upgrader_process_complete\u003C\u002Fcode> for real-time logging of WordPress updates. Know exactly \u003Cem>when\u003C\u002Fem> and \u003Cem>what\u003C\u002Fem> changed for historical troubleshooting. Limited to the last 50 entries to prevent bloat.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🛡️ \u003Cstrong>Health Advisor Notifications\u003C\u002Fstrong> — Proactive alerts that predict problems before they happen. Checks your PHP and MySQL versions against known \u003Cstrong>End-of-Life (EOL) dates\u003C\u002Fstrong> and flags critical security risks. Integrates directly with the native \u003Cstrong>WordPress Site Health\u003C\u002Fstrong> screen via \u003Ccode>site_status_tests\u003C\u002Fcode>. Flags PHP \u003C 8.1 as a critical security risk.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📤 \u003Cstrong>JSON System Info Export\u003C\u002Fstrong> — One-click download of your entire technical stack as a structured JSON file. Includes WordPress config, PHP version + all extensions, database details, active theme, all active plugins with versions, server info, and more. Ideal for attaching to support tickets, sharing with hosting providers, or archiving before migrations.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fpro-features\" title=\"Version Info PRO documentation\" rel=\"nofollow ugc\">See the full PRO feature documentation \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>🏛️ Agency Plan — The Command Center for Client Portfolios\u003C\u002Fh4>\n\u003Cp>Everything in PRO, plus enterprise-grade tools for agencies, freelancers, and hosting companies managing multiple sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002Fpricing\" title=\"Version Info Agency pricing\" rel=\"nofollow ugc\">Upgrade to Agency \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fstrong> Starting at $49\u002Fyear.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>🏷️ \u003Cstrong>Full Agency White-Labeling\u003C\u002Fstrong> — Make it \u003Cem>your\u003C\u002Fem> plugin. Replace “Version Info” and “Gaucho Plugins” with your agency’s name everywhere: the plugin list, dashboard widgets, admin bar, footer, and settings page. Hide Freemius-generated Account, Contact, and Support submenus. Uses the \u003Ccode>all_plugins\u003C\u002Fcode> filter for seamless Plugins list rebranding.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👥 \u003Cstrong>Role-Based Admin Visibility\u003C\u002Fstrong> — Keep it simple for clients. A checkbox matrix lets you control exactly which WordPress user roles can see version information in the admin bar, footer, and dashboard widget. Show everything to administrators, hide everything from editors and shop managers. Default: administrator only.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🌐 \u003Cstrong>Multi-Site Network Dashboard\u003C\u002Fstrong> — A centralized command center for WordPress Multisite. A dedicated page under \u003Cstrong>Network Admin > Settings\u003C\u002Fstrong> shows a table of every site on the network with columns for site name, URL, WP version, PHP version, MySQL version, and database size. Uses \u003Ccode>switch_to_blog()\u003C\u002Fcode> safely with network transient caching. Capped at 100 sites for performance.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📧 \u003Cstrong>System Change Email Alerts\u003C\u002Fstrong> — Get notified the \u003Cem>instant\u003C\u002Fem> something changes. Proactive \u003Ccode>wp_mail()\u003C\u002Fcode> notifications the moment a hosting provider changes a PHP version, a WordPress core update completes, or any plugin\u002Ftheme version shifts. Configurable recipient list (comma-separated), per-component toggles, and defaults to the site admin email.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🔍 \u003Cstrong>PHP Error Log Dashboard\u003C\u002Fstrong> — Debug without FTP or SSH. View the last 100 lines of your \u003Ccode>debug.log\u003C\u002Fcode> (or custom \u003Ccode>error_log\u003C\u002Fcode> path) directly inside WordPress. Uses efficient \u003Ccode>fseek()\u003C\u002Fcode> tail reading — never loads the full log into memory. Sensitive file paths are automatically masked with \u003Ccode>[ABSPATH]\u003C\u002Fcode>. Download the full log as a ZIP file for offline analysis.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fagency-features\" title=\"Version Info Agency documentation\" rel=\"nofollow ugc\">See the full Agency feature documentation \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>🎯 Real-World Use Cases\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>“The Support Hero”\u003C\u002Fstrong>\u003Cbr \u002F>\nA client reports a bug. Instead of asking for their login credentials, you ask them to screenshot their admin footer. You instantly know their PHP version, MySQL version, WordPress version, and web server — without ever logging into their site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The WooCommerce Specialist”\u003C\u002Fstrong>\u003Cbr \u002F>\nBlack Friday is coming. You use \u003Cstrong>Database Tracking\u003C\u002Fstrong> to monitor table size growth during the high-traffic event. When \u003Ccode>wp_options\u003C\u002Fcode> grows 300% overnight, you catch the autoloaded transient bloat before it takes down the store.