[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXXsC6LjCEXgoTZ7ziClzUwCeIi4RF9XiLleYIbyEcx0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":139,"fingerprints":681},"custom-post-type-privacy","Custom Post Type Privacy","0.3","kimedia","https:\u002F\u002Fprofiles.wordpress.org\u002Fkimedia\u002F","\u003Cp>This is a simple plugin to allow for restricting access to content.\u003C\u002Fp>\n\u003Cp>Users may be members of multiple groups. Multiple groups and multiple individual users may be allowed to view each\u003Cbr \u002F>\npost. Overlaps are ignored — if the user is a member of any group that is allowed to view the post, that user will\u003Cbr \u002F>\nbe able to view it.\u003C\u002Fp>\n","Stable Tag 0.3 Custom Post Type Privacy allows WordPress authors to grant access to users and groups of users across all posts, pages and custom post &hellip;",10,3603,0,"2012-05-08T14:46:00.000Z","3.3.4","3.0","",[19,20,21,22,23],"bbpress","custom-post-types","pages","posts","users","http:\u002F\u002Fwww.ki-media.co.uk\u002Fwordpress\u002Fcustom-post-type-privacy\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-type-privacy.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":31,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"Wikimedia Foundation",2,1010,92,94,73,"2026-04-04T04:21:00.818Z",[39,61,82,102,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":17,"download_link":58,"security_score":59,"vuln_count":32,"unpatched_count":13,"last_vuln_date":60,"fetched_at":28},"no-page-comment","No Page Comment","1.3.1","Seth Alling","https:\u002F\u002Fprofiles.wordpress.org\u002Fsethta\u002F","\u003Cp>Up until recently, WordPress gave two options: You could either disable comments and trackbacks by default for all pages and posts, or you could have them active by default. In WordPress version 4.3, this finally changed so comments are always disabled on new pages.\u003C\u002Fp>\n\u003Cp>While the new change makes it easier for many of the sites, it make it harder for people who need to get the reverse and enable comments on all pages, or if they need to change the default for a custom post type. This plugin allows you to choose whether comments are enabled or disabled by default on all new posts, pages and custom post types, while still giving the ability to individually enable comments on posts or pages.\u003C\u002Fp>\n\u003Cp>Also, this plugin provides a way to quickly disable all comments or pingbacks for a specific custom post type. It directly interacts with your database to modify the status, so it is highly recommended that you backup your database first. There shouldn’t be any issues using this feature, but it’s always good to play it safe.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\" title=\"No Page Comment Development on Github\" rel=\"nofollow ugc\">View No Page Comment Development on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\u002Fissues\" title=\"Report an Issue about No Page Comment on Github\" rel=\"nofollow ugc\">Please Report any Issues about No Page Comment on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=5WWP2EDSCAJR4\" title=\"Donate to support the No Page Comment Plugin development\" rel=\"nofollow ugc\">Donate to Support No Page Comment Development\u003C\u002Fa>\u003C\u002Fp>\n","An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.",10000,250545,96,23,"2025-11-17T15:09:00.000Z","6.8.5","6.2","7.4",[56,20,57,21,22],"comments","discussion","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-page-comment.zip",99,"2022-09-21 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":47,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":16,"requires_php":17,"tags":74,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":13,"last_vuln_date":81,"fetched_at":28},"posts-in-page","Posts in Page","1.4.4","ivycat","https:\u002F\u002Fprofiles.wordpress.org\u002Fivycat\u002F","\u003Cp>Easily add one or more posts to any page using simple shortcodes.\u003C\u002Fp>\n\u003Cp>Supports categories, tags, custom post types, custom taxonomies, date ranges, post status, and much more.