[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flMhCFpX8B5DKkIw2wemByVYmp_9cgFG9gnqBLGg3gwU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":8,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":141,"fingerprints":242},"custom-dashboard-messages","Zedna Custom Dashboard Messages","2.2.2","Radek Mezulanik","https:\u002F\u002Fprofiles.wordpress.org\u002Fzedna\u002F","\u003Cp>You can write a main message, visible to everybody in dashboard widget. You can also write a bunch of messages in different dashboard widget, visible for all users with rights.\u003Cbr \u002F>\nAdmin can read and write all the messages and setup user roles, who can read and write custom messages.\u003C\u002Fp>\n","Allow admin to write messages on user dashboard.",100,4392,76,5,"2020-12-22T14:21:00.000Z","5.6.0","5.0.0","",[20,21,22,23,24],"admin","custom","dashoard","message","user","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-dashboard-messages.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"zedna",15,570,87,2856,70,"2026-04-04T06:26:20.174Z",[40,63,85,105,125],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":11,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":27,"last_vuln_date":62,"fetched_at":29},"simple-membership-custom-messages","Simple Membership Custom Messages","2.6","wp.insider","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpinsider-1\u002F","\u003Cp>This addon allows you to customize the content protection message that gets output from the membership plugin.\u003C\u002Fp>\n\u003Cp>You will be able to specify your custom messages for different types of protection message.\u003C\u002Fp>\n\u003Cp>This addon requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-membership\u002F\" rel=\"ugc\">Simple Membership Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>After you install this addon, go to the “Custom Message” menu from the admin dashboard to use it.\u003C\u002Fp>\n\u003Cp>Read \u003Ca href=\"https:\u002F\u002Fsimple-membership-plugin.com\u002Fsimple-membership-custom-messages-addon\u002F\" rel=\"nofollow ugc\">Usage Documentation\u003C\u002Fa>\u003C\u002Fp>\n","Simple Membership Addon to customize various content protection messages.",7000,111926,4,"2026-01-04T01:19:00.000Z","6.9.4","6.0",[21,55,23,56,57],"membership","protection-message","users","https:\u002F\u002Fsimple-membership-plugin.com\u002Fsimple-membership-custom-messages-addon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-membership-custom-messages.2.6.zip",99,1,"2025-01-18 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":14,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":18,"tags":77,"homepage":83,"download_link":84,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-custom-admin-bar","WP Custom Admin Bar","1.3.5","Wes Todd","https:\u002F\u002Fprofiles.wordpress.org\u002Fjawesomeclay\u002F","\u003Cp>A really simple and easy to use plugin to help gain control of the new Admin Bar.\u003Cbr \u002F>\nThis gives you options to change who sees the Admin Bar based on their user role,\u003Cbr \u002F>\nchange or override the default styling or remove the Admin Bar altogether.\u003Cbr \u002F>\nIt adds a menu to the Admin Bar which gives you the ability to disable it on a\u003Cbr \u002F>\nsingle page or sitewide for a single browser session.\u003C\u002Fp>\n\u003Cp>WP Custom Admin Bar supports Custom Roles.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwesleytodd.com\u002Fcontact\" rel=\"nofollow ugc\">Contact Me\u003C\u002Fa>\u003C\u002Fp>\n","A really simple and easy to use plugin to help gain control of the new Admin Bar.",400,51128,84,"2012-02-25T14:36:00.000Z","3.3.2","3.1",[78,79,80,81,82],"admin-bar","customize-admin-bar","hide","removal","user-controls","http:\u002F\u002Fwesleytodd.com\u002F?custom-plugin=admin-bar-control","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-custom-admin-bar.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":94,"num_ratings":61,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":98,"homepage":103,"download_link":104,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"ss-fcm-notifications","Send FCM notifications","1.0","dselvainfotech","https:\u002F\u002Fprofiles.wordpress.org\u002Fdselvainfotech\u002F","\u003Cp>Easily send notifications to all of your android app user by using google Firebase Cloud Messaging key. No third-party service required. You can send custom message to all your android app user in a single click.