[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fKP7jAp8df_QXc4MhtXYDTJ8Z5_JTQY879gutgYkuVEI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":139,"fingerprints":243},"chunks","Chunks","1.1","Konstantin Kovshenin","https:\u002F\u002Fprofiles.wordpress.org\u002Fkovshenin\u002F","\u003Cp>Chunks is for theme developers that have their themes filled with footer notes, copyright notices, block titles and descriptions, slogans, etc, which are sometimes hard-coded into the theme, sometimes localized (can be changed in po and mo files) and sometimes taken out to the theme options.\u003C\u002Fp>\n\u003Cp>Chunks will do the job for you. A “chunk” is a piece of HTML code that could be inserted anywhere in your theme and edited from the Theme Chunks page under Appearance in your admin panel. Use register_chunks() in your functions.php to register chunks for your theme and use the chunk() to get the chunk value anywhere in your template files.\u003C\u002Fp>\n\u003Cp>It’ll take you 5 minutes to implement Chunks in your theme: \u003Ca href=\"http:\u002F\u002Fkovshenin.com\u002Fwordpress\u002Fplugins\u002Fchunks\u002F\" title=\"Getting Started with Chunks\" rel=\"nofollow ugc\">Getting Started with Chunks\u003C\u002Fa>\u003C\u002Fp>\n","Chunks is about managing tiny bits of content on your WordPress site.",10,3654,0,"2011-06-17T19:26:00.000Z","3.1.4","2.8","",[4,19,20],"theme","utility","http:\u002F\u002Fkovshenin.com\u002Fwordpress\u002Fplugins\u002Fchunks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchunks.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"kovshenin",15,19000,89,30,86,"2026-04-04T11:51:12.081Z",[36,57,79,93,114],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":55,"download_link":56,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"theme-inspector","Theme Inspector","4.0.1","Melissa Cabral","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelissa-cabral\u002F","\u003Cp>A simple, lightweight plugin that displays useful technical information on pages and posts to aid in developing WordPress Classic themes. Provides quick access to things that are sometimes hidden, like post\u002Fpage ID, slug, taxonomy terms, and post type slug. Theme Inspector tells you exactly what conditional tags are true on each view, and what template file loaded on each page view.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use In Conjunction with the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fdrawings\u002Fd\u002F1hJ0MpHO3HKBT5KsTpGtc_gDYZ5pi-HyxNcRtmPBBULE\" rel=\"nofollow ugc\">WP Template Hierarchy Document\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Theme Inspector is only visible to logged in Administrators.\u003C\u002Fli>\n\u003Cli>Appears on the right-side of the Toolbar (admin bar).\u003C\u002Fli>\n\u003C\u002Ful>\n","A developer's inspector to illuminate the WordPress Template Hierarchy and help with building WordPress Classic themes.",400,14730,94,11,"2023-02-13T19:10:00.000Z","6.1.10","3.0",[52,53,54,19,20],"developer","inspector","template","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-inspector","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-inspector.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":76,"download_link":77,"security_score":78,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wowholic-core","Wowholic CORE","1.1.3","Wowholic","https:\u002F\u002Fprofiles.wordpress.org\u002Fwowholic\u002F","\u003Ch3>CORE: WordPress utilities\u003C\u002Fh3>\n\u003Cp>CORE is a utility-based, unintrusive WordPress plugin. It offers a simple UI to tweak many sensible default settings to quickstart your new fresh WordPress project. It’s recommended for developers building custom themes with ACF.\u003C\u002Fp>\n\u003Cp>CORE builds on top of Wowholic’s +5 years of experience developing fully custom WordPress sites, for all sorts of customers and industries. We made this plugin to be more efficient and productive in our own work, and we hope it helps you too!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean up unnecessary WordPress’ defaults:\n\u003Cul>\n\u003Cli>Remove comments widget styles\u003C\u002Fli>\n\u003Cli>Remove WP version from RSS feed\u003C\u002Fli>\n\u003Cli>Remove Gutenberg block library CSS (only if Classic Editor plugin is active)\u003C\u002Fli>\n\u003Cli>Remove RSD link\u003C\u002Fli>\n\u003Cli>Remove post, category and comment feed links\u003C\u002Fli>\n\u003Cli>Remove Windows Live Writer link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003Cli>Remove shortlink\u003C\u002Fli>\n\u003Cli>Remove relational adjacent links\u003C\u002Fli>\n\u003Cli>Remove emoji detection script and styles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Disable Theme & Plugin Editors, Widgets Admin Page, Default Post Type and Comments\u003C\u002Fli>\n\u003Cli>Set up some default redirections (archives, attachment pages…)\u003C\u002Fli>\n\u003Cli>Set up a visual grid on different breakpoints for debugging layout styles\u003C\u002Fli>\n\u003Cli>Enable layout spacing utility for debugging distances between elements (using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fstevenlei\u002Fspacingjs\" rel=\"nofollow ugc\">spacingjs\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Add custom format options to TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow removing unnecessary buttons from TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable Theme Options \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Add label next to Flexible Content Layout name \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow shortcodes in excerpts, textareas and text fields \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable pretty Search URL\u003C\u002Fli>\n\u003Cli>Enable \u003Ccode>[email]\u003C\u002Fcode> shortcode for antispam\u003C\u002Fli>\n\u003Cli>Change WordPress’ upload size limit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these features are contextual, which means that they won’t show or work unless some condition is met (usually, if a given plugin is active or not).