[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhB2tKM7crppsEAO-0cZV0edLLxJR3q0C0df8-NG_mOI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":134,"fingerprints":209},"change-permalink-helper","Change Permalink Helper","1.1.1","Syde GmbH (formerly Inpsyde)","https:\u002F\u002Fprofiles.wordpress.org\u002Finpsyde\u002F","\u003Cp>When you change the permalink structure then this is a problem for bookmarks of users and also for search engines to link to your posts. This plugin uses the slug of the new url and search for a ID in the database of WordPress. If it finds a post according to the slug, the Plugin will redirect to the correct post and send a header message “moved permanently 301” to change the url on the index of search engines.\u003C\u002Fp>\n","It checks the Permalink and redirects to the new URL, if it doesn't exist. It sends the header message \"moved permanently 301\"",1000,30749,94,33,"2020-04-24T14:28:00.000Z","5.4.19","2.7","",[20,21,22,23,24],"301","permalink","redirect","seo","url","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fchange-permalink-helper","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchange-permalink-helper.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"inpsyde",3,2300,92,423,73,"2026-04-04T15:12:59.057Z",[41,64,79,96,116],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":54,"requires_at_least":55,"requires_php":18,"tags":56,"homepage":62,"download_link":63,"security_score":51,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"php-to-pages","Legacy URL Suffix & SEO Preserver","2.1","Himanshu Parashar","https:\u002F\u002Fprofiles.wordpress.org\u002Funiquecodergmailcom\u002F","\u003Cp>\u003Cstrong>Don’t Let Your SEO Rank Vanish During a Migration.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Migrating a legacy website to WordPress is a massive win for your workflow, but it can be a disaster for your search engine rankings. If your old site used .php extensions (e.g., \u003Ccode>domain.com\u002Fabout-us.php\u003C\u002Fcode>), moving to standard WordPress “Clean Permalinks” will turn every one of those established links into a 404 Page Not Found error.\u003C\u002Fp>\n\u003Cp>PHP to Pages is the lightweight, “set it and forget it” solution that bridges the gap between your legacy architecture and modern WordPress flexibility.\u003C\u002Fp>\n\u003Ch3>The Value Proposition\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>“Seamlessly transition from legacy PHP sites to WordPress while maintaining 100% URL consistency. No complex .htaccess coding, no broken backlinks, and zero SEO drop-off.”\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Why Choose PHP to Pages?\u003C\u002Fh3>\n\u003Cp>When you change your URL structure, you lose the “link juice” accumulated over years. This plugin ensures that your existing backlinks from social media, external blogs, and Google search results remain active and functional.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Instantly Append .php Suffix:\u003C\u002Fstrong> Automatically transforms \u003Ccode>yoursite.com\u002Fsample-page\u002F\u003C\u002Fcode> into \u003Ccode>yoursite.com\u002Fsample-page.php\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Preservation:\u003C\u002Fstrong> Keep your indexed URLs exactly as they appear in Google Search Console to avoid the dreaded “re-indexing” phase.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-Configuration Setup:\u003C\u002Fstrong> No need to dive into your server’s .htaccess or Nginx config files. Just activate and your permalinks update instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly:\u003C\u002Fstrong> Built with standard WordPress Rewrites API, ensuring compatibility with most well-coded themes and plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight Performance:\u003C\u002Fstrong> No bloat, no database-heavy queries. It simply tells WordPress how to read and display your URLs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Who Is This For?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Agencies & Freelancers:\u003C\u002Fstrong> Moving a long-term client from a static PHP site to WordPress.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Specialists:\u003C\u002Fstrong> Ensuring that a site migration doesn’t result in a loss of organic traffic.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Legacy Site Owners:\u003C\u002Fstrong> Anyone who has a decade’s worth of backlinks pointing to .php files and doesn’t want to manage thousands of manual 301 redirects.