[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuAkUVeanY5AEVlxmGil3A1Z5sTjDwjq1Gw-Z1J_U_HI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":14,"unpatched_count":14,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":44,"crawl_stats":35,"alternatives":51,"analysis":151,"fingerprints":207},"debug-meta-data","Debug Meta Data","1.1.2","Ahmad Awais","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrahmadawais\u002F","\u003Cp>Creates a meta-box with meta-data information of a post for all post types. Information with meta key, meta value and its var_dump\u003C\u002Fp>\n\u003Cp>Install and activate the plugin and you’ll have the meta box for all post types (even the custom post types).\u003C\u002Fp>\n\u003Ch3>License & Conduct\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>MIT © \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FMrAhmadAwais\u002F\" rel=\"nofollow ugc\">Ahmad Awais\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fahmadawais\u002Fdebug-meta-data\u002Fblob\u002Fmaster\u002Fcode-of-conduct.md\" rel=\"nofollow ugc\">Code of Conduct\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003C\u002Fp>\n","Creates a meta-box with meta-data information of a post for all post types. Information with meta key, meta value and its var_dump",40,5456,100,1,"","5.4.0","4.0.0",[19,20,21,22,23],"debug","debug-meta","debug-metabox","meta-data","meta-data-custom-post-types","https:\u002F\u002Fgithub.com\u002FAhmadAwais\u002Fdebug-meta-data","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-meta-data.1.1.2.zip",79,"2020-10-20 00:00:00","2026-03-15T10:48:56.248Z",[30],{"id":31,"url_slug":32,"title":33,"description":34,"plugin_slug":4,"theme_slug":35,"affected_versions":36,"patched_in_version":35,"severity":37,"cvss_score":38,"cvss_vector":39,"vuln_type":40,"published_date":27,"updated_date":41,"references":42,"days_to_patch":35},"CVE-2020-27356","debug-meta-data-stored-cross-site-scripting","Debug Meta Data \u003C= 1.1.2 - Stored Cross-Site Scripting","The Debug Meta Data plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on the a user's user-agent HTTP header value. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.1.2","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[43],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F34c98bb0-2e28-4ed4-8848-04edb66eef96?source=api-prod",{"slug":45,"display_name":7,"profile_url":8,"plugin_count":46,"total_installs":47,"avg_security_score":48,"avg_patch_time_days":49,"trust_score":48,"computed_at":50},"mrahmadawais",6,2130,80,30,"2026-04-04T04:15:37.680Z",[52,73,90,115,133],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":62,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":57,"download_link":71,"security_score":13,"vuln_count":62,"unpatched_count":62,"last_vuln_date":35,"fetched_at":72},"metaviewer-debug-meta-data","MetaViewer – Debug Meta Data","1.0.0","Usman Ali Qureshi","https:\u002F\u002Fprofiles.wordpress.org\u002Fusmanaliqureshi\u002F","\u003Cp>\u003Cstrong>MetaViewer\u003C\u002Fstrong> helps developers and advanced users view all post meta and user meta data in a clear, organized table format. It supports custom post types and displays the data type of each value (string, integer, array, etc.).\u003C\u002Fp>\n\u003Cp>This plugin is useful for debugging, development, or reviewing what’s stored in WordPress meta fields.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View post meta data on the edit screen of all post types.\u003C\u002Fli>\n\u003Cli>View user meta data on user profile pages.\u003C\u002Fli>\n\u003Cli>Clean tabular layout with zebra striping.\u003C\u002Fli>\n\u003Cli>Auto-detects and displays data types (string, int, array, etc.).\u003C\u002Fli>\n\u003Cli>Translation ready and lightweight.\u003C\u002Fli>\n\u003Cli>Compatible with PHP 7.4 to 8.3.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","View and debug post and user meta data in a clean table format – lightweight, dev-friendly, and works across post types in the WP admin.",10,364,0,"2025-05-26T08:31:00.000Z","6.8.5","5.5","7.4",[20,68,22,69,70],"inspect-meta","post-meta","user-meta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmetaviewer-debug-meta-data.1.0.0.zip","2026-03-15T15:16:48.613Z",{"slug":74,"name":75,"version":55,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":60,"downloaded":80,"rating":13,"num_ratings":14,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":15,"tags":84,"homepage":15,"download_link":88,"security_score":89,"vuln_count":62,"unpatched_count":62,"last_vuln_date":35,"fetched_at":72},"fm-debug-meta-data","Debug User\u002FPost\u002FOptions Meta Data","franmc","https:\u002F\u002Fprofiles.wordpress.org\u002Ffranmc\u002F","\u003Col>\n\u003Cli>Once the plugin is installed go to Admin Menu –> Tools –> FM Debug Meta Data.