[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fRWm9YSenW1OA9SWEpEbZ5EewltS0k6eifJAsLV2ZiJQ":3,"$fexiygBl792i5WtrRf_Cz9I6PxwOLkfbyszwg8qQyKTA":205,"$fO2GSjw60lah8ym6LmkZXMZkFat9zyMNC4OokzrE0ZIw":210},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":35,"analysis":132,"fingerprints":190},"create-stellar-toml","Create Stellar Toml","1.0.4","esecamalich","https:\u002F\u002Fprofiles.wordpress.org\u002Fesecamalich\u002F","\u003Cp>This plugin creates the \u002F.well-known\u002Fstellar.toml file.\u003C\u002Fp>\n\u003Cp>You will need ‘manage_options’ capability in order to use the Settings page for this plugin.\u003C\u002Fp>\n\u003Cp>NOTE: as with all plugins, once you are no longer using the plugin, you should de-activate it.\u003Cbr \u002F>\nThis is a good security practice.\u003C\u002Fp>\n","\"Well-Known URIs\" for WordPress!",10,1295,0,"2019-12-12T23:58:00.000Z","5.3.21","3.5.1","",[19,20,21,22],"stellar","toml","well-known","well-known-uris","https:\u002F\u002Fgithub.com\u002Fesecamalich\u002Fcreate-stellar-toml","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcreate-stellar-toml.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-05-20T04:11:35.071Z",[36,50,74,93,112],{"slug":22,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":10,"active_installs":42,"downloaded":43,"rating":13,"num_ratings":13,"last_updated":44,"tested_up_to":45,"requires_at_least":16,"requires_php":17,"tags":46,"homepage":48,"download_link":49,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"\u002Fwell-known-uris\u002F","1.0.3","mrose17","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrose17\u002F","\u003Cp>This plugin enables “Well-Known URIs” support for WordPress (RFC 5785: http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc5785).\u003C\u002Fp>\n\u003Cp>From the RFC:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>It is increasingly common for Web-based protocols to require the\u003Cbr \u002F>\n  discovery of policy or other information about a host (“site-wide\u003Cbr \u002F>\n  metadata”) before making a request.  For example, the Robots\u003Cbr \u002F>\n  Exclusion Protocol \u003Ca href=\"http:\u002F\u002Fwww.robotstxt.org\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.robotstxt.org\u002F\u003C\u002Fa> specifies a way for\u003Cbr \u002F>\n  automated processes to obtain permission to access resources;\u003Cbr \u002F>\n  likewise, the Platform for Privacy Preferences\u003Cbr \u002F>\n  tells user-agents how to discover privacy policy beforehand.\u003C\u002Fp>\n\u003Cp>While there are several ways to access per-resource metadata (e.g.,\u003Cbr \u002F>\n  HTTP headers, WebDAV’s PROPFIND [RFC4918]), the perceived overhead\u003Cbr \u002F>\n  (either in terms of client-perceived latency and\u002For deployment\u003Cbr \u002F>\n  difficulties) associated with them often precludes their use in these\u003Cbr \u002F>\n  scenarios.\u003C\u002Fp>\n\u003Cp>When this happens, it is common to designate a “well-known location”\u003Cbr \u002F>\n  for such data, so that it can be easily located.  However, this\u003Cbr \u002F>\n  approach has the drawback of risking collisions, both with other such\u003Cbr \u002F>\n  designated “well-known locations” and with pre-existing resources.\u003C\u002Fp>\n\u003Cp>To address this, this memo defines a path prefix in HTTP(S) URIs for\u003Cbr \u002F>\n  these “well-known locations”, “\u002F.well-known\u002F”.  Future specifications\u003Cbr \u002F>\n  that need to define a resource for such site-wide metadata can\u003Cbr \u002F>\n  register their use to avoid collisions and minimise impingement upon\u003Cbr \u002F>\n  sites’ URI space.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>You will need ‘manage_options’ capability in order to use the Settings\u003Cbr \u002F>\npage for this plugin.\u003C\u002Fp>\n",70,2738,"2016-11-03T13:20:00.000Z","4.6.30",[47,21,22],"discovery","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwell-known-uris\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwell-known-uris.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":17,"tags":65,"homepage":71,"download_link":72,"security_score":73,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"nofollow-external-links-seo","Nofollow External Links (SEO)","3.0.0","ViitorCloud Technologies Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fviitorcloudvc\u002F","\u003Cp>It automatically set all external links to “nofollow” in website content.\u003C\u002Fp>\n\u003Cp>Seo friendly.\u003C\u002Fp>\n\u003Cp>Plugin Functionality:\u003C\u002Fp>\n\u003Cp>1) Activate it from backend and it will automatically add nofollow in external links used in content.\u003C\u002Fp>\n\u003Cp>2) No additional settings required.\u003C\u002Fp>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fviitorcloud.com\u002F\" rel=\"nofollow ugc\">ViitorCloud\u003C\u002Fa> believes in an active community support so with such plugins we try to make life easy for developers & of course customers. Don’t forget to subscribe our newsletter.\u003C\u002Fp>\n","It automatically set all external links to \"nofollow\" in website content.",200,4461,74,3,"2024-05-23T12:17:00.000Z","6.5.8","3.8",[66,67,68,69,70],"customlink","external","link","no-indexing","nofollow","https:\u002F\u002Fviitorcloud.com\u002Fblog\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnofollow-external-links-seo.zip",92,{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":82,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":91,"download_link":92,"security_score":82,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"well-known-file-manager","Well-Known File Manager","1.4.10","Jono Alderson","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonoaldersonwp\u002F","\u003Cp>Manage your website’s \u003Ccode>.well-known\u003C\u002Fcode> files with ease using this powerful yet simple plugin. The Well-Known File Manager provides a user-friendly interface to create, edit and manage standardized \u003Ccode>.well-known\u003C\u002Fcode> files – essential components for modern web security, app associations, and service discovery.