[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0BUqLG8K1TgpKglskph7qCRLpaXbZs1u1Lk-n9zNHG0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":137,"fingerprints":444},"document-repository","Document Repository","0.2.4.1","Ron Rennick","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmuguru\u002F","\u003Cp>The document repository is designed to provide a central revisioned repository for documents in WordPress network being implemented as a content management system. However, it can be used in single WP sites and supports cross domain implementation via JSON.\u003C\u002Fp>\n\u003Cp>\u003Cem>Features\u003C\u002Fem>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>Download via permlink\u003C\u002Fem> – The document post permalink delivers a direct download of the current version of the uploaded document. \u003C\u002Fli>\n\u003Cli>\u003Cem>Document revisions\u003C\u002Fem> – On upload of each document, a new revision of the document post is created. Previous versions remain attached to prior revisions.\u003C\u002Fli>\n\u003Cli>\u003Cem>Version independence\u003C\u002Fem> – The permalink to the most recent version of the document doesn’t change which enables one time internal or external linking to the document.\u003C\u002Fli>\n\u003Cli>\u003Cem>Revision download via permalink\u003C\u002Fem> – Prior versions of the document each have a distinct permalink which delivers a direct download.\u003C\u002Fli>\n\u003Cli>\u003Cem>Optional custom taxonomies\u003C\u002Fem> – A custom taxonomy plugin is included to model implementing custom taxonomies with the document post type \u003C\u002Fli>\n\u003Cli>\u003Cem>Optional custom roles\u003C\u002Fem> – A custom role plugin is included which permits restricting contributor, author & editor access to document posts based on organizational role\u003C\u002Fli>\n\u003Cli>\u003Cem>Optiona extras\u003C\u002Fem> – The extras plugin is included to add a link to document admin to document maintainers’ admin bar & adds a document media type to the edit post area across the network.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftechnology.umw.edu\u002Fwordpress101\u002Fdocument-repository\u002F\" rel=\"nofollow ugc\">User instructions\u002Fdocumentation provided by University of Mary Washington\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin was written by \u003Ca href=\"http:\u002F\u002Fronandandrea.com\u002F\" rel=\"nofollow ugc\">Ron Rennick\u003C\u002Fa> in collaboration with the \u003Ca href=\"http:\u002F\u002Fumw.edu\u002F\" rel=\"nofollow ugc\">University of Mary Washington\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwpmututorials.com\u002Fplugins\u002Fdocument-repository\u002F\" rel=\"nofollow ugc\">Plugin Page for details\u003C\u002Fa>\u003C\u002Fp>\n","Turn a WordPress site into a revisioned document repository.",10,15396,74,3,"2013-04-03T00:11:00.000Z","3.5.2","3.2","",[20,21,22,23],"custom","media","post","revision","http:\u002F\u002Fwpmututorials.com\u002Fplugins\u002Fdocument-repository\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdocument-repository.0.2.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":26,"computed_at":36},"wpmuguru",1220,87,30,"2026-04-04T14:53:39.707Z",[38,60,81,100,119],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"autoremove-attachments","Autoremove Attachments","1.3.1","Polygon Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fpolygonthemes\u002F","\u003Cp>Autoremove Attachments helps you keep the Media Library clean by deleting all media files attached as child attachments to a post, page, or custom post type when the parent is deleted.\u003C\u002Fp>\n\u003Cp>By default, when you delete content from your website, regardless if it’s a post, a page, a product, or any kind of post type, WordPress keeps the media files previously associated with it, even if after the removal of your content they are not used anywhere else.\u003C\u002Fp>\n\u003Cp>Autoremove Attachments tries to solve this problem by automating the removal of all media files that have a child-parent relationship with the removed content. (so you don’t have to manually track and remove orphan files left on your server)\u003C\u002Fp>\n\u003Ch3>Important Considerations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>A soft delete that places your post, page, or custom post type in Trash will not trigger the removal of its child attachments. The purge happens when you empty your trash.\u003C\u002Fli>\n\u003Cli>When you delete a post, page or custom post type, we try to determine if its child attachments are used anywhere else on your website. If they are, we do not remove them, to prevent broken links.\u003C\u002Fli>\n\u003Cli>The additional checks before the automatic removal can be disabled from the Media Settings for improved performance on large websites with thousands of posts and media files.\u003C\u002Fli>\n\u003Cli>The plugin only removes files tracked by WordPress. Some poorly coded themes generate additional thumbnail sizes that are not tracked by WordPress and this always leads to orphan files left on your server.