\u003C\u002Fli>\n\u003Cli>Select Users, Posts or Options tab.\u003C\u002Fli>\n\u003Cli>Select an item from the select dropdown.\u003C\u002Fli>\n\u003Cli>Meta data for that specific item will be displayed.\u003C\u002Fli>\n\u003Cli>Enjoy.\u003C\u002Fli>\n\u003C\u002Fol>\n","Debug User\u002FPost\u002FOptions Meta Data plugin lets administrators debug users and posts meta data in a friendly view.",1326,"2016-08-26T23:33:00.000Z","4.5.33","4.0",[85,86,87],"debug-meta-postsusersoptions-data","debugging","developers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffm-debug-meta-data.zip",85,{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":66,"tags":105,"homepage":110,"download_link":111,"security_score":112,"vuln_count":113,"unpatched_count":62,"last_vuln_date":114,"fetched_at":72},"wp-crontrol","WP Crontrol","1.21.0","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>WP Crontrol enables you to take control of the scheduled cron events on your WordPress website or WooCommerce store. From the admin screens you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View all scheduled cron events along with their arguments, schedule, callback functions, and when they are next due.\u003C\u002Fli>\n\u003Cli>Edit, delete, pause, resume, and immediately run cron events.\u003C\u002Fli>\n\u003Cli>Add new cron events.\u003C\u002Fli>\n\u003Cli>Bulk delete cron events.\u003C\u002Fli>\n\u003Cli>Add and remove custom cron schedules.\u003C\u002Fli>\n\u003Cli>Export and download cron event lists as a CSV file.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP Crontrol is aware of timezones, will alert you to events that have no actions or that have missed their schedule, and will show you a helpful warning message if it detects any problems with your cron system.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Go to the \u003Ccode>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cron Events\u003C\u002Fcode> menu to manage cron events.\u003C\u002Fli>\n\u003Cli>Go to the \u003Ccode>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Cron Schedules\u003C\u002Fcode> menu to manage cron schedules.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Fdocs\u002Fhow-to-use\u002F\" rel=\"nofollow ugc\">Extensive documentation on how to use WP Crontrol and how to get help for error messages that it shows is available on the WP Crontrol website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>For site owners\u003C\u002Fh3>\n\u003Cp>Owners of WordPress websites and WooCommerce stores use WP Crontrol to ensure that scheduled cron events run correctly and efficiently. By providing complete control over cron events, WP Crontrol helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Improve reliability\u003C\u002Fstrong>: Address missed or failed cron events, ensuring your website or WooCommerce store continues to function as expected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhance security\u003C\u002Fstrong>: Monitor and control cron events to ensure automatic update checks are performed as they should.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simplify management\u003C\u002Fstrong>: Add, edit, delete, and pause cron events from a user-friendly interface, without needing to write any code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gain insights\u003C\u002Fstrong>: Export cron event data for analysis or reporting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Action Scheduler compatibility\u003C\u002Fstrong>: Full support for the Action Scheduler system in WooCommerce, which is used to process recurring payments, subscriptions, and background orders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clarity of times and timezones\u003C\u002Fstrong>: All times are shown with a clear and accurate indication of which timezone applies. No more guesswork!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For developers\u003C\u002Fh3>\n\u003Cp>Developers use WP Crontrol to streamline and debug their WordPress development process:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Enhanced debugging\u003C\u002Fstrong>: Identify and troubleshoot issues with scheduled tasks, ensuring your scheduled events and their callbacks run as expected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom schedules\u003C\u002Fstrong>: Create and manage custom cron schedules to fit the specific needs of your website, plugins, or themes, providing greater flexibility than just the core schedules.