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Cstrong>Install & Activate:\u003C\u002Fstrong> Simply upload the plugin to your WordPress dashboard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Permalinks Refresh:\u003C\u002Fstrong> Go to \u003Cstrong>Settings > Permalinks\u003C\u002Fstrong> and click “Save Changes” to flush your rewrite rules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Done:\u003C\u002Fstrong> Your pages will now resolve with the .php extension.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Example\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Before:\u003C\u002Fstrong> \u003Ccode>http:\u002F\u002Fsfdcbeginner.com\u002Fchild-parent-communication-without-event\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>After:\u003C\u002Fstrong> \u003Ccode>http:\u002F\u002Fsfdcbeginner.com\u002Fchild-parent-communication-without-event.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n","Maintain SEO rankings with custom URL suffixes like .php or .html. Perfect for legacy site migrations, fixing 404s, and preserving link juice.",200,11174,100,1,"2026-02-08T19:14:00.000Z","6.9.4","2.5.1",[57,58,59,60,61],"301-redirect","legacy-site","permalinks","seo-migration","url-suffix","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fphp-to-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphp-to-pages.2.1.zip",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":28,"downloaded":72,"rating":28,"num_ratings":28,"last_updated":73,"tested_up_to":54,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":18,"download_link":78,"security_score":51,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"url-pathfinder","URL Pathfinder","1.0.2","Presskopp","https:\u002F\u002Fprofiles.wordpress.org\u002Fpresskopp\u002F","\u003Cp>URL Pathfinder is a powerful WordPress plugin that helps reduce 404 errors by intelligently redirecting visitors to the closest matching content on your website. Using advanced fuzzy matching algorithms, the plugin analyzes broken URL requests and finds the most relevant post or page to redirect visitors to.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Intelligent 404 handling with fuzzy matching\u003C\u002Fli>\n\u003Cli>Automatic redirection to closest matching content\u003C\u002Fli>\n\u003Cli>Rate limiting to prevent abuse\u003C\u002Fli>\n\u003Cli>Caching for improved performance\u003C\u002Fli>\n\u003Cli>Admin bar notice to enable\u002Fdisable the plugin without deactivating it\u003C\u002Fli>\n\u003Cli>Support for multiple post types\u003C\u002Fli>\n\u003Cli>Bad URL filtering\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once activated, URL Pathfinder automatically handles 404 errors without requiring any configuration. The plugin:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Detects when a visitor encounters a 404 error\u003C\u002Fli>\n\u003Cli>Analyzes the requested URL\u003C\u002Fli>\n\u003Cli>Searches for the closest matching permalink\u003C\u002Fli>\n\u003Cli>Redirects the visitor to the best matching page or post\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Admin Bar Control:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can quickly enable or disable the plugin using the admin bar notice:\u003Cbr \u002F>\n– Click on “URL Pathfinder ON” (enabled) or “URL Pathfinder OFF” (disabled)\u003Cbr \u002F>\n– Changes take effect immediately without page reload\u003C\u002Fp>\n\u003Ch3>Configuration\u003C\u002Fh3>\n\u003Cp>The plugin comes with sensible defaults and works out of the box, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong>: Prevents excessive redirect attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bad URL Filtering\u003C\u002Fstrong>: Excludes system and bot URLs from processing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Caching\u003C\u002Fstrong>: Improves performance by caching fuzzy matching results\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Details\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Performance:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Caching reduces database queries\u003C\u002Fli>\n\u003Cli>Rate limiting prevents performance issues\u003C\u002Fli>\n\u003Cli>Early exit for blocked URLs\u003C\u002Fli>\n\u003Cli>Efficient fuzzy matching algorithm\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and feature requests, create a topic on https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Furl-pathfinder\u002F\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL v2 or later.