[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyGEIgNJmZziU_q9zM3yKn-SR3d_r6hiTkH7EsIVawAY":3,"$fe39rky1dPsYw5ES-d5nvQvT94BXJ9TRN3mICs-jYdPc":304,"$f-LmfUo-0uYt3q3WtVBw9gCCpyxwgtT37Mz_g0TZvpEg":307},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":122,"fingerprints":284},"code-unloader","Code Unloader","1.4.2","Dalibor","https:\u002F\u002Fprofiles.wordpress.org\u002Fdalibord\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FabCdOEl1cxg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Official plugin homepage:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwpservice.pro\u002Four-products\u002Fcode-unloader\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpservice.pro\u002Four-products\u002Fcode-unloader\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Code Unloader gives site administrators surgical control over which JavaScript and CSS files are loaded on each individual page or post.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable any registered JS or CSS file on any page or post\u003C\u002Fli>\n\u003Cli>Exact URL, wildcard pattern (\u002Fshop\u002F*), and full regex matching\u003C\u002Fli>\n\u003Cli>Rules survive cache flushes and plugin reactivations\u003C\u002Fli>\n\u003Cli>Assets grouped by plugin, theme, or WordPress Core in the panel\u003C\u002Fli>\n\u003Cli>Per-page frontend panel accessible from the Admin Toolbar\u003C\u002Fli>\n\u003Cli>Access panel on any page via \u003Ccode>?wpcu\u003C\u002Fcode> URL parameter\u003C\u002Fli>\n\u003Cli>Global admin screen listing all rules across the site\u003C\u002Fli>\n\u003Cli>One-click kill switch to instantly restore all assets sitewide\u003C\u002Fli>\n\u003Cli>Bypass all rules for a single request via \u003Ccode>?nowpcu\u003C\u002Fcode> URL parameter\u003C\u002Fli>\n\u003Cli>Conditional rules (logged-in users, WooCommerce pages, shortcodes, post types)\u003C\u002Fli>\n\u003Cli>Device-type rules (desktop-only or mobile-only)\u003C\u002Fli>\n\u003Cli>Inline script\u002Fstyle blocking for assets without registered handles\u003C\u002Fli>\n\u003Cli>Inline block detection — see every inline \u003Ccode>\u003Cscript>\u003C\u002Fcode> and \u003Ccode>\u003Cstyle>\u003C\u002Fcode> on the page\u003C\u002Fli>\n\u003Cli>Rule groups for managing sets of rules as a unit\u003C\u002Fli>\n\u003Cli>Full audit log of all changes\u003C\u002Fli>\n\u003Cli>JSON import\u002Fexport\u003C\u002Fli>\n\u003Cli>Zero performance overhead on pages with no matching rules\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Compatible with:\u003C\u002Fstrong> WP Rocket, W3 Total Cache, LiteSpeed Cache, WP Super Cache, WooCommerce, Elementor, Divi, WP Bakery, basically everything WP related.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Requirements:\u003C\u002Fstrong> PHP 8.0 or higher is required. The plugin uses modern PHP features (union types, match expressions, named functions) that are not available in PHP 7.x.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> It’s recommended to test changes on a staging environment before applying them to a live site. Unloading the wrong assets can break your site’s appearance or functionality.\u003C\u002Fp>\n","Per-page JavaScript & CSS asset management. Surgically dequeue scripts and styles on any page using exact, wildcard, or regex URL rules.",0,235,100,1,"2026-04-10T12:29:00.000Z","6.9.4","6.2","8.0",[20,21,22,23,24],"assets","dequeue","performance","scripts","styles","https:\u002F\u002Fwpservice.pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-unloader.1.4.2.zip",null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":13,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"dalibord",2,30,94,"2026-05-20T02:51:16.760Z",[38,56,75,92,108],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":53,"download_link":54,"security_score":55,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"scripts-and-styles-manager","Scripts and Styles Manager","1.0.0","abdelhalimkhouas","https:\u002F\u002Fprofiles.wordpress.org\u002Fabdelhalimkhouas\u002F","\u003Cp>\u003Cstrong>Scripts and Styles Manager\u003C\u002Fstrong> helps you optimize your WordPress website’s performance by letting you manage the scripts and styles loaded on each page. Identify and disable assets that you don’t need on specific pages, reducing page load times and enhancing user experience.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– View all scripts and styles loaded on a specific page.\u003Cbr \u002F>\n– Toggle the loading of assets on\u002Foff with a simple interface.\u003Cbr \u002F>\n– Copy the source URL of an asset to the clipboard.\u003Cbr \u002F>\n– Pagination and search for easy navigation of assets.\u003Cbr \u002F>\n– Responsive and user-friendly design.\u003Cbr \u002F>\n– Lightweight and optimized for performance.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for users who want to optimize their website’s loading speed without diving into code.