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Efficient workflow\u003C\u002Fstrong>: Add, edit, and delete cron events directly from the WordPress admin interface, saving time and reducing the need for manual coding.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Insightful monitoring\u003C\u002Fstrong>: Get insight into the performance and behavior of your scheduled tasks, allowing for optimization and better resource management.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Accurate debugging\u003C\u002Fstrong>: WP Crontrol goes to great lengths to ensure that running an event manually does so in a manner which exactly matches how WordPress core runs schdeuled events. This ensures that you can debug events accurately and with confidence.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> is the developer tools panel for WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>WP Crontrol is private by default and always will be. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">WP Crontrol’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>WP Crontrol aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fwp-crontrol.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">WP Crontrol’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","WP Crontrol enables you to take control of the cron events on your WordPress website.",300000,7578206,90,163,"2026-01-28T21:40:00.000Z","6.9.4","6.4",[106,107,19,108,109],"cron","crontrol","woocommerce","wp-cron","https:\u002F\u002Fwp-crontrol.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-crontrol.1.21.0.zip",96,3,"2025-08-21 00:00:00",{"slug":116,"name":117,"version":118,"author":94,"author_profile":95,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":103,"requires_at_least":126,"requires_php":66,"tags":127,"homepage":131,"download_link":132,"security_score":13,"vuln_count":62,"unpatched_count":62,"last_vuln_date":35,"fetched_at":72},"query-monitor","Query Monitor – The developer tools panel for WordPress","3.20.2","\u003Cp>Query Monitor is the developer tools panel for WordPress and WooCommerce. It enables debugging of database queries, PHP errors, hooks and actions, block editor blocks, enqueued scripts and stylesheets, HTTP API calls, and more.\u003C\u002Fp>\n\u003Cp>It includes some advanced features such as debugging of Ajax calls, REST API calls, user capability checks, and full support for block themes and full site editing. It includes the ability to narrow down much of its output by plugin or theme, allowing you to quickly determine poorly performing plugins, themes, or functions.\u003C\u002Fp>\n\u003Cp>Query Monitor focuses heavily on presenting its information in a useful manner, for example by showing aggregate database queries grouped by the plugins, themes, or functions that are responsible for them. It adds an admin toolbar menu showing an overview of the current page, with complete debugging information shown in panels once you select a menu item.\u003C\u002Fp>\n\u003Cp>Query Monitor supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Cp>For complete information, please see \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002F\" rel=\"nofollow ugc\">the Query Monitor website\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Here’s an overview of what’s shown for each page load:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Database queries, including notifications for slow, duplicate, or erroneous queries. Allows filtering by query type (\u003Ccode>SELECT\u003C\u002Fcode>, \u003Ccode>UPDATE\u003C\u002Fcode>, \u003Ccode>DELETE\u003C\u002Fcode>, etc), responsible component (plugin, theme, WordPress core), and calling function, and provides separate aggregate views for each.\u003C\u002Fli>\n\u003Cli>The template filename, the complete template hierarchy, and names of all template parts that were loaded or not loaded (for block themes and classic themes).\u003C\u002Fli>\n\u003Cli>PHP errors presented nicely along with their responsible component and call stack, and a visible warning in the admin toolbar.\u003C\u002Fli>\n\u003Cli>Usage of “Doing it Wrong” or “Deprecated” functionality in the code on your site.