\u003C\u002Fp>\n\u003Ch3>Community Feedback\u003C\u002Fh3>\n\u003Cp>Although already providing many features, this plugin is still in its early stages of development. Please reach out to us for any constructive feedback you might have!\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you want to read contributing guidelines, you can find them at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>\u003C\u002Fp>\n","CORE makes you faster and more efficient when developing custom WordPress sites.",40,2316,"2025-12-04T09:20:00.000Z","6.9.4","5.6","7.0",[72,73,74,75,20],"custom-themes","development","efficiency","productivity","https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwowholic-core.1.1.3.zip",100,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":11,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":50,"requires_php":17,"tags":90,"homepage":17,"download_link":91,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":92},"theme-bakery","Theme Bakery","0.2","shazdeh","https:\u002F\u002Fprofiles.wordpress.org\u002Fshazdeh\u002F","\u003Cp>This plugin enables you to generate a new theme, based on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAutomattic\u002F_s\" rel=\"nofollow ugc\">_S\u003C\u002Fa> theme.\u003C\u002Fp>\n","A simple tool that allows you to generate a new blank theme (uses _S theme).",2120,"2012-08-16T21:11:00.000Z","3.3.2",[19,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-bakery.zip","2026-03-15T14:54:45.397Z",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":13,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":70,"tags":107,"homepage":112,"download_link":113,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"arya-switch-theme","Arya Switch Theme","1.0.0","Arya Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Faryathemes\u002F","\u003Cp>Allows users to choose and preview all WordPress themes installed without\u003Cbr \u002F>\nactivation or deactivation for demonstration purposes.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fexample.com\u002F?theme=slug-theme\nhttps:\u002F\u002Fexample.com\u002F?theme=slug-theme&child=slug-child-theme\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allows users to choose and preview all WordPress themes installed without",1231,60,2,"2019-05-22T19:03:00.000Z","5.2.24","5.0",[108,109,110,111,20],"demo","preview","switch-theme","theme-switcher","https:\u002F\u002Fgithub.com\u002Faryathemes\u002Farya-switch-theme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farya-switch-theme.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":33,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":135,"download_link":136,"security_score":137,"vuln_count":103,"unpatched_count":13,"last_vuln_date":138,"fetched_at":25},"one-click-demo-import","One Click Demo Import","3.4.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The best feature of this plugin is, that theme authors can define import files in their themes and so all you (the user of the theme) have to do is click on the “Import Demo Data” button.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you a theme author?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Setup One Click Demo Imports for your theme and your users will thank you for it!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fquick-integration-guide\u002F\" rel=\"nofollow ugc\">Follow this easy guide on how to setup this plugin for your themes!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are you a theme user?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact the author of your theme and \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F\" rel=\"nofollow ugc\">let them know about this plugin\u003C\u002Fa>. Theme authors can make any theme compatible with this plugin in 15 minutes and make it much more user-friendly.\u003C\u002Fp>\n\u003Cp>“\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F#how-can-you-contact-your-theme-author\" rel=\"nofollow ugc\">Where can I find the theme author contact?\u003C\u002Fa>“\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Please take a look at our \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fuser-guide\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> for more information on how to import your demo content.\u003C\u002Fp>\n\u003Cp>This plugin is using the modified version of the improved WP import 2.0 that is still in development and can be found here: https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Cp>NOTE: There is no setting to “connect” authors from the demo import file to the existing users in your WP site (like there is in the original WP Importer plugin). All demo content will be imported under the current user.