\u003C\u002Fp>\n\u003Cp>You can get all of the same functionality provided by this plugin by modifying your theme’s template files; this plugin just makes it easy for anyone to \u003Cem>pull\u003C\u002Fem> posts into other areas of the site without having to get their hands dirty with code.\u003C\u002Fp>\n\u003Cp>Plugin is depending upon your theme’s styling; version 1.x of this plugin \u003Cem>does not\u003C\u002Fem> contain native styles.\u003C\u002Fp>\n\u003Cp>This is a minimal plugin, function over form. Give us feedback, suggestions, bug reports, and any other contributions on the in the plugin’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fivycat\u002Fposts-in-page\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Easily add one or more posts to any page using simple shortcodes.",377586,88,86,"2019-05-13T16:13:00.000Z","5.2.24",[20,21,22,75,76],"shortcode","taxonomy","https:\u002F\u002Fivycat.com\u002Fwordpress\u002Fwordpress-plugins\u002Fposts-in-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-in-page.1.4.4.zip",84,1,"2017-02-13 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":17,"tags":97,"homepage":100,"download_link":101,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"author-filters","Author Filters","3.5.6","Clarion Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Fclarionwpdeveloper\u002F","\u003Cp>Author filters plugin has been developed with an idea to add an option to sort page, post, custom post type listing with respect to authors.\u003C\u002Fp>\n\u003Cp>Currently in WordPress core installation we have an option to sort post, page, custom post type grids with respect to category etc. However, currently an option to sort or filter the records with respect to author adds one more option to administrators to sort the listing.\u003C\u002Fp>\n","Author filters plugin integrates an author filter drop down to sort listing on post, page, custom post type in admin.",1000,15824,100,4,"2020-12-21T07:12:00.000Z","5.6.17","4.9",[98,20,21,22,99],"author","sorting","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauthor-filters","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauthor-filters.3.5.6.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":92,"num_ratings":112,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":17,"tags":116,"homepage":17,"download_link":119,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"search-by-id","Search by ID","1.3","Uffe Fey","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkonsulent\u002F","\u003Cp>Ever wanted to do a quick search for a post with a specific ID? The built-in search doesn’t allow that. But now you can.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Works for all kinds of posts (regular posts, pages, custom post types and media).\u003C\u002Fli>\n\u003Cli>No configuration needed.\u003C\u002Fli>\n\u003Cli>Doesn’t add javascript or css; it has virtually no impact whatsoever.\u003C\u002Fli>\n\u003Cli>No front-end functionality, just back-end.\u003C\u002Fli>\n\u003Cli>Doesn’t add any options or tables to the database.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Just a nice, clean and easy, seamless extension of the built-in search.\u003C\u002Fp>\n\u003Ch4>How to use it:\u003C\u002Fh4>\n\u003Cp>Simply enter an ID into the search field. If a post with that ID is found, it will show up in the search result.\u003C\u002Fp>\n\u003Cp>You can even enter a list of IDs if you want to search multiple IDs. For instance “100, 200, 300”.\u003C\u002Fp>\n","Enables the user to search by post ID using the built-in search within the control panel. Works for all kinds of posts.",700,19658,18,"2018-12-20T10:30:00.000Z","5.0.25","4.0",[20,117,21,22,118],"id","search","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsearch-by-id.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":92,"num_ratings":32,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":137,"download_link":138,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"clonepress","ClonePress – Duplicate Pages, Posts & Custom Post Types","1.0.3","ilmosys","https:\u002F\u002Fprofiles.wordpress.org\u002Filmosys\u002F","\u003Cp>ClonePress is a simple and lightweight plugin that allows you to duplicate posts, pages, and custom post types with just one click. This is especially helpful for content creators, website administrators, and developers who want to quickly create drafts or templates from existing content.