\u003C\u002Fp>\n\u003Cp>Copyright (c) Presskopp – https:\u002F\u002Fpresskopp.com\u002F\u003C\u002Fp>\n","Automatically redirects 404 URLs to the closest matching permalink using fuzzy matching.",164,"2025-12-22T09:26:00.000Z","5.0","7.4",[57,21,22,23,77],"url-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Furl-pathfinder.1.0.2.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":51,"num_ratings":89,"last_updated":90,"tested_up_to":54,"requires_at_least":91,"requires_php":74,"tags":92,"homepage":94,"download_link":95,"security_score":51,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simple-post-redirect","Simple Page Redirect","1.7.4","imemine","https:\u002F\u002Fprofiles.wordpress.org\u002Fimemine\u002F","\u003Cp>Simple Page Redirect is an easy-to-use WordPress plugin that lets you quickly redirect any post, page, custom post type, or portfolio item to an internal or external URL. Perfect for managing redirects across your site, this plugin simplifies URL redirection by adding a text box to the edit screen of all default and custom post types.\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>Quickly redirect any post, page, or custom post type to another URL using a simple metabox.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Redirect Setup\u003C\u002Fstrong>: Redirect any page, post, custom post type, or portfolio item to any internal or external URL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simple User Interface\u003C\u002Fstrong>: After activation, a new option box for redirects will appear on the post edit screen, making setup quick and easy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Post Type Support\u003C\u002Fstrong>: Works seamlessly with both default and custom post types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Flexible Redirect Options\u003C\u002Fstrong>: Easily manage redirection for your content without complex configurations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>Need to manage redirects at scale or keep things organized?\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Simple Page Redirect Pro\u003C\u002Fstrong> adds powerful features on top of the free version:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Bulk Edits\u003C\u002Fstrong> – Apply redirects to multiple posts or pages at once.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirect Labels\u003C\u002Fstrong> – Add customizable labels to easily identify and manage redirects.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Expiration Times\u003C\u002Fstrong> – Set expiration dates so redirects automatically disable when no longer needed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Export Options\u003C\u002Fstrong> – Export your redirects for backup or migration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Support\u003C\u002Fstrong> – Get dedicated email support for faster help.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>👉 Learn more about \u003Ca href=\"https:\u002F\u002Fsimpleproplugins.com\u002Fproduct\u002Fsimple-page-redirect\u002F\" rel=\"nofollow ugc\">Simple Page Redirect Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Whether you need simple page redirection or advanced features, \u003Cstrong>Simple Page Redirect\u003C\u002Fstrong> makes managing URL redirects on your WordPress site easy.\u003C\u002Fp>\n\u003Ch3>Support & Reviews\u003C\u002Fh3>\n\u003Cp>Have questions or need assistance? Visit our support tab for prompt help or suggestions. If you love the plugin, don’t forget to leave a review! 🙂\u003C\u002Fp>\n\u003Ch3>After Activation\u003C\u002Fh3>\n\u003Cp>After activation, a new option box for redirects will appear on the edit screen of your posts.\u003C\u002Fp>\n","Simple Page Redirect is an easy-to-use WordPress plugin that lets you quickly redirect any post, page, custom post type, or portfolio item to an inter &hellip;",10000,94759,8,"2026-01-24T20:53:00.000Z","3.0",[20,22,23,24,93],"woocommerce","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-post-redirect\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-post-redirect.1.7.4.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":36,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":18,"download_link":115,"security_score":51,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"quick-301-redirects","Quick 301 Redirects","1.1.8","Premio","https:\u002F\u002Fprofiles.wordpress.org\u002Fpremio\u002F","\u003Cp>\u003Cstrong>The fastest and easiest way to do 301 redirects. You can set each redirect individually or bulk upload unlimited number of 301 redirects using a CSV file.