[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEEbQoc76iU1zVYUFeaJpbzweAU9NFjK7bYQ-Ot4WYrM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":55,"analysis":155,"fingerprints":274},"debug-bar-elasticpress","ElasticPress Debugging Add-On","3.1.1","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Allows you to examine every ElasticPress query running on any given request by adding an \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felasticpress\" rel=\"ugc\">ElasticPress\u003C\u002Fa> panel to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar\u002F\" rel=\"ugc\">Debug Bar\u003C\u002Fa> and\u002For \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> plugins.\u003C\u002Fp>\n\u003Cp>Alternatively, go to ElasticPress > Query Log and set it to record ElasticPress queries.\u003C\u002Fp>\n\u003Ch4>Requirements:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Felasticpress\" rel=\"ugc\">ElasticPress 4.4.0+\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar\u002F\" rel=\"ugc\">Debug Bar 1.0+\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>PHP 7.0+\u003C\u002Fli>\n\u003C\u002Ful>\n","Extends the Query Monitor and Debug Bar plugins for ElasticPress queries.",900,8476266,100,2,"2024-12-11T17:31:00.000Z","6.7.5","5.6","7.0",[20,21,22,23],"debug","debug-bar","elasticpress","elasticsearch","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar-elasticpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar-elasticpress.3.1.1.zip",91,1,0,"2022-08-16 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"WF-5414259c-339d-41fe-a0dc-4d4e4d966e15-debug-bar-elasticpress","debug-bar-elasticpress-cross-site-scripting","Debug Bar ElasticPress \u003C= 2.1.0 - Cross-Site Scripting","The Debug Bar ElasticPress plugin for WordPress is vulnerable to Cross-Site Scripting via the ‘query’ parameter in versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=2.1.0","2.1.1","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F5414259c-339d-41fe-a0dc-4d4e4d966e15?source=api-prod",525,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":52,"trust_score":53,"computed_at":54},23,1384530,98,546,78,"2026-04-04T14:54:15.408Z",[56,78,100,116,140],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":51,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":27,"unpatched_count":28,"last_vuln_date":77,"fetched_at":30},"query-monitor","Query Monitor – The developer tools panel for WordPress","3.20.2","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>Query Monitor is the developer tools panel for WordPress and WooCommerce. It enables debugging of database queries, PHP errors, hooks and actions, block editor blocks, enqueued scripts and stylesheets, HTTP API calls, and more.\u003C\u002Fp>\n\u003Cp>It includes some advanced features such as debugging of Ajax calls, REST API calls, user capability checks, and full support for block themes and full site editing. It includes the ability to narrow down much of its output by plugin or theme, allowing you to quickly determine poorly performing plugins, themes, or functions.\u003C\u002Fp>\n\u003Cp>Query Monitor focuses heavily on presenting its information in a useful manner, for example by showing aggregate database queries grouped by the plugins, themes, or functions that are responsible for them. It adds an admin toolbar menu showing an overview of the current page, with complete debugging information shown in panels once you select a menu item.\u003C\u002Fp>\n\u003Cp>Query Monitor supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Cp>For complete information, please see \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002F\" rel=\"nofollow ugc\">the Query Monitor website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here’s an overview of what’s shown for each page load:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Database queries, including notifications for slow, duplicate, or erroneous queries. Allows filtering by query type (\u003Ccode>SELECT\u003C\u002Fcode>, \u003Ccode>UPDATE\u003C\u002Fcode>, \u003Ccode>DELETE\u003C\u002Fcode>, etc), responsible component (plugin, theme, WordPress core), and calling function, and provides separate aggregate views for each.