[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$foEOtL-Pu_PsiHh2eQBmWMCHMTWG8feDF-XVdVYWbEPo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":138,"fingerprints":198},"clean-unused-shortcodes","Clean unused shortcodes","2.0.1","Amr Abdelkarem","https:\u002F\u002Fprofiles.wordpress.org\u002Famrelarabi\u002F","\u003Cp>Clean unused shortcodes from your posts, pages, and any custom post types with ease.\u003C\u002Fp>\n\u003Cp>This plugin provides an intuitive user interface powered by React and supports advanced features like:\u003Cbr \u002F>\n– Preview unused and used shortcodes.\u003Cbr \u002F>\n– View the location of shortcodes in posts or pages.\u003Cbr \u002F>\n– Clean specific shortcodes or all unused shortcodes with one click.\u003Cbr \u002F>\n– Improved visual indicators and functionality for better management of your content.\u003C\u002Fp>\n","Remove unused shortcodes from your posts content with an improved user interface and advanced functionality.",100,2257,88,7,"2026-02-20T14:18:00.000Z","6.9.0","4.0.1","",[20,21,22,23,24],"admin","clean","shortcode","tools","ui","https:\u002F\u002Famrelarabi.com?ref=clean-unused-shortcodes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclean-unused-shortcodes.2.0.1.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":11,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"amrelarabi",2,30,94,"2026-04-04T23:41:55.029Z",[38,59,80,96,114],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":27,"num_ratings":27,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":56,"download_link":57,"security_score":58,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-admin-buttons","WP Admin Buttons","1.0.2","miunosoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiunosoft\u002F","\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Widget\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode\u003C\u002Fstrong> – for the parameters see the Other Notes section.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Colors\u003C\u002Fstrong> – set your favorite colors.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Shortcode and Function Parameters\u003C\u002Fh4>\n\u003Cp>The following parameters can be used for the shortcode or the PHP function of the plugin, \u003Ccode>printWPAdminButton()\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>href\u003C\u002Fstrong> – the link url.\u003C\u002Fp>\n\u003Cp>[wp_admin_button href=”http:\u002F\u002Fmy-download-url\u002Ffile.zip”]\u003C\u002Fp>\n\u003Cp> ‘http:\u002F\u002Fmy-download-url\u002Ffile.zip’) ); ?>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>label\u003C\u002Fstrong> – the text label shown in the button.\u003C\u002Fp>\n\u003Cp>[wp_admin_button label=”Get” href=”http:\u002F\u002Fmy-download-url\u002Ffile.zip”]\u003C\u002Fp>\n\u003Cp> ‘Get’, ‘href’ => ‘http:\u002F\u002Fmy-download-url\u002Ffile.zip’ ) ); ?>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>size\u003C\u002Fstrong> – the button size. This argument accepts either \u003Ccode>large\u003C\u002Fcode>, \u003Ccode>medium\u003C\u002Fcode>, \u003Ccode>small\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>[wp_admin_button size=”large” href=”http:\u002F\u002Fmy-download-url\u002Ffile.zip”]\u003C\u002Fp>\n\u003Cp> ‘large’, ‘href’ => ‘http:\u002F\u002Fmy-download-url\u002Ffile.zip’ ) ); ?>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>type\u003C\u002Fstrong> – the button type. This argument accepts either \u003Ccode>button-primary\u003C\u002Fcode>, or  \u003Ccode>buton-secondary\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>[wp_admin_button type=”button-secondary” href=”http:\u002F\u002Fmy-download-url\u002Ffile.zip”]\u003C\u002Fp>\n\u003Cp> ‘button-secondary’, ‘href’ => ‘http:\u002F\u002Fmy-download-url\u002Ffile.zip’ ) ); ?>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The follwoing color arguments can override the defult colors.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>label_color\u003C\u002Fstrong> – the label text color.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>background_color\u003C\u002Fstrong> – the button background color.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>border_color\u003C\u002Fstrong> – the button border color.\u003C\u002Fp>\n\u003Cp>[wp_admin_button label_color=”#ccc” background_color=”transparent” href=”http:\u002F\u002Fmy-download-url\u002Ffile.zip”]\u003C\u002Fp>\n\u003Cp> ‘#ccc’,\u003Cbr \u002F>\n        ‘background_color’  => ‘transparent’,\u003Cbr \u002F>\n        ‘href’              => ‘http:\u002F\u002Fmy-download-url\u002Ffile.zip’,\u003Cbr \u002F>\n    )\u003Cbr \u002F>\n);\u003Cbr \u002F>\n?