[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUK_xFGga_hdU8QdbHP61o72PwO8FydEpmaoB7y0a3hs":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":34,"fingerprints":82},"disable-full-site-editing","Disable Full Site Editing","1.2.0","Jan-Willem","https:\u002F\u002Fprofiles.wordpress.org\u002Fjanwoostendorp\u002F","\u003Cp>Allow disabling full site editing in the admin, useful to protect a production site.\u003Cbr \u002F>\nA block theme will continue to work as intended on the frontend while making sure the theme can’t be messed up.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cem>⚠️ Full site editing is still fresh.\u003C\u002Fem>\u003Cbr \u002F>\n  For the coming months I’ll keep testing the plugin with new (beta) releases of gutenberg and WordPres.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>If you find a bug,\u003C\u002Fli>\n\u003Cli>If you have questions,\u003C\u002Fli>\n\u003Cli>Feature requests,\u003C\u002Fli>\n\u003Cli>Anything else,\u003Cbr \u002F>\nPlease contact me \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fdisable-full-site-editing\u002F\" rel=\"ugc\">on the forum\u003C\u002Fa> or on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjanw-me\u002Fdisable-full-site-editing\" rel=\"nofollow ugc\">github repository\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allow disabling full site editing in the admin, useful to protect a production site.",200,8278,0,"2025-11-29T09:23:00.000Z","6.9.4","5.0","7.2",[19],"ful-site-edit","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-full-site-editing\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-full-site-editing.1.2.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":27,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":22,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},"janwoostendorp",2,70200,30,94,"2026-04-05T09:49:13.887Z",[],{"attackSurface":35,"codeSignals":60,"taintFlows":72,"riskAssessment":73,"analyzedAt":81},{"hooks":36,"ajaxHandlers":56,"restRoutes":57,"shortcodes":58,"cronEvents":59,"entryPointCount":13,"unprotectedCount":13},[37,43,47,52],{"type":38,"name":39,"callback":40,"file":41,"line":42},"action","admin_menu","register_menu_page","disable-fse.php",51,{"type":38,"name":44,"callback":45,"file":41,"line":46},"admin_init","register_settings",52,{"type":48,"name":49,"callback":50,"file":41,"line":51},"filter","block_editor_settings_all","remove_new_templates",55,{"type":48,"name":53,"callback":54,"file":41,"line":55},"theme_file_path","hide_html_templates",56,[],[],[],[],{"dangerousFunctions":61,"sqlUsage":62,"outputEscaping":64,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":71},[],{"prepared":13,"raw":13,"locations":63},[],{"escaped":28,"rawEcho":65,"locations":66},1,[67],{"file":68,"line":69,"context":70},"app\\template\\on-off-switch.php",23,"raw output",[],[],{"summary":74,"deductions":75},"Based on the provided static analysis and vulnerability history, the \"disable-full-site-editing\" plugin v1.2.0 appears to have a strong security posture. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface. Furthermore, the code signals indicate a commitment to secure coding practices, with no dangerous functions, all SQL queries using prepared statements, and a reasonable percentage of output being properly escaped. The lack of file operations and external HTTP requests also reduces potential vulnerabilities. The vulnerability history is clean, with zero known CVEs, which suggests a well-maintained and secure plugin over time.\n\nHowever, the complete lack of nonce checks and capability checks across all entry points is a notable concern. While the current attack surface is zero, this oversight means that if any new entry points were inadvertently introduced in future versions, they would likely be unprotected against common WordPress attacks like Cross-Site Request Forgery (CSRF). The taint analysis showing zero flows is also positive, but it's important to remember that this analysis is based on zero flows analyzed, which could indicate either a very small code base or potential limitations in the analysis itself.\n\nIn conclusion, the plugin demonstrates good practices regarding SQL and output handling, and its vulnerability history is excellent. The primary weakness lies in the absence of authentication and authorization checks on potential entry points, which, while not currently exploitable due to a zero attack surface, represents a latent risk. The overall risk is low, but this specific oversight warrants attention for future development.",[76,79],{"reason":77,"points":78},"Missing nonce checks on all entry points",7,{"reason":80,"points":78},"Missing capability checks on all entry points","2026-03-16T20:20:23.279Z",{"wat":83,"direct":92},{"assetPaths":84,"generatorPatterns":87,"scriptPaths":88,"versionParams":89},[85,86],"\u002Fwp-content\u002Fplugins\u002Fdisable-full-site-editing\u002Fapp\u002Ftemplate\u002Fdisable-fse.css","\u002Fwp-content\u002Fplugins\u002Fdisable-full-site-editing\u002Fapp\u002Ftemplate\u002Fdisable-fse.js",[],[86],[90,91],"disable-full-site-editing\u002Fapp\u002Ftemplate\u002Fdisable-fse.css?ver=","disable-full-site-editing\u002Fapp\u002Ftemplate\u002Fdisable-fse.js?ver=",{"cssClasses":93,"htmlComments":94,"htmlAttributes":95,"restEndpoints":96,"jsGlobals":97,"shortcodeOutput":98},[],[],[],[],[],[]]