[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fmIJrdYWUjOxdQGoWRAsgnDizP8GnNvSAGdlb26nquEk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":15,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":33,"analysis":141,"fingerprints":171},"ctrlcmd-save","CTRL\u002FCMD Save for WordPress","1.1","dpoakaspine","https:\u002F\u002Fprofiles.wordpress.org\u002Fdpoakaspine\u002F","\u003Cp>Save your posts with the all-known shortcut CTRL + S (Windows) or CMD + S (Mac)\u003C\u002Fp>\n","Save posts easier with the keyboard shortcuts.",0,1105,"2018-01-17T07:01:00.000Z","4.9.29","",[17,18,19,20,21],"admin","apple","mac","save","windows","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fctrlcmd-save.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":23,"computed_at":32},9,630,87,30,"2026-04-04T18:22:37.685Z",[34,57,80,100,118],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":15,"tags":49,"homepage":55,"download_link":56,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"toolbar-publish-button","Toolbar Publish Button","1.8","webbistro","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebbistro\u002F","\u003Cp>Too often it turns out very inconvenient to scroll WordPress admin page back and forth in the quest for the big blue button to save latest changes.\u003C\u002Fp>\n\u003Cp>Simple jQuery script of this plugin duplicates Update \u002F Publish \u002F Save Changes \u002F Save Draft \u002F Preview Changes button for posts, pages, custom posts, taxonomies, user profiles, and settings to the top WordPress admin bar, so that it stays on site while you are scrolling your admin page. The plugin options allow to keep the scrollbar position after saving.\u003C\u002Fp>\n\u003Cp>The plugin is well-integrated with the Advanced Custom Fields, and capable to leave open ACF field groups after saving your edits.\u003C\u002Fp>\n\u003Cp>The plugin does not affect any native WordPress functionality, it just redirects your click to the original button, and uses the current button text, of course, with the current language.\u003C\u002Fp>\n\u003Ch4>Plugin options allow:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>to keep the scrollbar position after saving for admin pages including Plugins page on activation \u002F deactivation,\u003C\u002Fli>\n\u003Cli>to choose which buttons to show on the admin bar,\u003C\u002Fli>\n\u003Cli>to move buttons to the right side of the Toolbar,\u003C\u002Fli>\n\u003Cli>to set a background color for its buttons to highlight them.\u003C\u002Fli>\n\u003C\u002Ful>\n","Scroll less in WordPress admin area! A small UX improvement will keep Publish button within reach and retain the scrollbar position after saving.",6000,91543,96,46,"2021-08-28T08:15:00.000Z","5.8.13","5.0",[50,51,52,53,54],"publish-button","save-button","scroll","scroll-less","wp-admin","https:\u002F\u002FwpUXsolutions.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoolbar-publish-button.1.8.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":11,"num_ratings":11,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":77,"download_link":78,"security_score":79,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"heartbeat-controller","Heartbeat Controller","1.0","Abdur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fdevabdurrahman\u002F","\u003Cp>“Heartbeat Controller” helps you reduce server load by managing WordPress’s built-in Heartbeat API. WordPress uses the Heartbeat API to make frequent background requests to \u003Ccode>admin-ajax.php\u003C\u002Fcode>, which can overwhelm your server especially on shared or VPS hosting.\u003C\u002Fp>\n\u003Cp>This plugin provides a clean, user-friendly interface that lets you:\u003Cbr \u002F>\n– ✅ Enable or disable Heartbeat API\u003Cbr \u002F>\n– ✅ Adjust Heartbeat frequency (interval in seconds)\u003Cbr \u002F>\n– ✅ Control behavior per section: Dashboard, Post Editor, Frontend\u003Cbr \u002F>\n– ✅ Instantly apply changes without code\u003C\u002Fp>\n\u003Cp>Ideal for performance-conscious site owners and developers.\u003C\u002Fp>\n\u003Cp>🛠 No need to write a single line of code. Everything is controllable through the WordPress admin.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Control WordPress Heartbeat activity from the admin panel\u003C\u002Fli>\n\u003Cli>Apply settings independently for:\n\u003Cul>\n\u003Cli>Admin Dashboard\u003C\u002Fli>\n\u003Cli>Post\u002FPage Editor\u003C\u002Fli>\n\u003Cli>Frontend (theme side)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Choose from:\n\u003Cul>\n\u003Cli>Allow (default WordPress behavior)\u003C\u002Fli>\n\u003Cli>Disallow (disable AJAX polling)\u003C\u002Fli>\n\u003Cli>Modify frequency (set custom interval, e.g., 60 seconds)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Built-in protection to prevent unsafe frequency (minimum 15s)\u003C\u002Fli>\n\u003Cli>Lightweight and developer-friendly\u003C\u002Fli>\n\u003Cli>Clean UI that follows WordPress standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About the Developer\u003C\u002Fh3>\n\u003Cp>Created and maintained by “Abdur Rahman”, a WordPress developer passionate about performance, custom plugins, and helping businesses scale through fast and secure websites.\u003C\u002Fp>\n\u003Cp>🔗 \u003Ca href=\"https:\u002F\u002Fdevabdurrahman.com\" rel=\"nofollow ugc\">Visit My Portfolio\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Need a custom plugin? Reach out for collaborations or freelance projects!