>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The following additional HTML tag attributes can be set.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>title\u003C\u002Fstrong> – the \u003Ccode>title\u003C\u002Fcode> attribute.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>class\u003C\u002Fstrong> – the \u003Ccode>class\u003C\u002Fcode> attribute.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>style\u003C\u002Fstrong> – the \u003Ccode>inline\u003C\u002Fcode> style attribute.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>target\u003C\u002Fstrong> – the \u003Ccode>target\u003C\u002Fcode> attribute.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>rel\u003C\u002Fstrong> – the \u003Ccode>rel\u003C\u002Fcode> attribute.\u003C\u002Fp>\n\u003Cp>[wp_admin_button title=”Get the file now!” class=”my-custom-class-selector” “style=”text-align:center;” target=”_blank” rel=”nofollow” href=”http:\u002F\u002Fmy-download-url\u002Ffile.zip”]\u003C\u002Fp>\n\u003Cp> ‘button-secondary’,\u003Cbr \u002F>\n        ‘title’     => ‘Get the file now!’,\u003Cbr \u002F>\n        ‘class’     => ‘my-custom-class-selector’,\u003Cbr \u002F>\n        ‘style’     => ‘text-align:center’,\u003Cbr \u002F>\n        ‘target’    => ‘_blank’,\u003Cbr \u002F>\n        ‘href’      => ‘http:\u002F\u002Fmy-download-url\u002Ffile.zip’,\u003Cbr \u002F>\n    )\u003Cbr \u002F>\n);\u003Cbr \u002F>\n?>\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays WordPress admin style buttons in the front end.",10,2569,"2015-02-01T11:07:00.000Z","4.1.0","3.3",[52,53,54,22,55],"admin-ui","button","buttons","widget","http:\u002F\u002Fen.michaeluno.jp\u002Fwp-admin-buttons","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-admin-buttons.1.0.2.zip",85,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":27,"downloaded":67,"rating":27,"num_ratings":27,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":78,"download_link":79,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"content-space-analyzer","Content Space Analyzer","1.0.0","fedec089","https:\u002F\u002Fprofiles.wordpress.org\u002Ffedec089\u002F","\u003Cp>Content Space Analyzer provides a fast dashboard to inspect space usage across your WordPress installation.\u003C\u002Fp>\n\u003Cp>Main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Batch scan of the WordPress root (\u003Ccode>ABSPATH\u003C\u002Fcode>) to avoid timeouts.\u003C\u002Fli>\n\u003Cli>Dashboard summary for \u003Ccode>wp-content\u003C\u002Fcode>, \u003Ccode>wp-includes\u003C\u002Fcode>, \u003Ccode>wp-admin\u003C\u002Fcode>, and root files.\u003C\u002Fli>\n\u003Cli>Largest folders and largest files widgets.\u003C\u002Fli>\n\u003Cli>Full files table with WordPress-style pagination.\u003C\u002Fli>\n\u003Cli>Safe delete workflow restricted to files inside \u003Ccode>wp-content\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Security:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin-only access (\u003Ccode>manage_options\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Nonce checks on all AJAX actions.\u003C\u002Fli>\n\u003Cli>Deletion is restricted to files in \u003Ccode>wp-content\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Analyze your WordPress installation in batches, discover the heaviest files\u002Ffolders, and remove selected files from wp-content.",108,"2026-02-21T08:34:00.000Z","6.9.4","6.3","7.4",[73,74,75,76,77],"admin-tools","cleanup","disk-usage","file-manager","storage","https:\u002F\u002Ffedericocurtoni.com\u002Fcontent-space-analyzer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-space-analyzer.1.0.0.zip",{"slug":81,"name":82,"version":62,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":27,"downloaded":87,"rating":27,"num_ratings":27,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":71,"tags":91,"homepage":94,"download_link":95,"security_score":58,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"reset-custom-post","Reset Custom Post","Moez","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelioze\u002F","\u003Cp>🧹 After testing and adding test content to your site, do you want to clean it up quickly and efficiently before going into production? The Reset Custom Post plugin is the solution! Unlike other plugins that delete all the content on your site, my plugin lets you select precisely what you want to clean up while preserving important pages or other content.