\u003C\u002Fli>\n\u003Cli>The template filename, the complete template hierarchy, and names of all template parts that were loaded or not loaded (for block themes and classic themes).\u003C\u002Fli>\n\u003Cli>PHP errors presented nicely along with their responsible component and call stack, and a visible warning in the admin toolbar.\u003C\u002Fli>\n\u003Cli>Usage of “Doing it Wrong” or “Deprecated” functionality in the code on your site.\u003C\u002Fli>\n\u003Cli>Blocks and associated properties within post content and within full site editing (FSE).\u003C\u002Fli>\n\u003Cli>Matched rewrite rules, associated query strings, and query vars.\u003C\u002Fli>\n\u003Cli>Enqueued scripts and stylesheets, along with their dependencies, dependents, and alerts for broken dependencies.\u003C\u002Fli>\n\u003Cli>Language settings and loaded translation files (MO files and JSON files) for each text domain.\u003C\u002Fli>\n\u003Cli>HTTP API requests, with response code, responsible component, and time taken, with alerts for failed or erroneous requests.\u003C\u002Fli>\n\u003Cli>User capability checks, along with the result and any parameters passed to the capability check.\u003C\u002Fli>\n\u003Cli>Environment information, including detailed information about PHP, the database, WordPress, and the web server.\u003C\u002Fli>\n\u003Cli>The values of all WordPress conditional functions such as \u003Ccode>is_single()\u003C\u002Fcode>, \u003Ccode>is_home()\u003C\u002Fcode>, etc.\u003C\u002Fli>\n\u003Cli>Transients that were updated.\u003C\u002Fli>\n\u003Cli>Usage of \u003Ccode>switch_to_blog()\u003C\u002Fcode> and \u003Ccode>restore_current_blog()\u003C\u002Fcode> on Multisite installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Whenever a redirect occurs, Query Monitor adds an HTTP header containing the call stack, so you can use your favourite HTTP inspector or browser developer tools to trace what triggered the redirect.\u003C\u002Fli>\n\u003Cli>The response from any jQuery-initiated Ajax request on the page will contain various debugging information in its headers. PHP errors also get output to the browser’s developer console.\u003C\u002Fli>\n\u003Cli>The response from an authenticated WordPress REST API request will contain an overview of performance information and PHP errors in its headers, as long as the authenticated user has permission to view Query Monitor’s output. An \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Fusing-the-rest-api\u002Fglobal-parameters\u002F#_envelope\" rel=\"nofollow ugc\">an enveloped REST API request\u003C\u002Fa> will include even more debugging information in the \u003Ccode>qm\u003C\u002Fcode> property of the response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default, Query Monitor’s output is only shown to Administrators on single-site installations, and Super Admins on Multisite installations.\u003C\u002Fp>\n\u003Cp>In addition to this, you can set an authentication cookie which allows you to view Query Monitor output when you’re not logged in (or if you’re logged in as a non-Administrator). See the Settings panel for details.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor is private by default and always will be. It does not persistently store any of the data that it collects. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Query Monitor’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">Query Monitor’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","Query Monitor is the developer tools panel for WordPress and WooCommerce.",200000,19156533,463,"2025-12-11T22:16:00.000Z","6.9.4","6.1","7.4",[20,21,72,73,57],"development","performance","https:\u002F\u002Fquerymonitor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-monitor.3.20.2.zip",97,"2026-03-30 23:21:22",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":97,"download_link":98,"security_score":99,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"debug-bar-rewrite-rules","Debug