[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8HqHCfi3yQoBY6_BHB6HFArlvCvsaerL_xd1v67uGoI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":91,"crawl_stats":38,"alternatives":98,"analysis":192,"fingerprints":581},"companion-auto-update","Companion Auto Update","3.9.3","Papin Schipper","https:\u002F\u002Fprofiles.wordpress.org\u002Fpapin\u002F","\u003Cp>Companion Auto Update is a powerful and completely free plugin that allows you to manage all the updates on your WordPress site. Our aim is to give you the best control over these updates and stay in the know at all times.\u003C\u002Fp>\n\u003Cp>We understand that you might not always be able to check if your WordPress site has any updates that need to be installed. Especially when you maintain multiple websites keeping them up-to-date can be a lot of work. This plugin can help you with that. We’ll keep your site up-to-date and keep you posted about what’s happening and notify you when we need your help with something.\u003C\u002Fp>\n\u003Cp>If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! \u003Ca href=\"https:\u002F\u002Fcodeermeneer.nl\u002Fcontact\u002F\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Main features\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Auto-updating for plugins, themes, core and translation files\u003C\u002Fli>\n\u003Cli>Set at what time you wish to update\u003C\u002Fli>\n\u003Cli>Filter plugins and themes to not be updated\u003C\u002Fli>\n\u003Cli>E-mail notifications about old software, pending updates and completed updates\u003C\u002Fli>\n\u003Cli>An update log with all updates\u003C\u002Fli>\n\u003Cli>Option to delay automatic updates with an x number of days\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Full control over everything\u003C\u002Fh4>\n\u003Cp>Full control, that’s what this plugin is all about. With this plugin you can enable (or disable) automatic updating for plugins, themes, WordPress core updates (both minor and major can be changed separately) and for translation files. Don’t want to run the updater for all plugins? Don’t worry, just disable auto updating for the plugins you’d like to skip and we can even notify you when there’s an update for these plugins so you can go and update them yourself.\u003C\u002Fp>\n\u003Ch4>Scheduling\u003C\u002Fh4>\n\u003Cp>By default we’ll check for updates twice a day but you can change this to several different options if you’d like. When choosing to update on a daily basis you can even select at what time you’d like it to run. Besides the updaters you can also schedule te notifications, want to update every hour but only recieve notifications once a day? No problem!\u003Cbr \u002F>\nSometimes developers will push an update that will cause errors on your site, they’ll often fix it within a day but if the updater has run in the mean time it can cause all kinds of issues. Now you can choose to delay updates with an x number of days to prevent this from happening.\u003C\u002Fp>\n\u003Ch4>Know what’s happening\u003C\u002Fh4>\n\u003Cp>We want you to know what’s happening on your website. This plugin offers settings for various email notifications. We can send you an email when an update is available, when a plugin has been updated or when wordpress has been updated.\u003Cbr \u002F>\nBut if you don’t want to recieve emails about this you can still log in and view the changelog to see what happened.\u003C\u002Fp>\n","Manage all updates on your WordPress site. Stay in the know with several optional e-mail notifications and logs. For free.",50000,4122284,96,105,"2025-07-10T18:34:00.000Z","6.8.5","5.3.0","7.4",[20,21,22,23,24],"auto","automatic","background","update","updates","https:\u002F\u002Fwijzijnqreative.nl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcompanion-auto-update.3.9.3.zip",89,4,0,"2025-07-14 20:39:43","2026-03-15T15:16:48.613Z",[33,48,64,78],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-4369","companion-auto-update-authenticated-administrator-stored-cross-site-scripting-via-updatedelaydays-parameter","Companion Auto Update \u003C= 3.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via update_delay_days parameter","The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘update_delay_days’ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=3.9.2","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-15 09:22:53",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb4c61072-5480-43f3-ad9f-ed3f0d577ebc?