[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIQE-3JyBY1Ie29PzcYIUjnfFvkFDXZ6f7Yq4kwB6x0k":3,"$fF6eXWxCtqf_gvLOK5Xutmu3sRsfmuTL31uYhHvfX7oI":192,"$fCuQD_0uwqsrRDnwA8JCYMdn8Y9w_N0TG9Gbax7REiNM":197},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":34,"analysis":144,"fingerprints":179},"core-files-update-cleanup","Core Files Update Cleanup","1.1.0","indextwo","https:\u002F\u002Fprofiles.wordpress.org\u002Findextwo\u002F","\u003Cp>Whenever WordPress performs a core update, it automatically pulls down the following files onto the root:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>license.txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>readme.html\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp-config-sample.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These files aren’t an inherent security risk by themselves; however they are uneccessary clutter on the root of your site (why would you want a \u003Ccode>wp-config-sample.php\u003C\u002Fcode> file on your production website?!); and it’s just another easy-to-read vector confirming that you have a WordPress site for script-kiddies to scrape and attack.\u003C\u002Fp>\n\u003Cp>Simply install this plugin and it will clean up those files every time you perform a core WordPress update.\u003C\u002Fp>\n","This plugin deletes the unnecessary license.txt, readme.html and wp-config-sample.php files after a core update.",20,2038,0,"2024-01-23T19:43:00.000Z","6.4.8","3.6.0","",[19,20,21],"cleanup","core","update","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcore-files-update-cleanup.1.1.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},4,5080,37,78,"2026-05-20T08:05:50.278Z",[35,57,83,101,122],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":55,"download_link":56,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"automatic-updater","Advanced Automatic Updates","1.0.2","Gary Pendergast","https:\u002F\u002Fprofiles.wordpress.org\u002Fpento\u002F","\u003Cp>Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!\u003C\u002Fp>\n\u003Cp>If you’re working on a WordPress Multisite install, it will properly restrict the options page to your Network Admin.\u003C\u002Fp>\n\u003Cp>While this will be useful for the vast majority of sites, please exercise caution, particularly if you have any custom themes or plugins running on your site.\u003C\u002Fp>\n","Adds extra options to WordPress' built-in Automatic Updates feature.",30000,255477,94,61,"2021-06-04T00:46:00.000Z","5.0.25","3.7",[20,51,52,53,54],"plugins","stable","themes","updates","http:\u002F\u002Fpento.net\u002Fprojects\u002Fautomatic-updater-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-updater.1.0.2.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":17,"tags":72,"homepage":78,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":13,"last_vuln_date":82,"fetched_at":25},"disable-update-notifications","Disable WordPress Update Notifications and auto-update Email Notifications","2.4.2","Prem Tiwari","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreewebmentor\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.premtiwari.in\u002F\" rel=\"nofollow ugc\">Homepage\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-update-notifications\u002F#installation\" rel=\"ugc\">Documentation\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-update-notifications\u002Freviews\u002F#new-post\" rel=\"ugc\">Support\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin will completely disables the Plugins, Themes, and WordPress core update notifications displayed by WordPress based on your plugin settings. Apart from this it will also disable auto-update Email Notifications.\u003C\u002Fp>\n\u003Ch3>🎉 Disable auto-update Email Notifications\u003C\u002Fh3>\n\u003Cp>Since WordPress 5.5 version, if you have enabled plugin and theme auto-update you will receive an automated email notifications when any plugin or theme auto-update is successful or failed.\u003C\u002Fp>\n\u003Cp>If you manage a dozen of websites, then the you will receive the constant stream of auto-update notifications emails and may be it annoying you.\u003C\u002Fp>\n\u003Cp>I have added a new feature to cure the problem by automatically Disable auto-update Email Notifications for plugins and themes auto-update email notifications.\u003C\u002Fp>\n\u003Cp>👉 Most importantly, This plugin is free and always will be free.\u003C\u002Fp>\n","Disables WordPress core update notification and plugins update notification update checks and notifications.",10000,77450,88,18,"2025-06-10T02:21:00.000Z","6.8.5","5.0",[73,74,75,76,77],"core-update","disable","hide-warnings","plugin-update","update-notifications","https:\u002F\u002Fwww.premtiwari.in\u002Fdisable-wordpress-update-notifications\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-update-notifications.2.4.2.zip",100,1,"2023-05-30 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":65,"downloaded":91,"rating":92,"num_ratings":29,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":96,"tags":97,"homepage":99,"download_link":100,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"disable-updates","Disable Updates for WordPress Core, Plugins and Themes","1.4.2","Johan van der Wijk","https:\u002F\u002Fprofiles.wordpress.org\u002Fvanderwijk\u002F","\u003Cp>This plugin disables all WordPress updates (core, plugins and themes). This can be useful if you have multiple environments such as a live and staging server and you don’t want your users to use the update functionality.