[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frWhcXeWX4i1YWRBiuf0LK_uD4xSpGRaNXsKwkwE7cHE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":126,"fingerprints":164},"display-environment-type","Display Environment Type","1.6.0","Stoil Dobreff","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdobreff\u002F","\u003Cp>WordPress 5.5 introduced a way to differentiate between environment types (development, staging, production). This plugin shows your site’s environment type in the admin bar and the dashboard “At a Glance” widget.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F07\u002F24\u002Fnew-wp_get_environment_type-function-in-wordpress-5-5\u002F\" rel=\"nofollow ugc\">More info about the feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To gain additional control — for example, setting the environment or other values from the WP admin (when \u003Ccode>wp-config.php\u003C\u002Fcode> is writable) — consider installing our other plugin \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Recommended Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa> — a powerful plugin for sites that need more insight into errors and runtime behavior. It includes a Cron manager, a Transient manager (database-backed), DB manager, Snippet manager, Mail manager, Plugin Version Switcher available from the Plugins page and many more.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays WordPress 5.5's environment type setting in the admin bar and the \"At a Glance\" dashboard widget.",1000,135115,100,4,"2025-12-19T15:09:00.000Z","6.9.4","5.5","7.4",[20,21,22,23,24],"development","dtap","environment","production","staging","https:\u002F\u002Froytanck.com\u002F2020\u002F08\u002F21\u002Fnew-wordpress-plugin-display-environment-type\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-environment-type.1.6.0.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"sdobreff",1,30,94,"2026-04-04T03:47:26.894Z",[38,54,72,90,108],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":33,"last_updated":48,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":49,"homepage":52,"download_link":53,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"environment-debug-admin-toolbar","Environment & Debug Bar","1.4.0","Medium Rare","https:\u002F\u002Fprofiles.wordpress.org\u002Fmediumraredev\u002F","\u003Cp>This plugin will tell you what environment type you are on, and what the debug settings are.\u003C\u002Fp>\n\u003Cp>If you have only one version of your site this plugin may not be useful to you.\u003C\u002Fp>\n\u003Cp>Make sure every version of your site has its \u003Cem>ENV\u003C\u002Fem> defined in wp-config.php. We support both the new official WP_ENVIRONMENT_TYPE constant, and the community classic WP_ENV.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WP_ENVIRONMENT_TYPE', 'production' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Medium Rare\u003C\u002Fh3>\n\u003Cp>We hope you like this Medium Rare plugin. We take a lot of pride in our work, and try to make it the absolute best we can.\u003C\u002Fp>\n\u003Cp>This plugin is fully free, and will never have a pro version. A small gift, from us, to you.\u003C\u002Fp>\n\u003Cp>If you’re interested in our other plugins, and future plugins, we invite you to visit our website at \u003Ca href=\"https:\u002F\u002Fmediumrare.dev\u002F\" rel=\"nofollow ugc\">mediumrare.dev\u003C\u002Fa>. Our newsletter is the best way to never miss a Medium Rare plugin launch.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you want to contribute, development takes place on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FBrugman\u002Fenvironment-debug-admin-toolbar\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Display your environment and debug info in the toolbar.",40,3378,"2025-12-09T15:03:00.000Z",[50,51,22,23,24],"debug","env","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenvironment-debug-admin-toolbar.1.4.0.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":34,"downloaded":62,"rating":27,"num_ratings":27,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":52,"download_link":70,"security_score":71,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"plx-multi-environments","PLX Multi-Environments","1.0.1","Webmaster","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattstone-plx\u002F","\u003Cp>PLX Multi-Environments manages separate Development, Staging, and Production environments directly from within the WordPress Admin screen.\u003C\u002Fp>\n\u003Cp>Once the separate configuration files have been installed and your existing wp-config.php settings have been backed up\u003Cbr \u002F>\nyou\\’re then free to enter each of your environments database settings. When you push your files between servers you no\u003Cbr \u002F>\nlonger need to edit the configuration.\u003C\u002Fp>\n\u003Cp>Important: Although the plugin will automatically backup your current settings to wp-config.backup.php, we strongly recommend backing up\u003Cbr \u002F>\nyour wp-config.php file before completing the plugin installation.\u003C\u002Fp>\n","Manage separate Development, Staging, and Production environments directly from the Wordpress Admin screen.",1807,"2017-11-22T12:30:00.000Z","4.9.29","3.5","5.6",[68,69,22,23,24],"dev","developer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplx-multi-environments.1.0.1.zip",85,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":27,"downloaded":80,"rating":27,"num_ratings":27,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":52,"tags":84,"homepage":52,"download_link":89,"security_score":71,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-environment-label","WP Environment Label","1.1","konradwww","https:\u002F\u002Fprofiles.wordpress.org\u002Fkonradwww2\u002F","\u003Cp>WP Environment Label shows on the frontside and in admin panel small label in the right bottom corner of screen. You can define name over config variable ‘WP_ENVIRONMENT_LABEL’, alternative you can do it over settings section.