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the MIT License. See \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT\" rel=\"nofollow ugc\">License URI\u003C\u002Fa> for details.\u003C\u002Fp>\n","Easily manage the scripts and styles loaded on your WordPress pages to improve performance by toggling off unnecessary assets.",466,"2025-01-25T14:44:00.000Z","6.7.5","5.0","7.2",[20,52,22,23,24],"optimization","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscripts-and-styles-manager.1.0.0.zip",92,{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":14,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":53,"download_link":72,"security_score":73,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":74},"encute","Encute","0.8.8","Mark Jaquith","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarkjaquith\u002F","\u003Cp>Encute provides a fluent, declarative API for site owners to manipulate the scripts and styles that WordPress, themes, and plugins shove onto their site. Move things into the footer, defer loading, remove assets entirely. Or load scripts async, or as modules, or as nomodule!\u003C\u002Fp>\n\u003Cp>Here’s an example of how you could use the plugin:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n\nuse CWS\\Encute\\{ Plugin, Script, Style };\n\nadd_action(Plugin::class, function (Plugin $plugin) {\n    $isContactPage = fn () => is_page('contact');\n    Script::get('contact-form-7')->keepIf($isContactPage)->footer()->defer();\n    Style::get('contact-form-7')->keepIf($isContactPage)->footer()->defer();\n\n    Style::get(['mediaelement', 'wp-mediaelement'])->footer()->defer();\n    Style::get('material-icons')->defer();\n    Script::get('jquery')->remove();\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Wrapper\u003C\u002Fh3>\n\u003Cp>Always run code in this wrapper:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action(\\CWS\\Encute\\Plugin::class, function (\\CWS\\Encute\\Plugin $encute) {\n    \u002F\u002F Your code here.\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This wrapper will be a no-op if Encute is not available, and it will both wait for Encute to be available to run, and pass you Encute’s main class instance.\u003C\u002Fp>\n\u003Ch3>Fluency\u003C\u002Fh3>\n\u003Cp>Both \u003Ccode>Script::get()\u003C\u002Fcode> and \u003Ccode>Style::get()\u003C\u002Fcode> return an instance of themselves, as do all calls to their methods, so you can just chain your calls.\u003C\u002Fp>\n\u003Ch3>Script\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>static CWS\\Encute\\Script::get(string $handle): CWS\\Encute\\Script\u003C\u002Fcode> — get a Script instance for that handle.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::module(): CWS\\Encute\\Script\u003C\u002Fcode> — make the script a module.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::noModule(): CWS\\Encute\\Script\u003C\u002Fcode> — make the script nomodule.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::footer(): CWS\\Encute\\Script\u003C\u002Fcode> — send the script to the footer (along with its entire dependency family).\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::async(): CWS\\Encute\\Script\u003C\u002Fcode> — make the script async.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::defer(): CWS\\Encute\\Script\u003C\u002Fcode> — make the script defer.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::remove(): CWS\\Encute\\Script\u003C\u002Fcode> — remove the script.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::removeIf(callable $callback): CWS\\Encute\\Script\u003C\u002Fcode> — remove the script if the callback resolves as true.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Script::keepIf(callable $callback): CWS\\Encute\\Script\u003C\u002Fcode> — keep the script if the callback resolves as true (else remove it).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Style\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ccode>static CWS\\Encute\\Style::get(string $handle): CWS\\Encute\\Style\u003C\u002Fcode> — get a Style instance for that handle.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Style::footer(): CWS\\Encute\\Style\u003C\u002Fcode> — send the style to the footer (along with its entire dependency family).\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Style::defer(): CWS\\Encute\\Style\u003C\u002Fcode> — defer the style’s loading.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Style::remove(): CWS\\Encute\\Style\u003C\u002Fcode> — remove the style.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Style::removeIf(callable $callback): CWS\\Encute\\Style\u003C\u002Fcode> — remove the style if the callback resolves as true.\u003C\u002Fli>\n\u003Cli>\u003Ccode>CWS\\Encute\\Style::keepIf(callable $callback): CWS\\Encute\\Style\u003C\u002Fcode> — keep the style if the callback resolves as true (else remove it).