[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpiNSTQ6wQuBfIjpL22ngwF3sW4W8MfVegm9OhTvZENY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":136,"fingerprints":198},"disable-embeds","Disable Embeds","1.5.0","Pascal Birchler","https:\u002F\u002Fprofiles.wordpress.org\u002Fswissspidy\u002F","\u003Cp>What this plugin does:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Prevents others from embedding your site.\u003C\u002Fli>\n\u003Cli>Prevents you from embedding other non-whitelisted sites.\u003C\u002Fli>\n\u003Cli>Disables all JavaScript related to the feature.\u003C\u002Fli>\n\u003Cli>Removes support for the WordPress embed block in the new block editor.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Just activate the plugin and you’re good to go.\u003C\u002Fp>\n\u003Cp>Want embeds back again? Simply deactivate the plugin.\u003C\u002Fp>\n","Don’t like the enhanced embeds in WordPress 4.4? Easily disable the feature using this plugin.",10000,270545,86,20,"2025-04-08T09:00:00.000Z","6.8.5","4.4","",[20,21,22],"embed","embeds","oembed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-embeds.1.5.0.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":24,"avg_patch_time_days":33,"trust_score":24,"computed_at":34},"swissspidy",4,52700,7,"2026-04-04T02:40:40.548Z",[36,53,70,91,114],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":25,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":18,"tags":49,"homepage":50,"download_link":51,"security_score":52,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"haiku-deck-oembed","Haiku Deck for WordPress","01.00","marckula","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarckula\u002F","\u003Cp>This plugin registers Haiku Deck ( haikudeck.com ) as an oEmbed content provider and adds it to the whitelist, allowing all users to use this provider.\u003C\u002Fp>\n\u003Cp>Here’s more information about embeds for WordPress\u003Cbr \u002F>\nhttps:\u002F\u002Fcodex.wordpress.org\u002FEmbeds\u003C\u002Fp>\n","Register Haiku Deck as an oEmbed content provider",10,2013,"2012-10-11T23:22:00.000Z","3.4.2","2.9",[20,21,22],"http:\u002F\u002Fwww.haikudeck.com\u002Fpartners\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhaiku-deck-oembed.zip",85,{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":25,"downloaded":61,"rating":25,"num_ratings":25,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":68,"download_link":69,"security_score":52,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"geniipress-disable-embeds","GeniiPress Disable Embeds","1.0.0","GeniiPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fgeniipress\u002F","\u003Cp>An ultra-minimal plugin to disable the oEmbed core feature, speeding up your site.\u003C\u002Fp>\n","Disables the oEmbed feature from core, for a performance gain.",9515,"2019-02-21T09:15:00.000Z","5.0.25","5.0.3","5.2.4",[4,67,21,22],"disable-oembed","https:\u002F\u002Fgenii.press\u002Fwordpress-plugins\u002Fgeniipress-disable-embeds\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeniipress-disable-embeds.zip",{"slug":71,"name":72,"version":73,"author":74,"author_profile":75,"description":76,"short_description":77,"active_installs":78,"downloaded":79,"rating":80,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":89,"download_link":90,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"embed-optimizer","Embed Optimizer","1.0.0-beta5","WordPress Performance Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fperformanceteam\u002F","\u003Cp>This plugin’s purpose is to optimize the performance of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fdocumentation\u002Farticle\u002Fembeds\u002F\" rel=\"ugc\">embeds in WordPress\u003C\u002Fa>, such as Tweets, YouTube videos, TikToks, and others.\u003C\u002Fp>\n\u003Cp>The current optimizations include:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Lazy loading embeds just before they come into view.\u003C\u002Fli>\n\u003Cli>Adding dns-prefetch links for embeds in the initial viewport.\u003C\u002Fli>\n\u003Cli>Reserving space for embeds that resize to reduce layout shifting.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Lazy loading embeds\u003C\u002Fstrong> improves performance because embeds are generally very resource-intensive, so lazy loading them ensures that they don’t compete with resources when the page is loading. Lazy loading of \u003Ccode>IFRAME\u003C\u002Fcode>-based embeds is handled simply by adding the \u003Ccode>loading=lazy\u003C\u002Fcode> attribute. Lazy loading embeds that include \u003Ccode>SCRIPT\u003C\u002Fcode> tags is handled by using an Intersection Observer to watch for when the embed’s \u003Ccode>FIGURE\u003C\u002Fcode> container is going to enter the viewport, and then it dynamically inserts the \u003Ccode>SCRIPT\u003C\u002Fcode> tag.