[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fb3KtpcPWV3qnfwnGwkfKVG-SFO8eESfHDT--Z14JJe0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":11,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":138,"fingerprints":243},"cl-wp-info","CL WP Info","1.4.30","Carlos Longarela","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarloslongarela\u002F","\u003Cul>\n\u003Cli>Note: this plugin is no longer maintained to add new options because WordPress offers a similar option in Tools -> Site health\u003Cbr \u002F>\nAbout the tools available in this plugin, you have updated and new tools in a browser extension of this author (Best WordPress Tools) available for all browsers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WordPress plugin that show us information about WordPress install, PHP, Database and Hosting Server and also minimum requisites and recommendations for PHP and Database versions.\u003C\u002Fp>\n","Show us information about WordPress install, PHP, Database and Hosting Server",100,5554,3,"2026-02-25T17:10:00.000Z","6.9.4","5.2","7.4",[19,20,21,22],"debug","development","info","system","https:\u002F\u002Fgithub.com\u002FCarlosLongarela\u002FCL-WP-Info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcl-wp-info.1.4.30.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":11,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"carloslongarela",2,120,30,94,"2026-04-05T14:57:37.203Z",[37,56,77,96,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":25,"last_updated":47,"tested_up_to":15,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":49,"download_link":55,"security_score":11,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"server-info-for-debugging","Server Info for Debugging","1.1.4","Blend Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fblendmedia\u002F","\u003Cp>\u003Cstrong>Server Info for Debugging\u003C\u002Fstrong> is a lightweight plugin that displays server stats and WordPress environment information on an admin page, helping with troubleshooting server-related issues. It provides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Operating system information\u003C\u002Fli>\n\u003Cli>PHP version and memory limits\u003C\u002Fli>\n\u003Cli>Database version and user details\u003C\u002Fli>\n\u003Cli>WordPress debug mode status\u003C\u002Fli>\n\u003Cli>SSL\u002FTLS status\u003C\u002Fli>\n\u003Cli>Write permissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For detailed server and WordPress setup, see below:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Server Details\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Operating System\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Software\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>MySQL Version\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>PHP Version\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>PHP Memory Limit\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>PHP Max Input Vars\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>PHP Max Post Size\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>GD Installed\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>ZIP Installed\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Write Permissions\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>PHP Execution Time\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>File Uploads Enabled\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Environment Details\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>WordPress Version\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Site URL\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Home URL\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>WP Multisite\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Max Upload Size\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Memory Limit\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Max Memory Limit\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Permalink Structure\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Language\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Timezone\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Admin Email\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Debug Mode\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Database Host\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Database Name\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Database User\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Database Charset\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>SSL\u002FTLS Status\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL v2.0 or later. For more details, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">GNU GPL\u003C\u002Fa>.\u003C\u002Fp>\n","Displays server stats and WordPress system information for debugging purposes.",200,1537,"2026-02-11T19:27:00.000Z","5.0","",[19,51,52,53,54],"php-info","server-info","server-stats","system-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-info-for-debugging.1.1.4.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":49,"tags":70,"homepage":74,"download_link":75,"security_score":76,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"what-template-am-i-using","What Template Am I Using","0.2.0","webdeveric","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdeveric\u002F","\u003Cp>This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.