Bar Rewrite Rules","0.6.5","Oleg Butuzov","https:\u002F\u002Fprofiles.wordpress.org\u002Fbutuzov\u002F","\u003Cp>Debug Bar Rewrite Rules adds information about Rewrite Rules (changed via filters) to a new panel in the Debug Bar. This plugin is an extension for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdebug-bar\u002F\" rel=\"ugc\">Debug Bar\u003C\u002Fa>, but it is also can work in standalone mode (as admin tools page). Note: this plugin not able to track \u003Ccode>add_rewrite_rule\u003C\u002Fcode> function calls, for a reason this function is untraceable.\u003C\u002Fp>\n\u003Cp>Once installed, you will have access to the following information:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Number of existing rewrite rules\u003C\u002Fli>\n\u003Cli>List of rewrite rules\u003C\u002Fli>\n\u003Cli>List of available filter hooks that can affect rewrite rules.\u003C\u002Fli>\n\u003Cli>List of filters that affects rewrite rules.\u003C\u002Fli>\n\u003Cli>Ability to search in rules with highlighting matches.\u003C\u002Fli>\n\u003Cli>Ability to test url and see what rules can be applied to it.\u003C\u002Fli>\n\u003Cli>Ability to flush rules directly from debug bar panel\u002Ftools page.\u003C\u002Fli>\n\u003C\u002Ful>\n","Debug Bar Rewrite Rules adds a new panel to Debug Bar that displays information about WordPress Rewrites Rules (if used).",800,54106,5,"2024-07-06T08:11:00.000Z","6.5.8","3.4","",[20,21,94,95,96],"permalinks","rewrite-rules","testing","https:\u002F\u002Fgithub.com\u002Fbutuzov\u002FDebug-Bar-Rewrite-Rules","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar-rewrite-rules.0.6.5.zip",92,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":13,"num_ratings":110,"last_updated":111,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":112,"homepage":114,"download_link":115,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"blackbar","Black Bar","4.1.4","Gemini Labs","https:\u002F\u002Fprofiles.wordpress.org\u002Fgeminilabs\u002F","\u003Cp>Black Bar is an unobtrusive Debug Bar for WordPress developers. It collects and displays errors, executed SQL queries, slow actions and hooks, theme templates, global variables, and provides a profiler.\u003C\u002Fp>\n\u003Cp>How it helps you with development:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Debug your code with the Console\u003C\u002Fli>\n\u003Cli>Inspect global variables (COOKIE, GET, POST, SERVER, SESSION, WP_Screen)\u003C\u002Fli>\n\u003Cli>Measure performance of your code with the Profiler\u003C\u002Fli>\n\u003Cli>View any PHP errors that occur when loading a page in the Console\u003C\u002Fli>\n\u003Cli>View executed MySQL queries along with execution time and backtrace\u003C\u002Fli>\n\u003Cli>View template files of the active theme in loaded order\u003C\u002Fli>\n\u003Cli>View the 50 slowest action and filter hooks along with callbacks ordered by priority\u003C\u002Fli>\n\u003C\u002Ful>\n","Black Bar is an unobtrusive Debug Bar for WordPress developers that attaches itself to the bottom of the browser window.",600,38607,9,"2025-12-01T22:51:00.000Z",[20,21,113,72],"debugbar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblackbar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblackbar.4.1.4.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":137,"download_link":138,"security_score":139,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"debug-bar-actions-and-filters-addon","Debug Bar Actions and Filters Addon","1.5.5","Subharanjan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsubharanjan\u002F","\u003Cp>This plugin adds two more tabs in the Debug Bar to display hooks(Actions and Filters) attached to the current request. Actions tab displays the actions hooked to current request. Filters tab displays the filter tags along with the functions attached to it with respective priority.\u003C\u002Fp>\n\u003Ch4>Important\u003C\u002Fh4>\n\u003Cp>This plugin requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar\u002F\" rel=\"ugc\">Debug Bar\u003C\u002Fa> plugin to be installed and activated.