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Agency Owner”\u003C\u002Fstrong>\u003Cbr \u002F>\nYou hand over a beautifully built site to a high-ticket client. With \u003Cstrong>White-Labeling\u003C\u002Fstrong>, the client never sees “Gaucho Plugins” — they see \u003Cem>your\u003C\u002Fem> agency name everywhere. With \u003Cstrong>Role-Based Visibility\u003C\u002Fstrong>, the client’s editors see a clean dashboard without confusing server information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Safety-First Developer”\u003C\u002Fstrong>\u003Cbr \u002F>\nYou manage staging and production environments for the same client. The bright \u003Cstrong>red “Production” badge\u003C\u002Fstrong> in your admin bar prevents you from ever accidentally running a migration script on the live site. The \u003Cstrong>admin bar highlight\u003C\u002Fstrong> makes the environment unmistakable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Managed Hosting Reseller”\u003C\u002Fstrong>\u003Cbr \u002F>\nYou run 40 sites on a Multisite installation. The \u003Cstrong>Network Dashboard\u003C\u002Fstrong> gives you a single page showing WP, PHP, and MySQL versions across every site — perfect for planning bulk upgrades. When a host updates PHP overnight, the \u003Cstrong>Email Alert\u003C\u002Fstrong> hits your inbox before the first support ticket arrives.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Remote Debugger”\u003C\u002Fstrong>\u003Cbr \u002F>\nA client’s site throws a white screen. You open the \u003Cstrong>Error Log Dashboard\u003C\u002Fstrong> directly in wp-admin — no FTP client, no SSH terminal. The last 100 lines show a fatal error from a plugin update. The \u003Cstrong>Version History\u003C\u002Fstrong> tab confirms the plugin updated 10 minutes ago. Root cause found in under 60 seconds.\u003C\u002Fp>\n\u003Ch4>⚡ Performance & Architecture\u003C\u002Fh4>\n\u003Cp>Version Info is built with performance as the #1 priority:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Transients API\u003C\u002Fstrong> — All resource-heavy metrics (CPU, RAM, DB size) are cached. CPU\u002FRAM uses 60-second TTL; database size uses 12-hour TTL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Heartbeat API\u003C\u002Fstrong> — Live resource updates use the native WordPress Heartbeat, ensuring data refreshes only when the admin page is active.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider Pattern\u003C\u002Fstrong> — A \u003Ccode>ProviderInterface\u003C\u002Fcode> abstracts all detection logic, making it trivial to add custom providers for AWS, Kinsta, or any host-specific API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hook-First Architecture\u003C\u002Fstrong> — Every data point fires a WordPress filter (\u003Ccode>version_info_wp_version\u003C\u002Fcode>, \u003Ccode>version_info_php_version\u003C\u002Fcode>, etc.) and every render point fires an action. Extend anything without editing core files. See the \u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fadvanced-configuration-hooks-and-filters\" title=\"Version Info hooks reference\" rel=\"nofollow ugc\">hooks reference\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strict Typing\u003C\u002Fstrong> — Every file uses \u003Ccode>declare(strict_types=1)\u003C\u002Fcode> and PHP 8.1+ typed properties for maximum reliability.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Coding Standards\u003C\u002Fstrong> — Follows WPCS, uses proper escaping, nonce verification, capability checks, and prepared SQL queries throughout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🌍 Works With Your Stack\u003C\u002Fh4>\n\u003Cp>Version Info auto-detects and works seamlessly with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hosts:\u003C\u002Fstrong> Kinsta, WP Engine, Pantheon, Flywheel, Cloudways, SiteGround, and any standard LAMP\u002FLEMP host\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Environments:\u003C\u002Fstrong> Bedrock, Trellis, Local by Flywheel, MAMP, WAMP, Docker, DevKinsta\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Servers:\u003C\u002Fstrong> Apache, Nginx, LiteSpeed, OpenLiteSpeed, IIS\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> Full network-level support with dedicated Network Admin page (Agency)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translations:\u003C\u002Fstrong> 13+ languages with full RTL support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📣 What WordPress Professionals Are Saying\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“I install this on every client site. It saves me at least 5 minutes per support ticket.” — ★★★★★\u003C\u002Fp>\n\u003Cp>“The environment badges alone are worth the upgrade. I’ll never accidentally nuke production again.” — ★★★★★\u003C\u002Fp>\n\u003Cp>“Finally, a server info plugin that isn’t bloated with stuff I don’t need.” — ★★★★★\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fversion-info\u002Freviews\u002F?filter=5\" title=\"Version Info 5-star reviews\" rel=\"ugc\">Read more reviews \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>🔗 Resources & Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002F\" title=\"Visit the Version Info website\" rel=\"nofollow ugc\">Version Info Website\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002F\" title=\"Version Info documentation\" rel=\"nofollow ugc\">Documentation & Guides\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002Fpricing\" title=\"Version Info pricing\" rel=\"nofollow ugc\">PRO & Agency Pricing\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fadvanced-configuration-hooks-and-filters\" title=\"Version Info hooks reference\" rel=\"nofollow ugc\">Developer Hooks Reference\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fversion-info\u002F\" title=\"Version Info support\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fversion-info\u002F\" title=\"Translate on WordPress.org\" rel=\"nofollow ugc\">Translate Version Info\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgauchoplugins.com\" title=\"Gaucho Plugins\" rel=\"nofollow ugc\">Gaucho Plugins Portfolio\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","The #1 technical dashboard for WordPress professionals. Display PHP, MySQL, WP & server versions anywhere in admin. Monitor CPU, RAM, DB size &amp &hellip;",10000,120467,14,"2026-02-22T07:10:00.000Z","5.5","8.1",[113,114,115,116,93],"developer-tools","mysql-version","php-version","server-info","https:\u002F\u002Fversioninfoplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fversion-info.2.0.0.