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":55,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":60,"references":61,"days_to_patch":63},"WF-d969fb35-2ee9-42ca-a9e8-f6453a1e6be9-companion-auto-update","companion-auto-update-authenticated-admin-sql-injection","Companion Auto Update \u003C= 3.3.5 - Authenticated (Admin+) SQL Injection","The Companion Auto Update plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on several existing SQL queries. This makes it possible for authenticated attackers, with administrative privileges and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","\u003C3.3.6","3.3.6","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2019-01-14 00:00:00","2024-01-22 19:56:02",[62],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd969fb35-2ee9-42ca-a9e8-f6453a1e6be9?source=api-prod",1835,{"id":65,"url_slug":66,"title":67,"description":68,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":55,"cvss_score":71,"cvss_vector":72,"vuln_type":73,"published_date":74,"updated_date":60,"references":75,"days_to_patch":77},"CVE-2018-20972","companion-auto-update-cross-site-request-forgery","Companion Auto Update \u003C= 3.2.0 - Cross-Site Request Forgery","The Companion Auto Update plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the cau_frontend function. This makes it possible for unauthenticated attackers to include local files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C3.2.1","3.2.1",8.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Cross-Site Request Forgery (CSRF)","2018-10-02 00:00:00",[76],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F38bf21c4-bf2e-4096-b4e3-9e3a5a60f1ad?source=api-prod",1939,{"id":79,"url_slug":80,"title":81,"description":82,"plugin_slug":4,"theme_slug":38,"affected_versions":69,"patched_in_version":70,"severity":83,"cvss_score":84,"cvss_vector":85,"vuln_type":86,"published_date":87,"updated_date":60,"references":88,"days_to_patch":90},"CVE-2018-20973","companion-auto-update-local-file-inclusion","Companion Auto Update \u003C= 3.2.0 - Local File Inclusion","The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion via $_GET['tab'].'.php' parameter in  \u002Fcompanion-auto-update.php.","critical",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2018-10-01 00:00:00",[89],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe7f3e583-a486-4e25-bc40-e437cf5b3ebd?source=api-prod",1940,{"slug":92,"display_name":7,"profile_url":8,"plugin_count":93,"total_installs":94,"avg_security_score":13,"avg_patch_time_days":95,"trust_score":96,"computed_at":97},"papin",3,60000,1158,76,"2026-04-04T00:40:41.776Z",[99,122,144,163,178],{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":120,"download_link":121,"security_score":109,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-auto-updater","WP Auto Updater","1.7.3","thingsym","https:\u002F\u002Fprofiles.wordpress.org\u002Fthingsym\u002F","\u003Cp>WP Auto Updater plugin enables automatic updates of WordPress Core, Themes, Plugins and Translations. Version control of WordPress Core makes automatic update more safely.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically update WordPress Core\u003C\u002Fli>\n\u003Cli>Automatically updates Themes, Plugins and Translations\u003C\u002Fli>\n\u003Cli>Set up a schedule automatic updates\u003C\u002Fli>\n\u003Cli>Disable automatic updating of each Themes and Plugins\u003C\u002Fli>\n\u003Cli>Record update history\u003C\u002Fli>\n\u003Cli>Update notification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: before updating, please back up your database and files.\u003C\u002Fp>\n\u003Ch4>Auto Update Scenario\u003C\u002Fh4>\n\u003Cp>First of all, we will make an \u003Cstrong>Auto Update Scenario\u003C\u002Fstrong> which decide the policy of WordPress automatic updates.\u003C\u002Fp>\n\u003Cp>You can choose from the following five automatic updates of WordPress Core.