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Duplicate posts, pages, and custom post types with a single click\u003C\u002Fli>\n\u003Cli>Multiple post status options: Draft, Published, Private, Pending Review, Scheduled\u003C\u002Fli>\n\u003Cli>Bulk duplicate functionality for multiple posts at once\u003C\u002Fli>\n\u003Cli>Flexible display options: Row actions, Admin bar, Submit box, Bulk actions, Metabox\u003C\u002Fli>\n\u003Cli>Role-based permissions control\u003C\u002Fli>\n\u003Cli>Post type-specific enable\u002Fdisable options\u003C\u002Fli>\n\u003Cli>Customizable duplicate labels and suffixes\u003C\u002Fli>\n\u003Cli>Reset settings functionality with nonce protection\u003C\u002Fli>\n\u003Cli>Clean, organized code structure with strict sanitization, escaping, and safe redirects\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the tutorial on how to duplicate a page or post – quick and easy! By Tutsflow.\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FyMjVz-FdgpA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Supported Post Types\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Post\u003C\u002Fli>\n\u003Cli>Page\u003C\u002Fli>\n\u003Cli>EDD Download\u003C\u002Fli>\n\u003Cli>Elementor\u003C\u002Fli>\n\u003Cli>Custom Post Type (including any registered post type)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Whether you’re managing a small blog or a large website, ClonePress helps streamline your workflow by allowing you to clone content effortlessly.\u003C\u002Fp>\n","Easily duplicate posts, pages, and custom post types with a single click.",200,1714,"2025-11-28T12:52:00.000Z","6.9.4","5.0","7.2",[135,20,136,21,22],"clone","duplicate","https:\u002F\u002Filmosys.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclonepress.1.0.3.zip",{"attackSurface":140,"codeSignals":261,"taintFlows":589,"riskAssessment":668,"analyzedAt":680},{"hooks":141,"ajaxHandlers":257,"restRoutes":258,"shortcodes":259,"cronEvents":260,"entryPointCount":13,"unprotectedCount":13},[142,148,152,155,161,165,169,173,177,181,185,189,192,195,199,203,207,210,214,217,221,225,228,232,236,239,243,247,251,254],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","wp_head","recent_comments_style","cpt-sentry-widgets.php",111,{"type":143,"name":149,"callback":150,"file":146,"line":151},"comment_post","flush_widget_cache",113,{"type":143,"name":153,"callback":150,"file":146,"line":154},"wp_set_comment_status",114,{"type":156,"name":157,"callback":158,"priority":11,"file":159,"line":160},"filter","the_posts","privacy_check","custom-post-type-privacy.php",127,{"type":143,"name":162,"callback":163,"file":159,"line":164},"admin_menu","add_admin_panels",130,{"type":143,"name":166,"callback":166,"priority":167,"file":159,"line":168},"save_post",5,149,{"type":156,"name":170,"callback":171,"file":159,"line":172},"the_title","filter_title",151,{"type":143,"name":174,"callback":175,"file":159,"line":176},"user_register","user_signup",152,{"type":143,"name":178,"callback":179,"file":159,"line":180},"delete_user","user_cleanup",153,{"type":143,"name":182,"callback":183,"file":159,"line":184},"admin_head","admin_head_insert",155,{"type":156,"name":186,"callback":187,"file":159,"line":188},"manage_posts_columns","add_custom_columns",156,{"type":156,"name":190,"callback":187,"file":159,"line":191},"manage_pages_columns",157,{"type":156,"name":193,"callback":187,"file":159,"line":194},"manage_users_columns",158,{"type":143,"name":196,"callback":197,"priority":167,"file":159,"line":198},"manage_posts_custom_column","do_posts_columns",159,{"type":143,"name":200,"callback":201,"priority":167,"file":159,"line":202},"manage_pages_custom_column","do_pages_columns",160,{"type":156,"name":204,"callback":205,"priority":167,"file":159,"line":206},"manage_users_custom_column","do_users_columns",161,{"type":143,"name":166,"callback":208,"priority":167,"file":159,"line":209},"on_save_inherit_privacy",162,{