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":106,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":140,"download_link":141,"security_score":142,"vuln_count":143,"unpatched_count":13,"last_vuln_date":144,"fetched_at":28},"wp-server-stats","WP Server Health Stats","1.8.0","iSaumya","https:\u002F\u002Fprofiles.wordpress.org\u002Fisaumya\u002F","\u003Cp>WP Server Health Stats plugin will give you the ability to monitor your WordPress site at its core level. With all-important server health stats like allocated PHP memory, memory usage, realtime RAM usage, CPU usage etc. you can always identify if something wrong is going on with your site.\u003C\u002Fp>\n\u003Cp>Now you don’t have to contact your host every single time for minor things. You can easily see the server health stats in your WP admin dashboard and make critical decisions based on that, like if enabling some plugin is consuming a lot of memory or CPU etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please Note:\u003C\u002Fstrong> This plugin uses 3rd party systems \u003Ca href=\"http:\u002F\u002Fip-api.com\u002F\" rel=\"nofollow ugc\">ip-api.com\u003C\u002Fa> to get the location details for the server IP. Please check their \u003Ca href=\"https:\u002F\u002Fwww.ip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Privacy Policy and Terms\u003C\u002Fa>. By default the plugin uses the free version of IP-API service but if you have purchased a premium version then you can enter your API key inside the plugin settings page.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>It took many countless hours to code, design, test and include useful server info to show up in your WordPress dashboard. If you enjoy this plugin and understand the huge effort I put into this, please consider \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Facnamhq\" rel=\"nofollow ugc\">donating some amount\u003C\u002Fa> (no matter how small)\u003C\u002Fstrong> to keep alive the development of this plugin. Thank you again for using my plugin. If you love using this plugin, I would really appreciate it if you took 2 minutes out of your busy schedule to \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-server-stats\u002Freviews\u002F\" rel=\"ugc\">share your review\u003C\u002Fa>\u003C\u002Fstrong> about this plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Q: After installing this plugin my server load has increased tremendously. How to fix this?\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>This plugin uses Ajax to call the server after an interval of time to get the latest data about the server, giving you the real-time update. By default, this happens after every 200ms. But if you are using a low-end server with fewer resources, calling the server after each 200ms can increase your server load drastically. You can easily solve this too. On the left-hand side menu of WP Admin panel, you will see a settings panel for \u003Cstrong>WP Server Stats\u003C\u002Fstrong> under that you will find another sub-menu called \u003Cstrong>General Settings\u003C\u002Fstrong>. Within general settings, the first option is to change the interval time. Change it to how much higher your want like 2000ms (2 sec) or maybe 20000ms (20 sec) depending on your need. Once you save the settings the plugin will call the server only after the interval you have set, reducing your server load back to how it was without this plugin.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>But again, generally speaking, if you are in a decent to good hosting, you won’t face this problem at all, as this a very lightweight plugin.\u003C\u002Fp>\n\u003Cp>Features of the plugin include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Purge WP Server Stats Cache (Which you can disable also. Check the FAQ section for more details.)\u003C\u002Fli>\n\u003Cli>Shows server OS\u003C\u002Fli>\n\u003Cli>Shows server software\u003C\u002Fli>\n\u003Cli>Shows the server IP address\u003C\u002Fli>\n\u003Cli>Shows server port\u003C\u002Fli>\n\u003Cli>Shows server location\u003C\u002Fli>\n\u003Cli>Shows server hostname\u003C\u002Fli>\n\u003Cli>Shows server document root\u003C\u002Fli>\n\u003Cli>Shows if Memcached is enabled on your server or not\u003C\u002Fli>\n\u003Cli>If Memcached is enabled it will show you detailed information about your Memcached installation if provided appropriate Memcached host and port details in the \u003Cstrong>WP Server Stats\u003C\u002Fstrong> > \u003Cstrong>General Settings\u003C\u002Fstrong> page\u003C\u002Fli>\n\u003Cli>Shows total number of allowed CPU for your site\u003C\u002Fli>\n\u003Cli>Shows Real-Time CPU usage percentage\u003C\u002Fli>\n\u003Cli>Shows Total RAM allocated\u003C\u002Fli>\n\u003Cli>Shows Real-Time RAM Usage percentage\u003C\u002Fli>\n\u003Cli>Shows the database software installed on your site e.g. MySQL, MariaDB, Oracle etc.