[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fja7iirTuvnInHfPldRI9Xa1PjFE9A-3-Re2Hep_6atc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":142,"fingerprints":253},"custom-referral-spam-blocker","Custom Referral Spam Blocker","1.4.6","csmicfool","https:\u002F\u002Fprofiles.wordpress.org\u002Fcsmicfool\u002F","\u003Cp>Custom Referral Spam Blocker gives you the control to ensure that dishonest referral sources are blocked from Google Analytics.\u003C\u002Fp>\n\u003Cp>We provide a strong default set of spam referral sources and block them for you.  Referrers can quickly be added in moments using the WordPress Dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cem>At this time, we are unable to block referral spam when used in conjunction with most CDN configurations.\u003C\u002Fem>\u003C\u002Fp>\n","Custom Referral Spam Blocker gives you the control to ensure that dishonest referral sources are blocked from Google Analytics.",300,17473,80,10,"2017-02-09T17:41:00.000Z","4.7.32","3.0.1","",[20,21,22,23],"referral-spam","referrals","seo","spam","http:\u002F\u002Fjacobbaron.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-referral-spam-blocker.1.4.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},2,310,30,84,"2026-04-04T05:59:11.494Z",[38,61,83,103,123],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"analytics-spam-blocker","Analytics Spam Blocker","4.2","Arnan de Gans","https:\u002F\u002Fprofiles.wordpress.org\u002Fadegans\u002F","\u003Cp>Installing \u003Cstrong>Analytics Spam Blocker\u003C\u002Fstrong> is almost a must-have for any WordPress or ClassicPress website that collects visitor analytics with something like Matomo Analytics, Google Analytics or similar services. Accurate analytics are often a vital tool to track your website’s performance or just to see how many visitors you get.\u003C\u002Fp>\n\u003Cp>Unfortunately there are lots of spambots from every shady corner of the internet that bounce off your website and give you false records in your analytics – This is called ‘referral spam’ or ‘referrer spam’.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Analytics Spam Blocker\u003C\u002Fstrong> helps prevent this kind of spam from ever reaching your website by blocking them at the server level leaving your analytics untouched.\u003C\u002Fp>\n\u003Cp>With \u003Cstrong>Analytics Spam Blocker\u003C\u002Fstrong> you can easily add new domains that you find and you’ll receive weekly updates in the background with new domains as well. Stop those sites from affecting your website analytics today!\u003C\u002Fp>\n","Prevent referrer spam from affecting your website analytics. Easily create a blocklist and receive new domains weekly to stay on top of the issue.",900,43678,78,14,"2025-12-27T01:54:00.000Z","6.9.4","5.8","8.0",[55,56,20,57,23],"analytics","antispam","referrer-spam","https:\u002F\u002Fajdg.solutions\u002Fproduct\u002Fanalytics-spam-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanalytics-spam-blocker.4.2.zip",100,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":35,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":18,"download_link":79,"security_score":80,"vuln_count":81,"unpatched_count":81,"last_vuln_date":82,"fetched_at":29},"bot-block-stop-spam-google-analytics-referrals","Bot Block – Stop Spam Referrals in Google Analytics","2.6","Ricky Dawn","https:\u002F\u002Fprofiles.wordpress.org\u002Fthiswebguy\u002F","\u003Cp>This plugin has two main functions:\u003C\u002Fp>\n\u003Col>\n\u003Cli>To stop spam traffic before it reaches your site (which stops spam visits showing in Analytics).\u003C\u002Fli>\n\u003Cli>Save bandwidth, bots use bandwidth when they visit your site, this plugin stops them before they get the chance to download anything.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Spam traffic is an increasing problem, companies like \u003Cstrong>semalt\u003C\u002Fstrong> are spamming sites in order to get their website shown within Google Analytics as a referrer (also known as referral spam). More spammers are beginning to take this approach and this causes issues for any Analytics user that relies on the data collected since pageviews and visitors are inflated.