\u003C\u002Fp>\n\u003Cp>Whether you need to implement security.txt for vulnerability reporting, configure app associations, or set up protocol handlers, this plugin handles the technical complexities while giving you complete control. It creates actual files on your server for maximum compatibility and performance, without requiring any special server configuration or technical knowledge.\u003C\u002Fp>\n\u003Cp>Perfect for developers, site owners, and administrators who want a reliable way to manage their site’s \u003Ccode>.well-known\u003C\u002Fcode> directory through a clean, intuitive WordPress interface.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Management\u003C\u002Fstrong>: Simple toggle switches to enable\u002Fdisable \u003Ccode>.well-known\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Physical File Creation\u003C\u002Fstrong>: Creates actual files in the \u003Ccode>.well-known\u003C\u002Fcode> directory for maximum compatibility\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Editing\u003C\u002Fstrong>: Built-in content editor for each file type with syntax highlighting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Default Templates\u003C\u002Fstrong>: Pre-configured templates for common \u003Ccode>.well-known\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validation\u003C\u002Fstrong>: Content validation to ensure files meet required standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Files\u003C\u002Fstrong>: Highlighted support for important files like \u003Ccode>security.txt\u003C\u002Fcode>, \u003Ccode>assetlinks.json\u003C\u002Fcode>, and \u003Ccode>apple-app-site-association\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cleanup\u003C\u002Fstrong>: Removes files when disabled to keep your server clean\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Preservation\u003C\u002Fstrong>: Files and settings are preserved when the plugin is deactivated or uninstalled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Files:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Files\u003C\u002Fstrong>: \u003Ccode>security.txt\u003C\u002Fcode>, \u003Ccode>security-txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>App Associations\u003C\u002Fstrong>: \u003Ccode>assetlinks.json\u003C\u002Fcode>, \u003Ccode>apple-app-site-association\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protocol Handlers\u003C\u002Fstrong>: \u003Ccode>change-password\u003C\u002Fcode>, \u003Ccode>gpc\u003C\u002Fcode>, \u003Ccode>hoba\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Discovery\u003C\u002Fstrong>: \u003Ccode>host-meta\u003C\u002Fcode>, \u003Ccode>host-meta.json\u003C\u002Fcode>, \u003Ccode>nodeinfo\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authentication\u003C\u002Fstrong>: \u003Ccode>openid-configuration\u003C\u002Fcode>, \u003Ccode>oauth-authorization-server\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>And many more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin takes a \u003Cstrong>physical file approach\u003C\u002Fstrong> rather than routing requests through WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>When Enabled\u003C\u002Fstrong>: Creates actual files in your \u003Ccode>.well-known\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When Disabled\u003C\u002Fstrong>: Removes the files from your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Server Configuration\u003C\u002Fstrong>: Works on any hosting setup without requiring \u003Ccode>.htaccess\u003C\u002Fcode> modifications\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum Compatibility\u003C\u002Fstrong>: Files are served directly by your web server for optimal performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Benefits:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Universal Compatibility\u003C\u002Fstrong>: Works on any hosting provider without special configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better Performance\u003C\u002Fstrong>: Files are served directly by the web server, not through WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simplified Setup\u003C\u002Fstrong>: No need to configure rewrite rules or server settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Management\u003C\u002Fstrong>: Files are created and removed automatically based on your settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Server\u003C\u002Fstrong>: Disabled files are completely removed from your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Safety\u003C\u002Fstrong>: Your files and settings remain intact when deactivating or uninstalling the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage files in the .well-known directory with ease.",100,1216,2,"2025-12-16T17:38:00.000Z","6.8.5","5.6","7.4",[90,21],"files","https:\u002F\u002Fgithub.com\u002Fjonoalderson\u002Fwell-known-file-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwell-known-file-manager.1.4.10.