\u003C\u002Fp>\n\u003Cp>This plugin not only disables the update mechanism for the core, plugins and themes, but it also removes the update menu item from the left navigation menu in the admin dashboard.\u003C\u002Fp>\n","Disables the WordPress update checking and notification system for all core, plugin and theme updates.",109940,96,"2025-12-01T15:45:00.000Z","6.9.4","4.6","5.6",[73,84,76,98,54],"theme-update","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-updates.1.4.2.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":112,"last_updated":113,"tested_up_to":70,"requires_at_least":96,"requires_php":114,"tags":115,"homepage":120,"download_link":121,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"webcraftic-updates-manager","Disable Updates – Updates Manager, Disable Automatic Updates, Disable All Updates","1.3.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Disable Updates is a lightweight updates manager that gives you full control over how and when updates run on your site. You can disable all updates, turn off automatic updates, or manage updates individually for WordPress core, plugins, and themes.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Ch4>Disable Plugin Updates\u003C\u002Fh4>\n\u003Cp>You can disable plugin updates globally or manage them on a per-plugin basis. This allows you to prevent update notifications for all plugins or selectively disable updates only for specific plugins you want to keep unchanged.\u003C\u002Fp>\n\u003Cp>The plugin also lets you disable automatic plugin updates, giving you full control over which plugins update automatically and which ones require manual approval.\u003C\u002Fp>\n\u003Ch4>Disable Theme Updates\u003C\u002Fh4>\n\u003Cp>You can disable theme updates entirely or control them individually for each theme. This is especially useful if you are using custom themes or child themes where updates could overwrite changes.\u003C\u002Fp>\n\u003Cp>You can also disable automatic theme updates or allow automatic updates only for selected themes, depending on your workflow.\u003C\u002Fp>\n\u003Ch4>Disable WordPress Core Updates\u003C\u002Fh4>\n\u003Cp>Take control of WordPress core updates by disabling them completely or managing how they are applied. You can choose to disable all core updates or fine-tune automatic updates by release type.\u003C\u002Fp>\n\u003Cp>Options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable WordPress core updates entirely\u003C\u002Fli>\n\u003Cli>Disable automatic core updates\u003C\u002Fli>\n\u003Cli>Allow automatic updates for major releases\u003C\u002Fli>\n\u003Cli>Allow automatic updates for minor releases\u003C\u002Fli>\n\u003Cli>Allow automatic development updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This gives you full control over how WordPress itself updates on your site.\u003C\u002Fp>\n\u003Ch4>Additional Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable translation updates\u003C\u002Fli>\n\u003Cli>Hide update notices for all users except admins\u003C\u002Fli>\n\u003Cli>Get email notifications when updates are available or on successful update\u003C\u002Fli>\n\u003Cli>Disable core update notification emails\u003C\u002Fli>\n\u003Cli>Force automatic updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>We’re here to help. Feel free to open a new thread on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwebcraftic-updates-manager\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Useful Resources\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>If you like this plugin, you’re sure to love \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">our other plugins\u003C\u002Fa> as well.\u003C\u002Fli>\n\u003Cli>Our blog is a great place to \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fblog\u002F\" rel=\"nofollow ugc\">learn more about WordPress\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Get the most out of your website with our helpful \u003Ca href=\"https:\u002F\u002Fyoutube.com\u002Fplaylist?list=PLmRasCVwuvpSep2MOsIoE0ncO9JE3FcKP\" rel=\"nofollow ugc\">WordPress YouTube Tutorials\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable updates and automatic updates for WordPress core, plugins, and themes, with the option to disable plugin or theme updates individually.",9000,68949,90,24,"2026-01-12T15:12:00.000Z","7.4",[116,117,118,84,119],"disable-automatic-updates","disable-core-updates","disable-plugin-updates","updates-manager","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwebcraftic-updates-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebcraftic-updates-manager.1.3.0.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":96,"tags":137,"homepage":142,"download_link":143,"security_score":132,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"wp-auto-updater","WP Auto Updater","1.7.3","thingsym","https:\u002F\u002Fprofiles.wordpress.org\u002Fthingsym\u002F","\u003Cp>WP Auto Updater plugin enables automatic updates of WordPress Core, Themes, Plugins and Translations. Version control of WordPress Core makes automatic update more safely.