\u003C\u002Fp>\n","Control WordPress Heartbeat API to reduce load. Allow, disable, or set custom frequency for Dashboard, Post Editor, and Frontend.",600,1661,"2025-07-28T20:10:00.000Z","6.8.5","5.2","7.2",[72,73,74,75,76],"admin-ajax-php","autosave","heartbeat","heartbeat-api","performance","https:\u002F\u002Fgithub.com\u002Fdevabdurrahman\u002Fheartbeat-controller","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheartbeat-controller.1.0.zip",100,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":11,"num_ratings":11,"last_updated":15,"tested_up_to":90,"requires_at_least":15,"requires_php":15,"tags":91,"homepage":97,"download_link":98,"security_score":79,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":99},"ibar","iBar","19.05","Linesh Jose","https:\u002F\u002Fprofiles.wordpress.org\u002Flineshjose\u002F","\u003Cp>This is a \u003Cstrong>Mac OSX Menubar\u003C\u002Fstrong> like \u003Cstrong>WordPres\u003C\u002Fstrong> adminbar\u002Ftoolbar theme, designed for Mac and WordPress lovers. Read more about \u003Ca href=\"https:\u002F\u002Flinesh.com\u002Fprojects\u002Fibar\u002F\" rel=\"nofollow ugc\">iBar\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support & more informations visit https:\u002F\u002Flinesh.com\u002Fforums\u002Fforum\u002Fplugins\u002Fibar\u002F.\u003C\u002Fp>\n","This is a Mac OSX Menubar like WordPres adminbar\u002Ftoolbar theme, designed for Mac and WordPress lovers.",10,2374,"5.2.24",[92,93,94,95,96],"admin-bar","adminbar","mac-like-admin-bar","macos","toolbar","https:\u002F\u002Flinesh.com\u002Fprojects\u002Fibar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fibar.zip","2026-03-15T10:48:56.248Z",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":88,"downloaded":108,"rating":79,"num_ratings":109,"last_updated":15,"tested_up_to":110,"requires_at_least":111,"requires_php":70,"tags":112,"homepage":116,"download_link":117,"security_score":79,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":99},"my-desktop","My Desktop – Manage your site from a web desktop","1.2","Manuel Canga","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrasweb\u002F","\u003Cp>Manage your site from a web desktop. Do multitasking with  windows, click icons, use notes. Jump to any place in your wp-admin quickly.\u003C\u002Fp>\n\u003Cp>The system users will interact with My Desktop very much the same way they would interact with a regular desktop operating system,\u003Cbr \u002F>\nbut they work will be editing editing posts or approving comments.\u003C\u002Fp>\n\u003Ch3>Thanks\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fcarazo\u002F\" rel=\"nofollow ugc\">Javier Carazo\u003C\u002Fa> for testing this plugin.\u003C\u002Fli>\n\u003Cli>Monty for his \u003Ca href=\"https:\u002F\u002Fdiariodeunfriki.com\u002Fconvierte-tu-wordpress-en-un-desktop-con-my-desktop-plugin\u002F\" rel=\"nofollow ugc\">review\u003C\u002Fa> of this plugin.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Send me bugs or improvements\u003C\u002Fh3>\n\u003Cp>If you’re interested in contributing to My Desktop, head to the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmanuelcanga\u002Fmy-desktop\u002F\" rel=\"nofollow ugc\">My Desktop GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Manage your site from a web desktop. Do multitasking with  windows, click icons, use notes. Jump to any place in your wp-admin quickly.",1516,2,"6.0.11","4.9.0",[17,113,114,115,21],"desktop","manage","tasks","https:\u002F\u002Fgithub.com\u002Fmanuelcanga\u002Fmy-desktop","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmy-desktop.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":44,"num_ratings":128,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":137,"download_link":138,"security_score":30,"vuln_count":139,"unpatched_count":11,"last_vuln_date":140,"fetched_at":25},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29791210,1020,"2026-03-02T12:38:00.000Z","6.9.4","3.0","5.5",[134,17,135,119,136],"access","login","security","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",8,"2024-11-04 00:00:00",{"attackSurface":142,"codeSignals":154,"taintFlows":161,"riskAssessment":162,"analyzedAt":170},{"hooks":143,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":11,"unprotectedCount":11},[144],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_enqueue_scripts","ctrlsave_load_scripts","index.php",16,[],[],[],[],{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":160},[],{"prepared":11,"raw":11,"locations":157},[],{"escaped":11,"rawEcho":11,"locations":159},[],[],[],{"summary":163,"deductions":164},"The \"ctrlcmd-save\" plugin version 1.1 exhibits a very strong security posture based on the provided static analysis. The absence of any identified attack surface points, such as AJAX handlers, REST API routes, shortcodes, or cron events, significantly reduces the potential for external exploitation. Furthermore, the code's adherence to secure coding practices is evident, with no dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The lack of file operations and external HTTP requests further limits potential attack vectors. The plugin also demonstrates a clean vulnerability history, with no recorded CVEs of any severity. This indicates a well-maintained and likely secure plugin. The primary concern, albeit minor given the other strengths, is the complete absence of nonce and capability checks. While the current attack surface is zero, this could become a concern if new entry points are introduced in future versions without proper security measures. However, based on the current data, the plugin is highly secure.",[165,168],{"reason":166,"points":167},"Missing nonce checks",5,{"reason":169,"points":167},"Missing capability checks","2026-03-17T07:22:00.877Z",{"wat":172,"direct":179},{"assetPaths":173,"generatorPatterns":175,"scriptPaths":176,"versionParams":178},[174],"\u002Fwp-content\u002Fplugins\u002Fctrlcmd-save\u002Fscript.js",[],[177],"script.js",[],{"cssClasses":180,"htmlComments":181,"htmlAttributes":182,"restEndpoints":183,"jsGlobals":184,"shortcodeOutput":185},[],[],[],[],[],[]]