\u003C\u002Fli>\n\u003Cli>Shows the database version number\u003C\u002Fli>\n\u003Cli>Shows maximum number of connections allowed to your database\u003C\u002Fli>\n\u003Cli>Shows maximum packet size of your database\u003C\u002Fli>\n\u003Cli>Shows database disk usage\u003C\u002Fli>\n\u003Cli>Shows database index disk usage\u003C\u002Fli>\n\u003Cli>A separate page to show up even more details about your database server\u003C\u002Fli>\n\u003Cli>Shows your PHP version number\u003C\u002Fli>\n\u003Cli>Shows your PHP max upload size limit\u003C\u002Fli>\n\u003Cli>Shows PHP max post size\u003C\u002Fli>\n\u003Cli>Shows PHP max execution time\u003C\u002Fli>\n\u003Cli>Shows if PHP safe mode is on or off\u003C\u002Fli>\n\u003Cli>Shows if PHP short tag is on or off\u003C\u002Fli>\n\u003Cli>Shows allowed PHP memory for your WordPress site\u003C\u002Fli>\n\u003Cli>Real-Time Amount & Percentage of your PHP memory usage\u003C\u002Fli>\n\u003Cli>A separate page to show up even more details about your installed PHP & its various modules\u003C\u002Fli>\n\u003Cli>Real-Time PHP Memory, RAM Usage & CPU info bar changes colour based on the load (you can change the colours from the WP Server Stats General Settings Page)\u003C\u002Fli>\n\u003Cli>Designed with flat colours (you can change the colour scheme if you want)\u003C\u002Fli>\n\u003Cli>Realtime PHP Memory, RAM Usage & CPU usage info at the admin footer so that no matter what admin page you are, you can always see it\u003C\u002Fli>\n\u003Cli>Uses advanced WordPress Transient Caching mechanism to run the plugin super smooth without eating a lot of server resources. All the cache data will be auto expired on each week and then the plugin will re-cache the updated data again, to \u003Cstrong>ensure the least possible resource consumption by the plugin\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Only shows to the Administrators. For Multi-site, it will show the details to each site administrators, but not the network admins\u003C\u002Fli>\n\u003Cli>Option to change the realtime script refresh interval (default: 200ms), colour scheme, Memcached host and port details from the WP Server Stats – General Settings Page\u003C\u002Fli>\n\u003Cli>Automatically removes all the data added by this plugin to your WordPress database upon uninstallation of the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>READ BEFORE INSTALLING\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin uses PHP \u003Ccode>shell_exec()\u003C\u002Fcode> function which is by default enabled by all good hosting companies. But a small percentage of hosting company disable \u003Ccode>shell_exec()\u003C\u002Fcode> by default. So, please contact your hosting company to make sure \u003Ccode>shell_exec()\u003C\u002Fcode> is enabled in your account before installing this plugin. Otherwise, you will get an ERROR Code \u003Ccode>EXEC096T\u003C\u002Fcode> for every feature that uses \u003Ccode>shell_exec()\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Now this plugin is also hosted in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fisaumya\u002Fwp-server-stats\" rel=\"nofollow ugc\">Github\u003C\u002Fa>. But the Github repo will be used for the development of the plugin. So, from now on you can also report the bugs in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fisaumya\u002Fwp-server-stats\u002Fissues\" rel=\"nofollow ugc\">Github Issue Tracker\u003C\u002Fa> if you want.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Very Important Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin has been developed and tested on Linux based servers only so there is a very high chance that it might NOT work for Windows-based servers. So, I highly recommend this plugin to be used by those users who use a Linux based server.\u003Cbr \u002F>\nI currently have no plan to add Windows Server support as a very tiny amount of people still use Windows Server in this Linux age. I may add Windows support in future.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>ERROR Code List\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>EXEC096T\u003C\u002Fstrong> – PHP \u003Ccode>shell_exec()\u003C\u002Fcode> function has not been enabled in your account, which this plugin needs to run properly. Contact your server host and ask them to enable PHP \u003Ccode>shell_exec()\u003C\u002Fcode> function for your account.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>IP096T\u003C\u002Fstrong> – Your server is not returning the IP properly. There is definitely some issue with your server configuration. Please contact your host and tell them that PHP \u003Ccode>gethostbyname( gethostname() )\u003C\u002Fcode> is unable to get the server IP, ask them to look into their server configuration and to fix the configuration issue. If you have a self-hosted VPS or dedicated server, the reason is still the same. If you are unable to find the configuration issue inside your server, I highly suggest you hire a knowledgeable server admin to look into your server. In most cases, you should never get this error message.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Languages\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WP Server Stats is 100% compatible with translation and you can translate any text to whatever language you want. As this plugin doesn’t come with an inbuilt translation, I will suggest you to use a plugin like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsay-what\u002F\" rel=\"ugc\">Say What?