[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0E4mFJIb0miWk10_t8vJ3d4Di1QxOJxxed4CDLxJC7s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":142,"fingerprints":253},"custom-error-pages","Custom Error Pages","1.2","Jesin A","https:\u002F\u002Fprofiles.wordpress.org\u002Fjesin\u002F","\u003Cp>WordPress offers inbuilt support for custom 404 pages on all themes. But what about custom pages for other common errors like 401 and 403? You end up seeing a bland error page of the Web Server.\u003C\u002Fp>\n\u003Cp>With this plugin you can easily create custom 401 and 403 error pages with any theme without writing a single line of code!!! And the best part is that you set it and forget it. Yes, you don’t have to do any changes even if you change themes. The heading and text you want on 401 and 403 error pages are displayed on the currently active theme.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebsistent.com\u002Fwordpress-custom-403-401-error-page\u002F\" rel=\"nofollow ugc\">Create WordPress 401 and 403 error pages\u003C\u002Fa> WITHOUT using this plugin\u003C\u002Fli>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fwebsistent.com\u002Fwordpress-plugins\u002Fcustom-error-pages\u002F\" rel=\"nofollow ugc\">Custom Error Pages Plugin\u003C\u002Fa> official homepage.\u003C\u002Fli>\n\u003C\u002Ful>\n","Create custom 401 and 403 error pages with any WordPress theme without writing a single line of code, set it up and forget it.",600,20355,100,12,"2023-05-22T16:14:00.000Z","6.2.9","3.3.0","",[20,21,22,23,24],"401","403","404","error","errors","https:\u002F\u002Fwebsistent.com\u002Fwordpress-plugins\u002Fcustom-error-pages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-error-pages.1.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"jesin",3,670,30,84,"2026-04-04T04:19:16.230Z",[40,57,80,98,119],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":28,"num_ratings":28,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":18,"download_link":56,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"static-404","Static 404","1.1.0","Brad Parbs","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradparbs\u002F","\u003Cp>Quickly output a 404 for static files that aren’t found, rather than loading the normal 404 page.\u003C\u002Fp>\n\u003Cp>Any static files ( images, text, pdfs, etc ) that don’t exist will 404 as soon as possible, rather than loading the entire WordPress application.\u003C\u002Fp>\n\u003Ch3>Details\u003C\u002Fh3>\n\u003Cp>By default, the list of extensions to check are the results of \u003Ccode>wp_get_ext_types\u003C\u002Fcode>, but can be filtered with \u003Ccode>static_404_extensions\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>The output is a static page with the text \u003Ccode>404 Not Found\u003C\u002Fcode>, this text can be edited by filtering \u003Ccode>static_404_message\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>A 404 status code will be used, but can be filtered with \u003Ccode>static_404_response_code\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Passing true to \u003Ccode>static_404_should_process_request\u003C\u002Fcode> will short-circuit and skip processing the request. This filter gets passed the current request.\u003C\u002Fp>\n","A WordPress plugin to quickly send a 404 for missing static files.",3000,4685,"2021-08-20T15:47:00.000Z","5.8.13","5.2","5.6",[22,24,55],"performance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstatic-404.1.1.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":13,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":78,"download_link":79,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"security-safe","Security Safe","3.0.1","Sovereign Stack, LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Fsovstack\u002F","\u003Ch3>WP FIREWALL\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Detects and Logs Threats\u003C\u002Fli>\n\u003Cli>Add Firewall Rules to Allow and Deny IP Addresses With Internal Notes\u003C\u002Fli>\n\u003Cli>Historical Log of Firewall Blocks With Visual Chart\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP LOGIN SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable XML-RPC.php\u003C\u002Fli>\n\u003Cli>Brute Force Protection\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Automatically Block IPs Based on Threat Score\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Priority Support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP PRIVACY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Hide