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cp>Send Notifications to all of android app user :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Firebase Cloud Messaging (FCM)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Instant notifications.\u003C\u002Fstrong> Notifications appear as message alerts and even sound alerts.\u003C\u002Fp>\n\u003Ch4>Who Is This Plugin For?\u003C\u002Fh4>\n\u003Cp>This plugin is for mobile developers who do not want to develop their server-side back-end. Supporting push notifications is incredibly complicated. This plugin lets you focus on creating the apps, without the hassle. you can send custom notification to all of your android app user in a single click.\u003C\u002Fp>\n","Send notifications to all your Android app user without paying fees as it does not use third-party servers.",2480,80,"2018-01-09T08:10:00.000Z","4.9.29","3.4",[99,100,101,102],"bulk-messaging-by-google-firebase","custom-firebase-messaging","google-firebase-cloud-messaging","send-message-to-all-android-app-user","http:\u002F\u002Fdselva.co.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fss-fcm-notifications.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":27,"num_ratings":27,"last_updated":115,"tested_up_to":116,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":123,"download_link":124,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"edit-profile-fields","Edit Profile Fields","1.0.0","wezley","https:\u002F\u002Fprofiles.wordpress.org\u002Fwezley\u002F","\u003Cp>Create, show, hide and delete custom contact info fields on your users profiles.\u003C\u002Fp>\n\u003Cp>Add extra fields to the ‘Contact Info’ section of the user profile page!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add unlimited fields to the Contact Info section\u003C\u002Fli>\n\u003Cli>Name the fields anything you want\u003C\u002Fli>\n\u003Cli>Show or hide your custom fields\u003C\u002Fli>\n\u003Cli>Delete your custom fields and user data\u003C\u002Fli>\n\u003Cli>Show or hide the Colour Scheme Picker\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit https:\u002F\u002Feditprofilefields.com to suggest or request a feature!\u003C\u002Fp>\n","Create, show, hide and delete custom contact info fields on your users profiles.",10,1598,"2020-11-07T14:40:00.000Z","5.5.18","5.5","7.0",[20,120,121,122],"custom-profile","profile","user-profile","https:\u002Fcustomprofilefields.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fedit-profile-fields.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":113,"downloaded":133,"rating":27,"num_ratings":27,"last_updated":134,"tested_up_to":96,"requires_at_least":135,"requires_php":18,"tags":136,"homepage":139,"download_link":140,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"post-updated-messages","Post Updated Messages","1.0.2","Morgan Estes","https:\u002F\u002Fprofiles.wordpress.org\u002Fmorganestes\u002F","\u003Cp>Changes the default “Post updated” message to reflect the actual post type. It uses the labels set when a\u003Cbr \u002F>\npost type is registered to display “My Post Type updated”.\u003C\u002Fp>\n\u003Ch3>Cow Picture\u003C\u002Fh3>\n\u003Cpre>\u003Ccode> ______________________________\n\u003C Post Updated Messages Rocks! >\n ------------------------------\n        \\   ^__^\n         \\  (oo)\\_______\n            (__)\\       )\\\u002F\\\n                ||----w |\n                ||     ||\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Tailored updated messages for custom post types.",1383,"2018-02-22T00:29:00.000Z","3.7.0",[20,137,138],"custom-post-types","post-messages","https:\u002F\u002Fmorganestes.com\u002Fplugins\u002Fpost-updated-messages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-updated-messages.1.0.2.zip",{"attackSurface":142,"codeSignals":205,"taintFlows":232,"riskAssessment":233,"analyzedAt":241},{"hooks":143,"ajaxHandlers":201,"restRoutes":202,"shortcodes":203,"cronEvents":204,"entryPointCount":27,"unprotectedCount":27},[144,149,153,157,161,165,168,172,176,180,184,187,191,195,198],{"type":145,"name":146,"callback":147,"file":148,"line":33},"action","init","create_post_type_cd_message_1","custom-dashboard.php",{"type":145,"name":150,"callback":151,"file":148,"line":152},"add_meta_boxes_cd_message_1","cd_message_1_metaboxes",37,{"type":145,"name":154,"callback":155,"file":148,"line":156},"save_post_cd