\u003C\u002Fa> to change the text, you just have to use the text domain as \u003Ccode>wp-server-stats\u003C\u002Fcode> within the plugin to change the text.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Very Special Thanks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The list of people whom I especially want to thank without whom this plugin would have never been completed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Justin Catello from \u003Ca href=\"https:\u002F\u002Fwww.bigscoots.com\u002Fportal\u002F?affid=261\" rel=\"nofollow ugc\">BigScoots Hosting\u003C\u002Fa> – Looking for quality managed SSD hosting? Go with \u003Ca href=\"https:\u002F\u002Fwww.bigscoots.com\u002Fportal\u002F?affid=261\" rel=\"nofollow ugc\">BigScoot Hosting\u003C\u002Fa> keeping your eye closed. They are that much good.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fpippinsplugins\" rel=\"nofollow ugc\">Pippin Williamson\u003C\u002Fa> from \u003Ca href=\"https:\u002F\u002Feasydigitaldownloads.com\u002F\" rel=\"nofollow ugc\">Easy Digital Download\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fjustin_kimbrell\" rel=\"nofollow ugc\">Justin Kimbrell\u003C\u002Fa> for \u003Ca href=\"http:\u002F\u002Fflipclockjs.com\u002F\" rel=\"nofollow ugc\">FlipClock.js\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Alex Rabe\u003C\u002Fli>\n\u003Cli>Vlad from \u003Ca href=\"http:\u002F\u002Fip-api.com\u002F\" rel=\"nofollow ugc\">ip-api.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fgamerz\" rel=\"nofollow ugc\">Lester Chan\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Support the Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin please don’t forget to write a review and if possible please \u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Facnamhq\" rel=\"nofollow ugc\">Donate some amount\u003C\u002Fa> to keep the plugin and it’s development alive.\u003C\u002Fp>\n","Monitor your WP site the right way with most important stats like Database, PHP details, PHP Memory, RAM Usage, CPU load, Server Uptime & more.",314858,96,109,"2024-07-01T18:53:00.000Z","6.5.8","5.0","7.4.0",[135,136,137,138,139],"health","information","isaumya","server","stats","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-server-stats\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-server-stats.1.8.0.zip",87,3,"2024-06-24 00:00:00",{"slug":146,"name":147,"version":148,"author":149,"author_profile":150,"description":151,"short_description":152,"active_installs":106,"downloaded":153,"rating":96,"num_ratings":154,"last_updated":155,"tested_up_to":15,"requires_at_least":156,"requires_php":16,"tags":157,"homepage":160,"download_link":161,"security_score":96,"vuln_count":13,"unpatched_count":13,"last_vuln_date":35,"fetched_at":28},"wpvulnerability","WPVulnerability","4.3.1","Javier Casares","https:\u002F\u002Fprofiles.wordpress.org\u002Fjaviercasares\u002F","\u003Cp>This plugin integrates with the WPVulnerability API to provide real-time vulnerability assessments for your WordPress core, plugins, themes, PHP version, Apache HTTPD, nginx, MariaDB, MySQL, ImageMagick, curl, memcached, Redis, and SQLite.\u003C\u002Fp>\n\u003Cp>It delivers detailed reports directly within your WordPress dashboard, helping you stay aware of potential security risks. Configure the plugin to send periodic notifications about your site’s security status, ensuring you remain informed without being overwhelmed. Designed for ease of use, it supports proactive security measures without storing or retrieving any personal data from your site.\u003C\u002Fp>\n\u003Ch4>Data reliability\u003C\u002Fh4>\n\u003Cp>The information provided by the information database comes from different sources that have been reviewed by third parties. There is no liability of any kind for the information. Act at your own risk.\u003C\u002Fp>\n\u003Ch3>Using the plugin\u003C\u002Fh3>\n\u003Ch4>WP-CLI\u003C\u002Fh4>\n\u003Cp>You can use the following WP-CLI commands to manage and check vulnerabilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Core: \u003Ccode>wp wpvulnerability core\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Plugins: \u003Ccode>wp wpvulnerability plugins\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Themes: \u003Ccode>wp wpvulnerability themes\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>PHP: \u003Ccode>wp wpvulnerability php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Apache HTTPD: \u003Ccode>wp wpvulnerability apache\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>nginx: \u003Ccode>wp wpvulnerability nginx\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MariaDB: \u003Ccode>wp wpvulnerability mariadb\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MySQL: \u003Ccode>wp wpvulnerability mysql\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>ImageMagick: \u003Ccode>wp wpvulnerability imagemagick\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>curl: \u003Ccode>wp wpvulnerability curl\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>memcached: \u003Ccode>wp wpvulnerability memcached\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Redis: \u003Ccode>wp wpvulnerability redis\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>SQLite: \u003Ccode>wp wpvulnerability sqlite\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To configure the plugin you can use:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Hide component: \u003Ccode>wp wpvulnerability config hide \u003Ccomponent> [on|off]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Notification email: \u003Ccode>wp wpvulnerability config email \u003Cemails>\u003C\u002Fcode> (comma separatted)\u003C\u002Fli>\n\u003Cli>Notification period: \u003Ccode>wp wpvulnerability config period \u003Cnever|daily|weekly>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Log retention: \u003Ccode>wp wpvulnerability config log-retention \u003C0|1|7|14|28>\u003C\u002Fcode> (in days)\u003C\u002Fli>\n\u003Cli>Cache duration: \u003Ccode>wp wpvulnerability config cache \u003C1|6|12|24>\u003C\u002Fcode> (in hours)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All commands support the \u003Ccode>--format\u003C\u002Fcode> option to specify the output format:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>--format=table\u003C\u002Fcode>: Displays the results in a table format (default).