\u003C\u002Fli>\n\u003C\u002Ful>\n","Fluent API for site owners to manipulate the scripts and styles on the frontend of their site.",20,7905,80,"2022-02-17T20:29:00.000Z","5.8.13","5.8","7.4",[22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fencute.0.8.8.zip",85,"2026-03-15T15:16:48.613Z",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":85,"num_ratings":33,"last_updated":86,"tested_up_to":16,"requires_at_least":87,"requires_php":70,"tags":88,"homepage":53,"download_link":91,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"booster-sweeper","Booster Sweeper: WordPress Asset Cleanup","1.0.8","maxpressy","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaxpressy\u002F","\u003Cp>Booster Sweeper helps you to optimize the Website speed further over the common caching and code minification plugins. \u003Ca href=\"https:\u002F\u002Fmaxpressy.com\u002Fbooster-sweeper\u002Fasset-cleanup-wordpress-plugin-manager\u002F?mtm_campaign=wpPluginPage&mtm_kwd=boostersweeper&mtm_placement=top\" rel=\"nofollow ugc\">Booster Sweeper\u003C\u002Fa> allows you to dequeue assets, i.e. unload the unused CSS or JavaScript files. These are the files that aren’t necessary for certain page.\u003C\u002Fp>\n\u003Cp>You see, with the most of the WordPress plugins or even themes, most of the assets are loaded over the whole site, while usually you do not need those resources for certain pages. By unloading those files that aren’t necessary you are reducing the overall size of the page and at the same time decreasing the number of http requests. This results in a better performance for the pages and, even if other things are configured well, in a better SEO score for your site.\u003C\u002Fp>\n\u003Cp>The most obvious using scenario would be when you have a contact form only on a Contact page. Another example is when you have an e-commerce plugin, e.g. Woocommerce, which loads its files over the whole site, while you may esencially need those files just on product pages. In both these cases, with Booster Sweeper you can stop these assets to appear on the pages that it’s not necessary to have them. Of course, you can imagine that you can do the same with other custom post types or plugins that are producing the same issue.\u003C\u002Fp>\n\u003Ch3>How Booster Sweeper can be of help?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Improve the site’s speed\u003C\u002Fli>\n\u003Cli>Further get better SEO foundation\u003C\u002Fli>\n\u003Cli>Bypass loosing customers due to the slow loading Website\u003C\u002Fli>\n\u003Cli>By reducing the pages size, save in CDN costs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Booster Sweeper is simple to use\u003C\u002Fh3>\n\u003Cp>On each page or post of your WordPress site, from the sidebar settings, you’ll be able to notice a Booster Sweeper section. Here, our plugin is automatically detecting the assets that are loaded on the page. CSS and JS files are split in separate sections and when you select a file name, it will be prevented from loading on that page.\u003C\u002Fp>\n\u003Ch3>Go Premium\u003C\u002Fh3>\n\u003Cp>Premium Version of Booster Sweeper allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dequeue assets for bulk pages, i.e. from the plugin global settings. Instead of doing it individually per page\u002Fpost, you can select the pages and posts for which you wish certain CSS and JavaScript files that should be prevented from loading.\u003C\u002Fli>\n\u003Cli>Disable the Booster Sweeper’s meta box section per post and page, so everything is managed from the global settings (bypass confusion)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>But that’s not all, Pro version gives you ability to control the appearance of the assets based on many conditions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Post types, e.g. Woocommerce’s products\u003C\u002Fli>\n\u003Cli>Archives, i.e. categories, tags or even custom post types specific archive\u003C\u002Fli>\n\u003Cli>Specific pages, like media files, search pages, 404\u003C\u002Fli>\n\u003Cli>By RegEx\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To go further, with Booster Sweeper Pro, you can also:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Manage the assets on the back-end side of the site. This may be specially important and beneficial for the membership sites\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fmaxpressy.com\u002Fbooster-sweeper\u002Fasset-cleanup-wordpress-plugin-manager\u002F?mtm_campaign=wpPluginPage&mtm_kwd=boostersweeper&mtm_placement=bottom\" rel=\"nofollow ugc\">Booster Sweeper Pro page\u003C\u002Fa> on our site to see all the benefits of the premium version.\u003C\u002Fp>\n","Boost the Website speed by sweeping assets your pages do not need!",10,1560,60,"2025-12-07T12:48:00.000Z","6.7",[20,21,89,22,90],"pagespeed","speed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbooster-sweeper.1.0.8.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":11,"downloaded":100,"rating":11,"num_ratings":11,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":53,"tags":104,"homepage":106,"download_link":107,"security_score":73,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"lh-dequeue-buddypress","LH Dequeue Buddypress","1.04","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin simply removes the scripts and styles that buddypress adds to your site, but only for non logged in users. Logged in users who need the buddyoress functionality are not effected\u003C\u002Fp>\n\u003Cp>Thus speeding up the experience of normal vistors\u003C\u002Fp>\n\u003Cp>This plugin would be more appropriate on a site that has a private buddypress area whilst also having general public facing content.\u003C\u002Fp>\n","Dequeue the scripts and styles that buddypress adds for non logged in users.",1404,"2021-02-20T11:28:00.000Z","5.6.17","4.0",[105,21,23,90,24],"buddypress","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-dequeue-buddypress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-dequeue-buddypress.zip",{"slug":109,"name":110,"version":111,"author":96,"author_profile":97,"description":112,"short_description":113,"active_installs":11,"downloaded":114,"rating":11,"num_ratings":11,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":53,"tags":118,"homepage":120,"download_link":121,"security_score":73,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"lh-dequeue-the-event-calendar","LH Dequeue the Event Calendar","1.00","\u003Cp>This plugin simply removes the scripts and styles that the Event Calendar adds to your site, but only on non event pages\u003C\u002Fp>\n\u003Cp>Thus speeding up the experience of normal vistors\u003C\u002Fp>\n","Restrict the scripts and styles that the Event Calendar adds to your site.",1081,"2019-06-06T02:55:00.000Z","5.2.24","3.0",[21,23,90,24,119],"the-event-calendar","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-dequeue-the-event-calendar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-dequeue-the-event-calendar.zip",{"attackSurface":123,"codeSignals":210,"taintFlows":247,"riskAssessment":276,"analyzedAt":283},{"hooks":124,"ajaxHandlers":206,"restRoutes":207,"shortcodes":208,"cronEvents":209,"entryPointCount":11,"unprotectedCount":11},[125,131,136,140,143,147,151,156,160,165,170,175,179,183,186,191,194,197,199,201],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","plugins_loaded","closure","code-unloader.php",51,{"type":126,"name":132,"callback":133,"file":134,"line":135},"admin_menu","register_menu","src\u002FAdmin\u002FAdminScreen.php",18,{"type":126,"name":137,"callback":138,"file":134,"line":139},"admin_enqueue_scripts","enqueue_assets",19,{"type":126,"name":141,"callback":142,"file":134,"line":64},"admin_init","handle_actions",{"type":126,"name":144,"callback":145,"file":134,"line":146},"admin_notices","show_notices",21,{"type":126,"name":148,"callback":149,"file":134,"line":150},"current_screen","maybe_hook_delete_confirmation",22,{"type":152,"name":153,"callback":154,"priority":83,"file":134,"line":155},"filter","set_screen_option_cdunloader_rules_per_page","save_screen_option",25,{"type":126,"name":157,"callback":158,"file":134,"line":159},"admin_footer","inject_delete_confirmation",592,{"type":152,"name":161,"callback":162,"file":163,"line":164},"cloudflare_purge_everything_actions","anonymous","src\u002FCore\u002FCachePurger.php",187,{"type":126,"name":166,"callback":167,"priority":13,"file":168,"line":169},"wp_enqueue_scripts","process_rules","src\u002FCore\u002FDequeueEngine.php",14,{"type":126,"name":171,"callback":172,"file":173,"line":174},"wp_head","start_head_buffer","src\u002FCore\u002FInlineBlocker.php",38,{"type":126,"name":171,"callback":176,"priority":177,"file":173,"line":178},"end_head_buffer",999,39,{"type":126,"name":180,"callback":181,"file":173,"line":182},"wp_footer","start_footer_buffer",40,{"type":126,"name":180,"callback":184,"priority":177,"file":173,"line":185},"end_footer_buffer",41,{"type":126,"name":187,"callback":188,"priority":13,"file":189,"line":190},"admin_bar_menu","add_toolbar_button","src\u002FFrontend\u002FFrontendPanel.php",31,{"type":126,"name":171,"callback":192,"file":189,"line":193},"start_head_scan",36,{"type":126,"name":171,"callback":195,"priority":177,"file":189,"line":196},"end_head_scan",37,{"type":126,"name":166,"callback":198,"priority":177,"file":189,"line":174},"enqueue_panel_assets",{"type":126,"name":180,"callback":200,"priority":14,"file":189,"line":178},"inject_panel_html",{"type":126,"name":202,"callback":203,"file":204,"line":205},"rest_api_init","register_routes","src\u002FPlugin.php",28,[],[],[],[],{"dangerousFunctions":211,"sqlUsage":220,"outputEscaping":223,"fileOperations":11,"externalRequests":11,"nonceChecks":244,"capabilityChecks":245,"bundledLibraries":246},[212,217],{"fn":213,"file":214,"line":215,"context":216},"ini_set","src\u002FCore\u002FPatternMatcher.php",46,"ini_set( 