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Minor Version Update\u003C\u002Fli>\n\u003Cli>Major Version Update\u003C\u002Fli>\n\u003Cli>Minor Only Version Update\u003C\u002Fli>\n\u003Cli>Previous Generation Version Update\u003C\u002Fli>\n\u003Cli>Manual Update\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Minor Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Minor Version Update\u003C\u002Fstrong> enable minor updates. Minor updates is default behavior in WordPress for security updates. The transition of the version number is as follows: update from 4.8 to 4.8.1, 4.8.2 …\u003C\u002Fp>\n\u003Ch4>Major Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Major Version Update\u003C\u002Fstrong> enable major updates. The transition of the version number is as follows: update from 4.7 to 4.8, 4.9 …\u003C\u002Fp>\n\u003Ch4>Minor Only Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Minor Only Version Update\u003C\u002Fstrong> enable major updates and minor updates \u003Cstrong>except version x.y.0\u003C\u002Fstrong>. It make sense to take a “skip” approach to avoid introducing new vulnerabilities into the latest major version release.\u003C\u002Fp>\n\u003Cp>Update the WordPress Core version (eg. x.y.1 or later) with security fixed. Not automatically update the latest major version of x.y.0. The transition of the version number is as follows: update from 4.7.z to 4.8.z, 4.9.z … skiped 4.7.0, 4.8.0, 4.9.0 …\u003C\u002Fp>\n\u003Ch4>Previous Generation Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Previous Generation Version Update\u003C\u002Fstrong> enable major updates and minor updates \u003Cstrong>except the latest major version\u003C\u002Fstrong>. It make sense to take a “wait and see” approach to ensure the latest major version release is stable before.\u003C\u002Fp>\n\u003Cp>With the installed WordPress Core version as 4.6.z. If the latest WordPress Core version released to 4.8.0, automatically update it to version 4.7.z. It will be always automatically updated to the previous generation WordPress Core version with probably security fixed.\u003C\u002Fp>\n\u003Ch4>Manual Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Manual Update\u003C\u002Fstrong> disable automatic updates. You update WordPress Core manually on the Dashboard Updates Screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic updates\u003C\u002Fstrong> and \u003Cstrong>manual updates\u003C\u002Fstrong> are available for themes, plugins and Translations.\u003Cbr \u002F>\nIt is also possible to disable automatic updating of each Themes and Plugins.\u003C\u002Fp>\n\u003Ch4>Scheduled automatic updates\u003C\u002Fh4>\n\u003Cp>Next we will set up a schedule for automatic updates.\u003Cbr \u002F>\nThe update interval can be selected from the following four.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Twice Daily (12 hours interval)\u003C\u002Fli>\n\u003Cli>Daily\u003C\u002Fli>\n\u003Cli>Weekly\u003C\u002Fli>\n\u003Cli>Monthly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also set the day, the day of the week, the hour and the minute of the Update Date.\u003C\u002Fp>\n\u003Cp>At the time of automatic update, Automatically updates WordPress Core, Themes, Plugins and Translations to be updated.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you have any trouble, you can use the forums or report bugs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forum: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Issues: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribution\u003C\u002Fh4>\n\u003Cp>Small patches and bug reports can be submitted a issue tracker in Github. Forking on Github is another good way. You can send a pull request.\u003C\u002Fp>\n\u003Cp>Translating a plugin takes a lot of time, effort, and patience. I really appreciate the hard work from these contributors.\u003C\u002Fp>\n\u003Cp>If you have created or updated your own language pack, you can send gettext PO and MO files to author. I can bundle it into plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\" rel=\"nofollow ugc\">VCS – GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-auto-updater\u002F\" rel=\"ugc\">Homepage – WordPress Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-auto-updater\" rel=\"nofollow ugc\">Translate WP Auto Updater into your language.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also contribute by answering issues on the forums.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forum: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Issues: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute guidlines\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, here are some notes and guidlines.