[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frO1LZ_44DW7ctsFBu4Mi0xgDaOMwO0OhPK4QEzh4Spw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":58,"fingerprints":185},"ddev-find-replace","DDev Find Replace","1.0.0","Deep Khicher","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeepfitnessclub\u002F","\u003Cp>The Plugin is used for find and replace data from the desire content.\u003C\u002Fp>\n\u003Cp>It is used for remove break line, random line, add number in from of lines and remove whitespaces from content\u003C\u003C\u002Fp>\n\u003Cp>It is used for find and replace words from desire content. This shortcode data can store as preset. By using this shortcode you should logged in first. Subscriber user can’t use this shortcode\u003C\u003C\u002Fp>\n\u003Cp>This Shortcode is similer to above shortcode. The diffrent is handling preset dataa. This shortcode save preset on user computer so you not worry about your database.\u003C\u002Fp>\n","Find and replace with custom presets and also some other tools that can make your life easy. There are two shortcode that you can provide to your logg &hellip;",0,2511,"2020-06-11T04:48:00.000Z","5.4.19","5.2","7.0",[18,19,20],"add-numbers","find-replace","remove-break-line","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fddev-find-replace.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"deepfitnessclub",2,20,30,84,"2026-04-05T07:04:28.056Z",[35],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":21,"download_link":56,"security_score":57,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"easy-search-replace","Easy Search Replace – Find & Replace Text\u002FHTML\u002FURLs, Remove Footer Credit","1.1.2","Uzair","https:\u002F\u002Fprofiles.wordpress.org\u002Feasywpstuff\u002F","\u003Cp>The \u003Cstrong>Easy Search Replace\u003C\u002Fstrong> plugin lets you \u003Cstrong>find and replace\u003C\u002Fstrong> any text, HTML, or URL across your WordPress site in real time—without editing files or the database.\u003Cbr \u002F>\nIt’s the safest way to do \u003Cstrong>search and replace\u003C\u002Fstrong> on front-end output. Update branding, fix old links, or \u003Cstrong>remove footer credit\u003C\u002Fstrong> with a few clicks.\u003C\u002Fp>\n\u003Cp>Target replacements precisely with:\u003Cbr \u002F>\n– CSS selectors (e.g., \u003Ccode>.footer\u003C\u002Fcode>, \u003Ccode>#site-title\u003C\u002Fcode>, \u003Ccode>h2\u003C\u002Fcode>)\u003Cbr \u002F>\n– Post Types (Posts, Pages, CPTs)\u003Cbr \u002F>\n– Specific Post IDs (comma separated)\u003Cbr \u002F>\n– Exact URLs (one per line)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why it’s safe:\u003C\u002Fstrong>\u003Cbr \u002F>\nAll changes are applied dynamically at render time. Disable the plugin and your original content is unchanged.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Popular use cases\u003C\u002Fstrong>\u003Cbr \u002F>\n– Remove or replace theme footer credits.\u003Cbr \u002F>\n– Replace company names, links, or copyright lines.\u003Cbr \u002F>\n– Update outdated or HTTP\u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>HTTPS URLs.\u003Cbr \u002F>\n– Find\u002Freplace only inside specific HTML elements.\u003Cbr \u002F>\n– Limit changes to selected posts\u002Fpages\u002FURLs.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Real-time \u003Cstrong>search replace\u003C\u002Fstrong> and \u003Cstrong>find replace\u003C\u002Fstrong> for text, HTML, and URLs.  \u003C\u002Fli>\n\u003Cli>Remove footer credit or any unwanted text\u002Flink.  \u003C\u002Fli>\n\u003Cli>Optional \u003Cstrong>CSS selector\u003C\u002Fstrong> targeting (classes, IDs, tags).  \u003C\u002Fli>\n\u003Cli>Limit by \u003Cstrong>post type\u003C\u002Fstrong>, \u003Cstrong>post ID\u003C\u002Fstrong>, or \u003Cstrong>URL\u003C\u002Fstrong>.  \u003C\u002Fli>\n\u003Cli>Case-insensitive mode (Ignore Case).  \u003C\u002Fli>\n\u003Cli>Multiple rules, executed in order.  \u003C\u002Fli>\n\u003Cli>Lightweight: parses DOM only when selector rules exist.  \u003C\u002Fli>\n\u003Cli>Clean, simple settings UI.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Open \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Easy Search Replace\u003C\u002Fstrong>.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Find\u003C\u002Fstrong>: Enter text\u002FHTML\u002FURL to search.