\u003C\u002Fp>\n\u003Cp>The info is only displayed for users that have the edit_theme_options capability.\u003C\u002Fp>\n\u003Cp>Information displayed:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Current template\u003C\u002Fli>\n\u003Cli>General Information (post type, are you on the front page, etc.)\u003C\u002Fli>\n\u003Cli>Additional files used. For example, header.php or footer.php\u003C\u002Fli>\n\u003Cli>What sidebars are being used and what widgets are in them.\u003C\u002Fli>\n\u003Cli>List of enqueued scripts and styles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>This plugin is intended for use by theme developers and it requires a standards compliant browser. This plugin will not work in IE8 or below.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.",9190,96,13,"2015-12-08T05:17:00.000Z","4.4.0","3.1.0",[19,71,72,73],"server-information","template","theme-development","http:\u002F\u002Fphplug.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-template-am-i-using.0.2.0.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":25,"num_ratings":25,"last_updated":87,"tested_up_to":88,"requires_at_least":48,"requires_php":89,"tags":90,"homepage":49,"download_link":93,"security_score":94,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":95},"server-website-info","Server & Website Info","1.0.0","Onur Sendere","https:\u002F\u002Fprofiles.wordpress.org\u002Fonursendere\u002F","\u003Cp>Server & Website Info is a powerful yet easy-to-use WordPress plugin that displays detailed information about your server configuration, WordPress installation, and database settings. All information is presented in a clean, modern interface with a card-based layout.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Server Information:\u003C\u002Fstrong> PHP version, server software, IP, hostname, MySQL version, system uptime, and memory limit\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Information:\u003C\u002Fstrong> WordPress version, active theme, debug mode, permalink structure, and post revisions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Information:\u003C\u002Fstrong> Database name, user, host, charset, and collation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Interface:\u003C\u002Fstrong> Clean and responsive card-based layout\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Click to Copy:\u003C\u002Fstrong> Easily copy any value to clipboard with a single click\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual:\u003C\u002Fstrong> Supports multiple languages including English (US\u002FUK), French, German, Spanish, Chinese, Japanese, Arabic, and Turkish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to “Server & Website Info” in your WordPress admin menu\u003C\u002Fli>\n\u003Cli>View comprehensive information about your WordPress installation\u003C\u002Fli>\n\u003Cli>Click any value to copy it to clipboard\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Supported Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (US) – default\u003C\u002Fli>\n\u003Cli>English (UK)\u003C\u002Fli>\n\u003Cli>French (France)\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Chinese\u003C\u002Fli>\n\u003Cli>Japanese\u003C\u002Fli>\n\u003Cli>Arabic\u003C\u002Fli>\n\u003Cli>Turkish\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Don’t see your language? Help us translate the plugin into your language!\u003C\u002Fp>\n","Display comprehensive server, database, and WordPress information in a clean, modern interface.",10,442,"2025-01-08T16:56:00.000Z","6.7.5","7.2",[91,19,52,54,92],"database-info","wordpress-info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-website-info.1.0.0.zip",92,"2026-03-15T14:54:45.397Z",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":106,"num_ratings":107,"last_updated":108,"tested_up_to":15,"requires_at_least":109,"requires_php":17,"tags":110,"homepage":113,"download_link":114,"security_score":115,"vuln_count":116,"unpatched_count":25,"last_vuln_date":117,"fetched_at":27},"query-monitor","Query Monitor – The developer tools panel for WordPress","3.20.2","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>Query Monitor is the developer tools panel for WordPress and WooCommerce. It enables debugging of database queries, PHP errors, hooks and actions, block editor blocks, enqueued scripts and stylesheets, HTTP API calls, and more.\u003C\u002Fp>\n\u003Cp>It includes some advanced features such as debugging of Ajax calls, REST API calls, user capability checks, and full support for block themes and full site editing. It includes the ability to narrow down much of its output by plugin or theme, allowing you to quickly determine poorly performing plugins, themes, or functions.\u003C\u002Fp>\n\u003Cp>Query Monitor focuses heavily on presenting its information in a useful manner, for example by showing aggregate database queries grouped by the plugins, themes, or functions that are responsible for them. It adds an admin toolbar menu showing an overview of the current page, with complete debugging information shown in panels once you select a menu item.