\u003C\u002Fli>\n\u003Cli>\u003Ccode>--format=json\u003C\u002Fcode>: Displays the results in JSON format.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Need help?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp wpvulnerability --help\u003C\u002Fcode>: Displays help information for WPVulnerability commands.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp wpvulnerability [command] --help\u003C\u002Fcode>: Displays help information for a WPVulnerability command.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>REST API\u003C\u002Fh4>\n\u003Cp>The WPVulnerability plugin provides several \u003Cstrong>REST API endpoints\u003C\u002Fstrong> to fetch vulnerability information for different components of your WordPress site.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Core: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fcore\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Plugins: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fplugins\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Themes: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fthemes\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>PHP: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fphp\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Apache HTTPD: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fapache\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>nginx: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fnginx\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MariaDB: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fmariadb\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>MySQL: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fmysql\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>ImageMagick: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fimagemagick\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>curl: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fcurl\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>memcached: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fmemcached\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Redis: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fredis\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>SQLite: \u003Ccode>\u002Fwpvulnerability\u002Fv1\u002Fsqlite\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The WPVulnerability REST API uses \u003Cstrong>Application Passwords\u003C\u002Fstrong> for authentication. You need to include a valid Application Password in the Authorization header of your requests.\u003C\u002Fp>\n\u003Cp>Example Request with Authentication\u003C\u002Fp>\n\u003Cpre>\u003Ccode>curl -X GET https:\u002F\u002Fexample.com\u002Fwp-json\u002Fwpvulnerability\u002Fv1\u002Fplugins -u username:application_password\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Replace username with your WordPress \u003Ccode>username\u003C\u002Fcode> and \u003Ccode>application_password\u003C\u002Fcode> with your \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F11\u002F05\u002Fapplication-passwords-integration-guide\u002F\" rel=\"nofollow ugc\">Application Password\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Extra Configurations\u003C\u002Fh3>\n\u003Ch4>“From:” mail (since: 3.2.2)\u003C\u002Fh4>\n\u003Cp>If, for some reason, you need the emails sent by the plugin to have a From different from the site administrator, you can change it from the \u003Ccode>wp-config.php\u003C\u002Fcode> by adding a constant:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_MAIL', 'sender@example.com' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If the constant is active, it will be visible in the configuration screen.\u003C\u002Fp>\n\u003Ch4>Force hiding checks (since: 4.1.0)\u003C\u002Fh4>\n\u003Cp>If you want to always hide a specific component, you can define a constant in \u003Ccode>wp-config.php\u003C\u002Fcode>. When set to \u003Ccode>true\u003C\u002Fcode>, the option will be checked automatically in the settings screen and the related analysis will be skipped.\u003C\u002Fp>\n\u003Cp>Example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_HIDE_APACHE', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Available constants: \u003Ccode>WPVULNERABILITY_HIDE_CORE\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_PLUGINS\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_THEMES\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_PHP\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_APACHE\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_NGINX\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_MARIADB\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_MYSQL\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_IMAGEMAGICK\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_CURL\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_MEMCACHED\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_REDIS\u003C\u002Fcode>, \u003Ccode>WPVULNERABILITY_HIDE_SQLITE\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Cache duration (since: 4.1.0)\u003C\u002Fh4>\n\u003Cp>By default, data from the API is cached for 12 hours. To change this, define \u003Ccode>WPVULNERABILITY_CACHE_HOURS\u003C\u002Fcode> in \u003Ccode>wp-config.php\u003C\u002Fcode> with one of \u003Ccode>1\u003C\u002Fcode>, \u003Ccode>6\u003C\u002Fcode>, \u003Ccode>12\u003C\u002Fcode> or \u003Ccode>24\u003C\u002Fcode>. This value overrides the setting screen and WP-CLI command.