[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fG84Sd_xl7LTttrVaAGNC4aB3NhgHGL05zz3kTev3MNg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":53,"analysis":164,"fingerprints":255},"custom-top-bar","Custom top bar","2.1","Suman Biswas","https:\u002F\u002Fprofiles.wordpress.org\u002Fsumanbiswas013\u002F","\u003Cp>You can easily customize page top bar with background color,contact number social links and a custom button\u003C\u002Fp>\n\u003Cp>By this plugin you can add \u002F modify your social links with image.\u003Cbr \u002F>\nThis social links will be display in top bar section.\u003C\u002Fp>\n\u003Cp>You can easily enable \u002F disable the top bar from back end.\u003Cbr \u002F>\nYou can customize the background color.\u003Cbr \u002F>\nYou can show \u002F hide contact number.\u003Cbr \u002F>\nYou can show \u002F hide email address.\u003Cbr \u002F>\nYou can show \u002F hide contact number.\u003Cbr \u002F>\nYou can show \u002F hide default admin bar.\u003C\u002Fp>\n\u003Ch3>A brief Markdown Example\u003C\u002Fh3>\n","You can easily customize page top bar with background color,contact number social links and a custom buttom",50,8110,60,2,"2026-01-30T16:18:00.000Z","6.9.4","3.0.1","",[20,21,22,23,24],"colorfull-topbar","customize-header-bar","hide-admin-bar","social-links","top-bar","http:\u002F\u002Fdevelopersuman.orgfree.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-top-bar.2.1.zip",79,1,"2025-03-11 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-28895","custom-top-bar-cross-site-request-forgery-to-stored-cross-site-scripting","Custom top bar \u003C= 2.0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting","The Custom top bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.0.2","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-03-17 14:54:25",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb415f998-b0e5-4f22-817c-02bfdc0c405d?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":13,"avg_security_score":49,"avg_patch_time_days":50,"trust_score":51,"computed_at":52},"sumanbiswas013",3,93,30,89,"2026-04-04T15:22:24.679Z",[54,76,101,122,142],{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":18,"tags":68,"homepage":73,"download_link":74,"security_score":75,"vuln_count":64,"unpatched_count":64,"last_vuln_date":37,"fetched_at":30},"admin-bar-manager","Admin Bar Manager","1.0","soji89","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoji89\u002F","\u003Cp>The Plugin Provides An Option To Users To Hide the Admin Bar From All Users Or Only From Non-Admin Users.\u003C\u002Fp>\n","The Plugin Provides An Option To Users To Hide the Admin Bar From All Users Or Only From Non-Admin Users.",10,1478,0,"2016-09-19T08:39:00.000Z","4.6.30","3.1",[69,70,71,22,72],"admin-bar","adminbar","dashboard","hide-top-bar","http:\u002F\u002Fwww.soji.in","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-bar-manager.zip",85,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":16,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":96,"download_link":97,"security_score":98,"vuln_count":99,"unpatched_count":64,"last_vuln_date":100,"fetched_at":30},"wpfront-notification-bar","WPFront Notification Bar","3.5.1","Syam Mohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyammohanm\u002F","\u003Cp>Want to display a notification about a promotion or a news? WPFront Notification Bar plugin lets you do that easily.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwpfront.com\u002Fnotification-bar-pro\u002F\" rel=\"nofollow ugc\">Upgrade to PRO\u003C\u002Fa> to create multiple bars and to use advanced editor.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Display a \u003Cstrong>message\u003C\u002Fstrong> with a \u003Cstrong>button\u003C\u002Fstrong> (optional).\u003C\u002Fli>\n\u003Cli>Processes \u003Cstrong>shortcodes\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Button will \u003Cstrong>open a URL\u003C\u002Fstrong> or \u003Cstrong>execute JavaScript\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Position\u003C\u002Fstrong> the bar on \u003Cstrong>top\u003C\u002Fstrong> or \u003Cstrong>bottom\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Can be \u003Cstrong>fixed at position\u003C\u002Fstrong> (Sticky Bar).