[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmEp8dyY5ex89cN7-OkTHJkWV69wSYxPRfs-fCYks9m4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":132,"fingerprints":219},"core-updates-permission","Core Updates Permission","1.4.0.1","Mike Auteri","https:\u002F\u002Fprofiles.wordpress.org\u002Fmauteri\u002F","\u003Cp>This plugin is a fork of \u003Ccode>Disable All WordPress Updates\u003C\u002Fcode> plugin. Like that plugin, Core Updates Permission completely disables the theme, plugin and core update checking system in WordPress. The plugin prevents WordPress from checking for updates including cronjobs, and prevents any notifications from being displayed. The one significant difference is that this plugin also allows you to pick and choose administrators that \u003Cem>can\u003C\u002Fem> have the ability to make updates.\u003C\u002Fp>\n\u003Cp>It’s \u003Cem>very\u003C\u002Fem> important that you keep your WordPress theme, core and plugins up to date. If you don’t, your blog or website could be \u003Cstrong>susceptible to security vulnerabilities\u003C\u002Fstrong> or performance issues.\u003C\u002Fp>\n\u003Cp>If you use this plugin, it’s a good idea to give one administrator the ability to see update notifications to keep up to date with new releases of your active WordPress version, plugins and themes and update them as new versions are released.\u003C\u002Fp>\n","Disables the theme, plugin and core update checking, the related cronjobs and notification system by default. Provides the ability to give certain adm &hellip;",10,2141,0,"2013-09-05T11:04:00.000Z","3.6.1","2.8","",[19,20,21,22],"core","disable","theme","updates","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-wordpress-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcore-updates-permission.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mauteri",1,30,84,"2026-04-04T14:43:50.170Z",[36,59,81,100,118],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-updates","Disable Updates for WordPress Core, Plugins and Themes","1.4.2","Johan van der Wijk","https:\u002F\u002Fprofiles.wordpress.org\u002Fvanderwijk\u002F","\u003Cp>This plugin disables all WordPress updates (core, plugins and themes). This can be useful if you have multiple environments such as a live and staging server and you don’t want your users to use the update functionality.\u003C\u002Fp>\n\u003Cp>This plugin not only disables the update mechanism for the core, plugins and themes, but it also removes the update menu item from the left navigation menu in the admin dashboard.\u003C\u002Fp>\n","Disables the WordPress update checking and notification system for all core, plugin and theme updates.",10000,108696,96,4,"2025-12-01T15:45:00.000Z","6.9.4","4.6","5.6",[53,37,54,55,22],"core-update","plugin-update","theme-update","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-updates.1.4.2.zip",100,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":58,"num_ratings":69,"last_updated":70,"tested_up_to":49,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":79,"download_link":80,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-email-notification-for-auto-updates","Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes","1.0.5","ideasToCode","https:\u002F\u002Fprofiles.wordpress.org\u002Fideastocode\u002F","\u003Cp>Key Features:\u003Cbr \u002F>\n– Disable Email Notifications for Auto-Updates\u003Cbr \u002F>\n– Block\u002Fhide Specific Plugin Updates: You can choose plugins to block\u002Fhide (plugin’s list)\u003Cbr \u002F>\n– Block WordPress Core and Theme Updates\u003Cbr \u002F>\n– Remove Update Buttons from Admin Panel (under Dashboard menu)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Our Another Plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F\" rel=\"ugc\">Improve Website Security\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F\" rel=\"ugc\">Enable SVG, WebP, and ICO Upload\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable Email Notifications for Auto-Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nWith the introduction of WordPress 5.5, the auto-update feature was enabled, and email notifications started being sent for every update made. By simply installing this plugin, you can stop receiving these annoying notifications for every auto-update made to plugins, themes, or even the WordPress core. Please note that this plugin will not affect the auto-update feature of WordPress if it is enabled.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Specific Plugin Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn the “Block Plugin Updates” tab, the plugin will list all installed plugins on your website. If there are specific plugins you do not want to update, you can disable updates for those particular plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block WordPress Core and Theme Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou also have the option to block updates for the WordPress core and themes. However, this is not recommended for security reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Update Buttons from Admin Panel:\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you do not want to see the “Updates” menu under the Dashboard, you can easily hide it from the admin panel menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Default Settings:\u003C\u002Fstrong>\u003Cbr \u002F>\nBy default, only the email notification feature is turned on; other settings must be configured manually.