WordPress CMS Version\u003C\u002Fli>\n\u003Cli>Hide Script Versions\u003C\u002Fli>\n\u003Cli>Make Website Anonymous During Updates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Make Theme Versions Private\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Make Plugin Versions Private\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP CORE, THEME, AND PLUGIN FILE SECURITY\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable Editing Theme Files\u003C\u002Fli>\n\u003Cli>Audit & Fix File Permission\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Bulk Fix File Permissions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[Pro]\u003C\u002Fstrong> Automatically Fix Theme\u002FPlugin File Permissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>OTHER FEATURES\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>404 Error Logging\u003C\u002Fli>\n\u003Cli>Content Copyright Protection\u003C\u002Fli>\n\u003Cli>Audit Hosting Software Versions\u003C\u002Fli>\n\u003Cli>Various Logs and Charts\u003C\u002Fli>\n\u003Cli>Turn On\u002FOff All Security Policies Easily\u003C\u002Fli>\n\u003Cli>Import\u002FExport Settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Every WordPress security plugin becomes more complicated and bloated as more features are added. As a plugin’s code grows, it consumes more time to load, thus slowing down your website. Security Safe’s purpose is to protect your website from the majority of threats with minimal impact on website load time. We constantly test our load performance to ensure our features to ensure it continues to run fast and lean.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Note: \u003Ca href=\"https:\u002F\u002Fcheckout.freemius.com\u002Fmode\u002Fdialog\u002Fplugin\u002F2439\u002Fplan\u002F3762\u002F\" rel=\"nofollow ugc\">Upgrade to Security Safe Pro\u003C\u002Fa> to unlock advanced Pro features.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Twitter: \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FwpSecuritySafe\u002F\" rel=\"nofollow ugc\">Follow Security Safe\u003C\u002Fa>\u003Cbr \u002F>\nWebsite: \u003Ca href=\"https:\u002F\u002Fwpsecuritysafe.com\" rel=\"nofollow ugc\">Security Safe\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>LANGUAGE SUPPORT\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fsecurity-safe\" rel=\"nofollow ugc\">Translate this plugin in your language.\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Videos\u003C\u002Fh3>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"Easy Setup in about 2 Minutes - WP Security Safe\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F360060065?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch3>More Plugins By The Same Author\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffix-alt-text\u002F\" rel=\"ugc\">Fix Alt Text\u003C\u002Fa> – Fix Alt Text will help you manage your image alt text easier for better website SEO and accessibility.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwhere-used\u002F\" rel=\"ugc\">WhereUsed\u003C\u002Fa> – Helps you find where pages and other things are referenced throughout your site.\u003C\u002Fli>\n\u003C\u002Ful>\n","This security plugin helps you quickly audit, harden, and secure your WordPress website.",700,20512,13,"2026-03-09T05:45:00.000Z","6.9.4","6.1","8.1",[73,74,75,76,77],"404-errors","disable-xmlrpc","firewall","limit-login","wp-security","https:\u002F\u002Fwpsecuritysafe.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-safe.3.0.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":28,"num_ratings":28,"last_updated":90,"tested_up_to":69,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":96,"download_link":97,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"f4-error-pages","F4 Error Pages","1.0.14","FAKTOR VIER","https:\u002F\u002Fprofiles.wordpress.org\u002Ffaktorvier\u002F","\u003Cp>Sometimes the WordPress default error page handling is not enough, because it only shows a simple text or you have to create a custom 404 template with (more) static content.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.f4dev.ch\" rel=\"nofollow ugc\">F4 Error Pages\u003C\u002Fa> allows you to assign any existing page from your installation to be shown, if a page is not found or the permissions for a request is denied.\u003Cbr \u002F>\nSo you can create nice and informative error pages with your own content elements or whatever you like, fast, without overhead and unnecessary features.