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Display on Scroll\u003C\u002Fstrong> option.\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>any height\u003C\u002Fstrong> you want.\u003C\u002Fli>\n\u003Cli>Set the number of \u003Cstrong>seconds before\u003C\u002Fstrong> the \u003Cstrong>bar appears\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Display a \u003Cstrong>close button\u003C\u002Fstrong> for the visitor.\u003C\u002Fli>\n\u003Cli>Set the number of \u003Cstrong>seconds before auto close\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Colors\u003C\u002Fstrong> are fully \u003Cstrong>customizable\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Display a \u003Cstrong>Reopen Button\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select the pages\u002Fposts\u003C\u002Fstrong> you want to display the notification.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Select the user roles\u003C\u002Fstrong> you want to display the notification.\u003C\u002Fli>\n\u003Cli>Set \u003Cstrong>Start\u003C\u002Fstrong> and \u003Cstrong>End dates\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Hide in \u003Cstrong>Small Devices\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit \u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fwordpress-plugins\u002Fnotification-bar-plugin\u002Fwpfront-notification-bar-troubleshooting\u002F\" rel=\"nofollow ugc\">WPFront Notification Bar Troubleshooting\u003C\u002Fa> page for troubleshooting steps.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Fwpfront.com\u002Fnotification-bar-plugin-settings\u002F\" rel=\"nofollow ugc\">WPFront Notification Bar Settings\u003C\u002Fa> page for detailed option descriptions.\u003C\u002Fp>\n","Easily lets you create a bar on top or bottom to display a notification.",50000,1044538,90,131,"2025-12-02T16:51:00.000Z","5.0","7.0",[92,93,94,24,95],"bottom-bar","notification","notification-bar","wordpress-notification-bar","http:\u002F\u002Fwpfront.com\u002Fnotification-bar-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpfront-notification-bar.3.5.1.zip",99,4,"2024-03-25 00:00:00",{"slug":22,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":113,"requires_at_least":67,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":64,"unpatched_count":64,"last_vuln_date":37,"fetched_at":30},"Hide Admin Bar","1.0.2","David Vongries","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidvongries\u002F","\u003Cp>Hides the Admin Bar in WordPress 3.1+.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New! You can now hide the WordPress admin bar for specific user roles!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>What’s next?\u003C\u002Fh3>\n\u003Cp>If you like Hide Admin Bar, you will love our other, free WordPress products:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fbetteradminbar.com\u002F?utm_source=hide_admin_bar&utm_medium=repository&utm_campaign=bab\" rel=\"nofollow ugc\">Better Admin Bar\u003C\u002Fa>\u003C\u002Fstrong> – The plugin to make your clients enjoy WordPress. It replaces the default admin bar to provide the best possible user experience when editing & navigating a website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwp-pagebuilderframework.com\u002F?utm_source=hide_admin_bar&utm_medium=repository&utm_campaign=wpbf\" rel=\"nofollow ugc\">Page Builder Framework\u003C\u002Fa>\u003C\u002Fstrong> – A fast & minimalistic WordPress theme designed for the new WordPress era.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fultimatedashboard.io\u002F?utm_source=hide_admin_bar&utm_medium=repository&utm_campaign=udb\" rel=\"nofollow ugc\">Ultimate Dashboard\u003C\u002Fa>\u003C\u002Fstrong> – The #1 WordPress plugin to customize your WordPress dashboard and admin area.