\u003C\u002Fp>\n\u003Cp>💡 With Reset Custom Post, you can easily select the type of content you want to clean up, and even delete associated images with a single click. What’s more, I’ve added a new feature that lets you remove items from the taxonomies available for the selected custom content type. 🗑️ The cleanup process is transparent and tracked via a detailed log window, guaranteeing an optimal user experience.\u003C\u002Fp>\n","Reset Custom Post is a WordPress plugin that provides an easy solution for managing unwanted custom post content.",680,"2024-03-24T11:50:00.000Z","6.4.8","5.9",[73,74,92,93],"custom-post","reset","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-custom-post","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-custom-post.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":27,"downloaded":104,"rating":27,"num_ratings":27,"last_updated":105,"tested_up_to":69,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":18,"download_link":113,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"tidy-admin-notices","Tidy Admin Notices","2.0.6","adajimal","https:\u002F\u002Fprofiles.wordpress.org\u002Fadajimal\u002F","\u003Cp>Tired of admin notices cluttering your WordPress dashboard? \u003Cstrong>Tidy Admin Notices\u003C\u002Fstrong> is a lightweight, single-file plugin that intercepts standard WordPress notifications (success messages, errors, update nags, and promo banners) and moves them into a tidy, slide-out notification center.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero Configuration:\u003C\u002Fstrong> Just activate and it works.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Filtering:\u003C\u002Fstrong> Automatically detects critical “Action” notices (like “Plugin Activated”) and keeps them on screen, while moving persistent clutter to the tray.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Snooze Functionality:\u003C\u002Fstrong> Snooze any notification for 24 hours with a single click.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>React Powered:\u003C\u002Fstrong> Uses the native WordPress React engine for a smooth, app-like experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Build Step:\u003C\u002Fstrong> Lightweight implementation that respects WordPress core standards.\u003C\u002Fli>\n\u003C\u002Ful>\n","Moves standard WordPress admin notices into a modern, React-powered Notification Center tray.",103,"2025-12-16T15:52:00.000Z","6.0","8.1",[109,110,111,112,24],"admin-notices","clean-dashboard","notifications","react","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftidy-admin-notices.2.0.6.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":134,"download_link":135,"security_score":58,"vuln_count":136,"unpatched_count":27,"last_vuln_date":137,"fetched_at":29},"ajax-thumbnail-rebuild","AJAX Thumbnail Rebuild","1.14","junkcoder","https:\u002F\u002Fprofiles.wordpress.org\u002Fjunkcoder\u002F","\u003Cp>AJAX Thumbnail Rebuild allows you to rebuild all thumbnails on your site. There are already some plugins available for this, but they have one thing in common: All thumbnails are rebuilt in a single step. This works fine when you don’t have that many photos on your site. When you have a lot of full-size photos, the script on the server side takes a long time to run. Unfortunately the time a script is allowed to run is limited, which sets an upper limit to the number of thumbnails you can regenerate. This number depends on the server configuration and the computing power your server has available. When you get over this limit, you won’t be able to rebuild your thumbnails.\u003C\u002Fp>\n\u003Cp>Why would you want to rebuild your thumbnails? WordPress allows you to change the size of thumbnails. This way, you can make the size of thumbnails fit the design of your website. When you change the size to fit for a new theme, all future photos you are going to upload will have this new size. Your old thumbnails won’t be resized. That’s where this plugin comes into action. After changing the image sizes, you can rebuild all thumbnails. But instead of telling the server to recreate all thumbnails at once, they are rebuilt one after another. Rebuilding thumbnails for one photo won’t take all too long, so you won’t run into any script timeouts. Note that you still have to wait until all thumbnails have been rebuilt. If you close the page before the task is completed, you have to start all over again.