\u003C\u002Fp>\n\u003Cp>Also note that this plugin should be used solely for debugging and\u002For in a development environment and is not intended for use on a production site.\u003C\u002Fp>\n\u003Cp>If you like this plugin, please \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fdebug-bar-actions-and-filters-addon\" rel=\"ugc\">rate and\u002For review\u003C\u002Fa> it. If you have ideas on how to make the plugin even better or if you have found any bugs, please report these in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdebug-bar-actions-and-filters-addon\" rel=\"ugc\">Support Forum\u003C\u002Fa> or in the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsubharanjanm\u002Fdebug-bar-actions-and-filters-addon\u002Fissues\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Displays all the hooks( Actions and Filters ) for the current request in Debug Bar panel.",500,136631,90,8,"2022-06-15T16:53:00.000Z","6.0.11","3.3","5.2.4",[133,21,134,135,136],"actions","debug-bar-actions-display","debug-bar-filters-display","filters","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar-actions-and-filters-addon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar-actions-and-filters-addon.1.5.5.zip",85,{"slug":141,"name":142,"version":143,"author":144,"author_profile":145,"description":146,"short_description":147,"active_installs":124,"downloaded":148,"rating":13,"num_ratings":149,"last_updated":150,"tested_up_to":92,"requires_at_least":130,"requires_php":92,"tags":151,"homepage":153,"download_link":154,"security_score":139,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"debug-bar-cron","Debug Bar Cron","0.1.2","Zack Tollman","https:\u002F\u002Fprofiles.wordpress.org\u002Ftollmanz\u002F","\u003Cp>Debug Bar Cron adds information about WP scheduled events to a new panel in the Debug Bar. This plugin is an extension for\u003Cbr \u002F>\nDebug Bar and thus is dependent upon Debug Bar being installed for it to work properly.\u003C\u002Fp>\n\u003Cp>Once installed, you will have access to the following information:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Number of scheduled events\u003C\u002Fli>\n\u003Cli>If cron is currently running\u003C\u002Fli>\n\u003Cli>Time of next event\u003C\u002Fli>\n\u003Cli>Current time\u003C\u002Fli>\n\u003Cli>List of custom scheduled events\u003C\u002Fli>\n\u003Cli>List of core scheduled events\u003C\u002Fli>\n\u003Cli>List of schedules\u003C\u002Fli>\n\u003C\u002Ful>\n","Debug Bar Cron adds a new panel to Debug Bar that displays information about WP scheduled events.",137584,3,"2013-12-28T20:36:00.000Z",[152,21],"cron","http:\u002F\u002Fgithub.com\u002Ftollmanz\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar-cron.0.1.3.zip",{"attackSurface":156,"codeSignals":249,"taintFlows":264,"riskAssessment":265,"analyzedAt":273},{"hooks":157,"ajaxHandlers":245,"restRoutes":246,"shortcodes":247,"cronEvents":248,"entryPointCount":28,"unprotectedCount":28},[158,165,168,173,177,180,184,187,192,195,199,202,206,210,213,216,221,224,228,231,234,237,240,242],{"type":159,"name":160,"callback":161,"priority":162,"file":163,"line":164},"action","network_admin_menu","action_admin_menu",11,"classes\\QueryLog.php",28,{"type":159,"name":166,"callback":161,"priority":162,"file":163,"line":167},"admin_menu",30,{"type":159,"name":169,"callback":170,"priority":171,"file":163,"line":172},"ep_remote_request","log_query",10,33,{"type":159,"name":174,"callback":175,"file":163,"line":176},"admin_init","action_admin_init",34,{"type":159,"name":174,"callback":178,"file":163,"line":179},"maybe_clear_log",35,{"type":159,"name":181,"callback":182,"file":163,"line":183},"init","maybe_disable",36,{"type":159,"name":185,"callback":185,"file":163,"line":186},"admin_enqueue_scripts",37,{"type":188,"name":189,"callback":190,"file":163,"line":191},"filter","pre_update_site_option_ep_query_log","json_encode_query_log",44,{"type":188,"name":193,"callback":190,"file":163,"line":194},"pre_update_option_ep_query_log",45,{"type":188,"name":196,"callback":197,