\u003C\u002Fli>\n\u003C\u002Ful>\n","Hide the Admin Bar in WordPress 3.1+.",20000,808109,88,29,"2025-11-04T09:02:00.000Z","6.8.5","5.6",[116,69,117,118,22],"admin","hidden","hide","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-admin-bar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-admin-bar.1.0.2.zip",100,{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":108,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":16,"requires_at_least":134,"requires_php":114,"tags":135,"homepage":139,"download_link":140,"security_score":121,"vuln_count":28,"unpatched_count":64,"last_vuln_date":141,"fetched_at":30},"hide-admin-bar-based-on-user-roles","Hide Admin Bar Based on User Roles","7.1.0","Ankit Panchal","https:\u002F\u002Fprofiles.wordpress.org\u002Fankitmaru\u002F","\u003Cp>\u003Cstrong>Hide Admin Bar Based On User Roles\u003C\u002Fstrong> gives you complete control over who sees the WordPress toolbar.\u003C\u002Fp>\n\u003Cp>Whether you are running a membership site, a WooCommerce store, or simply want a cleaner frontend for your subscribers, this plugin lets you hide the admin bar with precision — by role, capability, device, page, or time. Stop exposing backend links to users who don’t need them.\u003C\u002Fp>\n\u003Cp>The plugin is lightweight, developer-friendly, and works immediately upon activation — no configuration required to get started.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F25WBldgArAk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F_BAwxGVnKNY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Simple but great plugin. 🙂\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-but-great-plugin-12\u002F\" rel=\"ugc\">wptoolsdev\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Works flawlessly! 🙂\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fworks-flawlessly-129\u002F\" rel=\"ugc\">thebrazeneye\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>🚀 Key Features (Free)\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hide for All Users:\u003C\u002Fstrong> Completely remove the admin bar from the frontend for everyone.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hide for Guests:\u003C\u002Fstrong> Ensure non-logged-in visitors never see the toolbar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role-Based Hiding:\u003C\u002Fstrong> Select specific roles (e.g., Subscriber, Customer, Editor) to hide the bar for.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Capability-Based Hiding:\u003C\u002Fstrong> Hide the bar based on WordPress capabilities (e.g., hide for anyone who cannot \u003Ccode>manage_options\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Fast:\u003C\u002Fstrong> Zero bloat — no external requests, no database overhead on the frontend.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🏆 Premium Features (Pro)\u003C\u002Fh3>\n\u003Cp>Unlock advanced visibility logic with the \u003Ca href=\"https:\u002F\u002Fpluginstack.dev\u002Fplugins\u002Fhide-admin-bar-pro\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa>:\u003Cbr \u002F>\n* \u003Cstrong>Page-Based Targeting:\u003C\u002Fstrong> Show or hide the admin bar only on specific URLs, post types, or page templates.\u003Cbr \u002F>\n* \u003Cstrong>Device Detection:\u003C\u002Fstrong> Hide the toolbar on Mobile or Tablet to save screen space, while keeping it on Desktop.\u003Cbr \u002F>\n* \u003Cstrong>Per-User Overrides:\u003C\u002Fstrong> Manually force the admin bar to show or hide for individual user accounts.\u003Cbr \u002F>\n* \u003Cstrong>Time-Based Visibility:\u003C\u002Fstrong> Automatically hide the bar during specific hours of the day.\u003Cbr \u002F>\n* \u003Cstrong>Smart Redirects:\u003C\u002Fstrong> Redirect users to the homepage or a custom URL when they try to access the backend.\u003Cbr \u002F>\n* \u003Cstrong>Inactivity Auto-Hide:\u003C\u002Fstrong> Automatically slide the toolbar away after a configurable period of inactivity.\u003Cbr \u002F>\n* \u003Cstrong>Import \u002F Export Settings:\u003C\u002Fstrong> Back up and migrate your configuration across sites in one click.