\u003C\u002Fp>\n\u003Cp>Spammers have even taken this a step further by triggering events, which of course can effect conversion data.\u003C\u002Fp>\n\u003Cp>This plugin is built to stop this, it blocks spam bots before your website loads which not only stops the traffic appearing within Google Analytics but it also saves you Bandwidth.\u003Cbr \u002F>\nThe spam bots blocked are pulled from a central database of known bots, this database is updated as new spam bots are found, you also have the option to add your own referrer URL’s to block.\u003C\u002Fp>\n\u003Ch3>Features Include:\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cul>\n\u003Cli>Central database containing tons of known spam bots \u003C\u002Fli>\n\u003Cli>Ability to add your own custom referrer domains to block \u003C\u002Fli>\n\u003Cli>You can either 301 the spam traffic to another site OR show a 403 error message to spammers \u003C\u002Fli>\n\u003Cli>Full statistics, detailing most blocked bots, total blocks and number of sites in block list \u003C\u002Fli>\n\u003Cli>Ability to block all subdomains of a domain e.g. spam.semalt.com \u003C\u002Fli>\n\u003Cli>Video showing you how to block ‘ghost referrers’ (the spam that cannot be blocked since they do not visit your site) \u003C\u002Fli>\n\u003Cli>The ability to contribute to our growing list of spam bots \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Ch4>Tags\u003C\u002Fh4>\n\u003Cp>seo, SEO, google, google analytics, google analytics spam, spam, bot block, bot blocker, bot blocking, block bots, semalt, 100dollarsseo, analytics spam blocker\u003C\u002Fp>\n","Block spam referrals showing in Google Analytics and save bandwidth. Central database of sites, ability to add custom URL's and stats.",700,19428,17,"2016-02-24T11:43:00.000Z","4.4.34","3.9",[76,77,78,22],"google","google-analytics","google-analytics-spam","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbot-block-stop-spam-google-analytics-referrals.2.6.zip",63,1,"2025-09-22 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":69,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":18,"tags":97,"homepage":101,"download_link":102,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-referrer-spam-blacklist","WP referrer spam blacklist (fight 2040+ Referrer Spammers in (Google\u002FMatomo) Analytics)","1.3.0","Umbrovskis.com","https:\u002F\u002Fprofiles.wordpress.org\u002Frolandinsh\u002F","\u003Cp>List of spammers in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-referrer-spam-blacklist\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>No need for configuration! Plugin in background redirects referral spammer to blank page ( about:blank ). Redirect link can be altered via filter \u003Ccode>wp_referralblock_redirect_uri\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>NO auto update, as we see that as possible as security hole. We do not wan’t Your site to get hacked.\u003C\u002Fp>\n\u003Cp>Plugin is for sites that can’t edit their \u003Ccode>.htaccess\u003C\u002Fcode> or configure NGINX or Apache servers.\u003C\u002Fp>\n\u003Cp>Via \u003Ca href=\"http:\u002F\u002Fgo.mediabox.lv\u002F1LbSuKq\" rel=\"nofollow ugc\">my LinkedIN post\u003C\u002Fa>: Few months ago I started to collect referral spam pages in private file un bitbucket.org. Problem was that I did not know all spammers. Then, few weeks ago, I found that Matomo (Open source analytics) started their own “project”, and they did the same thing I did – collected referral spam sites to block them from Your website.\u003C\u002Fp>\n\u003Cp>On my own server I do that at server level, but some of my clients have hosting, where You can not edit server settings. This week I came up with another solution – WordPress plugin “WP referrer spam blacklist”. I will update list every week from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmatomo-org\u002Freferrer-spam-blacklist\" rel=\"nofollow ugc\">Matomo’s community-contributed list of spammers\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If You have WordPress site and no knowledge about or access to server settings, I made that for You!