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All development happens on the \u003Cstrong>develop\u003C\u002Fstrong> branch, so it is always the most up-to-date\u003C\u002Fli>\n\u003Cli>The \u003Cstrong>master\u003C\u002Fstrong> branch only contains tagged releases\u003C\u002Fli>\n\u003Cli>If you are going to be submitting a pull request, please submit your pull request to the \u003Cstrong>develop\u003C\u002Fstrong> branch\u003C\u002Fli>\n\u003Cli>See about \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Farticles\u002Ffork-a-repo\u002F\" rel=\"nofollow ugc\">forking\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Farticles\u002Fusing-pull-requests\u002F\" rel=\"nofollow ugc\">pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Test Matrix\u003C\u002Fh4>\n\u003Cp>For operation compatibility between PHP version and WordPress version, see below \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Factions\" rel=\"nofollow ugc\">Github Actions\u003C\u002Fa>.\u003C\u002Fp>\n","WP Auto Updater plugin enables automatic updates of WordPress Core, Themes, Plugins and Translations. Version control of WordPress Core makes automati &hellip;",7000,111423,92,10,"2024-08-23T07:15:00.000Z","6.6.5","4.9","5.6",[116,117,118,119,24],"auto-update","automatic-updates","background-updates","core-updates","https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-auto-updater.1.7.3.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":143,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-updates-settings","WP Updates Settings","1.1.4","Yslo","https:\u002F\u002Fprofiles.wordpress.org\u002Fyslo\u002F","\u003Cp>Allows you the ability to set Updates and Automatic Background Updates through Settings panel.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show\u002Fhide Updates notification\u003C\u002Fli>\n\u003Cli>Use default WordPress behaviors\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable Updates capabilities to Administrator users\u003C\u002Fli>\n\u003Cli>Set Major Core Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Minor Core Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Plugin Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Theme Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Translation files Automatic Background Updates\u003C\u002Fli>\n\u003Cli>Set Auto Core Update Notification emails.\u003C\u002Fli>\n\u003Cli>Add Updates panel (Settings > Updates)\u003C\u002Fli>\n\u003Cli>Contextual Help\u003C\u002Fli>\n\u003Cli>Translation MO\u002FPO files\u003C\u002Fli>\n\u003Cli>Multisite\u003C\u002Fli>\n\u003Cli>Desactivate restore default WordPress behavior\u003C\u002Fli>\n\u003Cli>Uninstall restore default WordPress behavior\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n","Configure WordPress updates settings through UI (User Interface).",1000,21138,88,5,"2017-12-20T22:09:00.000Z","4.9.29","3.7","",[139,21,22,140,24],"admin","core","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-updates-settings\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-updates-settings.1.1.4.zip",85,{"slug":145,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":154,"num_ratings":155,"last_updated":156,"tested_up_to":157,"requires_at_least":136,"requires_php":137,"tags":158,"homepage":161,"download_link":162,"security_score":143,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"wp-automatic-updates","WP Automatic Updates","1.1.6","Ankit Singla","https:\u002F\u002Fprofiles.wordpress.org\u002Faksingla\u002F","\u003Cp>An easy-to-use plugin settings panel where you can set automatic updates on or off for themes, plugins, and core updates from plugin options.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>In a matter of few clicks, you will be able to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set Minor\u002FMajor Core Updates\u003C\u002Fli>\n\u003Cli>Set Plugin Updates\u003C\u002Fli>\n\u003Cli>Set Theme Updates\u003C\u002Fli>\n\u003Cli>Set Translations Updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>Dutch\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003C\u002Ful>\n","Configure WordPress automatic updates settings through backend options. Just install, setup and forget.",400,27182,100,2,"2018-08-16T12:22:00.000Z","4.8.28",[117,118,119,159,160],"plugin-updates","translation-updates","http:\u002F\u002Fwww.omaksolutions.