\u003C\u002Fp>\n\u003Ch3>You can check our other plugins:\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimakit-for-wp\u002F\" rel=\"ugc\">All-in-One WordPress Toolkit for SEO, Security, Customization, and Performance\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flike-dislike-for-wp\u002F\" rel=\"ugc\">Like Dislike For WP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-block-editor-fullscreen-mode\u002F\" rel=\"ugc\">Disable Block Editor FullScreen mode\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnoteflow\u002F\" rel=\"ugc\">NoteFlow – Smart Notes Manager for WordPress Admin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n","Hide the WordPress Admin Bar for specific user roles, capabilities, devices, pages, or time windows. The ultimate toolbar control plugin for membershi &hellip;",762894,78,20,"2026-02-24T15:00:00.000Z","5.5",[69,136,22,137,138],"admin-toolbar","toolbar","user-roles","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-admin-bar-based-on-user-roles\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-admin-bar-based-on-user-roles.7.1.0.zip","2022-02-21 00:00:00",{"slug":143,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":108,"downloaded":150,"rating":86,"num_ratings":151,"last_updated":152,"tested_up_to":16,"requires_at_least":153,"requires_php":154,"tags":155,"homepage":160,"download_link":161,"security_score":162,"vuln_count":14,"unpatched_count":64,"last_vuln_date":163,"fetched_at":30},"powerkit","Powerkit – Supercharge your WordPress Site","3.0.4","codesupplyco","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodesupplyco\u002F","\u003Cp>We’ve been developing \u003Ca href=\"https:\u002F\u002Fcodesupply.co\" rel=\"nofollow ugc\">premium WordPress themes\u003C\u002Fa> for a few years and have always been lacking essentials things in the WordPress core.\u003C\u002Fp>\n\u003Cp>There’re numerous plugins in the WordPress repository, however if you install them all, there’s inconsistency in their backend and frontend styles and possible plugin conflicts.\u003C\u002Fp>\n\u003Cp>That’s why we created Powerkit, essentials components for every WordPress blog or magazine.\u003C\u002Fp>\n\u003Cp>Components have modular structure and can be enabled or disabled with a single click. They have been thoroughly tested and play well together.\u003C\u002Fp>\n\u003Ch3>Social Integrations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Share Buttons\u003C\u002Fli>\n\u003Cli>Social Links\u003C\u002Fli>\n\u003Cli>Facebook Integration\u003C\u002Fli>\n\u003Cli>Pinterest Integration\u003C\u002Fli>\n\u003Cli>Twitter Integration\u003C\u002Fli>\n\u003Cli>Instagram Integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Marketing\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Opt-In Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Content Presentation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Basic Shortcodes\u003C\u002Fli>\n\u003Cli>Justified Gallery\u003C\u002Fli>\n\u003Cli>Slider Gallery\u003C\u002Fli>\n\u003Cli>Lightbox\u003C\u002Fli>\n\u003Cli>Typekit Fonts\u003C\u002Fli>\n\u003Cli>Custom Fonts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Image Optimization\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Retina Images\u003C\u002Fli>\n\u003Cli>Lazyload\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Utilities\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Contributors Widget\u003C\u002Fli>\n\u003Cli>Author Widget\u003C\u002Fli>\n\u003Cli>Featured Posts Widget\u003C\u002Fli>\n\u003Cli>Scroll To Top Button\u003C\u002Fli>\n\u003C\u002Ful>\n","Essential components for every WordPress site: share buttons, social links, social media integrations, galleries, lazyload, custom widgets, and more.",876126,14,"2025-12-03T14:00:00.000Z","4.0","5.4",[156,157,158,159,23],"gallery","lazyload","share-buttons","slider","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpowerkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpowerkit.3.0.4.zip",98,"2024-04-05 