\u003C\u002Fp>\n","WP Environment Label - shows label with current server\u002Fenvironment name defined by config or admin-panel.",1127,"2017-10-19T16:25:00.000Z","4.8.28","3.7",[85,22,86,87,88],"development-label","environment-info","label","staging-label","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-environment-label.1.1.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":27,"num_ratings":27,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":18,"tags":103,"homepage":106,"download_link":107,"security_score":71,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-shield","WP Shield","1.6","drupalmatts","https:\u002F\u002Fprofiles.wordpress.org\u002Fdrupalmatts\u002F","\u003Cp>This plugin will allow you to secure your development, staging and UAT environments\u003Cbr \u002F>\nwith an http authentication block that can be controlled in admin but also turned\u003Cbr \u002F>\noff via a declared variable in your config file.  It allows you to bring your Database\u003Cbr \u002F>\nback to non-production environments without having to physically turn off the plugin each time.\u003C\u002Fp>\n\u003Cp>Variable:  \u003Ccode>define('WP_SHIELD_UN', '');\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>This simple line of code (recommended to add to a file ignored by your code management\u003Cbr \u002F>\nsoftware and required into your wp_config.php file) will override the enabled flag\u003Cbr \u002F>\nif the plugin’s settings.  Enable in production and add the above code.  If that\u003Cbr \u002F>\nrequire file doesn’t exist in your other environments, it will prompt users for the\u003Cbr \u002F>\nset username and password.\u003C\u002Fp>\n","This plugin will allow you to secure your development, staging and UAT environments with an http authentication block that can be controlled in admin  &hellip;",300,2309,"2023-12-06T01:22:00.000Z","6.4.8","4.6",[20,104,105],"environments","security","https:\u002F\u002Fwww.tronebrandenergy.com\u002Fplugins\u002Fshield","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-shield.1.6.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":13,"downloaded":116,"rating":27,"num_ratings":27,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":124,"download_link":125,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"apex-digital-toolbox","Apex Digital Toolbox","1.5.0","nwells","https:\u002F\u002Fprofiles.wordpress.org\u002Fnwells\u002F","\u003Cp>Too many plugins installed to do basic things? This plugin tries to bring some common ones into one plugin to make life that little bit easier.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Current functionality\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Identify the production URL so as to apply specific logic or hooks depending on which environment the site is in\u003C\u002Fli>\n\u003Cli>Block visitors to the staging site based on IP or by using a specific cookie – great for showing clients but not the world\u003C\u002Fli>\n\u003Cli>Find & replace functionality – great for changing from a staging URL to a production URL\u003C\u002Fli>\n\u003Cli>Auto 301 redirect to the site domain for WordPress – useful to ensure everyone is using the correct path i.e. with www (or not) and https (or not)\u003C\u002Fli>\n\u003Cli>Add additional classes to the main body tag to easily target device and operating system i.e. iOS, Android, Chrome, etc…\u003C\u002Fli>\n\u003Cli>Sitemap generator to display a list of pages (or any post type) on the site as well as offering the ability to exclude pages\u003C\u002Fli>\n\u003Cli>WooCommerce settings to disable categories list on single product page, remove reviews tab, remove product count on categories\u003C\u002Fli>\n\u003Cli>When using Visual Composer you can automatically load in any PHP files that make use of vc_map() within your theme\u003C\u002Fli>\n\u003Cli>When using Gravity Forms & Bootstrap all correct classes will be applied to input boxes and buttons. Also, a new field type is added to add columns to forms as well as placing the submit button wherever you like\u003C\u002Fli>\n\u003Cli>Gravity Forms confirmation message appear underneath any fixed header when using AJAX. This hook allows you to scroll to the correct position based on the header\u003C\u002Fli>\n\u003Cli>Can specify a stylesheet that you want to appear last in the enqueue – useful for overwriting parent themes or other plugins\u003C\u002Fli>\n\u003Cli>YouTube embedded videos can have the title, related videos, and controls switched off\u003C\u002Fli>\n\u003Cli>Change the sender name and email address for emails sent\u003C\u002Fli>\n\u003Cli>Short code for displaying the current year – useful for keeping copyright notices up-to-date\u003C\u002Fli>\n\u003Cli>WooCommerce template tweaks for improved usability when using the Jupiter theme\u003C\u002Fli>\n\u003Cli>Set parent hierarchy pages as place holders so they don’t provide links in menus to empty pages\u003C\u002Fli>\n\u003Cli>Simple short code for the current page title – useful to add in to links\u003C\u002Fli>\n\u003Cli>Disable certain notifications for admin\u003C\u002Fli>\n\u003Cli>Added Relevanssi support for XforWooCommerce filter plugin when AJAX is in use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Coming soon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Drag & drop page re-ordering\u003C\u002Fli>\n\u003Cli>Improve noindexing on WooCommerce hidden products as well as ensuring the don’t appear in sitemaps both HTML & XML\u003C\u002Fli>\n\u003Cli>Auto hide a page from any menu when its status is no longer published\u003C\u002Fli>\n\u003Cli>Additional default settings for Visual Composer to make it easier to extend and remove built in elements & templates\u003C\u002Fli>\n\u003Cli>More to come!