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-automatic-updates.1.1.6.zip",{"slug":116,"name":164,"version":165,"author":166,"author_profile":167,"description":168,"short_description":169,"active_installs":154,"downloaded":170,"rating":29,"num_ratings":29,"last_updated":171,"tested_up_to":172,"requires_at_least":173,"requires_php":18,"tags":174,"homepage":176,"download_link":177,"security_score":154,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"Auto Update","1.0.2","Valeriu Tihai","https:\u002F\u002Fprofiles.wordpress.org\u002Fvaleriutihai\u002F","\u003Cp>Auto Update is built for site owners who want WordPress to stay current without logging in to run updates manually.\u003C\u002Fp>\n\u003Cp>It keeps WordPress core, plugins, and themes updated automatically, which helps reduce maintenance work, apply security fixes sooner, and keep the site closer to the latest stable releases.\u003C\u002Fp>\n\u003Cp>Once activated, it enables both minor and major core updates and allows installed plugins and themes to update in the background.\u003C\u002Fp>\n\u003Cp>There is no settings page. Activate the plugin and let WordPress handle updates automatically.\u003C\u002Fp>\n","Keeps WordPress core, plugins, and themes updated automatically to reduce manual maintenance and improve security.",3683,"2026-03-14T02:42:00.000Z","6.9.4","5.8",[117,118,119,159,175],"theme-updates","https:\u002F\u002Fstylishwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-update.1.0.2.zip",{"slug":179,"name":180,"version":181,"author":182,"author_profile":183,"description":184,"short_description":185,"active_installs":154,"downloaded":186,"rating":154,"num_ratings":93,"last_updated":187,"tested_up_to":157,"requires_at_least":136,"requires_php":137,"tags":188,"homepage":190,"download_link":191,"security_score":143,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"background-update-notification-email-address","Background Update Notification Email Address","1.1.1","Kanuka Digital","https:\u002F\u002Fprofiles.wordpress.org\u002Fiwebsolutions\u002F","\u003Cp>\u003Cstrong>This plugin changes the email address update notifications are sent to following an automatic background update.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatic background updates were introduced in WordPress 3.7. An email notification is sent following the success or failure. The email is sent to the website administrator specified in WordPress under Settings > General. This may not always be the best recipient.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for those who manage WordPress on their clients behalf. The client carries on receiving WordPress emails as before, with automatic background update notifications being redirected to the developers email address specified in this plugins settings.\u003C\u002Fp>\n\u003Cp>We originally \u003Ca href=\"https:\u002F\u002Fwww.iweb.co.uk\u002F2013\u002F10\u002Fchange-wordpress-auto-update-email-address\u002F\" rel=\"nofollow ugc\">published a solution\u003C\u002Fa> following the release of WordPress 3.7.1. This plugin provides a simple interface for setting the email address without having to touch code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Once installed, navigate to Settings > Update Notifications. From here you can set the email address where background update notifications should be sent to. Background update notifications can be sent to multiple recipients by entering a comma-separated list of email addresses.\u003C\u002Fstrong>\u003C\u002Fp>\n","Change the email address update notifications are sent to following an automatic background update.",3491,"2015-12-11T09:44:00.000Z",[139,117,118,189,24],"manage","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-update-notification-email-address\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbackground-update-notification-email-address.1.1.1.zip",{"attackSurface":193,"codeSignals":381,"taintFlows":530,"riskAssessment":561,"analyzedAt":580},{"hooks":194,"ajaxHandlers":330,"restRoutes":331,"shortcodes":332,"cronEvents":333,"entryPointCount":29,"unprotectedCount":29},[195,201,207,211,215,220,223,227,231,235,239,243,247,251,255,258,260,263,266,270,274,278,283,286,290,292,294,297,299,302,304,308,310,313,315,318,320,323,325],{"type":196,"name":197,"callback":198,"file":199,"line":200},"filter","wp_mail_content_type","cau_mail_content_type","cau_emails.php",455,{"type":202,"name":203,"callback":204,"priority":154,"file":205,"line":206},"action","admin_head","cau_hideUpdateNag","cau_functions.php",767,{"type":196,"name":208,"callback":209,"file":205,"line":210},"cron_schedules","cau_addMoreIntervals",793,{"type":196,"name":212,"callback":213,"file":205,"line":214},"site_status_tests","cau_add_siteHealthTest",926,{"type":196,"name":216,"callback":217,"file":218,"line":219},"plugins_auto_update_enabled","__return_false","companion-auto-update.php",23,{"type":196,"name":221,"callback":217,"file":218,"line":222},"themes_auto_update_enabled",24,{"type":202,"name":224,"callback":225,"file":218,"line":226},"init","cau_init",26,{"type":202,"name":228,"callback":229,"file":218,"line":230},"cau_set_schedule_mail","cau_check_updates_mail",50,{"type":202,"name":232,"callback":233,"file":218,"line":234},"cau_outdated_notifier","cau_outdated_notifier_mail",51,{"type":202,"name":236,"callback":237,"file":218,"line":238},"wp_update_plugins","cau_run_custom_hooks_p",52,{"type":202,"name":240,"callback":241,"file":218,"line":242},"wp_update_themes","cau_run_custom_hooks_t",53,{"type":202,"name":244,"callback":245,"file":218,"line":246},"wp_version_check","cau_run_custom_hooks_c",54,{"type":202,"name":248,"callback":249,"file":218,"line":250},"cau_log_updater","cau_keep_log_uptodate",61,{"type":202,"name":252,"callback":253,"file":218,"line":254},"admin_init","cau_pluginRedirectWelcomeScreen",78,{"type":196,"name":216,"callback":256,"file":218,"line":257},"__return_true",192,{"type":196,"name":221,"callback":256,"file":218,"line":259},193,{"type":196,"name":261,"callback":256,"file":218,"line":262},"auto_plugin_update_send_email",194,{"type":196,"name":264,"callback":256,"file":218,"line":265},"auto_theme_update_send_email",195,{"type":202,"name":267,"callback":268,"file":218,"line":269},"upgrader_process_complete","cau_update_db_check",225,{"type":202,"name":271,"callback":272,"file":218,"line":273},"admin_menu","register_cau_menu_page",239,{"type":202,"name":275,"callback":276,"file":218,"line":277},"wp_dashboard_setup","cau_add_widget",292,{"type":202,"name":279,"callback":280,"priority":281,"file":218,"line":282},"admin_enqueue_scripts","load_cau_global_styles",99,307,{"type":202,"name":279,"callback":284,"priority":154,"file":218,"line":285},"load_cau_page_styles",320,{"type":202,"name":287,"callback":288,"priority":47,"file":218,"line":289},"plugins_loaded","CAU_auto_update_filters",347,{"type":196,"name":261,"callback":217,"file":218,"line":291},356,{"type":196,"name":264,"callback":217,"file":218,"line":293},357,{"type":196,"name":295,"callback":256,"priority":47,"file":218,"line":296},"allow_major_auto_core_updates",362,{"type":196,"name":295,"callback":217,"priority":47,"file":218,"line":298},363,{"type":196,"name":300,"callback":256,"priority":47,"file":218,"line":301},"allow_minor_auto_core_updates",369,{"type":196,"name":300,"callback":217,"priority":47,"file":218,"line":303},370,{"type":196,"name":305,"callback":306,"priority":110,"file":218,"line":307},"auto_update_plugin","cau_dontUpdatePlugins",376,{"type":196,"name":305,"callback":217,"priority":47,"file":218,"line":309},377,{"type":196,"name":311,"callback":256,"file":218,"line":312},"auto_update_theme",383,{"type":196,"name":311,"callback":217,"priority":47,"file":218,"line":314},384,{"type":196,"name":316,"callback":256,"priority":47,"file":218,"line":317},"auto_update_translation",390,{"type":196,"name":316,"callback":217,"priority":47,"file":218,"line":319},391,{"type":196,"name":321,"callback":256,"priority":47,"file":218,"line":322},"auto_core_update_send_email",397,{"type":196,"name":321,"callback":217,"priority":47,"file":218,"line":324},398,{"type":202,"name":326,"callback":327,"priority":328,"file":218,"line":329},"admin_bar_menu","cau_checkForIssues",150,420,[],[],[],[334,337,340,342,344,346,348,350,353,355,357,359,361,363,365,367,369,371,373,375,377,379],{"hook":236,"callback":236,"file":335,"line":336},"admin\\dashboard.php",107,{"hook":338,"callback":338,"file":335,"line":339},"cau_custom_hooks_plugins",108,{"hook":248,"callback":248,"file":335,"line":341},109,{"hook":236,"callback":236,"file":335,"line":343},112,{"hook":338,"callback":338,"file":335,"line":345},113,{"hook":248,"callback":248,"file":335