"type":156,"name":211,"callback":212,"file":159,"line":213},"post_link","filter_permalink",190,{"type":156,"name":215,"callback":212,"file":159,"line":216},"page_link",191,{"type":156,"name":218,"callback":219,"file":159,"line":220},"the_content","filter_content",192,{"type":156,"name":222,"callback":223,"file":159,"line":224},"comments_array","filter_comments_array",193,{"type":156,"name":157,"callback":226,"file":159,"line":227},"filter_post_comment_status",194,{"type":156,"name":229,"callback":230,"file":159,"line":231},"get_the_excerpt","filter_excerpt",198,{"type":156,"name":233,"callback":234,"file":159,"line":235},"posts_where","query_mod",208,{"type":156,"name":237,"callback":234,"file":159,"line":238},"getarchives_where",209,{"type":156,"name":240,"callback":241,"priority":11,"file":159,"line":242},"user_has_cap","has_capability",210,{"type":156,"name":244,"callback":245,"file":159,"line":246},"get_tags","filter_tags",434,{"type":143,"name":248,"callback":249,"file":159,"line":250},"edit_form_advanced","post_edit_form",537,{"type":143,"name":252,"callback":249,"file":159,"line":253},"simple_edit_form",538,{"type":143,"name":255,"callback":249,"file":159,"line":256},"edit_page_form",539,[],[],[],[],{"dangerousFunctions":262,"sqlUsage":263,"outputEscaping":336,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":587,"bundledLibraries":588},[],{"prepared":264,"raw":265,"locations":266},7,32,[267,270,273,275,277,280,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333],{"file":268,"line":11,"context":269},"csv.php","$wpdb->get_row() with variable interpolation",{"file":268,"line":271,"context":272},11,"$wpdb->get_results() with variable interpolation",{"file":159,"line":274,"context":272},283,{"file":159,"line":276,"context":272},511,{"file":159,"line":278,"context":279},673,"$wpdb->get_var() with variable interpolation",{"file":159,"line":281,"context":282},681,"$wpdb->query() with variable interpolation",{"file":159,"line":284,"context":272},697,{"file":159,"line":286,"context":282},717,{"file":159,"line":288,"context":282},734,{"file":159,"line":290,"context":272},765,{"file":159,"line":292,"context":269},782,{"file":159,"line":294,"context":272},824,{"file":159,"line":296,"context":272},847,{"file":159,"line":298,"context":279},872,{"file":159,"line":300,"context":272},1013,{"file":159,"line":302,"context":272},1153,{"file":159,"line":304,"context":272},1212,{"file":159,"line":306,"context":272},1278,{"file":159,"line":308,"context":279},1314,{"file":159,"line":310,"context":272},1323,{"file":159,"line":312,"context":272},1420,{"file":159,"line":314,"context":279},1469,{"file":159,"line":316,"context":279},1477,{"file":159,"line":318,"context":272},1501,{"file":159,"line":320,"context":279},1599,{"file":159,"line":322,"context":272},1716,{"file":159,"line":324,"context":272},1803,{"file":159,"line":326,"context":282},1812,{"file":159,"line":328,"context":272},1826,{"file":159,"line":330,"context":282},1838,{"file":159,"line":332,"context":272},2079,{"file":334,"line":335,"context":279},"feedkey.php",352,{"escaped":271,"rawEcho":337,"locations":338},133,[339,342,344,346,348,350,351,352,353,355,357,358,359,360,361,362,363,364,365,366,368,370,371,372,374,376,377,378,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,443,445,447,449,451,453,455,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527,529,531,533,535,537,539,541,543,545,547,549,551,553,555,557,559,561,563,565,567,568,570,572,574,576,578,580,582,584,585],{"file":146,"line":340,"context":341},43,"raw