[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQji9hdyHt9_ftRds5JpVcAG9_QoQsDVsOWlI_R0MqnU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":13,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":128,"fingerprints":163},"core-checksum-verifier","Core Checksum Verifier","1.0.1","kamranmayo","https:\u002F\u002Fprofiles.wordpress.org\u002Fkamranmayo\u002F","\u003Cp>Checks the current WordPress installation for file tampering using the official WordPress.org checksum API. Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin page with modern Bootstrap UI\u003C\u002Fli>\n\u003Cli>Modal with progress and results\u003C\u002Fli>\n\u003Cli>Dashboard widget for latest scan summary\u003C\u002Fli>\n\u003Cli>Email alerts when discrepancies are found\u003C\u002Fli>\n\u003Cli>Option to reinstall WordPress core\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin uses the official WordPress Checksums API to compare your WordPress core files against known-good hashes.\u003Cbr \u002F>\nNo user data is transmitted. Only your site’s WordPress version and locale are sent to the API endpoint at https:\u002F\u002Fapi.wordpress.org\u002Fcore\u002Fchecksums\u002F.\u003C\u002Fp>\n","Verifies the integrity of your WordPress core files with official checksums. Displays modified\u002Fmissing files.",0,269,"","6.8.5","5.0","7.4",[18,19,20,21],"checksum","integrity","security","wordpress-core","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcore-checksum-verifier.1.0.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,94,"2026-04-04T13:58:53.047Z",[33,50,70,94,109],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":43,"requires_at_least":13,"requires_php":16,"tags":44,"homepage":13,"download_link":49,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"files-fence","Files Fence","0.1.3","aixeiger","https:\u002F\u002Fprofiles.wordpress.org\u002Faixeiger\u002F","\u003Cp>Detect if a wordpress core files are changed and if a unwanted file(s) are uploaded or created in wordpress folders different to wp-content\u003C\u002Fp>\n\u003Ch3>How works\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Install the plugin\u003C\u002Fli>\n\u003Cli>That’s all\u003C\u002Fli>\n\u003Cli>For review the unknown or modified files go to “Files Fence” in the sidebar menu\u003C\u002Fli>\n\u003Cli>For ignore a file that you known that was modified click on “ignore”\u003C\u002Fli>\n\u003C\u002Ful>\n","Detect if a wordpress core files are changed and if a unwanted file(s) are uploaded or created in wordpress folders different to wp-content",50,1723,"6.3.8",[45,46,47,48,20],"checksum-security","files","files-integrity","files-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffiles-fence.0.1.3.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":14,"requires_at_least":63,"requires_php":64,"tags":65,"homepage":13,"download_link":68,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":69},"wp-fingerprint","WP Fingerprint","2.1.2","DanFoster","https:\u002F\u002Fprofiles.wordpress.org\u002Fdanfoster\u002F","\u003Cp>WP Fingerprint adds an additional layer of security to your WordPress website, working to check your plugins for signs of hack or exploit. WP Fingerprint works by collecting checksums of your plugins and comparing it with the checksums collected by WP Fingerprint. If the plugin detects any abnormalities it will let you know so you can take immediate action.\u003Cbr \u002F>\nThis plugin transmits and stores checksums on WP Fingerprint servers(all hosted in EU and run by 34SP.com) & WordPress.org to work for details see https:\u002F\u002Fwpfingerprint.com\u002Fhow-it-works\u002F for the data we collect and store.\u003C\u002Fp>\n","WP Fingerprint adds an additional layer of security to your WordPress website, working to check your plugins for signs of hack or exploit.",9000,33795,60,2,"2025-09-03T12:16:00.000Z","4.9","5.6",[66,67,20],"checksums","plugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-fingerprint.zip","2026-03-15T15:16:48.613Z",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":13,"tags":85,"homepage":90,"download_link":91,"security_score":92,"vuln_count":28,"unpatched_count":28,"last_vuln_date":93,"fetched_at":69},"wp-sri","Subresource Integrity (SRI) Manager","0.4.0","Meitar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmeitar\u002F","\u003Cp>A WordPress plugin for easily adding a \u003Ca href=\"\u002F\u002Fwww.w3.org\u002FTR\u002FSRI\u002F\" rel=\"nofollow ugc\">Subresource Integrity (SRI)\u003C\u002Fa> declaration to any third-party content your pages load. The standards-based \u003Ccode>integrity\u003C\u002Fcode> attribute is a defense-in-depth best practice currently making its way into browsers. This plugin closely tracks the W3C draft.