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Automatically update WordPress Core\u003C\u002Fli>\n\u003Cli>Automatically updates Themes, Plugins and Translations\u003C\u002Fli>\n\u003Cli>Set up a schedule automatic updates\u003C\u002Fli>\n\u003Cli>Disable automatic updating of each Themes and Plugins\u003C\u002Fli>\n\u003Cli>Record update history\u003C\u002Fli>\n\u003Cli>Update notification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important\u003C\u002Fstrong>: before updating, please back up your database and files.\u003C\u002Fp>\n\u003Ch4>Auto Update Scenario\u003C\u002Fh4>\n\u003Cp>First of all, we will make an \u003Cstrong>Auto Update Scenario\u003C\u002Fstrong> which decide the policy of WordPress automatic updates.\u003C\u002Fp>\n\u003Cp>You can choose from the following five automatic updates of WordPress Core.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Minor Version Update\u003C\u002Fli>\n\u003Cli>Major Version Update\u003C\u002Fli>\n\u003Cli>Minor Only Version Update\u003C\u002Fli>\n\u003Cli>Previous Generation Version Update\u003C\u002Fli>\n\u003Cli>Manual Update\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Minor Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Minor Version Update\u003C\u002Fstrong> enable minor updates. Minor updates is default behavior in WordPress for security updates. The transition of the version number is as follows: update from 4.8 to 4.8.1, 4.8.2 …\u003C\u002Fp>\n\u003Ch4>Major Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Major Version Update\u003C\u002Fstrong> enable major updates. The transition of the version number is as follows: update from 4.7 to 4.8, 4.9 …\u003C\u002Fp>\n\u003Ch4>Minor Only Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Minor Only Version Update\u003C\u002Fstrong> enable major updates and minor updates \u003Cstrong>except version x.y.0\u003C\u002Fstrong>. It make sense to take a “skip” approach to avoid introducing new vulnerabilities into the latest major version release.\u003C\u002Fp>\n\u003Cp>Update the WordPress Core version (eg. x.y.1 or later) with security fixed. Not automatically update the latest major version of x.y.0. The transition of the version number is as follows: update from 4.7.z to 4.8.z, 4.9.z … skiped 4.7.0, 4.8.0, 4.9.0 …\u003C\u002Fp>\n\u003Ch4>Previous Generation Version Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Previous Generation Version Update\u003C\u002Fstrong> enable major updates and minor updates \u003Cstrong>except the latest major version\u003C\u002Fstrong>. It make sense to take a “wait and see” approach to ensure the latest major version release is stable before.\u003C\u002Fp>\n\u003Cp>With the installed WordPress Core version as 4.6.z. If the latest WordPress Core version released to 4.8.0, automatically update it to version 4.7.z. It will be always automatically updated to the previous generation WordPress Core version with probably security fixed.\u003C\u002Fp>\n\u003Ch4>Manual Update\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Manual Update\u003C\u002Fstrong> disable automatic updates. You update WordPress Core manually on the Dashboard Updates Screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic updates\u003C\u002Fstrong> and \u003Cstrong>manual updates\u003C\u002Fstrong> are available for themes, plugins and Translations.\u003Cbr \u002F>\nIt is also possible to disable automatic updating of each Themes and Plugins.\u003C\u002Fp>\n\u003Ch4>Scheduled automatic updates\u003C\u002Fh4>\n\u003Cp>Next we will set up a schedule for automatic updates.\u003Cbr \u002F>\nThe update interval can be selected from the following four.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Twice Daily (12 hours interval)\u003C\u002Fli>\n\u003Cli>Daily\u003C\u002Fli>\n\u003Cli>Weekly\u003C\u002Fli>\n\u003Cli>Monthly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also set the day, the day of the week, the hour and the minute of the Update Date.\u003C\u002Fp>\n\u003Cp>At the time of automatic update, Automatically updates WordPress Core, Themes, Plugins and Translations to be updated.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>If you have any trouble, you can use the forums or report bugs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forum: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Issues: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribution\u003C\u002Fh4>\n\u003Cp>Small patches and bug reports can be submitted a issue tracker in Github. Forking on Github is another good way. You can send a pull request.\u003C\u002Fp>\n\u003Cp>Translating a plugin takes a lot of time, effort, and patience. I really appreciate the hard work from these contributors.\u003C\u002Fp>\n\u003Cp>If you have created or updated your own language pack, you can send gettext PO and MO files to author. I can bundle it into plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\" rel=\"nofollow ugc\">VCS – GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-auto-updater\u002F\" rel=\"ugc\">Homepage – WordPress Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-auto-updater\" rel=\"nofollow ugc\">Translate WP Auto Updater into your language.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also contribute by answering issues on the forums.