\u003C\u002Fli>\n\u003Cli>Blocks and associated properties within post content and within full site editing (FSE).\u003C\u002Fli>\n\u003Cli>Matched rewrite rules, associated query strings, and query vars.\u003C\u002Fli>\n\u003Cli>Enqueued scripts and stylesheets, along with their dependencies, dependents, and alerts for broken dependencies.\u003C\u002Fli>\n\u003Cli>Language settings and loaded translation files (MO files and JSON files) for each text domain.\u003C\u002Fli>\n\u003Cli>HTTP API requests, with response code, responsible component, and time taken, with alerts for failed or erroneous requests.\u003C\u002Fli>\n\u003Cli>User capability checks, along with the result and any parameters passed to the capability check.\u003C\u002Fli>\n\u003Cli>Environment information, including detailed information about PHP, the database, WordPress, and the web server.\u003C\u002Fli>\n\u003Cli>The values of all WordPress conditional functions such as \u003Ccode>is_single()\u003C\u002Fcode>, \u003Ccode>is_home()\u003C\u002Fcode>, etc.\u003C\u002Fli>\n\u003Cli>Transients that were updated.\u003C\u002Fli>\n\u003Cli>Usage of \u003Ccode>switch_to_blog()\u003C\u002Fcode> and \u003Ccode>restore_current_blog()\u003C\u002Fcode> on Multisite installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Whenever a redirect occurs, Query Monitor adds an HTTP header containing the call stack, so you can use your favourite HTTP inspector or browser developer tools to trace what triggered the redirect.\u003C\u002Fli>\n\u003Cli>The response from any jQuery-initiated Ajax request on the page will contain various debugging information in its headers. PHP errors also get output to the browser’s developer console.\u003C\u002Fli>\n\u003Cli>The response from an authenticated WordPress REST API request will contain an overview of performance information and PHP errors in its headers, as long as the authenticated user has permission to view Query Monitor’s output. An \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Frest-api\u002Fusing-the-rest-api\u002Fglobal-parameters\u002F#_envelope\" rel=\"nofollow ugc\">an enveloped REST API request\u003C\u002Fa> will include even more debugging information in the \u003Ccode>qm\u003C\u002Fcode> property of the response.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By default, Query Monitor’s output is only shown to Administrators on single-site installations, and Super Admins on Multisite installations.\u003C\u002Fp>\n\u003Cp>In addition to this, you can set an authentication cookie which allows you to view Query Monitor output when you’re not logged in (or if you’re logged in as a non-Administrator). See the Settings panel for details.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F\" rel=\"ugc\">User Switching\u003C\u002Fa> provides instant switching between user accounts in WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor is private by default and always will be. It does not persistently store any of the data that it collects. It does not send data to any third party, nor does it include any third party resources. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Query Monitor’s full privacy statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>Query Monitor aims to be fully accessible to all of its users. \u003Ca href=\"https:\u002F\u002Fquerymonitor.com\u002Faccessibility\u002F\" rel=\"nofollow ugc\">Query Monitor’s full accessibility statement can be found here\u003C\u002Fa>.\u003C\u002Fp>\n","Query Monitor is the developer tools panel for WordPress and WooCommerce.",200000,19156533,98,463,"2025-12-11T22:16:00.000Z","6.1",[19,128,129,130,116],"debug-bar","development","performance","https:\u002F\u002Fquerymonitor.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquery-monitor.3.20.2.zip",{"slug":128,"name":134,"version":135,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":140,"downloaded":141,"rating":142,"num_ratings":143,"last_updated":144,"tested_up_to":145,"requires_at_least":146,"requires_php":15,"tags":147,"homepage":148,"download_link":149,"security_score":13,"vuln_count":14,"unpatched_count":62,"last_vuln_date":150,"fetched_at":72},"Debug Bar","1.1.8","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>Adds a debug menu to the admin bar that shows query, cache, and other helpful debugging information.\u003C\u002Fp>\n\u003Cp>A must for developers!\u003C\u002Fp>\n\u003Cp>When \u003Ccode>WP_DEBUG\u003C\u002Fcode> is enabled it also tracks PHP Warnings and Notices to make them easier to find.