\u003C\u002Fp>\n\u003Cp>Currently, the plugin automatically detects any third-party resources (like JavaScript libraries) and will make a SHA-256 hash of the content. It remembers this hash (until you uninstall the plugin or delete the hash from the admin interface), and modifies your page’s \u003Ccode>\u003Cscript>\u003C\u002Fcode> and \u003Ccode>\u003Clink>\u003C\u002Fcode> elements on-the-fly. This way, your visitor’s Web browsers can automatically ensure that the specific library you’re using is the one they’re loading.\u003C\u002Fp>\n\u003Cp>Using this plugin can dramatically reduce the liklihood that visitors to your site will be strong-armed into participating in an HTTP DDoS attack. For more information, see “\u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Fan-introduction-to-javascript-based-ddos\u002F\" rel=\"nofollow ugc\">An introduction to JavaScript-based DDoS\u003C\u002Fa>” by Nick Sullivan.\u003C\u002Fp>\n\u003Cp>Future versions of this plugin will also provide an easy-to-use interface for site administrators to maintain a customized list of resource hashes, and to trigger on-demand integrity checks of these resources.\u003C\u002Fp>\n\u003Cp>This plugin is still somewhat skeletal. Feature requests and patches are welcome! Please provide a test case with your patch. See the \u003Ccode>tests\u003C\u002Fcode> subdirectory for unit tests.\u003Cbr \u002F>\nIf you like this plugin, \u003Cstrong>please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WordPress%20Subresource%20Integrity%20Plugin&item_number=wp-sri&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> for your use of the plugin\u003C\u002Fstrong>, or better yet, contributing directly to \u003Ca href=\"http:\u002F\u002FCyberbusking.org\u002F\" rel=\"nofollow ugc\">my’s Cyberbusking fund\u003C\u002Fa>. Your support is appreciated!\u003C\u002Fp>\n","Adds Subresource Integrity (SRI) attributes to your page's elements for better protection against JavaScript DDoS attacks.",1000,17594,58,11,"2020-12-03T18:33:00.000Z","5.6.17","4.1",[86,87,20,88,89],"mitigation","mitm","sri","subresource-integrity","https:\u002F\u002Fmaymay.net\u002Fblog\u002Fprojects\u002Fwp-sri\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sri.zip",63,"2025-09-22 00:00:00",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":11,"num_ratings":11,"last_updated":104,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":105,"homepage":13,"download_link":108,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":69},"auto-sri","Auto SRI","2.1","zfir","https:\u002F\u002Fprofiles.wordpress.org\u002Fzfir\u002F","\u003Cp>\u003Cstrong>Auto SRI\u003C\u002Fstrong> automatically adds Subresource Integrity (SRI) attributes to scripts and styles loaded from external sources.\u003C\u002Fp>\n\u003Cp>This improves security, protects against tampering, and enables strict Content Security Policy (CSP) setups.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✔ Adds SRI to all external \u003Ccode>\u003Cscript>\u003C\u002Fcode> and \u003Ccode>\u003Clink>\u003C\u002Fcode> tags  \u003C\u002Fli>\n\u003Cli>✔ Supports WordPress-enqueued assets and raw HTML tags  \u003C\u002Fli>\n\u003Cli>✔ Supports async, defer, crossorigin, and multiline script tags  \u003C\u002Fli>\n\u003Cli>✔ Caches all hashes for performance  \u003C\u002Fli>\n\u003Cli>✔ Excludes admin panel (wp-admin) to prevent conflicts\u003C\u002Fli>\n\u003Cli>✔ Automatically skips non-SRI-compatible providers:\n\u003Cul>\n\u003Cli>Google reCAPTCHA  \u003C\u002Fli>\n\u003Cli>Google Fonts (fonts.googleapis.com \u002F fonts.gstatic.com)  \u003C\u002Fli>\n\u003Cli>WordPress.com widgets (widgets.wp.com)\u003C\u002Fli>\n\u003Cli>Dynamic concatenated resources\u003C\u002Fli>\n\u003Cli>Dynamic script loaders and runtime-inserted scripts  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>✔ Safe for