[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPUbF8epKzgaMCqCODLtN_36cM70Ag4OmDer8cI2xfXQ":3,"$fWlFOkP61si4BSpS5tKi-gkDKwuKqbd-cqHzQeDeHUSM":332,"$f8ks1D7YiaAqRNhTY-5TI6J_CcvRe0mxcmZjjMKNWGBQ":336},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":36,"analysis":135,"fingerprints":315},"debogger","Debogger","0.71","Simon Prosser","https:\u002F\u002Fprofiles.wordpress.org\u002Fpross\u002F","\u003Cp>Debugging tool for theme authors and reviewers.\u003C\u002Fp>\n\u003Cp>This tool intercepts all debug information and prints it all out neatly into the footer. It also checks each page for W3C validation.\u003Cbr \u002F>\nThis plugin is released as a tool to aid the development of themes and plugins for WordPress and can be used to aid debugging your theme before submission to the themes directory.\u003C\u002Fp>\n","Debugging tool for theme authors and reviewers.",10,10170,0,"2010-11-15T19:30:00.000Z","3.1.4","3.0","",[19,20],"debug","template","http:\u002F\u002Fwww.pross.org.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebogger.0.71.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"pross",6,6060,86,30,84,"2026-05-20T01:12:42.047Z",[37,61,81,100,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":17,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":13,"last_vuln_date":60,"fetched_at":25},"which-template-file","which template file","5.2.0","gilles66","https:\u002F\u002Fprofiles.wordpress.org\u002Fgilles66\u002F","\u003Cp>Need to know which template is used by WordPress to display your pages in the front office ?\u003Cbr \u002F>\nThis plugin simply does this.\u003C\u002Fp>\n\u003Cp>Show the name of the php file of your theme used to display the current page.Need to know which template is used by WordPress to display your pages in the front office ?\u003Cbr \u002F>\nThis plugin simply does this.\u003C\u002Fp>\n\u003Cp>Efficient and very easy to install, it will show you in the admin bar the name of the php file currently used to display the current page.\u003Cbr \u002F>\nThe color of the text is different regarding the origin of the template(the theme, a parent theme, or a plugin)\u003Cbr \u002F>\n(icon author :http:\u002F\u002Fwww.megaicons.net\u002Ficonspack-1096\u002F45043\u002F)\u003C\u002Fp>\n","Show the name of the php file of your theme used to display the current page.",4000,54868,100,4,"2025-02-02T14:14:00.000Z","6.7.5","3.3.0","5.6",[54,19,20,55,56],"adminbar","toolbar","tpl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhich-template-file.5.2.0.zip",91,2,"2023-11-29 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":47,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"what-template","What Template","0.1","Brian Alexander","https:\u002F\u002Fprofiles.wordpress.org\u002Fironprogrammer\u002F","\u003Cp>Adds the current page’s template name to the admin bar.\u003C\u002Fp>\n\u003Cp>Because this plugin reveals potentially sensitive information about the active theme, it is recommended for development environments only, and should not be enabled on a production site.\u003C\u002Fp>\n","Adds the current page's template name to the admin bar.",1000,22481,3,"2024-07-19T20:49:00.000Z","6.6.5","3.1",[76,19,77,20],"admin-bar","development","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwhat-template\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-template.0.1.2.zip",92,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":47,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":17,"tags":95,"homepage":98,"download_link":99,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"what-template-am-i-using","What Template Am I Using","0.2.0","webdeveric","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdeveric\u002F","\u003Cp>This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.\u003C\u002Fp>\n\u003Cp>The info is only displayed for users that have the edit_theme_options capability.\u003C\u002Fp>\n\u003Cp>Information displayed:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Current template\u003C\u002Fli>\n\u003Cli>General Information (post type, are you on the front page, etc.)