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Replace with\u003C\u002Fstrong>: Enter the replacement (leave empty to remove—great for footer credits).  \u003C\u002Fli>\n\u003Cli>\u003Cem>(Optional)\u003C\u002Fem> \u003Cstrong>CSS Selector\u003C\u002Fstrong> to restrict to specific elements (e.g., \u003Ccode>.site-footer\u003C\u002Fcode>, \u003Ccode>#main\u003C\u002Fcode>, \u003Ccode>h1\u003C\u002Fcode>).  \u003C\u002Fli>\n\u003Cli>\u003Cem>(Optional)\u003C\u002Fem> Limit by \u003Cstrong>Post Types\u003C\u002Fstrong>, \u003Cstrong>Post IDs\u003C\u002Fstrong>, or \u003Cstrong>URLs\u003C\u002Fstrong> (one per line).  \u003C\u002Fli>\n\u003Cli>Enable \u003Cstrong>Ignore Case\u003C\u002Fstrong> if needed.  \u003C\u002Fli>\n\u003Cli>Add multiple rules and \u003Cstrong>Save Changes\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Replace text globally\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Find: Old Company\u003Cbr \u002F>\nReplace: New Company\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove footer credit (selector-based)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Find: Powered by MyTheme\u003Cbr \u002F>\nReplace:\u003Cbr \u002F>\nSelector: .site-footer\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Replace URL site-wide\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Find: http:\u002F\u002Foldsite.com\u003Cbr \u002F>\nReplace: https:\u002F\u002Fnewsite.com\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Only on specific posts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Find: Coming Soon\u003Cbr \u002F>\nReplace: Launching Now\u003Cbr \u002F>\nPost IDs: 25,47,88\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Case-insensitive\u003C\u002Fstrong>\u003Cbr \u002F>\nEnable \u003Cstrong>Ignore Case\u003C\u002Fstrong> to match “WordPress”, “wordpress”, etc.\u003C\u002Fp>\n","Real-time search & replace for text, HTML, and URLs. Target elements, post types\u002FIDs\u002FURLs. Safely remove footer credit no database changes.",300,2697,86,3,"2025-11-10T13:57:00.000Z","6.8.5","5.0","7.2",[19,52,53,54,55],"find-and-replace","remove-footer-credit","search-and-replace","search-replace","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-search-replace.1.1.2.zip",100,{"attackSurface":59,"codeSignals":105,"taintFlows":125,"riskAssessment":175,"analyzedAt":184},{"hooks":60,"ajaxHandlers":71,"restRoutes":89,"shortcodes":90,"cronEvents":102,"entryPointCount":103,"unprotectedCount":104},[61,67],{"type":62,"name":63,"callback":64,"file":65,"line":66},"action","wp_enqueue_scripts","ddev_enqueue","ddev-find-replace.php",54,{"type":62,"name":68,"callback":69,"file":65,"line":70},"admin_menu","ddev_register_custom_page",59,[72,77,81,85],{"action":73,"nopriv":74,"callback":75,"hasNonce":74,"hasCapCheck":74,"file":65,"line":76},"get_preset",false,"ddev_get_preset",55,{"action":78,"nopriv":74,"callback":79,"hasNonce":74,"hasCapCheck":74,"file":65,"line":80},"get_all_presets","ddev_get_all_presets",56,{"action":82,"nopriv":74,"callback":83,"hasNonce":74,"hasCapCheck":74,"file":65,"line":84},"save_preset","ddev_save_preset",57,{"action":86,"nopriv":74,"callback":87,"hasNonce":74,"hasCapCheck":74,"file":65,"line":88},"delete_preset","ddev_delete_preset",58,[],[91,95,98],{"tag":92,"callback":93,"file":65,"line":94},"remove-replace","ddev_remove_replace",67,{"tag":19,"callback":96,"file":65,"line":97},"ddev_find_replace",68,{"tag":99,"callback":100,"file":65,"line":101},"find-replace-local","ddev_find_replace_local",69,[],7,4,{"dangerousFunctions":106,"sqlUsage":107,"outputEscaping":116,"fileOperations":11,"externalRequests":11,"nonceChecks":29,"capabilityChecks":104,"bundledLibraries":124},[],{"prepared":108,"raw":29,"locations":109},5,[110,114],{"file":111,"line":112,"context":113},"uninstall.php",11,"$wpdb->query() with variable interpolation",{"file":111,"line":115,"context":113},12,{"escaped":115,"rawEcho":29,"locations":117},[118,122],{"file":119,"line":120,"context":121},"admin\\pages\\menu-page.php",117,"raw output",{"file":119,"line":123,"context":121},206,[],[126,145,153,167],{"entryPoint":127,"graph":128,"unsanitizedCount":11,"severity":144},"ddev_delete_preset (inc\\ajax\\delete-preset.php:4)",{"nodes":129,"edges":141},[130,135],{"id":131,"type":132,"label":133,"file":134,"line":112},"n0","source","$_POST","inc\\ajax\\delete-preset.php",{"id":136,"type":137,"label":138,"file":134,"line":139,"wp_function":140},"n1","sink","query() [SQLi]",28,"query",[142],{"from":131,"to":136,"sanitized":143},true,"low",{"entryPoint":146,"graph":147,"unsanitizedCount":11,"severity":144},"\u003Cdelete-preset> (inc\\ajax\\delete-preset.php:0)",{"nodes":148,"edges":151},[149,150],{"id":131,"type":132,"label":133,"file":134,"line":112},{"id":136,"type":137,"label":138,"file":134,"line":139,"wp_function":140},[152],{"from":131,"to":136,"sanitized":143},{"entryPoint":154,"graph":155,"unsanitizedCount":11,"severity":144},"ddev_get_preset (inc\\ajax\\get-preset.php:4)",{"nodes":156,"edges":165},[157,161],{"id":131,"type":132,"label":158,"file":159,"line":160},"$_GET","inc\\ajax\\get-preset.php",10,{"id":136,"type":137,"label":162,"file":159,"line":163,"wp_function":164},"get_results() [SQLi]",24,"get_results",[166],{"from":131,"to":136,"sanitized":143},{"entryPoint":168,"graph":169,"unsanitizedCount":11,"severity":144},"\u003Cget-preset> (inc\\ajax\\get-preset.php:0)",{"nodes":170,"edges":173},[171,172],{"id":131,"type":132,"label":158,"file":159,"line":160},{"id":136,"type":137,"label":162,"file":159,"line":163,"wp_function":164},[174],{"from":131,"to":136,"sanitized":143},{"summary":176,"deductions":177},"The 'ddev-find-replace' plugin version 1.0.0 presents a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests. Its SQL queries are largely protected with prepared statements, and output escaping is robust, with only a small percentage of outputs potentially unescaped. The absence of known vulnerabilities in its history is also a strong positive indicator of its current security. \n\nHowever, a significant concern arises from its attack surface. The plugin exposes four AJAX handlers that lack authentication checks, creating a substantial entry point for unauthorized actions. While the taint analysis found no issues, the presence of unprotected AJAX handlers means that if any user input is processed by these handlers without proper sanitization or capability checks, it could lead to vulnerabilities. The plugin also includes nonce checks, but their presence on only two entry points and the existence of four unprotected AJAX handlers suggest an incomplete security implementation for its interactive components. \n\nIn conclusion, while 'ddev-find-replace' v1.0.0 benefits from a clean vulnerability history and good practices in areas like SQL and output sanitization, the four unprotected AJAX handlers represent a critical weakness that could be exploited. Further investigation into how these handlers process data and the implementation of appropriate authentication and capability checks are highly recommended to mitigate this risk.",[178,180,182],{"reason":179,"points":160},"Unprotected AJAX handlers",{"reason":181,"points":108},"Incomplete nonce checks on entry points",{"reason":183,"points":46},"Potential unescaped outputs","2026-03-17T06:37:21.458Z",{"wat":186,"direct":199},{"assetPaths":187,"generatorPatterns":192,"scriptPaths":193,"versionParams":194},[188,189,190,191],"\u002Fwp-content\u002Fplugins\u002Fddev-find-replace\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fddev-find-replace\u002Fassets\u002Fcss\u002Fbootstrap.css","\u002Fwp-content\u002Fplugins\u002Fddev-find-replace\u002Fassets\u002Fjs\u002Ffind-replace.js","\u002Fwp-content\u002Fplugins\u002Fddev-find-replace\u002Fassets\u002Fjs\u002Fmain.js",[],[190,191],[195,196,197,198],"ddev-find-replace\u002Fassets\u002Fcss\u002Fstyle.css?ver=","ddev-find-replace\u002Fassets\u002Fcss\u002Fbootstrap.css?ver=","ddev-find-replace\u002Fassets\u002Fjs\u002Ffind-replace.js?ver=","ddev-find-replace\u002Fassets\u002Fjs\u002Fmain.js?ver=",{"cssClasses":200,"htmlComments":205,"htmlAttributes":206,"restEndpoints":209,"jsGlobals":214,"shortcodeOutput":216},[201,202,203,204],"ddev-fr-main-style","ddev-fr-bootstrap","ddev-fr-find-replace-script","ddev-fr-main-script",[],[207,208],"data-bs-toggle","data-bs-target",[210,211,212,213],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fget_preset","\u002Fwp-json\u002Fwp\u002Fv2\u002Fget_all_presets","\u002Fwp-json\u002Fwp\u002Fv2\u002Fsave_preset","\u002Fwp-json\u002Fwp\u002Fv2\u002Fdelete_preset",[215],"ajax_obj",[217,218,219],"[remove-replace]","[find-replace]","[find-replace-local]"]