output",{"file":146,"line":343,"context":341},44,{"file":146,"line":345,"context":341},46,{"file":146,"line":347,"context":341},48,{"file":146,"line":349,"context":341},76,{"file":146,"line":349,"context":341},{"file":146,"line":349,"context":341},{"file":146,"line":349,"context":341},{"file":146,"line":354,"context":341},78,{"file":146,"line":356,"context":341},79,{"file":146,"line":356,"context":341},{"file":146,"line":71,"context":341},{"file":146,"line":71,"context":341},{"file":146,"line":71,"context":341},{"file":146,"line":71,"context":341},{"file":146,"line":172,"context":341},{"file":146,"line":176,"context":341},{"file":146,"line":188,"context":341},{"file":146,"line":194,"context":341},{"file":146,"line":367,"context":341},181,{"file":146,"line":369,"context":341},182,{"file":146,"line":369,"context":341},{"file":146,"line":369,"context":341},{"file":146,"line":373,"context":341},184,{"file":146,"line":375,"context":341},185,{"file":146,"line":375,"context":341},{"file":146,"line":375,"context":341},{"file":268,"line":343,"context":341},{"file":268,"line":380,"context":341},45,{"file":268,"line":382,"context":341},47,{"file":159,"line":384,"context":341},450,{"file":159,"line":386,"context":341},451,{"file":159,"line":388,"context":341},456,{"file":159,"line":390,"context":341},596,{"file":159,"line":392,"context":341},602,{"file":159,"line":394,"context":341},603,{"file":159,"line":396,"context":341},607,{"file":159,"line":398,"context":341},609,{"file":159,"line":400,"context":341},626,{"file":159,"line":402,"context":341},628,{"file":159,"line":404,"context":341},632,{"file":159,"line":406,"context":341},637,{"file":159,"line":408,"context":341},647,{"file":159,"line":410,"context":341},649,{"file":159,"line":412,"context":341},744,{"file":159,"line":414,"context":341},750,{"file":159,"line":416,"context":341},751,{"file":159,"line":418,"context":341},755,{"file":159,"line":420,"context":341},771,{"file":159,"line":422,"context":341},774,{"file":159,"line":424,"context":341},797,{"file":159,"line":426,"context":341},800,{"file":159,"line":428,"context":341},801,{"file":159,"line":430,"context":341},815,{"file":159,"line":432,"context":341},821,{"file":159,"line":434,"context":341},834,{"file":159,"line":436,"context":341},841,{"file":159,"line":438,"context":341},849,{"file":159,"line":440,"context":341},851,{"file":159,"line":442,"context":341},853,{"file":159,"line":444,"context":341},881,{"file":159,"line":446,"context":341},889,{"file":159,"line":448,"context":341},932,{"file":159,"line":450,"context":341},938,{"file":159,"line":452,"context":341},939,{"file":159,"line":454,"context":341},943,{"file":159,"line":456,"context":341},946,{"file":159,"line":458,"context":341},950,{"file":159,"line":460,"context":341},955,{"file":159,"line":462,"context":341},956,{"file":159,"line":464,"context":341},958,{"file":159,"line":466,"context":341},960,{"file":159,"line":468,"context":341},961,{"file":159,"line":470,"context":341},995,{"file":159,"line":472,"context":341},1001,{"file":159,"line":474,"context":341},1002,{"file":159,"line":476,"context":341},1009,{"file":159,"line":478,"context":341},1021,{"file":159,"line":480,"context":341},1026,{"file":159,"line":482,"context":341},1039,{"file":159,"line":484,"context":341},1049,{"file":159,"line":486,"context":341},1053,{"file":159,"line":488,"context":341},1063,{"file":159,"line":490,"context":341},1069,{"file":159,"line":492,"context":341},1266,{"file":159,"line":494,"context":341},1272,{"file":159,"line":496,"context":341},1273,{"file":159,"line":498,"context":341},1277,{"file":159,"line":500,"context":341},1336,{"file":159,"line":502,"context":341},1343,{"file":159,"line":504,"context":341},1344,{"file":159,"line":506,"context":341},1345,{"file":159,"line":508,"context":341},1368,{"file":159,"line":510,"context":341},1369,{"file":159,"line":512,"context":341},1374,{"file":159,"line":514,"context":341},1381,{"file":159,"line":516,"context":341},1405,{"file":159,"line":518,"context":341},1414,{"file":159,"line":520,"context":341},1421,{"file":159,"line":522,"context":341},1423,{"file":159,"line":524,"context":341},1431,{"file":159,"line":526,"context":341},1434,{"file":159,"line":528,"context":341},1438,{"file":159,"line":530,"context":341},1443,{"file":159,"line":532,"context":341},1444,{"file":159,"line":534,"context":341},1492,{"file":159,"line":536,"context":341},1496,{"file":159,"line":538,"context":341},1502,{"file":159,"line":540,"context":341},1510,{"file":159,"line":542,"context":341},1517,{"file":159,"line":544,"context":341},1525,{"file":159,"line":546,"context":341},1536,{"file":159,"line":548,"context":341},1540,{"file":159,"line":550,"context":341},1549,{"file":159,"line":552,"context":341},1554,{"file":159,"line":554,"context