"file":163,"line":198},"option_ep_query_log","json_decode_query_log",46,{"type":188,"name":200,"callback":197,"file":163,"line":201},"site_option_ep_query_log",47,{"type":188,"name":203,"callback":204,"priority":171,"file":163,"line":205},"ep_query_request_args","maybe_add_request_query_type",49,{"type":188,"name":207,"callback":208,"priority":171,"file":163,"line":209},"ep_pre_request_args","maybe_add_request_type",50,{"type":188,"name":207,"callback":211,"file":163,"line":212},"maybe_add_request_context",51,{"type":188,"name":214,"callback":166,"file":215,"line":176},"qm\u002Foutput\u002Fmenus","classes\\QueryMonitorOutput.php",{"type":159,"name":217,"callback":218,"file":219,"line":220},"admin_notices","anonymous","debug-bar-elasticpress.php",63,{"type":188,"name":222,"callback":218,"file":219,"line":223},"qm\u002Foutputter\u002Fhtml",70,{"type":159,"name":225,"callback":226,"file":219,"line":227},"qm\u002Foutput\u002Fenqueued-assets","enqueue_scripts_styles",71,{"type":188,"name":229,"callback":218,"file":219,"line":230},"debug_bar_panels",73,{"type":188,"name":232,"callback":218,"file":219,"line":233},"debug_bar_statuses",74,{"type":188,"name":235,"callback":218,"priority":171,"file":219,"line":236},"ep_formatted_args",77,{"type":159,"name":238,"callback":218,"file":219,"line":239},"wp",79,{"type":159,"name":181,"callback":218,"file":219,"line":241},80,{"type":159,"name":243,"callback":218,"file":219,"line":244},"plugins_loaded",84,[],[],[],[],{"dangerousFunctions":250,"sqlUsage":251,"outputEscaping":253,"fileOperations":28,"externalRequests":28,"nonceChecks":149,"capabilityChecks":28,"bundledLibraries":263},[],{"prepared":28,"raw":28,"locations":252},[],{"escaped":254,"rawEcho":149,"locations":255},61,[256,258,261],{"file":215,"line":241,"context":257},"raw output",{"file":259,"line":260,"context":257},"classes\\QueryOutput.php",52,{"file":259,"line":262,"context":257},136,[],[],{"summary":266,"deductions":267},"The plugin \"debug-bar-elasticpress\" v3.1.1 demonstrates a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with an attack surface is a significant positive. Furthermore, the code shows excellent practices regarding SQL queries, exclusively using prepared statements, and a very high percentage of output escaping. The presence of nonce checks and capability checks, while not exhaustive, also suggests an awareness of security best practices.\n\nHowever, the plugin's vulnerability history is a notable concern. While there are no currently unpatched vulnerabilities, the presence of a past high severity CVE related to Cross-site Scripting indicates that vulnerabilities have existed. The fact that the last known vulnerability was in August 2022, and that there's a history of such issues, suggests a potential for them to reappear if not rigorously addressed in future development. The taint analysis showing zero flows is excellent, but this is balanced by the historical vulnerability data.\n\nIn conclusion, \"debug-bar-elasticpress\" v3.1.1 exhibits strong defensive coding in its current static analysis, with minimal attack surface and good practices for SQL and output handling. The primary weakness lies in its past vulnerability history, specifically XSS, which warrants continued vigilance and thorough security reviews for future versions.",[268,271],{"reason":269,"points":270},"Past high severity CVE exists",15,{"reason":272,"points":88},"Past vulnerability (2022)","2026-03-16T19:13:21.276Z",{"wat":275,"direct":284},{"assetPaths":276,"generatorPatterns":279,"scriptPaths":280,"versionParams":281},[277,278],"\u002Fwp-content\u002Fplugins\u002Fdebug-bar-elasticpress\u002Fassets\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fdebug-bar-elasticpress\u002Fassets\u002Fcss\u002Fmain.css",[],[277],[282,283],"debug-bar-elasticpress\u002Fassets\u002Fjs\u002Fmain.js?ver=","debug-bar-elasticpress\u002Fassets\u002Fcss\u002Fmain.css?ver=",{"cssClasses":285,"htmlComments":287,"htmlAttributes":288,"restEndpoints":289,"jsGlobals":290,"shortcodeOutput":291},[286],"ep-debug-bar-warning",[],[],[],[],[]]