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tutorial video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3U4QM7UZ6D8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>If you want to learn more and see how this plugin works – please check our\u003Ca href=\"https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F\" rel=\"nofollow ugc\"> website – ideastocode.com.\u003C\u002Fa>\u003C\u002Fp>\n","This plugin disables email notifications for auto-updates and blocks updates for specific plugins, hide plugins, WordPress core, and themes.",3000,15949,2,"2025-12-04T21:10:00.000Z","5.5","7.0",[74,75,76,77,78],"block-specific-plugin-updates","block-themes-updates","block-wordpress-core-updates","disable-update-notification-emails","hide-updates-from-dashboard","https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-email-notification-for-auto-updates.1.0.5.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":13,"num_ratings":13,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":94,"tags":95,"homepage":98,"download_link":99,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-all-updates","Disable All Updates & Notifications","1.0","Sakthivel S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsakthi2210\u002F","\u003Cp>This plugin is used disable the wordpress functionality of updating core, themes & plugins automatically. Also it will disable all kind of update notification from wordpress.org theme\u002Fplugin repository.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Disable WordPress core, themes, plugin update\u003Cbr \u002F>\n* Disable notifications for all updates available.\u003C\u002Fp>\n","Disable Wordpress, Themes & Plugins Updates along with their update notifications.",40,1374,"2019-08-01T09:24:00.000Z","5.2.24","3.0.1","5.2.4",[96,97,37,54,55],"core-updates","disable-notifications","http:\u002F\u002Fgithub.com\u002Fsakthiwebdev\u002Fdisable-all-updates","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-all-updates.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":13,"downloaded":108,"rating":13,"num_ratings":13,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":17,"tags":112,"homepage":116,"download_link":117,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-complete-wp-updates","Disable Complete WP Updates","1.0.0","Nipun Tyagi","https:\u002F\u002Fprofiles.wordpress.org\u002Fnipun21\u002F","\u003Cp>This plugin completely disables the theme, plugin and core update checking system in WordPress. The plugin prevents WordPress from\u003Cbr \u002F>\nchecking for updates including cronjobs, and prevents any notifications from being displayed.\u003C\u002Fp>\n\u003Cp>It’s \u003Cem>very\u003C\u002Fem> important that you keep your WordPress theme, core and plugins up to date. If you don’t, your blog or website could\u003Cbr \u002F>\nbe \u003Cstrong>susceptible to security vulnerabilities\u003C\u002Fstrong> or performance issues.\u003C\u002Fp>\n\u003Cp>If you use this plugin, make sure you keep yourself up to date with new releases of your active WordPress version, plugins\u003Cbr \u002F>\nand themes and update them as new versions are released (simply by deactivating this plugin for a short time).\u003C\u002Fp>\n","Completely Disable theme, plugin and core update checking, the related cronjobs and notification system.",1072,"2018-04-01T14:55:00.000Z","4.9.29","3.0",[113,114,115],"disable-core-updates","disable-plugins-updates","disable-theme-updates","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-complete-wp-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-complete-wp-updates.zip",{"slug":119,"name":120,"version":84,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":13,"downloaded":125,"rating":13,"num_ratings":13,"last_updated":126,"tested_up_to":127,"requires_at_least":16,"requires_php":51,"tags":128,"homepage":130,"download_link":131,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-wp-automatic-updates","Disable Plugins, Themes and Core Updates","Ciprian Craciun","https:\u002F\u002Fprofiles.wordpress.org\u002Fevalcraciun\u002F","\u003Cp>This plugin disable plugins, themes and core updates for WordPress and also the notifications.\u003C\u002Fp>\n\u003Cp>It’s \u003Cem>very\u003C\u002Fem> important that you keep your WordPress theme, core and plugins up to date. If you don’t, your blog or website could\u003Cbr \u002F>\nbe \u003Cstrong>susceptible to security vulnerabilities\u003C\u002Fstrong> or performance issues.\u003C\u002Fp>\n\u003Cp>If you use this plugin, make sure you keep yourself up to date with new releases of your active WordPress version, plugins\u003Cbr \u002F>\nand themes and update them as new versions are released (simply by deactivating this plugin for a short time).\u003C\u002Fp>\n","This plugin disable plugins, themes and core updates for WordPress and also the notifications.",1165,"2018-12-10T13:25:00.000Z","5.0.25",[129,19,20,21,22],"auto-update","http:\u002F\u002Fstefaniq.