":341},1627,{"file":159,"line":556,"context":341},1636,{"file":159,"line":558,"context":341},1637,{"file":159,"line":560,"context":341},1641,{"file":159,"line":562,"context":341},2054,{"file":159,"line":564,"context":341},2055,{"file":159,"line":566,"context":341},2204,{"file":334,"line":184,"context":341},{"file":334,"line":569,"context":341},309,{"file":334,"line":571,"context":341},316,{"file":334,"line":573,"context":341},374,{"file":334,"line":575,"context":341},381,{"file":334,"line":577,"context":341},399,{"file":334,"line":579,"context":341},406,{"file":334,"line":581,"context":341},528,{"file":334,"line":583,"context":341},533,{"file":334,"line":253,"context":341},{"file":334,"line":586,"context":341},543,8,[],[590,608,618,631,650,660],{"entryPoint":591,"graph":592,"unsanitizedCount":80,"severity":607},"group_admin_panel (custom-post-type-privacy.php:662)",{"nodes":593,"edges":604},[594,599],{"id":595,"type":596,"label":597,"file":159,"line":598},"n0","source","$_POST",764,{"id":600,"type":601,"label":602,"file":159,"line":422,"wp_function":603},"n1","sink","echo() [XSS]","echo",[605],{"from":595,"to":600,"sanitized":606},false,"medium",{"entryPoint":609,"graph":610,"unsanitizedCount":32,"severity":607},"posts_admin_panel (custom-post-type-privacy.php:1117)",{"nodes":611,"edges":616},[612,615],{"id":595,"type":596,"label":613,"file":159,"line":614},"$_GET (x2)",1257,{"id":600,"type":601,"label":602,"file":159,"line":498,"wp_function":603},[617],{"from":595,"to":600,"sanitized":606},{"entryPoint":619,"graph":620,"unsanitizedCount":80,"severity":630},"previews_admin_panel (custom-post-type-privacy.php:900)",{"nodes":621,"edges":628},[622,624],{"id":595,"type":596,"label":597,"file":159,"line":623},904,{"id":600,"type":601,"label":625,"file":159,"line":626,"wp_function":627},"update_option() [Settings Manipulation]",906,"update_option",[629],{"from":595,"to":600,"sanitized":606},"low",{"entryPoint":632,"graph":633,"unsanitizedCount":13,"severity":630},"\u003Ccustom-post-type-privacy> (custom-post-type-privacy.php:0)",{"nodes":634,"edges":645},[635,636,637,639,641,643],{"id":595,"type":596,"label":597,"file":159,"line":598},{"id":600,"type":601,"label":602,"file":159,"line":422,"wp_function":603},{"id":638,"type":596,"label":597,"file":159,"line":623},"n2",{"id":640,"type":601,"label":625,"file":159,"line":626,"wp_function":627},"n3",{"id":642,"type":596,"label":613,"file":159,"line":614},"n4",{"id":644,"type":601,"label":602,"file":159,"line":498,"wp_function":603},"n5",[646,648,649],{"from":595,"to":600,"sanitized":647},true,{"from":638,"to":640,"sanitized":647},{"from":642,"to":644,"sanitized":647},{"entryPoint":651,"graph":652,"unsanitizedCount":80,"severity":630},"feedkey_options_page (feedkey.php:419)",{"nodes":653,"edges":658},[654,656],{"id":595,"type":596,"label":597,"file":334,"line":655},432,{"id":600,"type":601,"label":625,"file":334,"line":657,"wp_function":627},435,[659],{"from":595,"to":600,"sanitized":606},{"entryPoint":661,"graph":662,"unsanitizedCount":80,"severity":630},"\u003Cfeedkey> (feedkey.php:0)",{"nodes":663,"edges":666},[664,665],{"id":595,"type":596,"label":597,"file":334,"line":655},{"id":600,"type":601,"label":625,"file":334,"line":657,"wp_function":627},[667],{"from":595,"to":600,"sanitized":606},{"summary":669,"deductions":670},"The custom-post-type-privacy plugin v0.3 presents a mixed security profile. On one hand, the absence of known CVEs and a clean vulnerability history suggest a generally stable and well-maintained codebase. The static analysis also indicates a limited attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events, all of which are positive indicators. Furthermore, the presence of capability checks is a good practice for restricting access to sensitive functionality.\n\nHowever, significant concerns arise from the code analysis. A substantial percentage of SQL queries (82%) are not using prepared statements, which is a serious risk for SQL injection vulnerabilities. The output escaping is also very poor, with only 8% of outputs properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis reveals 5 flows with unsanitized paths, indicating potential vulnerabilities that could be exploited if an attacker can manipulate input that reaches these un-sanitized paths. The complete absence of nonce checks is also a notable weakness, especially given that even with a small attack surface, potential vulnerabilities could be chained.