'pcre.backtrack_limit', '100000' );",{"fn":213,"file":214,"line":218,"context":219},54,"ini_set( 'pcre.backtrack_limit', (string) $prev_limit );",{"prepared":221,"raw":11,"locations":222},44,[],{"escaped":224,"rawEcho":225,"locations":226},109,9,[227,230,232,234,236,238,240,242,243],{"file":134,"line":228,"context":229},139,"raw output",{"file":134,"line":231,"context":229},404,{"file":134,"line":233,"context":229},421,{"file":134,"line":235,"context":229},453,{"file":134,"line":237,"context":229},455,{"file":134,"line":239,"context":229},481,{"file":173,"line":241,"context":229},49,{"file":173,"line":218,"context":229},{"file":189,"line":218,"context":229},3,5,[],[248,266],{"entryPoint":249,"graph":250,"unsanitizedCount":33,"severity":265},"render_rules_tab (src\u002FAdmin\u002FAdminScreen.php:380)",{"nodes":251,"edges":262},[252,257],{"id":253,"type":254,"label":255,"file":134,"line":256},"n0","source","$_GET (x2)",448,{"id":258,"type":259,"label":260,"file":134,"line":235,"wp_function":261},"n1","sink","echo() [XSS]","echo",[263],{"from":253,"to":258,"sanitized":264},false,"medium",{"entryPoint":267,"graph":268,"unsanitizedCount":11,"severity":275},"\u003CAdminScreen> (src\u002FAdmin\u002FAdminScreen.php:0)",{"nodes":269,"edges":272},[270,271],{"id":253,"type":254,"label":255,"file":134,"line":256},{"id":258,"type":259,"label":260,"file":134,"line":235,"wp_function":261},[273],{"from":253,"to":258,"sanitized":274},true,"low",{"summary":277,"deductions":278},"The 'code-unloader' plugin v1.4.2 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs, a lack of critical or high-severity issues in the taint analysis, and the use of prepared statements for all SQL queries are significant strengths. The plugin also demonstrates good practices in implementing nonce and capability checks, as well as a high percentage of properly escaped output.\n\nHowever, there are minor concerns. The presence of the 'ini_set' dangerous function warrants attention, as it could potentially be misused if not handled carefully within the plugin's logic. While the taint analysis did not reveal critical or high severity issues, a single flow with unsanitized paths, even if of lower severity, indicates a potential area for improvement in input validation. The absence of any attack surface points like AJAX handlers, REST API routes, or shortcodes is a positive sign, suggesting the plugin is not designed to be broadly interactive in ways that typically introduce vulnerabilities.\n\nIn conclusion, 'code-unloader' v1.4.2 appears to be a relatively secure plugin. The developers have implemented many security best practices. The few identified weaknesses are minor and do not suggest immediate critical threats, but they should be addressed to further harden the plugin's security. The clean vulnerability history further bolsters confidence in its current state.",[279,281],{"reason":280,"points":245},"Dangerous function usage (ini_set)",{"reason":282,"points":244},"Flow with unsanitized paths","2026-04-16T15:01:52.514Z",{"wat":285,"direct":294},{"assetPaths":286,"generatorPatterns":289,"scriptPaths":290,"versionParams":291},[287,288],"\u002Fwp-content\u002Fplugins\u002Fcode-unloader\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcode-unloader\u002Fassets\u002Fjs\u002Fadmin.js",[],[288],[292,293],"code-unloader\u002Fassets\u002Fcss\u002Fadmin.css?ver=","code-unloader\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":295,"htmlComments":296,"htmlAttributes":297,"restEndpoints":299,"jsGlobals":301,"shortcodeOutput":303},[],[],[298],"data-cdunloader-script-list-item-id",[300],"\u002Fwp-json\u002Fcode-unloader\u002Fv1",[302],"CDUNLOADER_ADMIN",[],{"error":274,"url":305,"statusCode":231,"statusMessage":306,"message":306},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcode-unloader\u002Fbundle","no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":33,"versions":308},[309,314],{"version":6,"download_url":26,"svn_tag_url":310,"released_at":27,"has_diff":264,"diff_files_changed":311,"diff_lines":27,"trac_diff_url":312,"vulnerabilities":313,"is_current":274},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcode-unloader\u002Ftags\u002F1.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcode-unloader%2Ftags%2F1.4.1&new_path=%2Fcode-unloader%2Ftags%2F1.4.2",[],{"version":315,"download_url":316,"svn_tag_url":317,"released_at":27,"has_diff":264,"diff_files_changed":318,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":319,"is_current":264},"1.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-unloader.1.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcode-unloader\u002Ftags\u002F1.4.1\u002F",[],[]]