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":82,"num_ratings":31,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":106,"tags":107,"homepage":110,"download_link":111,"security_score":73,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"nostr-verify","Nostr Verify","1.2.0","Jeremy Herve","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeherve\u002F","\u003Cp>Nostr Verify is a WordPress plugin that allows you to verify yourself with Nostr, using NIP-05, just like described in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnostr-protocol\u002Fnips\u002Fblob\u002Fmaster\u002F05.md\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Verify yourself with Nostr, using NIP-05",60,2761,"2024-11-12T07:12:00.000Z","6.7.5","6.2","7.2",[47,108,109,21],"jrd","nostr","https:\u002F\u002Fjeremy.hu\u002Fnostr-verify-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnostr-verify.1.2.0.zip",{"slug":113,"name":114,"version":115,"author":113,"author_profile":116,"description":117,"short_description":118,"active_installs":11,"downloaded":119,"rating":82,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":17,"tags":124,"homepage":129,"download_link":130,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":131},"satoshipay","SatoshiPay","1.11","https:\u002F\u002Fprofiles.wordpress.org\u002Fsatoshipay\u002F","\u003Cp>SatoshiPay is a cross-website, 1-click micropayment service based on blockchain technology. To use SatoshiPay your readers don’t need to sign up anywhere or download any additional software. If they come to your site with a pre-filled wallet, they will be able to pay for your content with just a single click. Your payout arrives in your own wallet within seconds. Generate extra income from your posts, pictures, audio, video or downloads! Micropayments have never been this easy.\u003C\u002Fp>\n\u003Cp>As a publisher you only need to install the plugin, register at \u003Ca href=\"https:\u002F\u002Fdashboard.satoshipay.io\u002Fsign-up\" rel=\"nofollow ugc\">SatoshiPay Dashboard\u003C\u002Fa>, create a blockchain wallet for your earnings, and you are ready to go.\u003C\u002Fp>\n","Adds SatoshiPay to your site, allowing you to charge small amounts for posts, images, audios, videos or downloads using micropayments.",7285,6,"2019-07-22T09:21:00.000Z","5.2.24","4.4.5",[125,126,127,128,19],"blockchain","lumen","micropayments","paypal","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsatoshipay\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsatoshipay.1.11.zip","2026-04-06T09:54:40.288Z",{"attackSurface":133,"codeSignals":169,"taintFlows":183,"riskAssessment":184,"analyzedAt":189},{"hooks":134,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":13,"unprotectedCount":13},[135,140,146,150,154,158,161],{"type":136,"name":137,"callback":137,"file":138,"line":139},"filter","query_vars","plugin.php",78,{"type":141,"name":142,"callback":143,"priority":144,"file":138,"line":145},"action","parse_request","delegate_request",99,79,{"type":141,"name":147,"callback":148,"file":138,"line":149},"init","add_rewrite_rules",80,{"type":141,"name":151,"callback":152,"file":138,"line":153},"well-known-uri","well_known_uri",112,{"type":141,"name":155,"callback":156,"file":138,"line":157},"admin_menu","add_plugin_page",122,{"type":141,"name":159,"callback":159,"file":138,"line":160},"admin_notices",123,{"type":141,"name":162,"callback":163,"file":138,"line":164},"admin_init","page_init",124,[],[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":182},[],{"prepared":13,"raw":13,"locations":172},[],{"escaped":174,"rawEcho":61,"locations":175},7,[176,178,180],{"file":138,"line":82,"context":177},"raw output",{"file":138,"line":179,"context":177},139,{"file":138,"line":181,"context":177},207,[],[],{"summary":185,"deductions":186},"The 'create-stellar-toml' v1.0.4 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified entry points such as AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code analysis reveals a complete absence of dangerous functions, direct SQL queries, file operations, and external HTTP requests, which are common vectors for vulnerabilities. The fact that all identified SQL queries utilize prepared statements is a positive indicator of secure database interaction.\n\nHowever, there are minor areas for improvement. The output escaping is not fully comprehensive, with 30% of outputs not being properly escaped. While there are no identified taint flows or known CVEs, the absence of capability checks and nonce checks on any potential entry points (even though none are currently exposed) could become a concern if new functionalities are added in the future that introduce such points without proper security measures. The plugin's vulnerability history being entirely clear is a positive sign, suggesting a proactive approach to security from its developers or a lack of targeted attacks.\n\nIn conclusion, 'create-stellar-toml' v1.0.4 is currently a very secure plugin. Its limited attack surface and secure coding practices for database interactions are commendable. The primary area for enhancement is ensuring consistent and proper output escaping for all user-facing data. While the lack of known vulnerabilities is excellent, future development should prioritize the inclusion of appropriate authorization and nonce checks if any new entry points are introduced to maintain this high level of security.",[187],{"reason":188,"points":174},"Improper output escaping","2026-04-16T12:38:28.016Z",{"wat":191,"direct":197},{"assetPaths":192,"generatorPatterns":193,"scriptPaths":194,"versionParams":196},[],[],[195],"\u002Fwp-content\u002Fplugins\u002Fcreate-stellar-toml\u002Fstellar_icon_300px.png",[],{"cssClasses":198,"htmlComments":199,"htmlAttributes":200,"restEndpoints":202,"jsGlobals":203,"shortcodeOutput":204},[],[],[201],"name=\"create-stellar-toml-settings-submit\"",[],[],[],{"error":206,"url":207,"statusCode":208,"statusMessage":209,"message":209},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fcreate-stellar-toml\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":211},[]]