\u003C\u002Fp>\n\u003Cp>You can also select the thumbnail sizes you want to rebuild, so that you don’t need to recreate all images if you’ve just changed one thumbnail-size. You can also choose to only rebuild post thumbnails (featured images).\u003C\u002Fp>\n\u003Cp>This plugin requires JavaScript to be enabled.\u003C\u002Fp>\n\u003Cp>Contributions are welcome at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbreiti\u002Fajax-thumbnail-rebuild\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fp>\n","AJAX Thumbnail Rebuild allows you to rebuild all thumbnails at once without script timeouts on your server.",30000,850093,96,90,"2023-05-03T05:58:00.000Z","6.2.9","2.8",[20,130,131,132,133],"ajax","rebuild","regenerate","thumbnail","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fajax-thumbnail-rebuild\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fajax-thumbnail-rebuild.1.14.zip",1,"2023-04-28 00:00:00",{"attackSurface":139,"codeSignals":177,"taintFlows":188,"riskAssessment":189,"analyzedAt":197},{"hooks":140,"ajaxHandlers":155,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":176,"unprotectedCount":176},[141,147,150,152],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","plugins_loaded","anonymous","includes\\class-clean-unused-shortcodes.php",134,{"type":142,"name":148,"callback":144,"file":145,"line":149},"admin_enqueue_scripts",149,{"type":142,"name":148,"callback":144,"file":145,"line":151},150,{"type":142,"name":153,"callback":144,"file":145,"line":154},"admin_menu",151,[156,160,163,166,168,171],{"action":157,"nopriv":158,"callback":144,"hasNonce":158,"hasCapCheck":158,"file":145,"line":159},"cus_clean_shortcode",false,153,{"action":157,"nopriv":161,"callback":144,"hasNonce":158,"hasCapCheck":158,"file":145,"line":162},true,154,{"action":164,"nopriv":158,"callback":144,"hasNonce":158,"hasCapCheck":158,"file":145,"line":165},"cus_fetch_shortcodes",156,{"action":164,"nopriv":161,"callback":144,"hasNonce":158,"hasCapCheck":158,"file":145,"line":167},157,{"action":169,"nopriv":158,"callback":144,"hasNonce":158,"hasCapCheck":158,"file":145,"line":170},"cus_clean_all_shortcode",159,{"action":169,"nopriv":161,"callback":144,"hasNonce":158,"hasCapCheck":158,"file":145,"line":172},160,[],[],[],6,{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":27,"externalRequests":27,"nonceChecks":183,"capabilityChecks":27,"bundledLibraries":184},[],{"prepared":27,"raw":27,"locations":180},[],{"escaped":33,"rawEcho":27,"locations":182},[],4,[185],{"name":186,"version":28,"knownCves":187},"Select2",[],[],{"summary":190,"deductions":191},"The \"clean-unused-shortcodes\" plugin v2.0.1 presents a mixed security posture.  On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries, ensuring all detected output is properly escaped, and having no file operations or external HTTP requests.  The absence of known vulnerabilities in its history is also a strong indicator of historical security diligence.\n\nHowever, a significant concern is the plugin's substantial attack surface, consisting of six AJAX handlers, all of which lack authentication checks. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure if vulnerabilities exist within them. While taint analysis found no critical or high-severity issues, the lack of capability checks on these AJAX handlers is a notable weakness, as it bypasses WordPress's user role and permission system.\n\nIn conclusion, while the plugin's internal code quality regarding SQL and output handling is commendable, the exposed AJAX endpoints without proper authentication represent a significant security risk that should be addressed. The lack of past vulnerabilities is encouraging, but the current design flaw in its attack surface management requires immediate attention to mitigate potential exploitation.",[192,195],{"reason":193,"points":194},"AJAX handlers without auth checks",8,{"reason":196,"points":176},"No capability checks on AJAX","2026-03-16T20:34:28.266Z",{"wat":199,"direct":208},{"assetPaths":200,"generatorPatterns":203,"scriptPaths":204,"versionParams":205},[201,202],"\u002Fwp-content\u002Fplugins\u002Fclean-unused-shortcodes\u002Fassets\u002Fdist\u002Fadmin-styles.min.css","\u002Fwp-content\u002Fplugins\u002Fclean-unused-shortcodes\u002Fassets\u002Fdist\u002Fadmin-scripts.min.js",[],[202],[206,207],"clean-unused-shortcodes\u002Fassets\u002Fdist\u002Fadmin-styles.min.css?ver=","clean-unused-shortcodes\u002Fassets\u002Fdist\u002Fadmin-scripts.min.js?ver=",{"cssClasses":209,"htmlComments":210,"htmlAttributes":211,"restEndpoints":212,"jsGlobals":213,"shortcodeOutput":215},[],[],[],[],[214],"cus_ajax_object",[]]