00:00:00",{"attackSurface":165,"codeSignals":211,"taintFlows":219,"riskAssessment":248,"analyzedAt":254},{"hooks":166,"ajaxHandlers":207,"restRoutes":208,"shortcodes":209,"cronEvents":210,"entryPointCount":64,"unprotectedCount":64},[167,172,175,179,183,187,191,194,198,202],{"type":168,"name":169,"callback":170,"file":171,"line":50},"action","wp_head","ctb_include_styles","top-bar.php",{"type":168,"name":169,"callback":173,"file":171,"line":174},"ctb_include_bar",31,{"type":168,"name":176,"callback":177,"file":171,"line":178},"init","ctb_create_social_post",32,{"type":168,"name":180,"callback":181,"file":171,"line":182},"add_meta_boxes","ctb_social_post_meta_box",33,{"type":168,"name":184,"callback":185,"priority":62,"file":171,"line":186},"save_post","ctb_save_social_link_meta_vale",34,{"type":168,"name":188,"callback":189,"file":171,"line":190},"admin_head-post-new.php","ctb_change_thumbnail_html",35,{"type":168,"name":192,"callback":189,"file":171,"line":193},"admin_head-post.php",36,{"type":168,"name":195,"callback":196,"file":171,"line":197},"admin_menu","ctb_register_fallback_page",37,{"type":168,"name":199,"callback":200,"file":171,"line":201},"admin_enqueue_scripts","ctb_include_Colorpicker",38,{"type":203,"name":204,"callback":205,"file":171,"line":206},"filter","admin_post_thumbnail_html","ctb_do_thumb",119,[],[],[],[],{"dangerousFunctions":212,"sqlUsage":213,"outputEscaping":215,"fileOperations":64,"externalRequests":64,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":218},[],{"prepared":64,"raw":64,"locations":214},[],{"escaped":216,"rawEcho":64,"locations":217},59,[],[],[220],{"entryPoint":221,"graph":222,"unsanitizedCount":64,"severity":247},"\u003Csetting> (setting.php:0)",{"nodes":223,"edges":243},[224,229,235,238],{"id":225,"type":226,"label":227,"file":228,"line":174},"n0","source","$_POST (x12)","setting.php",{"id":230,"type":231,"label":232,"file":228,"line":233,"wp_function":234},"n1","sink","update_option() [Settings Manipulation]",44,"update_option",{"id":236,"type":226,"label":237,"file":228,"line":190},"n2","$_POST (x7)",{"id":239,"type":231,"label":240,"file":228,"line":241,"wp_function":242},"n3","echo() [XSS]",103,"echo",[244,246],{"from":225,"to":230,"sanitized":245},true,{"from":236,"to":239,"sanitized":245},"low",{"summary":249,"deductions":250},"The \"custom-top-bar\" plugin v2.1 exhibits a generally strong security posture based on the static analysis.  It demonstrates excellent adherence to best practices, with 100% of SQL queries using prepared statements and all output being properly escaped.  The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced attack surface.  The presence of nonce and capability checks, even with a limited entry point analysis, is a positive sign.\n\nHowever, the plugin is not without risk, primarily due to its vulnerability history. A known medium severity CVE exists and is currently unpatched, indicating a potential for exploitation. The previous vulnerability also being a CSRF suggests a pattern that could be exploited by attackers to trick authenticated users into performing unintended actions. While the static analysis reveals no immediate critical or high-severity code-level issues, the unpatched CVE represents a significant and known risk that needs immediate attention.\n\nIn conclusion, while the code quality and adherence to secure coding practices in v2.1 are commendable, the presence of an unpatched medium severity CVE drastically lowers the overall security score. This unaddressed vulnerability is the most pressing concern, overshadowing the positive aspects of the static analysis. Users should prioritize updating to a patched version of this plugin or disabling it if no fix is available.",[251],{"reason":252,"points":253},"Unpatched Medium Severity CVE",15,"2026-03-16T21:59:34.813Z",{"wat":256,"direct":263},{"assetPaths":257,"generatorPatterns":259,"scriptPaths":260,"versionParams":261},[258],"\u002Fwp-content\u002Fplugins\u002Fcustom-top-bar\u002Fcss\u002Fbar.css",[],[],[262],"custom-top-bar\u002Fcss\u002Fbar.css?ver=2.1",{"cssClasses":264,"htmlComments":265,"htmlAttributes":266,"restEndpoints":269,"jsGlobals":270,"shortcodeOutput":272},[],[],[267,268],"id=\"top_bar_color\"","id=\"text_color\"",[],[271],"jQuery",[]]