\u003C\u002Fp>\n\u003Cp>When \u003Ccode>SAVEQUERIES\u003C\u002Fcode> is enabled the mysql queries are tracked and displayed.\u003C\u002Fp>\n\u003Cp>To enable these options, add the following code to your \u003Ccode>wp-config.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WP_DEBUG', true );\ndefine( 'SAVEQUERIES', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Add a PHP\u002FMySQL console with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar-console\u002F\" rel=\"ugc\">Debug Bar Console plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>There are numerous other add-ons available to get more insight into, for instance, the registered Post Types, Shortcodes, WP Cron, Language file loading, Actions and Filters and so on. Just \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fdebug+bar\u002F\" rel=\"ugc\">search the plugin directory for ‘Debug Bar’\u003C\u002Fa>.\u003C\u002Fp>\n","Adds a debug menu to the admin bar that shows query, cache, and other helpful debugging information.",20000,2087029,82,68,"2026-03-01T20:00:00.000Z","7.0","3.4",[19],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar.1.1.8.zip","2013-05-15 00:00:00",{"attackSurface":152,"codeSignals":171,"taintFlows":191,"riskAssessment":192,"analyzedAt":206},{"hooks":153,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":62,"unprotectedCount":62},[154,160,164],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","add_meta_boxes","debug_meta_data_add_meta_box","debug-meta-data.php",84,{"type":155,"name":161,"callback":162,"file":158,"line":163},"show_user_profile","dmd_dump_user_meta",114,{"type":155,"name":165,"callback":162,"file":158,"line":166},"edit_user_profile",115,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":62,"externalRequests":62,"nonceChecks":62,"capabilityChecks":62,"bundledLibraries":190},[],{"prepared":62,"raw":62,"locations":174},[],{"escaped":62,"rawEcho":46,"locations":176},[177,180,182,184,186,188],{"file":158,"line":178,"context":179},73,"raw output",{"file":158,"line":181,"context":179},75,{"file":158,"line":183,"context":179},76,{"file":158,"line":185,"context":179},103,{"file":158,"line":187,"context":179},106,{"file":158,"line":189,"context":179},107,[],[],{"summary":193,"deductions":194},"The 'debug-meta-data' plugin v1.1.2 exhibits a concerning security posture despite its minimal attack surface and lack of detected taint flows. While the plugin has no direct entry points like AJAX handlers, REST API routes, or shortcodes that are exposed without authentication, and it correctly avoids dangerous functions and raw SQL queries, significant weaknesses are present.  A major concern is the complete absence of output escaping, meaning any data rendered by the plugin could be vulnerable to cross-site scripting (XSS) attacks. This lack of sanitization is a critical flaw that could allow attackers to inject malicious scripts into the WordPress admin area or even to end-users, depending on where the meta-data is displayed.\n\nThe plugin's vulnerability history is also a red flag. It has a known unpatched medium severity CVE related to Cross-Site Scripting (XSS). The fact that this vulnerability remains unpatched and the plugin has not been updated since October 2020 indicates a lack of ongoing maintenance and security diligence. While the static analysis did not detect any current XSS vulnerabilities in v1.1.2, the historical pattern strongly suggests a recurring weakness in how the plugin handles user-supplied or meta-data.  In conclusion, while the plugin's architecture minimizes direct attack vectors and uses prepared statements, the critical flaw of unescaped output coupled with an unpatched XSS vulnerability from its history makes this plugin a significant risk. The lack of maintenance is a major concern for future security.",[195,198,201,204],{"reason":196,"points":197},"Unpatched CVE found",17,{"reason":199,"points":200},"Output escaping is not properly implemented",7,{"reason":202,"points":203},"No capability checks found",5,{"reason":205,"points":203},"No nonce checks found","2026-03-16T22:04:37.671Z",{"wat":208,"direct":213},{"assetPaths":209,"generatorPatterns":210,"scriptPaths":211,"versionParams":212},[],[],[],[],{"cssClasses":214,"htmlComments":215,"htmlAttributes":216,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":219},[],[],[],[],[],[220,221,222,223,224,225],"\u003Ch3>All Meta Data\u003C\u002Fh3>","\u003Cstrong>","\u003C\u002Fstrong> =>  ","  =>  ","\u003Cbr \u002F>","\u003Chr\u002F>\u003Ch2>User Meta Data\u003C\u002Fh2>"]