\u003C\u002Fli>\n\u003Cli>Additional files used. For example, header.php or footer.php\u003C\u002Fli>\n\u003Cli>What sidebars are being used and what widgets are in them.\u003C\u002Fli>\n\u003Cli>List of enqueued scripts and styles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>This plugin is intended for use by theme developers and it requires a standards compliant browser. This plugin will not work in IE8 or below.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.",9256,96,13,"2015-12-08T05:17:00.000Z","4.4.0","3.1.0",[19,96,20,97],"server-information","theme-development","http:\u002F\u002Fphplug.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-template-am-i-using.0.2.0.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":47,"num_ratings":71,"last_updated":110,"tested_up_to":111,"requires_at_least":16,"requires_php":17,"tags":112,"homepage":116,"download_link":117,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"dp-debug-menu","DP Debug Menu","1.0.1","Dan-Lucian Stefancu","https:\u002F\u002Fprofiles.wordpress.org\u002Fde-ce\u002F","\u003Cp>A fast\u002Fsmall debugger integrated into the WordPress Admin Bar, made for identifying the template used for displaying current page.\u003C\u002Fp>\n\u003Cp>It was built for fast debugging old projects or other people’s work.\u003C\u002Fp>\n\u003Cp>It adds some other  potentially useful informations in the dropdown list:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>the current theme (useful for child themes)\u003C\u002Fli>\n\u003Cli>total queries on current page\u003C\u002Fli>\n\u003Cli>execution time\u003C\u002Fli>\n\u003C\u002Ful>\n","Quickly shows the template used for current page, number of queries, and execution time for PHP code.",40,3687,"2021-02-10T11:13:00.000Z","5.6.17",[19,113,114,115,20],"debugger","menu","queries","https:\u002F\u002Fdreamproduction.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdp-debug-menu.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":33,"downloaded":126,"rating":47,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":17,"tags":131,"homepage":133,"download_link":134,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"debug-bar-post-meta","Debug Bar Post Meta","0.5.8","Jake Spurlock","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhyisjake\u002F","\u003Cp>This plugin will show you what post meta is attached to the main post.\u003C\u002Fp>\n","Adds a post meta panel for displaying all of the post meta.",6148,1,"2020-08-18T23:31:00.000Z","5.5.18","3.4",[19,20,132],"trace","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdebug-bar-template-trace\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar-post-meta.zip",{"attackSurface":136,"codeSignals":175,"taintFlows":217,"riskAssessment":306,"analyzedAt":314},{"hooks":137,"ajaxHandlers":171,"restRoutes":172,"shortcodes":173,"cronEvents":174,"entryPointCount":13,"unprotectedCount":13},[138,145,149,153,156,159,163,167],{"type":139,"name":140,"callback":141,"priority":142,"file":143,"line":144},"action","init","bog_debug",5,"debog.php",12,{"type":139,"name":146,"callback":147,"file":143,"line":148},"admin_footer","bog_footer",14,{"type":139,"name":150,"callback":151,"file":143,"line":152},"admin_head","bog_head",15,{"type":139,"name":154,"callback":147,"file":143,"line":155},"wp_footer",17,{"type":139,"name":157,"callback":151,"file":143,"line":158},"wp_head",18,{"type":160,"name":154,"callback":161,"file":143,"line":162},"filter","memory",20,{"type":139,"name":164,"callback":165,"file":143,"line":166},"admin_init","debogoptions_init",306,{"type":139,"name":168,"callback":169,"file":143,"line":170},"admin_menu","debogoptions_add_page",307,[],[],[],[],{"dangerousFunctions":176,"sqlUsage":177,"outputEscaping":179,"fileOperations":59,"externalRequests":127,"nonceChecks":127,"capabilityChecks":71,"bundledLibraries":216},[],{"prepared":13,"raw":13,"locations":178},[],{"escaped":71,"rawEcho":155,"locations":180},[181,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214],{"file":143,"line":182,"context":183},26,"raw