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_CACHE_HOURS', 24 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Log rotation (since: 4.2.0)\u003C\u002Fh4>\n\u003Cp>WPVulnerability stores the most recent API responses so you can review recent calls from the new log tab. Define \u003Ccode>WPVULNERABILITY_LOG_RETENTION_DAYS\u003C\u002Fcode> in \u003Ccode>wp-config.php\u003C\u002Fcode> to control how many days of entries are preserved. Supported values are \u003Ccode>0\u003C\u002Fcode>, \u003Ccode>1\u003C\u002Fcode>, \u003Ccode>7\u003C\u002Fcode>, \u003Ccode>14\u003C\u002Fcode> or \u003Ccode>28\u003C\u002Fcode>; using \u003Ccode>0\u003C\u002Fcode> disables logging entirely.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_LOG_RETENTION_DAYS', 14 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>When the constant is present its value is enforced in the settings UI and through WP-CLI, ensuring consistent log rotation across environments.\u003C\u002Fp>\n\u003Ch4>Security configuration (since: 4.3.0)\u003C\u002Fh4>\n\u003Cp>WPVulnerability uses a hybrid detection approach for server software (ImageMagick, Redis, Memcached, SQLite): PHP extensions first (most secure), then shell commands as fallback (most accurate). You can control this behavior using security configuration constants in \u003Ccode>wp-config.php\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Global disable of shell commands:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_DISABLE_SHELL_EXEC', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Completely disables shell command usage. Falls back to PHP extensions only. Use for maximum security when accuracy loss is acceptable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security mode (standard\u002Fstrict\u002Fdisabled):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SECURITY_MODE', 'strict' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cul>\n\u003Cli>\u003Ccode>standard\u003C\u002Fcode> – Hybrid detection: PHP extensions first, shell commands fallback (default, best accuracy)\u003C\u002Fli>\n\u003Cli>\u003Ccode>strict\u003C\u002Fcode> – PHP extensions only, no shell commands (high security, lower accuracy)\u003C\u002Fli>\n\u003Cli>\u003Ccode>disabled\u003C\u002Fcode> – No software detection at all (maximum security)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Component whitelist:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SHELL_EXEC_WHITELIST', 'imagemagick,redis' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Allows shell commands only for specified components. Available components: \u003Ccode>imagemagick\u003C\u002Fcode>, \u003Ccode>redis\u003C\u002Fcode>, \u003Ccode>memcached\u003C\u002Fcode>, \u003Ccode>sqlite\u003C\u002Fcode>. Use for granular control.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Examples:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Maximum security (no shell commands):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SECURITY_MODE', 'strict' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Only allow ImageMagick shell detection:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_SHELL_EXEC_WHITELIST', 'imagemagick' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Complete disable:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WPVULNERABILITY_DISABLE_SHELL_EXEC', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>All shell commands are hardcoded and validated – no user input is involved. Commands are logged for security auditing.\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress: 4.7 – 6.9\u003C\u002Fli>\n\u003Cli>PHP: 5.6 – 8.5\u003C\u002Fli>\n\u003Cli>WP-CLI: 2.3.0 – 2.11.0\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>This plugin adheres to the following security measures and review protocols for each version:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002F\" rel=\"nofollow ugc\">WordPress Plugin Handbook\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fwordpress-org\u002Fplugin-security\u002F\" rel=\"nofollow ugc\">WordPress Plugin Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fapis\u002Fsecurity\u002F\" rel=\"nofollow ugc\">WordPress APIs Security\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002FWordPress-Coding-Standards\" rel=\"nofollow ugc\">WordPress Coding Standards\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-check\u002F\" rel=\"ugc\">Plugin Check (PCP)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>This plugin or the WordPress Vulnerability Database API does not collect any information about your site, your identity, the plugins, themes or content the site has.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Vulnerabilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A security vulnerability was found and fixed in version 4.2.2.1. All previous versions (3.3.0 – 4.2.1) are affected. Please update to version 4.2.2.1 or later.