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>After installation you can assign existing pages as error pages. By default there are no pages assigned.\u003Cbr \u002F>\nYou can access the settings page either if you click the ‘Settings’ link in the plugins list or you can find it directly in the menu (Settings -> Error Pages).\u003C\u002Fp>\n\u003Ch4>Features overview\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show custom page if requested url is not found (404)\u003C\u002Fli>\n\u003Cli>Show custom page if permission is denied (403)\u003C\u002Fli>\n\u003Cli>Easy to use\u003C\u002Fli>\n\u003Cli>Lightweight and optimized\u003C\u002Fli>\n\u003Cli>100% free!\u003C\u002Fli>\n\u003C\u002Ful>\n","With this simple plugin you can assign custom pages (with custom content etc.) as error pages. This works for 404 (page not found) and 403 (forbidden\u002F &hellip;",300,5215,"2025-12-15T16:01:00.000Z","5.0","7.0",[21,22,94,95,23],"403-page","404-page","https:\u002F\u002Fgithub.com\u002Ffaktorvier\u002Ff4-error-pages","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ff4-error-pages.1.0.14.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":69,"requires_at_least":91,"requires_php":111,"tags":112,"homepage":18,"download_link":118,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gone-response","Gone Response","1.1","Kurban Ali","https:\u002F\u002Fprofiles.wordpress.org\u002Fkurbanali\u002F","\u003Cp>This plugin returns a 410 Gone HTTP status for all 404 errors while still displaying the 404 content to users. Useful for SEO and notifying search engines that the page is gone, but still showing users the default 404 page content.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic 410 Status for Missing Pages\u003C\u002Fstrong> – Automatically sends a 410 Gone HTTP status for all 404 errors, helping search engines recognize permanently removed content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Retains 404 Page Content\u003C\u002Fstrong> – Displays your theme’s default 404 page content to users, preserving the user experience while signaling the page is gone.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO-Friendly\u003C\u002Fstrong> – Enhances SEO by informing search engines that removed pages are permanently gone, which can aid in quicker de-indexing of outdated URLs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Hassle-Free\u003C\u002Fstrong> – Simple, efficient functionality with no configuration required, making it easy to install and use without any setup.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Compatible with All Themes\u003C\u002Fstrong> – Works seamlessly with any WordPress theme, using the theme’s existing 404 template for consistent branding and design.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is ideal for site owners looking to manage removed pages effectively while improving SEO and user experience.\u003C\u002Fp>\n\u003Ch3>Stay connected\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fkurbanali\u002F\" rel=\"nofollow ugc\">View on Linkedin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.kurbanali.com\u002F\" rel=\"nofollow ugc\">Project developed by \u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fkurbanbd\" rel=\"nofollow ugc\">Follow on Twitter\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later license. For more information, see \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","Show the 404 page content with a 410 Gone status for all 404 errors.",200,1353,90,6,"2025-12-10T07:10:00.000Z","7.1",[113,114,115,116,117],"404-error","410-status","custom-410-status-for-404-errors","redirect","seo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgone-response.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":69,"requires_at_least":132,"requires_php":52,"tags":133,"homepage":138,"download_link":139,"security_score":140,"vuln_count":34,"unpatched_count":28,"last_vuln_date":141,"fetched_at":30},"eps-301-redirects","301 Redirects – Redirect Manager","2.83","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp301redirects.com\u002F?ref=wporg\" rel=\"nofollow ugc\">301 Redirects\u003C\u002Fa> helps you manage and create 301, 302, 307 redirects for WordPress site to \u003Cstrong>improve SEO & visitor experience\u003C\u002Fstrong>. 301 Redirects is easy to use. Perfect for new sites or repairing links after reorganizing your old content, or when your site has content that expires and you wish to avoid sending visitors to a 404 error page and want to create redirection instead. Use the 404 error log to identify problematic links & create new redirections.