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wp-automatic-updates.zip",{"attackSurface":133,"codeSignals":185,"taintFlows":208,"riskAssessment":209,"analyzedAt":218},{"hooks":134,"ajaxHandlers":181,"restRoutes":182,"shortcodes":183,"cronEvents":184,"entryPointCount":13,"unprotectedCount":13},[135,141,144,148,151,155,158,161,166,169,172,175,178],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","show_user_profile","core_updates_permission_field","core-updates-permission.php",75,{"type":136,"name":142,"callback":138,"file":139,"line":143},"edit_user_profile",76,{"type":136,"name":145,"callback":146,"file":139,"line":147},"personal_options_update","save_core_updates_permission_field",77,{"type":136,"name":149,"callback":146,"file":139,"line":150},"edit_user_profile_update",78,{"type":136,"name":152,"callback":153,"file":139,"line":154},"widgets_init","can_user_make_core_updates",83,{"type":136,"name":156,"callback":157,"file":139,"line":46},"admin_head","remove_nag",{"type":136,"name":159,"callback":159,"file":139,"line":160},"admin_init",97,{"type":162,"name":163,"callback":164,"file":139,"line":165},"filter","pre_transient_update_themes","anonymous",103,{"type":162,"name":167,"callback":164,"file":139,"line":168},"pre_site_transient_update_themes",107,{"type":136,"name":170,"callback":164,"file":139,"line":171},"pre_transient_update_plugins",113,{"type":162,"name":173,"callback":164,"file":139,"line":174},"pre_site_transient_update_plugins",117,{"type":162,"name":176,"callback":164,"file":139,"line":177},"pre_transient_update_core",123,{"type":162,"name":179,"callback":164,"file":139,"line":180},"pre_site_transient_update_core",127,[],[],[],[],{"dangerousFunctions":186,"sqlUsage":200,"outputEscaping":202,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":31,"bundledLibraries":207},[187,190,192,194,196,198],{"fn":188,"file":139,"line":165,"context":189},"create_function","add_filter( 'pre_transient_update_themes', create_function( '$a', \"return null;\" ) );",{"fn":188,"file":139,"line":168,"context":191},"add_filter( 'pre_site_transient_update_themes', create_function( '$a', \"return null;\" ) );",{"fn":188,"file":139,"line":171,"context":193},"add_action( 'pre_transient_update_plugins', array(&$this, create_function( '$a', \"return null;\" )) )",{"fn":188,"file":139,"line":174,"context":195},"add_filter( 'pre_site_transient_update_plugins', create_function( '$a', \"return null;\" ) );",{"fn":188,"file":139,"line":177,"context":197},"add_filter( 'pre_transient_update_core', create_function( '$a', \"return null;\" ) );",{"fn":188,"file":139,"line":180,"context":199},"add_filter( 'pre_site_transient_update_core', create_function( '$a', \"return null;\" ) );",{"prepared":13,"raw":13,"locations":201},[],{"escaped":13,"rawEcho":31,"locations":203},[204],{"file":139,"line":205,"context":206},241,"raw output",[],[],{"summary":210,"deductions":211},"The \"core-updates-permission\" plugin v1.4.0.1 exhibits a generally good security posture in terms of its attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without proper authentication or permission checks.  Furthermore, the absence of known CVEs and a clean vulnerability history indicates a commitment to security maintenance. The use of prepared statements for all SQL queries is a significant strength, preventing common SQL injection vulnerabilities.\n\nHowever, several concerning signals are present in the static analysis. The presence of the `create_function` function, while potentially used in ways that don't immediately lead to vulnerability, is a known deprecated and potentially risky function that can be leveraged for code injection if not handled with extreme care.  More critically, the analysis reveals that 100% of identified outputs are not properly escaped. This is a significant concern as it exposes the plugin to Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the WordPress admin area or even the front-end, depending on where the output is displayed.\n\nThe plugin's vulnerability history is clean, which is positive. This, combined with the limited attack surface and secure SQL practices, suggests that the developers are likely diligent about security. However, the unescaped output is a notable weakness that, if exploited, could lead to serious security compromises. The use of `create_function` is also a red flag that warrants attention.",[212,215],{"reason":213,"points":214},"100% of outputs are not properly escaped",8,{"reason":216,"points":217},"Use of deprecated and potentially risky 'create_function'",5,"2026-03-17T00:41:20.924Z",{"wat":220,"direct":225},{"assetPaths":221,"generatorPatterns":222,"scriptPaths":223,"versionParams":224},[],[],[],[],{"cssClasses":226,"htmlComments":228,"htmlAttributes":248,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":254},[227],"button-wrapper",[229,230,231,232,233,234,233,235,236,237,238,239,240,241,239,240,242,239,240,243,244,238,239,240,241,239,240,242,239,240,245,246,247],"\u003C!-- Core Updates Permission -->","\u003C!-- Forked from `Disable All WordPress Updates` pluggin. The one significant difference is that this plugin also allows you to pick and choose administrators that *can* have the ability to make updates. -->","\u003C!-- Define the plugin version -->","\u003C!-- The WP_Core_Updates_Permission class -->","\u003C!-- The WP_Core_Updates_Permission class constructor -->","\u003C!-- PHP 4 Compatible Constructor -->","\u003C!-- PHP 5 Constructor -->","\u003C!-- Add Core Updates Field To Profile -->","\u003C!-- Check if current user has permission to make core updates -->","\u003C!-- Disable Theme Updates -->","\u003C!-- 2.8 to 3.0 -->","\u003C!-- 3.0 -->","\u003C!-- Disable Plugin Updates -->","\u003C!-- Disable Core Updates -->","\u003C!-- Hide notifications to update -->","\u003C!-- Initialize and load the plugin stuff -->","\u003C!-- Save core updates field -->","\u003C!-- Add Core Updates fields to profile page -->","\u003C!-- User role check -->",[249,250,251],"name=\"allow_core_updates\"","id=\"allow-core-updates-y\"","id=\"allow-core-updates-n\"",[],[],[]]