[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9A8tEPHBsukrnyeMIqglDA5snkXC0PpUisQxZp9qWew":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":34,"analysis":35,"fingerprints":62},"change-debug-log-location","Change Debug Log Location","0.0.2","Jose Mortellaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuse\u002F","\u003Cp>Normally, if the debug is active, the file debug.log is included in the folder wp-content, and everybody can read it at https:\u002F\u002Fyour-domain.com\u002Fwp-content\u002Fdebug.log\u002F.\u003C\u002Fp>\n\u003Cp>Activating Change Debug Log Location you will find the debug.log file in the main directory, but it will have a name that looks like debug-6583fb9c.log.\u003C\u002Fp>\n\u003Cp>So only those who know the name will be able to find it.\u003C\u002Fp>\n\u003Cp>Deactivating the plugin it will not delete the debug file, because we don’t want you lose any information, of course you can delete it manually via FTP.\u003C\u002Fp>\n\u003Cp>Moreover, after deactivating the plugin the debug will be disabled. If you need it, you should enable it again in wp-config.php.\u003C\u002Fp>\n\u003Cp>Of course, if the debug is disabled because you don’t need it (the default of WordPress), you also don’t need this plugin. This plugin is only for those who need to read the debug.log file, but they don’t want everybody can read it.\u003C\u002Fp>\n\u003Ch3>Help\u003C\u002Fh3>\n\u003Cp>If you need help open a thread on the support forum of this plugin.\u003Cbr \u002F>\nPlease, before posting enable the debugging in wp-config.php. Need a step-by-step guide? Read \u003Ca href=\"https:\u002F\u002Ffreesoul-deactivate-plugins.com\u002Fhow-to-enable-debugging-in-wordpress-a-step-by-step-guide\u002F\" rel=\"nofollow ugc\">this detailed tutorial\u003C\u002Fa> on \u003Ca href=\"https:\u002F\u002Ffreesoul-deactivate-plugins.com\u002Fhow-to-enable-debugging-in-wordpress-a-step-by-step-guide\u002F\" rel=\"nofollow ugc\">how to enable debugging in WordPress\u003C\u002Fa> to learn more.\u003C\u002Fp>\n","Your website will not send any email in case of fatal errors.",10,1887,0,"2025-12-05T08:46:00.000Z","6.9.4","4.6","5.6",[19],"it-changes-the-title-and-the-location-of-the-file-debug-log","https:\u002F\u002Fjosemortellaro.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-debug-log-location.0.0.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"giuse",56,26370,99,62,87,"2026-04-04T01:06:17.352Z",[],{"attackSurface":36,"codeSignals":42,"taintFlows":50,"riskAssessment":51,"analyzedAt":61},{"hooks":37,"ajaxHandlers":38,"restRoutes":39,"shortcodes":40,"cronEvents":41,"entryPointCount":13,"unprotectedCount":13},[],[],[],[],[],{"dangerousFunctions":43,"sqlUsage":44,"outputEscaping":46,"fileOperations":48,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":49},[],{"prepared":13,"raw":13,"locations":45},[],{"escaped":13,"rawEcho":13,"locations":47},[],2,[],[],{"summary":52,"deductions":53},"The \"change-debug-log-location\" plugin version 0.0.2 exhibits a strong initial security posture based on the provided static analysis.  There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, resulting in a zero attack surface.  Furthermore, the code avoids dangerous functions, utilizes prepared statements exclusively for SQL queries, and performs proper output escaping. The absence of taint analysis findings and a clean vulnerability history further bolster its security standing.\n\nHowever, a significant concern arises from the complete lack of nonce and capability checks. While the current attack surface is zero, this indicates a lack of defensive programming that could become a critical vulnerability if any entry points are introduced in future versions or if misconfigurations lead to unexpected code execution paths. The presence of file operations without explicit security checks on their parameters is also a potential area of concern, though the static analysis does not currently highlight any specific risks. The plugin's very limited vulnerability history is positive, but the lack of robustness in authentication and authorization checks is a weakness that warrants attention.\n\nIn conclusion, the plugin is currently secure due to its extremely limited functionality and lack of exposure. However, the fundamental absence of nonce and capability checks represents a significant oversight in secure coding practices. This architectural weakness, if left unaddressed, could lead to severe vulnerabilities in the future. It is recommended to implement robust authentication and authorization mechanisms, especially for any file operations, to mitigate future risks.",[54,56,58],{"reason":55,"points":11},"Missing nonce checks",{"reason":57,"points":11},"Missing capability checks",{"reason":59,"points":60},"File operations without explicit security checks",5,"2026-03-17T00:35:32.156Z",{"wat":63,"direct":68},{"assetPaths":64,"generatorPatterns":65,"scriptPaths":66,"versionParams":67},[],[],[],[],{"cssClasses":69,"htmlComments":71,"htmlAttributes":72,"restEndpoints":73,"jsGlobals":74,"shortcodeOutput":75},[70],"eos-cdll-setts",[],[],[],[],[]]