[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsx7PqGCoF4TcdOS9IAJxRjqeoORb73tbAGMUOmzj2mM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":20,"security_score":21,"vuln_count":22,"unpatched_count":22,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":94},"custom-post-type-cleanup","Custom Post Type Cleanup","1.3.2","keesiemeijer","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeesiemeijer\u002F","\u003Cp>Custom post type posts are left in the database if a post type is no longer registered (in use).\u003C\u002Fp>\n\u003Cp>Plugins and themes can (without you knowing) use custom post types as a way to store data. These posts stay in the database forever if they’re not cleaned up by the plugin\u002Ftheme itself upon deletion.\u003C\u002Fp>\n\u003Cp>There are a lot of plugins that clean your database (by removing revisions, drafts etc.), but I haven’t found one that does a cleanup of unused post type posts.\u003C\u002Fp>\n\u003Cp>This plugin provides an easy way to detect and remove posts from post types that are no longer in use. The settings page for this plugin is at wp-admin > Tools > Custom Post Type Cleanup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: The proper WordPress delete function \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Freference\u002Ffunctions\u002Fwp_delete_post\u002F\" rel=\"nofollow ugc\">wp_delete_post\u003C\u002Fa> is used instead of running a direct MySQL query to delete the posts. This way all associated post data (comments, post meta etc.) are also deleted from the database.\u003C\u002Fp>\n\u003Cp>Since version 1.2.0 you can re-register unused custom post types for a limited period of time. This allows you to inspect and delete the posts like you would normally (in the wp-admin).\u003C\u002Fp>\n","Detect and delete posts from custom post types that are no longer in use",1000,27442,100,35,"2024-04-20T15:01:00.000Z","6.5.8","5.9","",[],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-type-cleanup.1.3.2.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},6,11200,89,8,86,"2026-04-04T10:35:40.866Z",[],{"attackSurface":35,"codeSignals":56,"taintFlows":87,"riskAssessment":88,"analyzedAt":93},{"hooks":36,"ajaxHandlers":52,"restRoutes":53,"shortcodes":54,"cronEvents":55,"entryPointCount":22,"unprotectedCount":22},[37,42,48],{"type":38,"name":39,"callback":39,"file":40,"line":41},"action","admin_menu","includes\\class-post-type-cleanup.php",24,{"type":38,"name":43,"callback":44,"priority":45,"file":46,"line":47},"init","cptc_register_unused_custom_post_types",999,"includes\\register-post-type.php",3,{"type":38,"name":49,"callback":50,"file":46,"line":51},"admin_notices","cptc_add_admin_notice_for_unused_post_types",49,[],[],[],[],{"dangerousFunctions":57,"sqlUsage":58,"outputEscaping":61,"fileOperations":22,"externalRequests":22,"nonceChecks":84,"capabilityChecks":85,"bundledLibraries":86},[],{"prepared":59,"raw":22,"locations":60},5,[],{"escaped":30,"rawEcho":62,"locations":63},11,[64,67,69,70,72,74,76,78,80,82,83],{"file":46,"line":65,"context":66},108,"raw output",{"file":68,"line":47,"context":66},"includes\\templates\\admin-form.php",{"file":68,"line":27,"context":66},{"file":68,"line":71,"context":66},33,{"file":68,"line":73,"context":66},47,{"file":75,"line":47,"context":66},"includes\\templates\\admin-no-posts.php",{"file":75,"line":77,"context":66},10,{"file":79,"line":59,"context":66},"includes\\templates\\admin-registered-post-types.php",{"file":79,"line":81,"context":66},14,{"file":79,"line":41,"context":66},{"file":79,"line":41,"context":66},1,2,[],[],{"summary":89,"deductions":90},"The plugin 'custom-post-type-cleanup' v1.3.2 demonstrates a generally strong security posture based on the provided static analysis.  There are no identified AJAX handlers, REST API routes, shortcodes, or cron events that present an attack surface, and crucially, none of these are unprotected. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security. The code also utilizes prepared statements for all SQL queries and includes nonce and capability checks, which are good security practices.  However, a significant concern arises from the low percentage (42%) of properly escaped output. This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, as unsanitized output could be injected and rendered by the browser.\n\nThe taint analysis reveals no identified flows, which is a positive indicator, suggesting no obvious data injection vulnerabilities. The vulnerability history is also clean, with no known CVEs, which is excellent. Despite the lack of historical vulnerabilities and a clean taint analysis, the poor output escaping is a tangible risk that needs to be addressed. While the plugin has strengths in its minimal attack surface and secure data handling for SQL, the output escaping weakness represents a notable area of concern that could be exploited by attackers.",[91],{"reason":92,"points":30},"Low percentage of properly escaped output","2026-03-16T18:54:08.448Z",{"wat":95,"direct":101},{"assetPaths":96,"generatorPatterns":98,"scriptPaths":99,"versionParams":100},[97],"\u002Fwp-content\u002Fplugins\u002Fcustom-post-type-cleanup\u002Fjs\u002Fcustom-post-type-cleanup.js",[],[97],[],{"cssClasses":102,"htmlComments":103,"htmlAttributes":104,"restEndpoints":105,"jsGlobals":106,"shortcodeOutput":108},[],[],[],[],[107],"cptc_plugin",[]]