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin also recommends that you install and activate the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foptimization-detective\u002F\" rel=\"ugc\">Optimization Detective\u003C\u002Fa> plugin\u003C\u002Fstrong>, which unlocks several optimizations beyond just lazy loading. Without Optimization Detective, lazy loading can actually degrade performance \u003Cem>when an embed is positioned in the initial viewport\u003C\u002Fem>. This is because lazy loading such viewport-initial elements can degrade LCP since rendering is delayed by the logic to determine whether the element is visible. This is why WordPress Core tries its best to \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2021\u002F07\u002F15\u002Frefining-wordpress-cores-lazy-loading-implementation\u002F\" rel=\"nofollow ugc\">avoid\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2021\u002F07\u002F15\u002Frefining-wordpress-cores-lazy-loading-implementation\u002F\" rel=\"nofollow ugc\">lazy loading\u003C\u002Fa> \u003Ccode>IMG\u003C\u002Fcode> tags which appear in the initial viewport, although the server-side heuristics aren’t perfect. This is where Optimization Detective comes in since it detects whether an embed appears in any breakpoint-specific viewports, like mobile, tablet, and desktop. (See also the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-prioritizer\u002F\" rel=\"ugc\">Image Prioritizer\u003C\u002Fa> plugin which extends Optimization Detective to ensure lazy loading is correctly applied based on whether an IMG is in the initial viewport.)\u003C\u002Fp>\n\u003Cp>When Optimization Detective is active, it will start keeping track of which embeds appear in the initial viewport based on actual visits to your site. With this information in hand, Embed Optimizer will then avoid lazy loading embeds which appear in the initial viewport. Furthermore, for such above-the-fold embeds Embed Optimizer will also \u003Cstrong>add dns-prefetch links\u003C\u002Fstrong> for resources known to be used by those embeds. For example, if a YouTube embed appears in the initial viewport, Embed Optimizer with Optimization Detective will omit \u003Ccode>loading=lazy\u003C\u002Fcode> while also adding a \u003Ccode>dns-prefetch\u003C\u002Fcode> link for \u003Ccode>https:\u002F\u002Fi.ytimg.com\u003C\u002Fcode> which is the domain from which YouTube video poster images are served. Such links cause the initial-viewport embeds to load even faster.\u003C\u002Fp>\n\u003Cp>The other major feature in Embed Optimizer enabled by Optimization Detective is the \u003Cstrong>reduction of layout shifts\u003C\u002Fstrong> caused by embeds that resize when they load. This is seen commonly in WordPress post embeds or Tweet embeds. Embed Optimizer keeps track of the resized heights of these embeds. With these resized heights stored, Embed Optimizer sets the appropriate height on the container FIGURE element as the viewport-specific \u003Ccode>min-height\u003C\u002Fcode> so that when the embed loads it does not cause a layout shift.\u003C\u002Fp>\n\u003Cp>Since Optimization Detective relies on page visits to learn how the page is laid out, you’ll need to wait until you have visits from a mobile and desktop device to start seeing optimizations applied. Also, note that Optimization Detective does not apply optimizations by default for logged-in admin users.\u003C\u002Fp>\n\u003Cp>Please note that the optimizations are intended to apply to Embed blocks. So if you do not see optimizations applied, make sure that your embeds are not inside a Classic Block.\u003C\u002Fp>\n\u003Cp>Your site must have the \u003Cstrong>REST API accessible\u003C\u002Fstrong> to unauthenticated frontend visitors since this is how metrics are collected about how a page should be optimized. There are currently \u003Cstrong>no settings\u003C\u002Fstrong> and no user interface for this plugin since it is designed to work without any configuration.\u003C\u002Fp>\n","Optimizes the performance of embeds through lazy-loading, adding dns-prefetch links, and reserving space to reduce layout shifts.",60000,349166,60,2,"2026-02-27T20:19:00.000Z","7.0","6.6","7.2",[21,87,88],"optimization-detective","performance","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance\u002Ftree\u002Ftrunk\u002Fplugins\u002Fembed-optimizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-optimizer.1.0.0-beta5.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":83,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":110,"download_link":111,"security_score":112,"vuln_count":81,"unpatched_count":25,"last_vuln_date":113,"fetched_at":27},"embed-pdf-viewer","Embed PDF Viewer","2.4.8","Andy Fragen","https:\u002F\u002Fprofiles.wordpress.org\u002Fafragen\u002F","\u003Cp>Embed a PDF from the Media Library or elsewhere via oEmbed or as a block into an \u003Ccode>iframe\u003C\u002Fcode> tag. The URL only has to be world reachable link. Chrome uses Google Doc Viewer as Chrome seems to automatically rendered embedded JS in PDFs automatically. Uses Google Doc Viewer with mobile.\u003C\u002Fp>\n\u003Cp>Inspired by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdirtysuds-embed-pdf\u002F\" rel=\"ugc\">Embed PDF\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frv-embed-pdf\u002F\" rel=\"ugc\">RV Embed PDF\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Many thanks to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fakirk\" rel=\"nofollow ugc\">Alex Kirk\u003C\u002Fa> for making Embed PDF Viewer compatible with the new block editor.\u003C\u002Fp>\n\u003Cp>Development on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fafragen\u002Fembed-pdf-viewer\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Pull requests are welcome against the \u003Ccode>develop\u003C\u002Fcode> branch.