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can use Quick 301 Redirects for small website with just a few pages and also for sites with thousands of pages. Use Quick 301 Redirects to set up your 301 redirects in seconds, you can redirect internally to your domain or to any other domain.\u003C\u002Fp>\n\u003Ch4>Set 301 Redirects Manually Or In Bulk\u003C\u002Fh4>\n\u003Cp>Manage all your website’s 301 redirects without any professional knowledge. All you need is to install our plugin, and the leave the rest to our super simple UI (RTL supported).\u003C\u002Fp>\n\u003Cp>Our super simple UI will enable you to set your redirects manually one-by-one or using a CSV file for bulk upload.\u003C\u002Fp>\n\u003Cp>New! After saving your 301 301 redirects you’ll see a link button near each redirect that’ll allow you to test each and every 301 redirect.\u003C\u002Fp>\n\u003Cp>New! You can now export your 301 redirects into a CSV file.\u003C\u002Fp>\n","The fastest & easiest way to do 301 redirects. You can set each redirect or bulk upload unlimited number of 301 redirects using a CSV file",7000,42067,12,"2025-09-23T06:21:00.000Z","6.8.5","3.1",[20,111,112,113,114],"301-redirects","redirects","seo-redirects","url-redirects","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquick-301-redirects.1.1.8.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":18,"tags":131,"homepage":132,"download_link":133,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"advanced-permalinks","Advanced Permalinks","0.1.21","John Godley","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnny5\u002F","\u003Cp>Provides advanced permalink options that allow you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Have multiple permalink structures.  Permalinks can be assigned to posts or ranges of posts\u003C\u002Fli>\n\u003Cli>301 redirect old permalink structures (many structures are allowed)\u003C\u002Fli>\n\u003Cli>Category-specific permalinks.  Posts in certain categories can be assigned a permalink structure\u003C\u002Fli>\n\u003Cli>No need to have a base to the category permalink!\u003C\u002Fli>\n\u003Cli>Change author permalinks\u003C\u002Fli>\n\u003Cli>Enable periods in permalinks – perfect for migrating old websites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All permalinks are real permalinks and do not result in 301 redirections.  \u003Cem>This means you can change your permalink structure without\u003Cbr \u002F>\naffecting any existing posts and without losing any page rank.\u003C\u002Fem>  Any attempts to access posts in the wrong permalink structure will be\u003Cbr \u002F>\nautomatically redirected to the correct URL.\u003C\u002Fp>\n\u003Cp>Advanced Permalinks is available in:\u003Cbr \u002F>\n* English\u003Cbr \u002F>\n* Bulgarian (thanks to Alexander Dichev)\u003Cbr \u002F>\n* Belorussian (thanks to Marcis Gasuns)\u003Cbr \u002F>\n* Russian (thanks to Slava Mikheev)\u003Cbr \u002F>\n* Uzbekistan (thanks to Alexandra Bolshova)\u003Cbr \u002F>\n* Lithuanian (thanks to Nata Strazda at Web Hub)\u003C\u002Fp>\n\u003Ch4>Example 1: Migrating a permalink structure\u003C\u002Fh4>\n\u003Cp>Say you have an existing site with the default WordPress permalink structure \u003Ccode>\u002F%year%\u002F%monthnum%\u002F%day%\u002F%postname%\u002F\u003C\u002Fcode> and you decide you want to change it\u003Cbr \u002F>\nto a more keyword-heavy \u003Ccode>\u002F%category%\u002F%postname%\u002F\u003C\u002Fcode>.  If you change the permalink setting then all your old posts will be moved, and you will suffer a major loss\u003Cbr \u002F>\nof page rank (not to mention a lot of 404s).  With Advanced Permalinks you can define a specific permalink structure for all your old\u003Cbr \u002F>\nposts and then create a new permalink structure for new ones.  All your old posts will carry on living at the same URL as before, but all\u003Cbr \u002F>\nnew posts will be created using your new structure.\u003C\u002Fp>\n\u003Ch4>Example 2: Category-specific permalinks\u003C\u002Fh4>\n\u003Cp>Sometimes you want posts in a certain category to appear elsewhere on your site.  For example, your usual permalink structure may result in:\u003C\u002Fp>\n\u003Cp>\u002F2007\u002F05\u002F02\u002Fmy-review\u003C\u002Fp>\n\u003Cp>However, you want posts in the ‘review’ category to appear as:\u003C\u002Fp>\n\u003Cp>\u002Freviews\u002Fmy-review\u003C\u002Fp>\n\u003Cp>Using Advanced Permalinks this is not a problem.