output",{"file":143,"line":185,"context":183},154,{"file":143,"line":187,"context":183},159,{"file":143,"line":189,"context":183},164,{"file":143,"line":191,"context":183},169,{"file":143,"line":193,"context":183},172,{"file":143,"line":195,"context":183},175,{"file":143,"line":197,"context":183},180,{"file":143,"line":199,"context":183},181,{"file":143,"line":201,"context":183},184,{"file":143,"line":203,"context":183},185,{"file":143,"line":205,"context":183},199,{"file":143,"line":207,"context":183},330,{"file":143,"line":209,"context":183},333,{"file":143,"line":211,"context":183},334,{"file":143,"line":213,"context":183},338,{"file":143,"line":215,"context":183},339,[],[218,257],{"entryPoint":219,"graph":220,"unsanitizedCount":127,"severity":256},"bog_footer (debog.php:102)",{"nodes":221,"edges":249},[222,226,231,235,237,240,244],{"id":223,"type":224,"label":225,"file":143,"line":187},"n0","source","$_SERVER['REQUEST_URI'] (x3)",{"id":227,"type":228,"label":229,"file":143,"line":187,"wp_function":230},"n1","sink","echo() [XSS]","echo",{"id":232,"type":224,"label":233,"file":143,"line":234},"n2","$_SERVER",136,{"id":236,"type":228,"label":229,"file":143,"line":193,"wp_function":230},"n3",{"id":238,"type":224,"label":233,"file":143,"line":239},"n4",139,{"id":241,"type":242,"label":243,"file":143,"line":239},"n5","transform","→ bog_check_()",{"id":245,"type":228,"label":246,"file":143,"line":247,"wp_function":248},"n6","file_get_contents() [SSRF\u002FLFI]",241,"file_get_contents",[250,252,253,255],{"from":223,"to":227,"sanitized":251},true,{"from":232,"to":236,"sanitized":251},{"from":238,"to":241,"sanitized":254},false,{"from":241,"to":245,"sanitized":254},"medium",{"entryPoint":258,"graph":259,"unsanitizedCount":59,"severity":256},"\u003Cdebog> (debog.php:0)",{"nodes":260,"edges":296},[261,262,263,264,265,267,271,273,278,280,282,284,286,288,291,294],{"id":223,"type":224,"label":225,"file":143,"line":187},{"id":227,"type":228,"label":229,"file":143,"line":187,"wp_function":230},{"id":232,"type":224,"label":233,"file":143,"line":234},{"id":236,"type":228,"label":229,"file":143,"line":193,"wp_function":230},{"id":238,"type":224,"label":233,"file":143,"line":266},171,{"id":241,"type":228,"label":268,"file":143,"line":269,"wp_function":270},"wp_remote_get() [SSRF]",236,"wp_remote_get",{"id":245,"type":224,"label":272,"file":143,"line":266},"$_SERVER (x2)",{"id":274,"type":228,"label":275,"file":143,"line":276,"wp_function":277},"n7","file_put_contents() [File Write]",239,"file_put_contents",{"id":279,"type":224,"label":233,"file":143,"line":266},"n8",{"id":281,"type":228,"label":246,"file":143,"line":247,"wp_function":248},"n9",{"id":283,"type":224,"label":233,"file":143,"line":239},"n10",{"id":285,"type":242,"label":243,"file":143,"line":239},"n11",{"id":287,"type":228,"label":246,"file":143,"line":247,"wp_function":248},"n12",{"id":289,"type":224,"label":233,"file":143,"line":290},"n13",248,{"id":292,"type":242,"label":293,"file":143,"line":290},"n14","→ checkcache()",{"id":295,"type":228,"label":246,"file":143,"line":247,"wp_function":248},"n15",[297,298,299,300,301,302,303,304,305],{"from":223,"to":227,"sanitized":251},{"from":232,"to":236,"sanitized":251},{"from":238,"to":241,"sanitized":251},{"from":245,"to":274,"sanitized":251},{"from":279,"to":281,"sanitized":251},{"from":283,"to":285,"sanitized":254},{"from":285,"to":287,"sanitized":254},{"from":289,"to":292,"sanitized":254},{"from":292,"to":295,"sanitized":254},{"summary":307,"deductions":308},"The 'debogger' v0.71 plugin exhibits a generally positive security posture with no known vulnerabilities and a good adherence to secure coding practices in several areas. The static analysis reveals a remarkably small attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces potential entry points for attackers. Furthermore, the plugin demonstrates a commitment to data integrity by using prepared statements for all its SQL queries and includes capability checks and nonces, indicating an awareness of common security pitfalls.