\u003C\u002Fp>\n\u003Cp>Query Monitor supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Cp>For complete information, please see \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002F\" rel=\"nofollow ugc\">the Query Monitor website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here’s an overview of what’s shown for each page load:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Database queries, including notifications for slow, duplicate, or erroneous queries. Allows filtering by query type (\u003Ccode>SELECT\u003C\u002Fcode>, \u003Ccode>UPDATE\u003C\u002Fcode>, \u003Ccode>DELETE\u003C\u002Fcode>, etc), responsible component (plugin, theme, WordPress core), and calling function, and provides separate aggregate views for each.\u003C\u002Fli>\n\u003Cli>The template filename, the complete template hierarchy, and names of all template parts that were loaded or not loaded (for block themes and classic themes).\u003C\u002Fli>\n\u003Cli>PHP errors presented nicely along with their responsible component and call stack, and a visible warning in the admin toolbar.\u003C\u002Fli>\n\u003Cli>Usage of “Doing it Wrong” or “Deprecated” functionality in the code on your site.\u003C\u002Fli>\n\u003Cli>Blocks and associated properties within post content and within full site editing (FSE).\u003C\u002Fli>\n\u003Cli>Matched rewrite rules, associated query strings, and query vars.\u003C\u002Fli>\n\u003Cli>Enqueued scripts and stylesheets, along with their dependencies, dependents, and alerts for broken dependencies.\u003C\u002Fli>\n\u003Cli>Language settings and loaded translation files (MO files and JSON files) for each text domain.\u003C\u002Fli>\n\u003Cli>HTTP API requests, with response code, responsible component, and time taken, with alerts for failed or erroneous requests.\u003C\u002Fli>\n\u003Cli>User capability checks, along with the result and any parameters passed to the capability check.\u003C\u002Fli>\n\u003Cli>Environment information, including detailed information about PHP, the database, WordPress, and the web server.\u003C\u002Fli>\n\u003Cli>The values of all WordPress conditional functions such as \u003Ccode>is_single()\u003C\u002Fcode>, \u003Ccode>is_home()\u003C\u002Fcode>, etc.\u003C\u002Fli>\n\u003Cli>Transients that were updated.\u003C\u002Fli>\n\u003Cli>Usage of \u003Ccode>switch_to_blog()\u003C\u002Fcode> and \u003Ccode>restore_current_blog()\u003C\u002Fcode> on Multisite installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Whenever a redirect occurs, Query Monitor adds an HTTP header containing the call stack, so you can use your favourite HTTP inspector or browser developer tools to trace what triggered the redirect.\u003C\u002Fli>\n\u003Cli>The response from any jQuery-initiated Ajax request on the page will contain various debugging information in its headers. PHP errors also get output to the browser’s developer console.\u003C\u002Fli>\n\u003Cli>The response from an authenticated WordPress REST API request will contain an overview of performance information and PHP errors in its headers, as long as the authenticated user has permission to view Query Monitor’s output. An \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Fusing-the-rest-api\u002Fglobal-parameters\u002F#_envelope\" rel=\"nofollow ugc\">an enveloped REST API request\u003C\u002Fa> will include even more debugging information in the \u003Ccode>qm\u003C\u002Fcode> property of the response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default, Query Monitor’s output is only shown to Administrators on single-site installations, and Super Admins on Multisite installations.\u003C\u002Fp>\n\u003Cp>In addition to this, you can set an authentication cookie which allows you to view Query Monitor output when you’re not logged in (or if you’re logged in as a non-Administrator). See the Settings panel for details.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor is private by default and always will be. It does not persistently store any of the data that it collects. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Query Monitor’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">Query Monitor’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","Query Monitor is the developer tools panel for WordPress and WooCommerce.",200000,19156533,98,463,"2025-12-11T22:16:00.000Z","6.1",[19,111,20,112,97],"debug-bar","performance","https:\u002F\u002Fquerymonitor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-monitor.3.20.2.zip",97,1,"2026-03-30 23:21:22",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":11,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":49,"tags":132,"homepage":136,"download_link":137,"security_score":76,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"monkeyman-rewrite-analyzer","Monkeyman Rewrite Analyzer","1.0","Jan Fabry","https:\u002F\u002Fprofiles.wordpress.org\u002Fjanfabry\u002F","\u003Cp>This is a tool to understand your rewrite rules (“Pretty Permalinks”). It is indispensable if you are adding or modifying rules and want to understand how they work (or why they don’t work).\u003C\u002Fp>\n\u003Cp>It is only an analyzer, it does not change any rules for you. It parses the rules down to their components and shows the connection with the resulting query variables. It allows you to try out different URLs to see which rules will match and what the value of the different query variables will be (see screenshots).\u003C\u002Fp>\n\u003Cp>This plugin was written as a tool to help answering questions about rewrite rules on \u003Ca href=\"http:\u002F\u002Fwordpress.stackexchange.com\u002F\" rel=\"nofollow ugc\">the WordPress Stack Exchange\u003C\u002Fa>.