\u003C\u002Fp>\n\u003Cp>From \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FReferer_spam\" rel=\"nofollow ugc\">Wikipedia\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Referrer spam (also known as log spam or referrer \nbombing) is a kind of spamdexing (spamming aimed \nat search engines). The technique involves making \nrepeated web site requests using a fake referer URL \nto the site the spammer wishes to advertise. Sites that \npublish their access logs, including referer statistics, \nwill then inadvertently link back to the spammer's site. \nThese links will be indexed by search engines \nas they crawl the access logs. \n\nThis benefits the spammer because the free link improves \nthe spammer site's search engine ranking owing \nto link-counting algorithms that search engines use.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Other plugins by author: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fitempropwp\u002F\" rel=\"ugc\">itemprop WP for SERP\u002FSEO Rich snippets\u003C\u002Fa> – Add schema.org itemprop code to the (custom) post content for search engines and bots for better SERP results\u003C\u002Fp>\n","WordPress plugin to fight with 2040+ referrer spammers (like semalt, buttons-for-website and many more).",19667,86,3,"2020-12-27T20:57:00.000Z","5.6.17","4.0",[98,56,99,100,20],"anti-spam","comment-moderation","comment-spam","https:\u002F\u002Fsimplemediacode.com\u002F?utm_source=WPplugin%3Awp-referrer-spam-blacklist&utm_medium=wordpressplugin&utm_campaign=FreeWordPressPlugins&utm_content=v-1.2.201801281","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-referrer-spam-blacklist.1.3.0.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":11,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":18,"tags":117,"homepage":121,"download_link":122,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-block-referral-spam","Block Referral Spam","1.2.1","WPDeveloper","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdevteam\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwpdeveloper.net\u002F\" rel=\"nofollow ugc\">WPDeveloper.net\u003C\u002Fa> brings ‘Block Referral Spam’ for all WordPress user for free.\u003C\u002Fp>\n\u003Cp>This plugins blocks the most number of Referral Spams. Now no more notice from Google and no more weird report in Google Analytics.\u003C\u002Fp>\n\u003Cp>Its super simple to use, nothing to setup, just install and activate the plugin, we will protect from 375+ separate domain (thanks to the user contribution) that spam your Google Analytics. This domain list is always increasing and biggest list available online.\u003C\u002Fp>\n\u003Cp>You could give feedback to us directly, and suggest new spam domain, \u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Fgo\u002FBRS-UO\" rel=\"nofollow ugc\">click here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here is our \u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Fgo\u002FBlog-BRS-A1\" rel=\"nofollow ugc\">blog post\u003C\u002Fa>, on how to get Top Referrer right from your WordPress Dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Our Other Plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-analytify\u002F\" rel=\"ugc\">Analytify – Ultimate Google Analytics Dashboard\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftwitter-cards-meta\u002F\" rel=\"ugc\">Twitter Cards Meta\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwpdeveloper.net\u002Ffree-plugin\u002Fwp-scheduled-posts\u002F\" rel=\"nofollow ugc\">WP Scheduled Posts\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffacebook-secret-meta\u002F\" rel=\"ugc\">Facebook Secret Meta\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-author-report-free\u002F\" rel=\"ugc\">WP Author Report Free\u003C\u002Fa>\u003C\u002Fstrong> \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Contribute in GitHub!!\u003C\u002Fstrong>\u003Cbr \u002F>\n  Contribute in GitHub. \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FARCommunications\u002FBlock-Referral-Spam\" rel=\"nofollow ugc\">Click here\u003C\u002Fa>!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>This plugin is a great example of OpenSource community. Pull request are very welcome and usually accepted within 24hr. Together we fight with evil spam bot.