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Forum: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-auto-updater\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Issues: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Fissues\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute guidlines\u003C\u002Fh4>\n\u003Cp>If you would like to contribute, here are some notes and guidlines.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All development happens on the \u003Cstrong>develop\u003C\u002Fstrong> branch, so it is always the most up-to-date\u003C\u002Fli>\n\u003Cli>The \u003Cstrong>master\u003C\u002Fstrong> branch only contains tagged releases\u003C\u002Fli>\n\u003Cli>If you are going to be submitting a pull request, please submit your pull request to the \u003Cstrong>develop\u003C\u002Fstrong> branch\u003C\u002Fli>\n\u003Cli>See about \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Farticles\u002Ffork-a-repo\u002F\" rel=\"nofollow ugc\">forking\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Farticles\u002Fusing-pull-requests\u002F\" rel=\"nofollow ugc\">pull requests\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Test Matrix\u003C\u002Fh4>\n\u003Cp>For operation compatibility between PHP version and WordPress version, see below \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater\u002Factions\" rel=\"nofollow ugc\">Github Actions\u003C\u002Fa>.\u003C\u002Fp>\n","WP Auto Updater plugin enables automatic updates of WordPress Core, Themes, Plugins and Translations. Version control of WordPress Core makes automati …",7000,111761,92,10,"2024-08-23T07:15:00.000Z","6.6.5","4.9",[138,139,140,141,54],"auto-update","automatic-updates","background-updates","core-updates","https:\u002F\u002Fgithub.com\u002Fthingsym\u002Fwp-auto-updater","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-auto-updater.1.7.3.zip",{"attackSurface":145,"codeSignals":161,"taintFlows":168,"riskAssessment":169,"analyzedAt":178},{"hooks":146,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[147,153],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","vnm_core_files_cleanup_activated","vnm_core_files_cleanup_delete_files","core-files-update-cleanup.php",39,{"type":148,"name":154,"callback":155,"priority":133,"file":151,"line":156},"upgrader_process_complete","vnm_core_files_cleanup",53,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":81,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":167},[],{"prepared":13,"raw":13,"locations":164},[],{"escaped":13,"rawEcho":13,"locations":166},[],[],[],{"summary":170,"deductions":171},"The plugin \"core-files-update-cleanup\" v1.1.0 exhibits a strong static security posture. The absence of any identified dangerous functions, unsanitized taint flows, raw SQL queries, and the consistent use of prepared statements for the single SQL query are positive indicators. Furthermore, all output appears to be properly escaped, and there are no external HTTP requests, which minimizes risks related to code injection and cross-site scripting. The plugin also demonstrates good practices by not bundling external libraries, thus avoiding potential vulnerabilities from outdated dependencies.\n\nHowever, the most significant concern is the complete lack of any security checks, including nonce checks, capability checks, and authentication checks on its entry points. While the current static analysis shows zero entry points, this is a critical oversight. If any entry points were to be introduced in future versions or if the analysis somehow missed them, they would be entirely unprotected, leaving the site vulnerable to unauthorized actions. The plugin's vulnerability history is clean, but this is largely irrelevant given the current lack of protective measures. The overall conclusion is that while the current code is clean, the foundational security of the plugin is weak due to the absence of essential authorization and validation mechanisms, which is a significant risk for any WordPress plugin.",[172,174,176],{"reason":173,"points":133},"Missing nonce checks",{"reason":175,"points":133},"Missing capability checks",{"reason":177,"points":133},"Missing authentication checks on entry points","2026-03-16T22:57:25.297Z",{"wat":180,"direct":185},{"assetPaths":181,"generatorPatterns":182,"scriptPaths":183,"versionParams":184},[],[],[],[],{"cssClasses":186,"htmlComments":187,"htmlAttributes":188,"restEndpoints":189,"jsGlobals":190,"shortcodeOutput":191},[],[],[],[],[],[],{"error":193,"url":194,"statusCode":195,"statusMessage":196,"message":196},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcore-files-update-cleanup\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":198,"versions":199},2,[200,206],{"version":6,"download_url":22,"svn_tag_url":201,"released_at":24,"has_diff":202,"diff_files_changed":203,"diff_lines":24,"trac_diff_url":204,"vulnerabilities":205,"is_current":193},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcore-files-update-cleanup\u002Ftags\u002F1.1.0\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fcore-files-update-cleanup%2Ftags%2F1.0.0&new_path=%2Fcore-files-update-cleanup%2Ftags%2F1.1.0",[],{"version":207,"download_url":208,"svn_tag_url":209,"released_at":24,"has_diff":202,"diff_files_changed":210,"diff_lines":24,"trac_diff_url":24,"vulnerabilities":211,"is_current":202},"1.0.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcore-files-update-cleanup.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fcore-files-update-cleanup\u002Ftags\u002F1.0.0\u002F",[],[]]