\u003C\u002Fp>\n","Making sense of the rewrite mess. Display and play with your rewrite rules.",2000,73356,26,"2011-05-12T17:49:00.000Z","3.2.1","3.0",[19,20,133,134,135],"mod_rewrite","permalinks","rewrite","http:\u002F\u002Fwordpress.stackexchange.com\u002Fq\u002F3606\u002F8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmonkeyman-rewrite-analyzer.1.0.zip",{"attackSurface":139,"codeSignals":158,"taintFlows":201,"riskAssessment":231,"analyzedAt":242},{"hooks":140,"ajaxHandlers":154,"restRoutes":155,"shortcodes":156,"cronEvents":157,"entryPointCount":25,"unprotectedCount":25},[141,147,150],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_menu","cl_wp_info_add_menu_page","cl-wp-info.php",74,{"type":142,"name":148,"callback":149,"file":145,"line":65},"admin_enqueue_scripts","cl_wp_info_load_custom_wp_admin_style",{"type":142,"name":151,"callback":152,"file":145,"line":153},"plugins_loaded","cl_wp_info_init",106,[],[],[],[],{"dangerousFunctions":159,"sqlUsage":160,"outputEscaping":162,"fileOperations":116,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":200},[],{"prepared":116,"raw":25,"locations":161},[],{"escaped":163,"rawEcho":164,"locations":165},127,16,[166,170,172,174,176,178,180,182,184,186,188,190,192,194,196,198],{"file":167,"line":168,"context":169},"class-cl-wp-info.php",172,"raw output",{"file":167,"line":171,"context":169},240,{"file":167,"line":173,"context":169},356,{"file":167,"line":175,"context":169},474,{"file":167,"line":177,"context":169},543,{"file":167,"line":179,"context":169},736,{"file":167,"line":181,"context":169},807,{"file":167,"line":183,"context":169},866,{"file":167,"line":185,"context":169},906,{"file":167,"line":187,"context":169},968,{"file":167,"line":189,"context":169},1003,{"file":167,"line":191,"context":169},1037,{"file":167,"line":193,"context":169},1068,{"file":167,"line":195,"context":169},1097,{"file":167,"line":197,"context":169},1127,{"file":167,"line":199,"context":169},1150,[],[202,220],{"entryPoint":203,"graph":204,"unsanitizedCount":116,"severity":219},"cl_wp_server_info (class-cl-wp-info.php:253)",{"nodes":205,"edges":216},[206,211],{"id":207,"type":208,"label":209,"file":167,"line":210},"n0","source","$_SERVER",351,{"id":212,"type":213,"label":214,"file":167,"line":173,"wp_function":215},"n1","sink","echo() [XSS]","echo",[217],{"from":207,"to":212,"sanitized":218},false,"medium",{"entryPoint":221,"graph":222,"unsanitizedCount":229,"severity":230},"\u003Cclass-cl-wp-info> (class-cl-wp-info.php:0)",{"nodes":223,"edges":227},[224,226],{"id":207,"type":208,"label":225,"file":167,"line":210},"$_SERVER (x14)",{"id":212,"type":213,"label":214,"file":167,"line":173,"wp_function":215},[228],{"from":207,"to":212,"sanitized":218},14,"low",{"summary":232,"deductions":233},"The cl-wp-info plugin version 1.4.30 exhibits a generally strong security posture, with no reported vulnerabilities (CVEs) or critical findings from the static analysis. The code demonstrates good practices in handling SQL queries using prepared statements and a high percentage of properly escaped output, mitigating common risks associated with data manipulation and display. The absence of external HTTP requests and bundled libraries further reduces the attack surface.  \n\nHowever, several areas warrant attention. The taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this instance, represent a potential risk if user-supplied input is not adequately validated before being used in file operations. Furthermore, the complete lack of nonce checks and capability checks across all entry points (although none were identified in the attack surface) is a significant concern. This means that if any entry points were to be introduced or made accessible in the future, they would be inherently unprotected against CSRF attacks and unauthorized access.  \n\nIn conclusion, while the plugin currently shows no historical vulnerabilities and employs some good security practices, the lack of robust authorization and sanitization mechanisms for potential future entry points is a notable weakness. Continuous monitoring for new vulnerabilities and addressing the identified taint flows and lack of security checks are recommended to maintain a secure environment.",[234,237,240],{"reason":235,"points":236},"Taint flow with unsanitized paths",8,{"reason":238,"points":239},"No nonce checks on entry points",5,{"reason":241,"points":239},"No capability checks on entry points","2026-03-16T21:04:41.660Z",{"wat":244,"direct":253},{"assetPaths":245,"generatorPatterns":248,"scriptPaths":249,"versionParams":250},[246,247],"\u002Fwp-content\u002Fplugins\u002Fcl-wp-info\u002Fcss\u002Fcl-wp-info-admin.min.css","\u002Fwp-content\u002Fplugins\u002Fcl-wp-info\u002Fjs\u002Fcl-wp-info-tools.min.js",[],[247],[251,252],"cl-wp-info\u002Fcss\u002Fcl-wp-info-admin.min.css?ver=","cl-wp-info\u002Fjs\u002Fcl-wp-info-tools.min.js?ver=",{"cssClasses":254,"htmlComments":262,"htmlAttributes":263,"restEndpoints":277,"jsGlobals":278,"shortcodeOutput":279},[255,256,257,258,259,260,261],"cl-info-made-by","cl-info-general","cl-tabla-general","cl-wpo-tools","cl-tool-type","cl-wp-info-botonera","cl-botonera-btn",[],[264,265,266,267,268,269,270,271,272,273,274,275,276],"id=\"cl-wp-info-botonera\"","id=\"cl-wpo\"","id=\"cl-ttfb\"","id=\"cl-http2\"","id=\"cl-dns\"","id=\"cl-gzip\"","id=\"cl-mail\"","id=\"cl-content-wpo\"","id=\"cl-content-ttfb\"","id=\"cl-content-http2\"","id=\"cl-content-dns\"","id=\"cl-content-gzip\"","id=\"cl-content-mail\"",[],[],[]]