,"line":347},114,{"hook":240,"callback":240,"file":335,"line":349},127,{"hook":351,"callback":351,"file":335,"line":352},"cau_custom_hooks_themes",128,{"hook":240,"callback":240,"file":335,"line":354},131,{"hook":351,"callback":351,"file":335,"line":356},132,{"hook":244,"callback":244,"file":335,"line":358},145,{"hook":244,"callback":244,"file":335,"line":360},148,{"hook":228,"callback":228,"file":335,"line":362},161,{"hook":228,"callback":228,"file":335,"line":364},164,{"hook":232,"callback":232,"file":335,"line":366},177,{"hook":232,"callback":232,"file":335,"line":368},180,{"hook":228,"callback":228,"file":199,"line":370},500,{"hook":228,"callback":228,"file":218,"line":372},43,{"hook":338,"callback":338,"file":218,"line":374},44,{"hook":351,"callback":351,"file":218,"line":376},45,{"hook":248,"callback":248,"file":218,"line":378},46,{"hook":232,"callback":232,"file":218,"line":380},47,{"dangerousFunctions":382,"sqlUsage":383,"outputEscaping":427,"fileOperations":93,"externalRequests":29,"nonceChecks":28,"capabilityChecks":29,"bundledLibraries":529},[],{"prepared":384,"raw":385,"locations":386},62,18,[387,391,393,395,396,398,401,404,406,409,411,413,415,417,419,421,423,425],{"file":388,"line":389,"context":390},"admin\\status.php",326,"$wpdb->get_results() with variable interpolation",{"file":199,"line":392,"context":390},187,{"file":199,"line":394,"context":390},232,{"file":205,"line":110,"context":390},{"file":205,"line":397,"context":390},336,{"file":205,"line":399,"context":400},874,"$wpdb->get_var() with variable interpolation",{"file":218,"line":402,"context":403},33,"$wpdb->get_col() with variable interpolation",{"file":218,"line":405,"context":403},124,{"file":218,"line":407,"context":408},182,"$wpdb->query() with variable interpolation",{"file":218,"line":410,"context":408},183,{"file":218,"line":412,"context":408},216,{"file":218,"line":414,"context":408},217,{"file":218,"line":416,"context":390},360,{"file":218,"line":418,"context":390},367,{"file":218,"line":420,"context":390},374,{"file":218,"line":422,"context":390},381,{"file":218,"line":424,"context":390},388,{"file":218,"line":426,"context":390},395,{"escaped":428,"rawEcho":246,"locations":429},91,[430,432,433,435,437,439,440,442,444,446,448,450,452,454,457,458,460,462,465,467,468,470,471,473,475,477,479,481,482,484,486,487,488,490,492,494,495,497,498,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527],{"file":335,"line":133,"context":431},"raw output",{"file":335,"line":110,"context":431},{"file":335,"line":434,"context":431},16,{"file":335,"line":436,"context":431},184,{"file":335,"line":438,"context":431},190,{"file":335,"line":394,"context":431},{"file":335,"line":441,"context":431},233,{"file":335,"line":443,"context":431},234,{"file":335,"line":445,"context":431},235,{"file":335,"line":447,"context":431},236,{"file":335,"line":449,"context":431},288,{"file":335,"line":451,"context":431},372,{"file":335,"line":453,"context":431},523,{"file":455,"line":456,"context":431},"admin\\log.php",9,{"file":455,"line":110,"context":431},{"file":455,"line":459,"context":431},11,{"file":455,"line":461,"context":431},12,{"file":463,"line":464,"context":431},"admin\\pluginlist.php",28,{"file":463,"line":466,"context":431},29,{"file":463,"line":372,"context":431},{"file":463,"line":469,"context":431},156,{"file":388,"line":434,"context":431},{"file":388,"line":472,"context":431},21,{"file":388,"line":474,"context":431},37,{"file":388,"line":476,"context":431},169,{"file":388,"line":478,"context":431},171,{"file":388,"line":480,"context":431},186,{"file":388,"line":392,"context":431},{"file":388,"line":483,"context":431},203,{"file":388,"line":485,"context":431},226,{"file":388,"line":485,"context":431},{"file":388,"line":485,"context":431},{"file":388,"line":489,"context":431},245,{"file":388,"line":491,"context":431},253,{"file":388,"line":493,"context":431},261,{"file":388,"line":493,"context":431},{"file":388,"line":496,"context":431},269,{"file":388,"line":496,"context":431},{"file":388,"line":496,"context":431},{"file":388,"line":500,"context":431},295,{"file":205,"line":502,"context":431},312,{"file":205,"line":504,"context":431},567,{"file":205,"line":506,"context":431},572,{"file":205,"line":508,"context":431},575,{"file":205,"line":510,"context":431},576,{"file":205,"line":512,"context":431},601,{"file":205,"line":514,"context":431},604,{"file":205,"line":516,"context":431},605,{"file":205,"line":518,"context":431},607,{"file":205,"line":520,"context":431},611,{"file":218,"line":522,"context":431},244,{"file":218,"line":524,"context":431},263,{"file":218,"line":526,"context":431},297,{"file":218,"line":528,"context":431},299,[],[531,549],{"entryPoint":532,"graph":533,"unsanitizedCount":29,"severity":548},"\u003Cdashboard> (admin\\dashboard.php:0)",{"nodes":534,"edges":545},[535,539],{"id":536,"type":537,"label":538,"file":335,"line":466},"n0","source","$_POST (x18)",{"id":540,"type":541,"label":542,"file":335,"line":543,"wp_function":544},"n1","sink","query() [SQLi]",35,"query",[546],{"from":536,"to":540,"sanitized":547},true,"low",{"entryPoint":550,"graph":551,"unsanitizedCount":29,"severity":548},"\u003Cpluginlist> (admin\\pluginlist.php:0)",{"nodes":552,"edges":559},[553,555],{"id":536,"type":537,"label":554,"file":463,"line":384},"$_POST (x2)",{"id":540,"type":541,"label":556,"file":463,"line":557,"wp_function":558},"echo() [XSS]",77,"echo",[560],{"from":536,"to":540,"sanitized":547},{"summary":562,"deductions":563},"The \"companion-auto-update\" plugin, version 3.9.3, exhibits a mixed security posture. While the static analysis reveals no obvious direct attack vectors like unprotected AJAX handlers, REST API routes, or shortcodes, and a significant percentage of SQL queries utilize prepared statements, several areas raise concern. The lack of capability checks on any entry points is a notable weakness, as is the moderate rate of output escaping (63%). The vulnerability history is particularly alarming, with four known CVEs, including one critical and two high severity vulnerabilities, spanning common attack types like XSS, SQL Injection, CSRF, and RFI. The presence of these past vulnerabilities, especially critical and high-severity ones, suggests a recurring pattern of insecure coding practices that may not have been fully remediated.\n\nDespite the absence of critical taint flows and a seemingly limited attack surface from the static analysis, the historical vulnerability data points to a plugin that has been a target for attackers and has had significant security flaws in the past. The lack of capability checks on entry points, while not directly a vulnerability in this version, is a systemic risk that could be exploited if new entry points are introduced or if existing ones have subtle flaws. The moderate output escaping also leaves room for potential XSS vulnerabilities, especially in conjunction with past XSS issues. While there are no currently unpatched CVEs, the plugin's history suggests a high likelihood of future vulnerabilities if development practices do not rigorously address past issues and implement stronger security checks.",[564,567,569,571,573,576,578],{"reason":565,"points":566},"Vulnerability history: 1 critical CVE",15,{"reason":568,"points":434},"Vulnerability history: 2 high CVEs",{"reason":570,"points":133},"Vulnerability history: 1 medium CVE",{"reason":572,"points":110},"No capability checks on entry points",{"reason":574,"points":575},"Moderate output escaping (63%)",7,{"reason":577,"points":93},"22 cron events, security not specified",{"reason":579,"points":459},"Raw SQL without prepare (22% of queries)","2026-03-16T17:19:01.179Z",{"wat":582,"direct":591},{"assetPaths":583,"generatorPatterns":586,"scriptPaths":587,"versionParams":588},[584,585],"\u002Fwp-content\u002Fplugins\u002Fcompanion-auto-update\u002Fcss\u002Fcau-settings.css","\u002Fwp-content\u002Fplugins\u002Fcompanion-auto-update\u002Fjs\u002Fcau-settings.js",[],[585],[589,590],"companion-auto-update\u002Fcss\u002Fcau-settings.css?ver=","companion-auto-update\u002Fjs\u002Fcau-settings.js?ver=",{"cssClasses":592,"htmlComments":594,"htmlAttributes":603,"restEndpoints":605,"jsGlobals":607,"shortcodeOutput":609},[593],"cau-settings-page",[595,596,597,598,599,600,601,602],"\u003C!-- Auto Update: ON -->","\u003C!-- WP CORE Auto Update: ON -->","\u003C!-- PLUGINS Auto Update: ON -->","\u003C!-- THEMES Auto Update: ON -->","\u003C!-- Auto Update: OFF -->","\u003C!-- WP CORE Auto Update: OFF -->","\u003C!-- PLUGINS Auto Update: OFF -->","\u003C!-- THEMES Auto Update: OFF -->",[604],"data-cau-settings",[606],"\u002Fwp-json\u002Fcompanion-auto-update\u002Fv1\u002Fsettings",[608],"cau_settings_obj",[]]