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Full documentation can be found on the \u003Ca href=\"http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fadvanced-permalinks\u002F\" rel=\"nofollow ugc\">Advanced Permalinks Page\u003C\u002Fa> page.\u003C\u002Fp>\n","Allows multiple permalink structures and category-specific permalinks without needing redirects.",400,93342,54,9,"2012-05-05T09:05:00.000Z","2.9.2","2.0",[21,59,22,23,24],"http:\u002F\u002Furbangiraffe.com\u002Fplugins\u002Fadvanced-permalinks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-permalinks.zip",{"attackSurface":135,"codeSignals":151,"taintFlows":159,"riskAssessment":198,"analyzedAt":208},{"hooks":136,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":28,"unprotectedCount":28},[137,143],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","plugins_loaded","onLoad","change_permalink_helper.php",29,{"type":138,"name":144,"callback":145,"file":141,"line":146},"template_redirect","is404",48,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":156,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":158},[],{"prepared":154,"raw":28,"locations":155},2,[],{"escaped":28,"rawEcho":28,"locations":157},[],[],[160,187],{"entryPoint":161,"graph":162,"unsanitizedCount":154,"severity":186},"is404 (change_permalink_helper.php:56)",{"nodes":163,"edges":182},[164,169,175,177],{"id":165,"type":166,"label":167,"file":141,"line":168},"n0","source","$_SERVER",64,{"id":170,"type":171,"label":172,"file":141,"line":173,"wp_function":174},"n1","sink","get_var() [SQLi]",68,"get_var",{"id":176,"type":166,"label":167,"file":141,"line":168},"n2",{"id":178,"type":171,"label":179,"file":141,"line":180,"wp_function":181},"n3","header() [Header Injection]",83,"header",[183,185],{"from":165,"to":170,"sanitized":184},false,{"from":176,"to":178,"sanitized":184},"high",{"entryPoint":188,"graph":189,"unsanitizedCount":154,"severity":186},"\u003Cchange_permalink_helper> (change_permalink_helper.php:0)",{"nodes":190,"edges":195},[191,192,193,194],{"id":165,"type":166,"label":167,"file":141,"line":168},{"id":170,"type":171,"label":172,"file":141,"line":173,"wp_function":174},{"id":176,"type":166,"label":167,"file":141,"line":168},{"id":178,"type":171,"label":179,"file":141,"line":180,"wp_function":181},[196,197],{"from":165,"to":170,"sanitized":184},{"from":176,"to":178,"sanitized":184},{"summary":199,"deductions":200},"The \"change-permalink-helper\" v1.1.1 plugin exhibits a mixed security posture. On one hand, the static analysis reveals no readily apparent attack surface through common vectors like AJAX, REST API, shortcodes, or cron events. Furthermore, the plugin demonstrates good practices by exclusively using prepared statements for its SQL queries and ensuring all output is properly escaped, with no file operations or external HTTP requests observed.\n\nHowever, the taint analysis raises significant concerns. Two identified flows with unsanitized paths are flagged as high severity. While the specific nature of these unsanitized paths isn't detailed, their presence in the code indicates potential for vulnerabilities if they involve user-supplied data. The lack of any recorded vulnerability history (CVEs) is positive but could also mean the plugin hasn't been extensively scrutinized or that past issues have been resolved. The absence of capability and nonce checks on any entry points, though there are none declared, is a potential weakness if new entry points were to be added in future versions without proper security measures.\n\nIn conclusion, while the plugin currently presents a low outward attack surface and adheres to secure coding practices for SQL and output, the identified high-severity taint flows are a critical red flag that require immediate investigation. The plugin's strengths lie in its responsible data handling for SQL and output, but the unsanitized path flows represent a clear and present danger. Its lack of historical vulnerabilities is a positive sign, but the identified code-level risks overshadow this in the immediate assessment.",[201,203,206],{"reason":202,"points":106},"High severity taint flows with unsanitized paths",{"reason":204,"points":205},"No capability checks on entry points",4,{"reason":207,"points":205},"No nonce checks on entry points","2026-03-16T19:09:44.817Z",{"wat":210,"direct":215},{"assetPaths":211,"generatorPatterns":212,"scriptPaths":213,"versionParams":214},[],[],[],[],{"cssClasses":216,"htmlComments":217,"htmlAttributes":218,"restEndpoints":219,"jsGlobals":220,"shortcodeOutput":221},[],[],[],[],[],[]]