\u003C\u002Fp>\n\u003Cp>301 Redirects GUI is located in WP Admin – Settings – 301 Redirects\u003Cbr \u002F>\n404 Error Log widget can be found in the WP Admin – Dashboard\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Choose from Pages, Posts, Custom Post types, Archives, and Term Archives from dropdown menu to create redirection\u003C\u002Fli>\n\u003Cli>Or, set a custom destination URL!\u003C\u002Fli>\n\u003Cli>Retain query strings across redirects\u003C\u002Fli>\n\u003Cli>Super-fast redirection\u003C\u002Fli>\n\u003Cli>404 error log\u003C\u002Fli>\n\u003Cli>404 error log widget\u003C\u002Fli>\n\u003Cli>Import\u002FExport feature for bulk redirects management\u003C\u002Fli>\n\u003Cli>Simple redirect stats so you know how much a redirection is used\u003C\u002Fli>\n\u003Cli>Fully compatible with translation plugins (Weglot, TranslatePress, Gtranslate, Loco Translate) that use lang prefix in URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Need more features?\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwp301redirects.com\u002F?ref=wporg\" rel=\"nofollow ugc\">WP 301 Redirects PRO\u003C\u002Fa> offers wildcard & regular expression URL matching, auto-typo fixing in URLs, complete redirect and 404 log, link scanner, and a centralized SaaS dashboard to monitor redirects on all your sites from one place.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is a 301 Redirect?\u003C\u002Fstrong>\u003Cbr \u002F>\nA redirect is a simple way to re-route traffic coming to a \u003Cem>Requested URL\u003C\u002Fem> to different \u003Cem>Destination URL\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>A 301 redirect indicates that the page requested has been permanently moved to the \u003Cem>Destination URL\u003C\u002Fem>, and helps pass on the \u003Cem>Requested URLs\u003C\u002Fem> traffic in a search engine friendly manner. Creating a 301 redirect tells search engines that the \u003Cem>Requested URL\u003C\u002Fem>  has moved permanently, and that the content can now be found on the \u003Cem>Destination URL\u003C\u002Fem>. An important feature is that search engines will pass along any clout the \u003Cem>Requested URL\u003C\u002Fem> used to have to the \u003Cem>Destination URL\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F70Yn_lO_8BA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>\u003Cstrong>When Should I use 301 Redirects?\u003C\u002Fstrong>\u003Cbr \u002F>\n* Replacing an old site design with a new site design\u003Cbr \u002F>\n* Overhauling or re-organizing your existing WordPress content\u003Cbr \u002F>\n* You have content that expires (or is otherwise no longer available) and you wish to redirect users elsewhere\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Is the 404 error log GDPR friendly?\u003C\u002Fstrong>\u003Cbr \u002F>\nThe 404 error log does not collect user IPs. It collects the following data: timestamp of the event, the (404) URL that was opened, and the user-agent string.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Having problems with SSL? Moving a site from HTTP to HTTPS?\u003C\u002Fstrong>\u003Cbr \u002F>\nInstall our free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-force-ssl\u002F\" rel=\"ugc\">WP Force SSL\u003C\u002Fa> plugin. It’s a great way to enable SSL and fix SSL problems.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>External libraries used in the project\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdonatj\u002FPhpUserAgent\" rel=\"nofollow ugc\">PHP User Agent Parser\u003C\u002Fa>\u003C\u002Fp>\n","Manage 301 & 302 redirects. Simple redirection & redirects validation. Includes redirect stats & 404 error log.",300000,3616494,94,575,"2026-01-09T19:14:00.000Z","4.0",[134,135,116,136,137],"301-redirect","404-error-log","redirection","redirects","https:\u002F\u002Fwp301redirects.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feps-301-redirects.2.83.zip",98,"2023-03-08 