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Found a security vulnerability? Please report it to us privately at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaviercasares\u002Fwpvulnerability\u002Fsecurity\u002Fadvisories\u002Fnew\" rel=\"nofollow ugc\">WPVulnerability GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Cp>You can contribute to this plugin at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjaviercasares\u002Fwpvulnerability\" rel=\"nofollow ugc\">WPVulnerability GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Get WordPress vulnerability alerts from the WPVulnerability Database API.",527094,20,"2026-01-20T15:01:00.000Z","4.7",[158,93,159],"security","vulnerability","https:\u002F\u002Fwww.wpvulnerability.com\u002Fplugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpvulnerability.4.3.1.zip",{"attackSurface":163,"codeSignals":202,"taintFlows":262,"riskAssessment":263,"analyzedAt":272},{"hooks":164,"ajaxHandlers":183,"restRoutes":195,"shortcodes":196,"cronEvents":200,"entryPointCount":201,"unprotectedCount":13},[165,171,175,179],{"type":166,"name":167,"callback":168,"file":169,"line":170},"action","wp_enqueue_scripts","vfchakratest_wp_scripts","chakratest.php",24,{"type":166,"name":172,"callback":173,"file":169,"line":174},"admin_enqueue_scripts","vfchakratest_admin_enqueue_scripts",33,{"type":166,"name":176,"callback":177,"file":169,"line":178},"admin_menu","vfchakratest_plugin_menu",46,{"type":166,"name":180,"callback":181,"file":169,"line":182},"init","chakra_init",288,[184,189,192],{"action":185,"nopriv":186,"callback":185,"hasNonce":187,"hasCapCheck":186,"file":169,"line":188},"chkgroupadd",false,true,63,{"action":190,"nopriv":186,"callback":190,"hasNonce":187,"hasCapCheck":186,"file":169,"line":191},"chkgroupedit",129,{"action":193,"nopriv":186,"callback":193,"hasNonce":187,"hasCapCheck":186,"file":169,"line":194},"chkgroupdelete",243,[],[197],{"tag":19,"callback":198,"file":169,"line":199},"chakra_my_shortcode",291,[],4,{"dangerousFunctions":203,"sqlUsage":204,"outputEscaping":236,"fileOperations":13,"externalRequests":13,"nonceChecks":143,"capabilityChecks":13,"bundledLibraries":261},[],{"prepared":13,"raw":205,"locations":206},13,[207,211,213,215,217,219,221,223,225,228,230,232,234],{"file":208,"line":209,"context":210},"inc\\chakrastructure.php",34,"$wpdb->get_results() with variable interpolation",{"file":208,"line":212,"context":210},38,{"file":208,"line":214,"context":210},56,{"file":208,"line":216,"context":210},60,{"file":208,"line":218,"context":210},89,{"file":208,"line":220,"context":210},119,{"file":208,"line":222,"context":210},147,{"file":208,"line":224,"context":210},176,{"file":226,"line":227,"context":210},"inc\\vfchakrateststructure.php",184,{"file":226,"line":229,"context":210},223,{"file":226,"line":231,"context":210},231,{"file":226,"line":233,"context":210},287,{"file":226,"line":235,"context":210},295,{"escaped":209,"rawEcho":237,"locations":238},11,[239,242,243,245,247,249,251,253,255,257,259],{"file":169,"line":240,"context":241},85,"raw output",{"file":169,"line":25,"context":241},{"file":169,"line":244,"context":241},117,{"file":169,"line":246,"context":241},170,{"file":169,"line":248,"context":241},202,{"file":169,"line":250,"context":241},234,{"file":169,"line":252,"context":241},262,{"file":169,"line":254,"context":241},269,{"file":169,"line":256,"context":241},276,{"file":208,"line":258,"context":241},91,{"file":208,"line":260,"context":241},154,[],[],{"summary":264,"deductions":265},"The 'chakra-test' plugin v1.0.2 exhibits a mixed security posture.  While the static analysis reveals no immediately critical issues like dangerous functions or taint flows, and the attack surface is relatively small with all entry points seemingly protected by some form of check, significant concerns remain regarding data handling.  Specifically, the complete lack of prepared statements for all 13 SQL queries is a substantial risk, making it highly susceptible to SQL injection vulnerabilities.  Furthermore, the absence of capability checks, despite the presence of nonce checks on AJAX handlers, suggests a potential weakness in ensuring that authenticated users have the correct permissions to execute actions.\n\nThe plugin's vulnerability history, with one medium-severity CVE related to missing authorization, reinforces the concern about authorization controls.  Although this CVE is currently patched, it indicates a past weakness in how the plugin handles user permissions.  The combination of raw SQL queries and past authorization issues creates a notable risk profile that warrants careful consideration.  Therefore, while the plugin avoids some common pitfalls, the identified areas of weakness present tangible security threats that should be addressed to improve its overall security posture.",[266,268,270],{"reason":267,"points":11},"SQL queries use no prepared statements",{"reason":269,"points":11},"Medium severity CVE in history",{"reason":271,"points":71},"No capability checks found","2026-03-17T01:37:33.204Z",{"wat":274,"direct":283},{"assetPaths":275,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[276,277],"\u002Fwp-content\u002Fplugins\u002Fchakra-test\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fchakra-test\u002Fassets\u002Fjs\u002Fcustom.js",[],[277],[281,282],"chakra-test\u002Fassets\u002Fcss\u002Fstyle.css?ver=","chakra-test\u002Fassets\u002Fjs\u002Fcustom.js?ver=",{"cssClasses":284,"htmlComments":285,"htmlAttributes":286,"restEndpoints":287,"jsGlobals":288,"shortcodeOutput":290},[],[],[],[],[289],"ajax_object_vfchakratest",[]]