\u003C\u002Fp>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Cp>Occasionally Google Doc Viewer will not correctly load the PDF. Reloading the page should correct the issue, though this may need to be done several times.\u003C\u002Fp>\n","Embed a PDF from the Media Library or elsewhere via oEmbed or as a block into an iframe tag.",20000,307147,94,19,"2026-02-21T16:59:00.000Z","6.0","7.4",[107,20,22,108,109],"block","pdf","viewer","https:\u002F\u002Fgithub.com\u002Fafragen\u002Fembed-pdf-viewer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-pdf-viewer.2.4.8.zip",99,"2024-12-19 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":11,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":18,"download_link":133,"security_score":24,"vuln_count":134,"unpatched_count":25,"last_vuln_date":135,"fetched_at":27},"embed-privacy","Embed Privacy","1.12.3","epiphyt","https:\u002F\u002Fprofiles.wordpress.org\u002Fepiphyt\u002F","\u003Cp>Content embedded from external sites such as YouTube or Twitter is loaded immediately when visitors access your site. Embed Privacy addresses this issue and prevents the loading of these contents until the visitor decides to allow loading of external content.\u003Cbr \u002F>\nBut Embed Privacy not only protects your visitor’s privacy but also makes your site load faster.\u003C\u002Fp>\n\u003Cp>All embeds will be replaced by placeholders, ready for you to apply style as you wish. With only a couple of lines of CSS.\u003C\u002Fp>\n\u003Cp>By clicking on the placeholder the respective content will then be loaded.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note: This plugins requires the PHP extension \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fbook.dom.php\" rel=\"nofollow ugc\">“Document Object Model” (php-dom)\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n","Embed Privacy prevents the loading of embedded external content and allows your site visitors to opt-in.",531266,98,26,"2026-01-20T16:55:00.000Z","6.9.4","5.9","5.6",[130,131,22,88,132],"gutenberg","iframes","privacy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-privacy.1.12.3.zip",1,"2023-11-18 00:00:00",{"attackSurface":137,"codeSignals":181,"taintFlows":188,"riskAssessment":189,"analyzedAt":197},{"hooks":138,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":25,"unprotectedCount":25},[139,145,149,153,157,161,166,170,175],{"type":140,"name":141,"callback":142,"file":143,"line":144},"filter","rest_endpoints","disable_embeds_remove_embed_endpoint","disable-embeds.php",33,{"type":140,"name":146,"callback":147,"file":143,"line":148},"oembed_response_data","disable_embeds_filter_oembed_response_data",36,{"type":140,"name":150,"callback":151,"file":143,"line":152},"embed_oembed_discover","__return_false",39,{"type":140,"name":154,"callback":155,"file":143,"line":156},"tiny_mce_plugins","disable_embeds_tiny_mce_plugin",49,{"type":140,"name":158,"callback":159,"file":143,"line":160},"rewrite_rules_array","disable_embeds_rewrites",52,{"type":162,"name":163,"callback":164,"file":143,"line":165},"action","enqueue_block_editor_assets","disable_embeds_enqueue_block_editor_assets",58,{"type":162,"name":167,"callback":168,"file":143,"line":169},"wp_default_scripts","disable_embeds_remove_script_dependencies",61,{"type":162,"name":171,"callback":172,"priority":173,"file":143,"line":174},"init","disable_embeds_init",9999,64,{"type":140,"name":158,"callback":159,"file":143,"line":176},102,[],[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":187},[],{"prepared":25,"raw":25,"locations":184},[],{"escaped":25,"rawEcho":25,"locations":186},[],[],[],{"summary":190,"deductions":191},"The \"disable-embeds\" v1.5.0 plugin exhibits a very strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals indicate robust security practices, with no dangerous functions, all SQL queries using prepared statements, and all outputs being properly escaped. The plugin also avoids file operations and external HTTP requests. The lack of any recorded vulnerabilities, including critical or high severity issues, and the absence of common vulnerability types in its history, further reinforce this positive assessment.\n\nDespite the excellent static analysis and vulnerability history, the total absence of nonce checks and capability checks in the code is a minor concern. While the plugin currently has no exposed entry points that would necessitate these checks, future updates or changes could inadvertently introduce vulnerabilities if these checks are not implemented as a general security practice. Overall, \"disable-embeds\" v1.5.0 appears to be a highly secure plugin, with its strengths far outweighing any potential weaknesses suggested by the analysis.",[192,195],{"reason":193,"points":194},"No nonce checks present",5,{"reason":196,"points":194},"No capability checks present","2026-03-16T17:41:30.211Z",{"wat":199,"direct":205},{"assetPaths":200,"generatorPatterns":202,"scriptPaths":203,"versionParams":204},[201],"\u002Fwp-content\u002Fplugins\u002Fdisable-embeds\u002Fbuild\u002Findex.js",[],[201],[],{"cssClasses":206,"htmlComments":207,"htmlAttributes":208,"restEndpoints":209,"jsGlobals":211,"shortcodeOutput":212},[],[],[],[210],"\u002Foembed\u002F1.0\u002Fembed",[],[]]