00:00:00",{"attackSurface":143,"codeSignals":185,"taintFlows":211,"riskAssessment":239,"analyzedAt":252},{"hooks":144,"ajaxHandlers":181,"restRoutes":182,"shortcodes":183,"cronEvents":184,"entryPointCount":28,"unprotectedCount":28},[145,151,155,159,164,169,173,177],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","plugin_menu","admin_options.php",9,{"type":146,"name":152,"callback":153,"file":149,"line":154},"admin_init","plugin_settings",10,{"type":146,"name":156,"callback":157,"file":149,"line":158},"admin_notices","notice",23,{"type":146,"name":160,"callback":161,"file":162,"line":163},"init","plugin_init","plugin.php",33,{"type":165,"name":166,"callback":167,"file":162,"line":168},"filter","query_vars","add_status_query_var",34,{"type":146,"name":170,"callback":171,"file":162,"line":172},"parse_request","get_status_query_var",35,{"type":146,"name":174,"callback":175,"file":162,"line":176},"wp","send_status",80,{"type":165,"name":178,"callback":179,"file":162,"line":180},"the_posts","generate_error_page",81,[],[],[],[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":189,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":210},[],{"prepared":28,"raw":28,"locations":188},[],{"escaped":190,"rawEcho":150,"locations":191},2,[192,195,197,199,201,202,204,206,208],{"file":149,"line":193,"context":194},28,"raw output",{"file":149,"line":196,"context":194},63,{"file":149,"line":198,"context":194},69,{"file":149,"line":200,"context":194},76,{"file":149,"line":108,"context":194},{"file":149,"line":203,"context":194},117,{"file":149,"line":205,"context":194},119,{"file":149,"line":207,"context":194},121,{"file":149,"line":209,"context":194},123,[],[212,230],{"entryPoint":213,"graph":214,"unsanitizedCount":228,"severity":229},"plugin_options (admin_options.php:109)",{"nodes":215,"edges":225},[216,220],{"id":217,"type":218,"label":219,"file":149,"line":203},"n0","source","$_SERVER['DOCUMENT_ROOT'] (x4)",{"id":221,"type":222,"label":223,"file":149,"line":203,"wp_function":224},"n1","sink","echo() [XSS]","echo",[226],{"from":217,"to":221,"sanitized":227},false,4,"medium",{"entryPoint":231,"graph":232,"unsanitizedCount":228,"severity":238},"\u003Cadmin_options> (admin_options.php:0)",{"nodes":233,"edges":236},[234,235],{"id":217,"type":218,"label":219,"file":149,"line":203},{"id":221,"type":222,"label":223,"file":149,"line":203,"wp_function":224},[237],{"from":217,"to":221,"sanitized":227},"low",{"summary":240,"deductions":241},"The \"custom-error-pages\" v1.2 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by having no recorded CVEs, a clean vulnerability history, and a seemingly small attack surface with no direct AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication.  Furthermore, all SQL queries utilize prepared statements, and there are no file operations or external HTTP requests, which significantly reduces common attack vectors.\n\nHowever, there are notable concerns arising from the static analysis. A significant weakness is the low percentage of properly escaped output (18%), suggesting a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals two flows with unsanitized paths, and while no critical or high severity issues were flagged in the taint analysis itself, the presence of unsanitized paths coupled with poor output escaping creates a fertile ground for potential exploitation. The complete lack of nonce checks and capability checks, especially in conjunction with the output escaping issue, further exacerbates the risk, as it implies that even if an entry point were discovered, it might be exploitable without proper authorization or security measures.\n\nIn conclusion, while the plugin avoids common pitfalls like unpatched vulnerabilities and direct exposure of entry points, the poor output escaping and unsanitized path flows represent a critical security weakness. The absence of robust authorization checks like nonces and capability checks further amplifies this risk. The overall security posture leans towards concerning due to these specific code-level vulnerabilities, despite the clean historical record.",[242,245,247,250],{"reason":243,"points":244},"Low output escaping rate (18%)",15,{"reason":246,"points":154},"Unsanitized paths in taint flows (2 flows)",{"reason":248,"points":249},"No nonce checks",8,{"reason":251,"points":249},"No capability checks","2026-03-16T19:29:44.842Z",{"wat":254,"direct":261},{"assetPaths":255,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[256],"\u002Fwp-content\u002Fplugins\u002Fcustom-error-pages\u002Fcustom-error-pages.php",[],[],[260],"custom-error-pages\u002Fcustom-error-pages.php?ver=1.2",{"cssClasses":262,"htmlComments":263,"htmlAttributes":268,"restEndpoints":271,"jsGlobals":272,"shortcodeOutput":273},[],[264,265,266,267],"\u003C!-- Tels caching plugins like W3 Total Cache and WP Supercache not to cache these custom error pages -->","\u003C!-- Adds custom \"status\" query variable -->","\u003C!-- Checks for the existence of \"status\" query variable -->","\u003C!-- Execution of the plugin begins here -->",[269,270],"post_type=\"page\"","post_tyle=\"page\"",[],[],[]]