\n\nIn conclusion, while the plugin lacks a history of publicly disclosed vulnerabilities and has a small attack surface, the internal code quality raises significant red flags. The heavy reliance on raw SQL queries and insufficient output escaping are critical weaknesses that expose the plugin and, by extension, the WordPress site to substantial risks of data compromise and malicious code execution. The presence of unsanitized taint flows further exacerbates these risks.",[671,674,676,678],{"reason":672,"points":673},"High percentage of SQL queries without prepared statements",15,{"reason":675,"points":11},"Low percentage of properly escaped output",{"reason":677,"points":673},"Taint flows with unsanitized paths",{"reason":679,"points":587},"Zero nonce checks","2026-03-17T01:40:39.703Z",{"wat":682,"direct":692},{"assetPaths":683,"generatorPatterns":687,"scriptPaths":688,"versionParams":689},[684,685,686],"\u002Fwp-content\u002Fplugins\u002Fcustom-post-type-privacy\u002Fcpt-sentry-widgets.php","\u002Fwp-content\u002Fplugins\u002Fcustom-post-type-privacy\u002Fcss\u002Fcpt-sentry.css","\u002Fwp-content\u002Fplugins\u002Fcustom-post-type-privacy\u002Fjs\u002Fcpt-sentry.js",[],[686],[690,691],"custom-post-type-privacy\u002Fcss\u002Fcpt-sentry.css?ver=","custom-post-type-privacy\u002Fjs\u002Fcpt-sentry.js?ver=",{"cssClasses":693,"htmlComments":696,"htmlAttributes":726,"restEndpoints":728,"jsGlobals":729,"shortcodeOutput":731},[694,695],"cpt_sentry_user_groups","cpt_sentry_users",[697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725],"\u003C!-- WP CPT Sentry Database schema versioning -->","\u003C!-- Name of the Database Table -->","\u003C!-- For outputting results to the user -->","\u003C!-- Keys for the Users\u002Fposts meta-data -->","\u003C!-- These are variables for WP-stored Options -->","\u003C!-- Setup & Maintenance Functions -->","\u003C!-- This function handles plugin initialization and hooking into the WordPress API -->","\u003C!-- $wpdb is a database object from WordPress -->","\u003C!-- This is the name of the database table that holds group definition information -->","\u003C!-- These two variables are used for back-endd UI displays only. -->","\u003C!-- Helpful links for plugin internationalization: -->","\u003C!-- Credits: -->","\u003C!-- Lots of great ideas and tips gleaned from Filipe Fortes' excellent plugin \"Post Levels\". -->","\u003C!-- edit_form_advanced:         Adds the group\u002Fuser access box to the post editing screen -->","\u003C!-- save_post:                  Update a posts access settings on save, including when -->","\u003C!--                                scheduled posts are published. -->","\u003C!-- status_save_pre:            Make sure posts with group\u002Fuser access set are private -->","\u003C!--                                This prevents the accidental publishing of sensitive information -->","\u003C!-- the_title:                  Allows for the use of custom pre\u002Fpostfixes for private posts -->","\u003C!-- user_register:              Places new users in the default categories -->","\u003C!-- widgets_init:               Register our own custom widgets -->","\u003C!-- admin_head:                 Inserts some code in the \u003Chead>\u003C\u002Fhead> of the admin pages -->","\u003C!-- manage_posts_columns:       Adds a column to the posts management screen with Sentry info -->","\u003C!-- manage_pages_columns:       Adds a column to the pages management screen with sentry ifno -->","\u003C!-- manage_users_columns:       Adds a column to the pages management screen with sentry info -->","\u003C!-- manage_posts_custom_column: -->","\u003C!-- manage_pages_custom_column: -->","\u003C!-- manage_users_custom_column: -->","\u003C!-- Disable embedded feed key plugin if the real thing exists. -->",[727,695],"cpt_sentry_groups",[],[730],"wp_cpt_sentry",[]]