_message_1","cd_message_1_save_post",63,{"type":145,"name":158,"callback":159,"file":148,"line":160},"admin_menu","cd_remove_admin_menu",83,{"type":145,"name":162,"callback":163,"file":148,"line":164},"wp_dashboard_setup","cd_move_dashboard_widget",102,{"type":145,"name":162,"callback":166,"file":148,"line":167},"cd_add_dashboard_widgets",159,{"type":145,"name":158,"callback":169,"file":170,"line":171},"cdsm_options_menu","single-message.php",56,{"type":145,"name":173,"callback":174,"file":170,"line":175},"wpmu_options","cdsm_network_settings",59,{"type":145,"name":177,"callback":178,"file":170,"line":179},"update_wpmu_options","cdsm_save_network_settings",62,{"type":145,"name":181,"callback":182,"file":170,"line":183},"admin_init","cdsm_admin_init",65,{"type":145,"name":162,"callback":185,"file":170,"line":186},"cdsm_remove_site_dash_widgets",68,{"type":145,"name":188,"callback":189,"file":170,"line":190},"wp_network_dashboard_setup","cdsm_remove_network_dash_widgets",71,{"type":145,"name":192,"callback":193,"file":170,"line":194},"wp_user_dashboard_setup","cdsm_remove_global_dashboard_widgets",74,{"type":145,"name":162,"callback":196,"file":170,"line":197},"cdsm_add_dash_welcome_site",88,{"type":145,"name":192,"callback":199,"file":170,"line":200},"cdsm_add_dash_welcome_global",92,[],[],[],[],{"dangerousFunctions":206,"sqlUsage":207,"outputEscaping":209,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":14,"bundledLibraries":231},[],{"prepared":27,"raw":27,"locations":208},[],{"escaped":210,"rawEcho":211,"locations":212},6,9,[213,216,218,220,222,224,226,228,229],{"file":170,"line":214,"context":215},249,"raw output",{"file":170,"line":217,"context":215},255,{"file":170,"line":219,"context":215},379,{"file":170,"line":221,"context":215},380,{"file":170,"line":223,"context":215},392,{"file":170,"line":225,"context":215},465,{"file":170,"line":227,"context":215},606,{"file":170,"line":227,"context":215},{"file":170,"line":230,"context":215},608,[],[],{"summary":234,"deductions":235},"The \"custom-dashboard-messages\" v2.2.2 plugin exhibits a generally positive security posture based on the provided static analysis. Notably, it has a zero attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events that are exposed and unprotected. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding file operations or external HTTP requests, which are common vectors for vulnerabilities. The absence of known CVEs and a clean vulnerability history further contribute to this positive assessment, suggesting a well-maintained and secure plugin over time.\n\nHowever, a significant concern arises from the output escaping. With 15 total outputs and only 40% properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. Unsanitized user input that is later displayed to other users without proper encoding can be exploited to inject malicious scripts, potentially leading to account takeovers or data theft. Additionally, the complete absence of nonce checks and a low number of capability checks (though no unprotected entry points were found) might indicate a lack of defense-in-depth, relying solely on the absence of direct entry points rather than validating user intent and permissions within any potential future or less obvious interaction points.\n\nIn conclusion, while the plugin scores well on attack surface and SQL security, the low percentage of properly escaped output presents a tangible and potentially severe risk. The lack of any recorded vulnerabilities in its history is a strength, but this should not overshadow the identified output escaping deficiency. Prioritizing the remediation of unescaped output is crucial for mitigating XSS risks.",[236,239],{"reason":237,"points":238},"Low percentage of properly escaped output",8,{"reason":240,"points":14},"No nonce checks implemented","2026-03-16T21:04:48.970Z",{"wat":243,"direct":250},{"assetPaths":244,"generatorPatterns":246,"scriptPaths":247,"versionParams":248},[245],"\u002Fwp-content\u002Fplugins\u002Fcustom-dashboard-messages\u002Fstyle.css",[],[],[249],"custom-dashboard-messages\u002Fstyle.css?ver=",{"cssClasses":251,"htmlComments":253,"htmlAttributes":254,"restEndpoints":261,"jsGlobals":262,"shortcodeOutput":263},[252],"dashboard-message1",[],[255,256,257,258,259,260],"name='cd_min_role_to_see'","value='manage_options'","value='publish_pages'","value='publish_posts'","value='read'","value='all'",[],[],[]]