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please refer to our official \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fawesomemotive\u002Fone-click-demo-import\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.",1000000,19902961,79,"2025-09-11T09:36:00.000Z","6.8.5","5.5","7.4",[130,131,132,133,134],"content","import","settings","theme-options","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-demo-import.3.4.0.zip",97,"2024-05-07 00:00:00",{"attackSurface":140,"codeSignals":160,"taintFlows":189,"riskAssessment":227,"analyzedAt":242},{"hooks":141,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":158,"entryPointCount":159,"unprotectedCount":13},[142,147],{"type":143,"name":144,"callback":144,"file":145,"line":146},"action","admin_menu","chunks.php",34,{"type":143,"name":148,"callback":149,"file":145,"line":150},"plugins_loaded","anonymous",266,[],[],[154],{"tag":155,"callback":156,"file":145,"line":157},"chunk","shortcode",37,[],1,{"dangerousFunctions":161,"sqlUsage":165,"outputEscaping":167,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":188},[162],{"fn":163,"file":145,"line":150,"context":164},"create_function","add_action( 'plugins_loaded', create_function( '', 'global $chunks; $chunks = new Chunks();' ) );",{"prepared":13,"raw":13,"locations":166},[],{"escaped":159,"rawEcho":11,"locations":168},[169,172,174,175,176,178,180,182,184,186],{"file":145,"line":170,"context":171},160,"raw output",{"file":145,"line":173,"context":171},184,{"file":145,"line":173,"context":171},{"file":145,"line":173,"context":171},{"file":145,"line":177,"context":171},185,{"file":145,"line":179,"context":171},197,{"file":145,"line":181,"context":171},199,{"file":145,"line":183,"context":171},207,{"file":145,"line":185,"context":171},208,{"file":145,"line":187,"context":171},215,[],[190,215],{"entryPoint":191,"graph":192,"unsanitizedCount":213,"severity":214},"theme_page (chunks.php:135)",{"nodes":193,"edges":209},[194,199,204,207],{"id":195,"type":196,"label":197,"file":145,"line":198},"n0","source","$_POST (x3)",137,{"id":200,"type":201,"label":202,"file":145,"line":173,"wp_function":203},"n1","sink","echo() [XSS]","echo",{"id":205,"type":196,"label":206,"file":145,"line":179},"n2","$_GET['key'] (x3)",{"id":208,"type":201,"label":202,"file":145,"line":179,"wp_function":203},"n3",[210,212],{"from":195,"to":200,"sanitized":211},false,{"from":205,"to":208,"sanitized":211},6,"medium",{"entryPoint":216,"graph":217,"unsanitizedCount":213,"severity":226},"\u003Cchunks> (chunks.php:0)",{"nodes":218,"edges":223},[219,220,221,222],{"id":195,"type":196,"label":197,"file":145,"line":198},{"id":200,"type":201,"label":202,"file":145,"line":173,"wp_function":203},{"id":205,"type":196,"label":206,"file":145,"line":179},{"id":208,"type":201,"label":202,"file":145,"line":179,"wp_function":203},[224,225],{"from":195,"to":200,"sanitized":211},{"from":205,"to":208,"sanitized":211},"low",{"summary":228,"deductions":229},"The \"chunks\" v1.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL query handling, utilizing prepared statements exclusively, and it has no recorded vulnerability history, suggesting a generally stable codebase. The attack surface is minimal, with only one shortcode and no AJAX handlers or REST API routes, and importantly, no identified entry points lack authentication checks.\n\nHowever, several significant concerns emerge from the static analysis. The presence of the `create_function` function is a critical red flag, as it can be a source of severe security vulnerabilities if not handled with extreme care. Furthermore, the output escaping is severely lacking, with only 9% of outputs properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also reveals two flows with unsanitized paths, which, while not classified as critical or high severity in this report, warrant further investigation as they indicate potential pathways for malicious input to reach sensitive operations. The lack of nonce and capability checks on the identified entry points is also a notable weakness, potentially allowing unauthorized actions.\n\nIn conclusion, while the plugin avoids common pitfalls like raw SQL and has no known CVEs, the combination of poor output escaping, the use of `create_function`, and unsanitized taint flows presents a considerable risk. The absence of specific authentication checks on the shortcode is particularly concerning. Mitigation efforts should focus on comprehensive output escaping and a thorough review of the `create_function` usage and taint flow destinations.",[230,232,235,237,240],{"reason":231,"points":29},"Unsanitized paths in taint flows",{"reason":233,"points":234},"Low percentage of properly escaped output",8,{"reason":236,"points":29},"Dangerous function: create_function",{"reason":238,"points":239},"Missing nonce checks",5,{"reason":241,"points":239},"Missing capability checks","2026-03-16T23:52:21.472Z",{"wat":244,"direct":249},{"assetPaths":245,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[],[],[],[],{"cssClasses":250,"htmlComments":251,"htmlAttributes":252,"restEndpoints":253,"jsGlobals":254,"shortcodeOutput":255},[],[],[],[],[],[256],"\u003Cp>Below is a list of chunks that \u003Cstrong>"]