\u003C\u002Fli>\n\u003C\u002Ful>\n","Too many plugins installed to do basic things? Bring some common functions ones into one plugin to make life that little bit easier for developers.",5947,"2026-02-17T02:06:00.000Z","6.7.5","3.0.1","7.1",[122,23,123,24],"administration","setup","https:\u002F\u002Fwww.apexdigital.co.nz\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapex-digital-toolbox.1.5.0.zip",{"attackSurface":127,"codeSignals":133,"taintFlows":151,"riskAssessment":152,"analyzedAt":163},{"hooks":128,"ajaxHandlers":129,"restRoutes":130,"shortcodes":131,"cronEvents":132,"entryPointCount":27,"unprotectedCount":27},[],[],[],[],[],{"dangerousFunctions":134,"sqlUsage":135,"outputEscaping":137,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":150},[],{"prepared":27,"raw":27,"locations":136},[],{"escaped":27,"rawEcho":14,"locations":138},[139,143,146,148],{"file":140,"line":141,"context":142},"classes\\class-display-environment-type.php",401,"raw output",{"file":144,"line":145,"context":142},"display-environment-type.php",75,{"file":144,"line":147,"context":142},97,{"file":144,"line":149,"context":142},113,[],[],{"summary":153,"deductions":154},"The \"display-environment-type\" plugin version 1.6.0 demonstrates a generally strong security posture based on the provided static analysis. The plugin exhibits no identified entry points such as AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed to the public without authentication.  Furthermore, the absence of dangerous functions, file operations, and external HTTP requests significantly reduces the potential attack surface.  The plugin also correctly utilizes prepared statements for its SQL queries, which is a critical security best practice for preventing SQL injection vulnerabilities.\n\nHowever, a notable concern arises from the output escaping results, where 100% of the outputs were not properly escaped. This indicates a significant risk of Cross-Site Scripting (XSS) vulnerabilities.  Any data displayed by the plugin to users, if not properly sanitized, could be manipulated by attackers to inject malicious scripts, leading to session hijacking, defacement, or other harmful actions.  The lack of nonce and capability checks, while not directly tied to an attack surface in this analysis, could potentially be exploited if an entry point were discovered or introduced in a future version, allowing for unauthorized actions.  The clean vulnerability history with no recorded CVEs is a positive indicator, suggesting a history of secure development, but it does not mitigate the immediate risk posed by unescaped output.\n\nIn conclusion, while the \"display-environment-type\" plugin version 1.6.0 excels in minimizing its attack surface and employing secure data handling for database interactions, the complete lack of output escaping presents a critical security flaw. This oversight could expose the plugin to XSS attacks, undermining its otherwise sound security practices.  The absence of recorded vulnerabilities is encouraging, but the immediate need for addressing the output escaping issue is paramount.",[155,158,161],{"reason":156,"points":157},"100% of outputs unescaped",12,{"reason":159,"points":160},"Missing nonce checks",5,{"reason":162,"points":160},"Missing capability checks","2026-03-16T18:54:54.942Z",{"wat":165,"direct":187},{"assetPaths":166,"generatorPatterns":170,"scriptPaths":171,"versionParams":178},[167,168,169],"\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fdist\u002Fcss\u002Fdet-toolbar-styles.css","\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fdist\u002Fjs\u002Fdet-admin-script.js","\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fdist\u002Fjs\u002Fdet-editor-script.js",[],[172,173,174,175,176,177],"\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fvendor\u002Fwp-browser\u002Fwp-browser\u002Fsrc\u002Fwp-browser.js","\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fassets\u002Fjs\u002Feditor.js","\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fassets\u002Fjs\u002Fadmin-script.js","\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fassets\u002Fjs\u002Feditor-script.js","\u002Fwp-content\u002Fplugins\u002Fdisplay-environment-type\u002Fassets\u002Fjs\u002Feditor\u002Fdist\u002Findex.js",[179,180,181,182,183,184,185,186],"display-environment-type\u002Fdist\u002Fcss\u002Fdet-toolbar-styles.css?ver=","display-environment-type\u002Fdist\u002Fjs\u002Fdet-admin-script.js?ver=","display-environment-type\u002Fdist\u002Fjs\u002Fdet-editor-script.js?ver=","display-environment-type\u002Fassets\u002Fjs\u002Fadmin.js?ver=","display-environment-type\u002Fassets\u002Fjs\u002Feditor.js?ver=","display-environment-type\u002Fassets\u002Fjs\u002Fadmin-script.js?ver=","display-environment-type\u002Fassets\u002Fjs\u002Feditor-script.js?ver=","display-environment-type\u002Fassets\u002Fjs\u002Feditor\u002Fdist\u002Findex.js?ver=",{"cssClasses":188,"htmlComments":196,"htmlAttributes":199,"restEndpoints":201,"jsGlobals":202,"shortcodeOutput":205},[189,190,191,192,193,194,195],"det-env-type","det-local","det-development","det-staging","det-production","det-toolbar-styles","det-admin-notice",[197,198],"\u003C!-- Dismissible notice for the user -->","\u003C!-- Dismissible recommendation notice -->",[200],"data-det-notice-dismissible",[],[203,204],"det_admin_vars","det_editor_vars",[]]