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Don’t get confused with the term \u003Cem>Referrer Spam\u003C\u002Fem> or \u003Cem>Referral Spam\u003C\u002Fem> or \u003Cem>Referer Spam\u003C\u002Fem>. Google basically calls it \u003Cem>Referral Traffic\u003C\u002Fem>. It’s all mean the same thing.\u003C\u002Fp>\n\u003Ch3>Donation\u003C\u002Fh3>\n\u003Cp>You could use our free & pro plugins fro link below.\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fwpdeveloper.net\u002F\u003C\u002Fp>\n","This plugins blocks maximum Referral Spams. Now no more notice from Google and no more weird report in Google Analytics.",9296,82,9,"2017-06-08T21:58:00.000Z","4.8.28","2.5.0",[118,119,20,120,57],"google-analytics-referral-spam","referer-spam","referral-traffic","https:\u002F\u002Fwpdeveloper.net\u002Ffree-plugin\u002Fblock-referral-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-block-referral-spam.1.2.1.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":60,"downloaded":131,"rating":60,"num_ratings":93,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":18,"download_link":140,"security_score":141,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"no-aioseop-nags","NO admin premium NAGS","3.4","kontur.us","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetzaufsicht\u002F","\u003Cp>Simply stop the abusive admin nags from All in One SEO plugin and as well from YOAST Seo! Plus: Add your own CSS to the Admin Area.\u003C\u002Fp>\n\u003Ch3>Stopping the Admin Premium Ads for free\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>This simple Plugin, will clean most of the abusive admin Spam from the “All in One SEO” – Plugin. And NOW as well from the “YOAST SEO Plugin”\u003C\u002Fstrong>\u003Cbr \u002F>\nAIOSEO ist a great plugin, and we love it. BUT it is enough to mention it once that there are premium versions.\u003Cbr \u002F>\nAnd there IS NO REASON to block functions, like e.g. the editing of Category Descriptions.\u003Cbr \u002F>\nSo this will clean things a little for us.\u003C\u002Fp>\n\u003Ch3>What the plugin does\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Clean the wp-admin bar from advertising AND useless links to functions that are not free, and therefor utterly useless links\u003C\u002Fli>\n\u003Cli>Clean the AIOSEO set up pages or Yoast SEO pages from premium advertising and tabs that lead to useless settings, which are not available in the free version\u003C\u002Fli>\n\u003Cli>Get rid of the strange ad on the category page\u003C\u002Fli>\n\u003Cli>Clean the page \u002F post editor screen from numerous premium ads that make the editor almost looking like an advertising board\u003C\u002Fli>\n\u003Cli>Option to load your own CSS into the WP Admin Area. The cutom admin CSS input runs with CodeMirror for an easier handling of the CSS input ( line numbers, color highlight, autocomplete). \u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Important: If you see new spam, PLEASE let us know!\u003C\u002Fstrong>\u003Cbr \u002F>\n    We do write updates once we know, that new spam occurs!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong>\u003Cbr \u002F>\n   The version after 2.7 does now work as well with YOAST SEO.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Add your custom css, to clean even more\u003C\u002Fh3>\n\u003Cp>You can add your own CSS to block other nags on the settings page. We intend to develop this part further with snippets for the most annoying plugin naggers out there.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>If you like that approach,\u003C\u002Fstrong>\u003Cbr \u002F>\n    please get involved and send uns your snippets. Via email or on the WordPress support page 🙂\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Simply stop the abusive admin nags from All in One SEO plugin and as well from YOAST Seo! Plus: Add your own CSS to the Admin