\n\nHowever, the analysis does highlight some areas for improvement. The low percentage of properly escaped output (15%) is a significant concern, as unescaped output can lead to cross-site scripting (XSS) vulnerabilities, especially when combined with user-supplied data. The presence of two taint flows with unsanitized paths, even if not classified as critical or high severity in this analysis, warrants careful investigation to ensure no sensitive data can be manipulated or exposed. The file operations and external HTTP requests, while not explicitly flagged as insecure, should be thoroughly reviewed to confirm they are implemented safely and do not introduce any exploitable weaknesses.\n\nIn conclusion, while the 'debogger' plugin has strengths in its limited attack surface and database query security, the low output escaping rate and the identified unsanitized taint flows represent potential risks. The absence of any historical vulnerabilities is encouraging but does not negate the need to address the identified code signals. A proactive approach to addressing the output escaping and taint flow issues is recommended to further harden the plugin's security.",[309,312],{"reason":310,"points":311},"Low output escaping percentage",7,{"reason":313,"points":142},"Flows with unsanitized paths","2026-03-16T23:44:34.620Z",{"wat":316,"direct":324},{"assetPaths":317,"generatorPatterns":318,"scriptPaths":319,"versionParams":321},[],[],[320],"\u002Fwp-content\u002Fplugins\u002Fdebogger\u002Fjs\u002Fdebogger.js",[322,323],"debogger\u002Fstyle.css?ver=","debogger\u002Fjs\u002Fdebogger.js?ver=",{"cssClasses":325,"htmlComments":326,"htmlAttributes":327,"restEndpoints":328,"jsGlobals":329,"shortcodeOutput":331},[],[],[],[],[330],"ShowContent",[],{"error":251,"url":333,"statusCode":334,"statusMessage":335,"message":335},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fdebogger\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":30,"versions":337},[338,343,350,357,364,371],{"version":6,"download_url":22,"svn_tag_url":339,"released_at":24,"has_diff":254,"diff_files_changed":340,"diff_lines":24,"trac_diff_url":341,"vulnerabilities":342,"is_current":251},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdebogger\u002Ftags\u002F0.71\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdebogger%2Ftags%2F0.7&new_path=%2Fdebogger%2Ftags%2F0.71",[],{"version":344,"download_url":345,"svn_tag_url":346,"released_at":24,"has_diff":254,"diff_files_changed":347,"diff_lines":24,"trac_diff_url":348,"vulnerabilities":349,"is_current":254},"0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebogger.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdebogger\u002Ftags\u002F0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdebogger%2Ftags%2F0.6&new_path=%2Fdebogger%2Ftags%2F0.7",[],{"version":351,"download_url":352,"svn_tag_url":353,"released_at":24,"has_diff":254,"diff_files_changed":354,"diff_lines":24,"trac_diff_url":355,"vulnerabilities":356,"is_current":254},"0.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebogger.0.6.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdebogger\u002Ftags\u002F0.6\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdebogger%2Ftags%2F0.5&new_path=%2Fdebogger%2Ftags%2F0.6",[],{"version":358,"download_url":359,"svn_tag_url":360,"released_at":24,"has_diff":254,"diff_files_changed":361,"diff_lines":24,"trac_diff_url":362,"vulnerabilities":363,"is_current":254},"0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebogger.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdebogger\u002Ftags\u002F0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdebogger%2Ftags%2F0.4&new_path=%2Fdebogger%2Ftags%2F0.5",[],{"version":365,"download_url":366,"svn_tag_url":367,"released_at":24,"has_diff":254,"diff_files_changed":368,"diff_lines":24,"trac_diff_url":369,"vulnerabilities":370,"is_current":254},"0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebogger.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdebogger\u002Ftags\u002F0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fdebogger%2Ftags%2F0.3&new_path=%2Fdebogger%2Ftags%2F0.4",[],{"version":372,"download_url":373,"svn_tag_url":374,"released_at":24,"has_diff":254,"diff_files_changed":375,"diff_lines":24,"trac_diff_url":24,"vulnerabilities":376,"is_current":254},"0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebogger.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fdebogger\u002Ftags\u002F0.3\u002F",[],[]]