Elementor, WooCommerce, CookieYes, Jetpack, GoDaddy hosting, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why some scripts are excluded\u003C\u002Fh3>\n\u003Cp>This plugin automatically excludes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Google reCAPTCHA (\u003Ccode>google.com\u002Frecaptcha\u003C\u002Fcode>)  \u003C\u002Fli>\n\u003Cli>Google Fonts stylesheets (\u003Ccode>fonts.googleapis.com\u003C\u002Fcode>)  \u003C\u002Fli>\n\u003Cli>Google Fonts font files (\u003Ccode>fonts.gstatic.com\u003C\u002Fcode>)  \u003C\u002Fli>\n\u003Cli>WordPress.com widgets (\u003Ccode>widgets.wp.com\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Dynamic concatenated resources (\u003Ccode>\u002F_static\u002F??\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>Other dynamic inline loaders (CookieYes, wsimg, ywxi, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Want to whitelist a dynamic provider? Contact us at izafirsk@gmail.com.\u003Cbr \u002F>\n* Other dynamic inline loaders (CookieYes, wsimg, ywxi, etc.)\u003C\u002Fp>\n\u003Cp>Want to whitelist a dynamic provider? Contact us at izafirsk@gmail.com.\u003C\u002Fp>\n\u003Cp>These exclusions prevent:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CORS failures  \u003C\u002Fli>\n\u003Cli>Integrity mismatch blocking  \u003C\u002Fli>\n\u003Cli>Google reCAPTCHA from breaking  \u003C\u002Fli>\n\u003Cli>Google Fonts from disappearing  \u003C\u002Fli>\n\u003Cli>Layout shifts caused by blocked assets\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically adds Subresource Integrity (SRI) to external scripts\u002Fstyles and safely excludes Google reCAPTCHA and Google Fonts.",200,701,"2025-12-10T12:48:00.000Z",[106,19,107,20,88],"csp","performance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-sri.2.1.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":102,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":13,"tags":123,"homepage":126,"download_link":127,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":69},"integrity-checker","Integrity Checker","0.10.0","Erik Torsner","https:\u002F\u002Fprofiles.wordpress.org\u002Feriktorsner\u002F","\u003Cp>Integrity-checker uses a mix of traditional and new techniques to scan your website for potential issues. First and foremost, it verifies that all installed code is identical to it’s original version. By comparing WordPress core, plugins and themes in your installation with the original versions available at wordpress.org, Integrity-checker can quickly determine if there are any changes you need to be aware of. Integrity-checker also lets you compare your local version to the original to help you determine if you’ve been hacked.\u003C\u002Fp>\n\u003Cp>Additionally, Integrity-checker scans all installed files for permission issues. Ensuring correct permissions is vital for WordPress security, as with any PHP based web application.\u003C\u002Fp>\n\u003Cp>Lastly, Integrity-checker will look through some of the basic WordPress configuration to look for common security problems like user enumeration, directory index weak credentials etc.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Helps you track down hacked WordPress files in core, plugins and themes  \u003C\u002Fli>\n\u003Cli>Makes it easy to find issues with file permissions\u003C\u002Fli>\n\u003Cli>Detects common configuration problems\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3rd party software\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmtdowling\u002Fcron-expression\" rel=\"nofollow ugc\">cron-expression\u003C\u002Fa> copyright Michael Dowling, see \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fmtdowling\u002Fcron-expression\u002Fv1.1.0\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Cron-expression is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchrisboulton\u002Fphp-diff\" rel=\"nofollow ugc\">php-diff\u003C\u002Fa> copyright Chris Boulton under the \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FBSD-3-Clause\" rel=\"nofollow ugc\">BSD license\u003C\u002Fa>. php-diff is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002F\" rel=\"nofollow ugc\">silexphp\u002FPimple\u003C\u002Fa> copyright Fabien Potencier, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002Fblob\u002Fv3.0.2\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Pimple is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdatatables.net\" rel=\"nofollow ugc\">DataTables\u003C\u002Fa> 1.10.13 copyright 2008-2016 SpryMedia Ltd. Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fdatatables.net\u002Flicense\" rel=\"nofollow ugc\">datatables.net\u002Flicense\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\" rel=\"nofollow ugc\">jqCron.js\u003C\u002Fa> Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\u002Fblob\u002Fmaster\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>\u003C\u002Fp>\n","The WordPress Integrity Checker checks your WordPress installation by detecting modified files, permissions issues and other common problems.",12158,96,6,"2025-10-13T08:49:00.000Z","4.7.32","4.4",[18,124,20,125],"secure","security-plugin","https:\u002F\u002Fwww.wpessentials.io\u002Fplugins\u002Fintegrity-checker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegrity-checker.0.10.0.zip",{"attackSurface":129,"codeSignals":148,"taintFlows":155,"riskAssessment":156,"analyzedAt":162},{"hooks":130,"ajaxHandlers":140,"restRoutes":145,"shortcodes":146,"cronEvents":147,"entryPointCount":28,"unprotectedCount":28},[131,137],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","admin_menu","closure","core-checksum-verifier.php",21,{"type":132,"name":138,"callback":134,"file":135,"line":139},"admin_enqueue_scripts",32,[141],{"action":142,"nopriv":143,"callback":134,"hasNonce":143,"hasCapCheck":143,"file":135,"line":144},"verify_wp_checksum",false,86,[],[],[],{"dangerousFunctions":149,"sqlUsage":150,"outputEscaping":152,"fileOperations":11,"externalRequests":28,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":154},[],{"prepared":11,"raw":11,"locations":151},[],{"escaped":119,"rawEcho":11,"locations":153},[],[],[],{"summary":157,"deductions":158},"The 'core-checksum-verifier' plugin v1.0.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by exclusively using prepared statements for SQL queries and ensuring all outputs are properly escaped. It also avoids dangerous functions and file operations, and has no recorded vulnerability history, which suggests a history of secure development.\n\nHowever, a significant concern arises from its attack surface. The plugin exposes one AJAX handler that lacks any authentication or capability checks. This means any unauthenticated user could potentially interact with this endpoint, posing a risk if the functionality it exposes is sensitive or can be misused. While taint analysis shows no vulnerabilities, the absence of checks on the AJAX handler is a known entry point for common web attacks.\n\nIn conclusion, while the plugin's core code appears to be written with security in mind regarding data handling, the lack of authentication on its AJAX endpoint is a critical oversight. This single unprotected entry point significantly elevates the risk profile, outweighing the otherwise positive code quality signals. Addressing this unprotected AJAX handler should be the immediate priority.",[159],{"reason":160,"points":161},"Unprotected AJAX handler",8,"2026-03-17T06:02:52.590Z",{"wat":164,"direct":175},{"assetPaths":165,"generatorPatterns":170,"scriptPaths":171,"versionParams":172},[166,167,168,169],"\u002Fwp-content\u002Fplugins\u002Fcore-checksum-verifier\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcore-checksum-verifier\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fcore-checksum-verifier\u002Fassets\u002Fimg\u002F9068699.png","\u002Fwp-content\u002Fplugins\u002Fcore-checksum-verifier\u002Fassets\u002Fimg\u002Fheader.png",[],[167],[173,174],"core-checksum-verifier\u002Fassets\u002Fcss\u002Fadmin.css?ver=","core-checksum-verifier\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":176,"htmlComments":189,"htmlAttributes":190,"restEndpoints":191,"jsGlobals":193,"shortcodeOutput":196},[177,178,179,180,181,182,183,184,185,186,187,188],"pul-button","pul-overlay__body","pul-dialog__header","pul-dialog__banner","pul-dialog__banner-inner","pul-dialog__header-inner","pul-dialog__header-body","pul-dialog__header-content","pul-dialog__title","pul-dialog__subtitle","pul-dialog__content","pul-dialog__buttons",[],[],[192],"\u002Fwp-json\u002Fcore-checksum-verifier\u002Fv1\u002Fsettings",[194,195],"corechData","jQuery",[]]