Area.",5105,"2024-04-04T17:21:00.000Z","6.5.8","5.6","7.4",[137,98,138,139,22],"admin-css","custom-admin-css","no-nags","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-aioseop-nags.3.4.zip",92,{"attackSurface":143,"codeSignals":183,"taintFlows":213,"riskAssessment":239,"analyzedAt":252},{"hooks":144,"ajaxHandlers":179,"restRoutes":180,"shortcodes":181,"cronEvents":182,"entryPointCount":27,"unprotectedCount":27},[145,151,155,159,163,168,172,176],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","init","custom_referral_spam_block","custom-referral-spam-blocker.php",61,{"type":146,"name":152,"callback":153,"file":149,"line":154},"network_admin_menu","crsb_add_network_admin_menu",69,{"type":146,"name":156,"callback":157,"file":149,"line":158},"admin_menu","crsb_add_admin_menu",72,{"type":146,"name":160,"callback":161,"file":149,"line":162},"admin_init","crsb_settings_init",75,{"type":164,"name":165,"callback":166,"file":149,"line":167},"filter","http_request_timeout","curl_http_timeout_ex",156,{"type":146,"name":169,"callback":170,"file":149,"line":171},"network_admin_edit_csrb_network_admin_settings_post","save_network_settings_page",202,{"type":146,"name":173,"callback":174,"file":149,"line":175},"plugins_loaded","crsb_list_update",278,{"type":146,"name":173,"callback":177,"file":149,"line":178},"my_plugin_load_plugin_textdomain",328,[],[],[],[],{"dangerousFunctions":184,"sqlUsage":185,"outputEscaping":187,"fileOperations":81,"externalRequests":81,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":212},[],{"prepared":27,"raw":27,"locations":186},[],{"escaped":188,"rawEcho":14,"locations":189},11,[190,193,195,197,200,202,204,206,208,210],{"file":149,"line":191,"context":192},166,"raw output",{"file":149,"line":194,"context":192},183,{"file":149,"line":196,"context":192},213,{"file":198,"line":199,"context":192},"idna-convert\\example.php",114,{"file":198,"line":201,"context":192},115,{"file":198,"line":203,"context":192},116,{"file":198,"line":205,"context":192},117,{"file":198,"line":207,"context":192},121,{"file":198,"line":209,"context":192},122,{"file":198,"line":211,"context":192},123,[],[214],{"entryPoint":215,"graph":216,"unsanitizedCount":237,"severity":238},"\u003Cexample> (idna-convert\\example.php:0)",{"nodes":217,"edges":233},[218,222,227,231],{"id":219,"type":220,"label":221,"file":198,"line":199},"n0","source","$_SERVER['PHP_SELF'] (x2)",{"id":223,"type":224,"label":225,"file":198,"line":199,"wp_function":226},"n1","sink","echo() [XSS]","echo",{"id":228,"type":220,"label":229,"file":198,"line":230},"n2","$_REQUEST (x4)",20,{"id":232,"type":224,"label":225,"file":198,"line":201,"wp_function":226},"n3",[234,236],{"from":219,"to":223,"sanitized":235},false,{"from":228,"to":232,"sanitized":235},6,"low",{"summary":240,"deductions":241},"The plugin 'custom-referral-spam-blocker' v1.4.6 exhibits a generally good security posture, with no known critical or high-severity vulnerabilities in its history and a strong adherence to secure coding practices regarding SQL queries. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the attack surface, which is a positive indicator. However, the static analysis reveals some areas of concern that temper this positive outlook. Notably, the presence of unsanitized paths in the taint analysis, despite not reaching critical or high severity, suggests a potential for unintended file access or manipulation if exploited. Furthermore, the output escaping is only 52% proper, indicating a risk of cross-site scripting (XSS) vulnerabilities, especially if dynamic content is being outputted without sufficient sanitization. The file operations and external HTTP requests, while not inherently vulnerable, are entry points that require careful monitoring and secure implementation. Given the lack of historical vulnerabilities, it appears the developers have a generally good track record, but the static analysis flags specific areas for improvement to ensure a robust security posture.",[242,244,247,250],{"reason":243,"points":14},"Unsanitized paths found in taint analysis",{"reason":245,"points":246},"Low percentage of properly escaped output",8,{"reason":248,"points":249},"No capability checks found",5,{"reason":251,"points":249},"No nonce checks found","2026-03-16T20:01:14.232Z",{"wat":254,"direct":259},{"assetPaths":255,"generatorPatterns":256,"scriptPaths":257,"versionParams":258},[],[],[],[],{"cssClasses":260,"htmlComments":261,"htmlAttributes":262,"restEndpoints":263,"jsGlobals":264,"shortcodeOutput":265},[],[],[],[],[],[]]