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Compatibility and Third-Party Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\" rel=\"ugc\">WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-digital-downloads\" rel=\"ugc\">Easy Digital Downloads\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>All themes and plugins that do things the WordPress way\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you use a plugin to optimize and clean your database of revisions, trashed posts, etc, make sure you use one that relies on native WordPress functions to perform the maintenance tasks. We recommend \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-sweep\" rel=\"ugc\">WP-Sweep\u003C\u002Fa>.\u003C\u002Fp>\n","Remove child attachments when parent post, page or custom post type is deleted.",3000,34470,100,15,"2023-08-12T00:30:00.000Z","6.3.8","5.8","7.4",[55,56,21,57,22],"attachment","custom-post-type","page","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautoremove-attachments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautoremove-attachments.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":46,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":52,"requires_php":53,"tags":73,"homepage":76,"download_link":77,"security_score":78,"vuln_count":79,"unpatched_count":27,"last_vuln_date":80,"fetched_at":29},"w4-post-list","W4 Post List","2.5.5","Shazzad Hossain Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajib1223\u002F","\u003Cp>Display Posts (any custom post type), Terms (any custom taxonomy), Users (any role) on Content or Widget Areas by placing a shortcode. Select what to show and design how to show it. Using the plugin is really easy. You will find Tinymce button on post\u002Fpage editor to quickly inset a list. Also, there’s a separate page for creating or editing list.\u003C\u002Fp>\n\u003Ch4>List Types\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Terms\u003C\u002Fli>\n\u003Cli>Users\u003C\u002Fli>\n\u003Cli>Terms & Posts\u003C\u002Fli>\n\u003Cli>Users & Posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Creating a list is just few steps. There are different sets option for different List Type, following options are available for List Type – \u003Ccode>posts\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Posts\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>post type\u003C\u002Fli>\n\u003Cli>post mime type\u003C\u002Fli>\n\u003Cli>post status\u003C\u002Fli>\n\u003Cli>post search keyword\u003C\u002Fli>\n\u003Cli>include post by ids\u003C\u002Fli>\n\u003Cli>exclude post by ids\u003C\u002Fli>\n\u003Cli>exclude current post\u003C\u002Fli>\n\u003Cli>posts per page – while using pagination\u003C\u002Fli>\n\u003Cli>post by parent ids\u003C\u002Fli>\n\u003Cli>post by author ids\u003C\u002Fli>\n\u003Cli>post by terms ( tax_query )\u003C\u002Fli>\n\u003Cli>post by meta ( meta_query )\u003C\u002Fli>\n\u003Cli>post by year, month, day ( date_query )\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Group Results by\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>year\u003C\u002Fli>\n\u003Cli>month\u003C\u002Fli>\n\u003Cli>month year\u003C\u002Fli>\n\u003Cli>category, post tag or custom taxonomies\u003C\u002Fli>\n\u003Cli>authors\u003C\u002Fli>\n\u003Cli>parents\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Order Results by\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>post id\u003C\u002Fli>\n\u003Cli>post title\u003C\u002Fli>\n\u003Cli>post name\u003C\u002Fli>\n\u003Cli>post publish date\u003C\u002Fli>\n\u003Cli>post modified date\u003C\u002Fli>\n\u003Cli>menu order\u003C\u002Fli>\n\u003Cli>approved comment count\u003C\u002Fli>\n\u003Cli>meta value\u003C\u002Fli>\n\u003Cli>or random\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multi-Page Pagination by\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Next \u002F Previous links\u003C\u002Fli>\n\u003Cli>Numeric navigation flat – Ex: 1, 2, 3.\u003C\u002Fli>\n\u003Cli>Numeric navigation showing in unordered list.\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable pagination by ajax\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>To Create Template\u003C\u002Fh4>\n\u003Cp>Templates are designed using Shortcodes. You can create a simple list just showing post title and linked to the post page, or you can display complex list using any of the information relating to post. Some of the available shortcodes are –\u003C\u002Fp>\n\u003Cul>\n\u003Cli>post thumbnail\u003C\u002Fli>\n\u003Cli>post categories\u003C\u002Fli>\n\u003Cli>post tags\u003C\u002Fli>\n\u003Cli>post custom taxonomy terms\u003C\u002Fli>\n\u003Cli>post author name \u002F links \u002F avatar\u003C\u002Fli>\n\u003Cli>post publish time\u003C\u002Fli>\n\u003Cli>post modified time\u003C\u002Fli>\n\u003Cli>post excerpt\u003C\u002Fli>\n\u003Cli>post content\u003C\u002Fli>\n\u003Cli>post meta value (multiple times, with multiple meta keys)\u003C\u002Fli>\n\u003Cli>media thumbnail\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check all of the \u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fdocs\u002Fw4-post-list\u002Ffaqs\u002Fwhat-are-the-available-template-tags\u002F\" rel=\"nofollow ugc\">available shortcodes\u003C\u002Fa> here.\u003C\u002Fp>\n\u003Ch4>Check Example\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-1\" rel=\"nofollow ugc\">Simple Posts List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-2\" rel=\"nofollow ugc\">Media List\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-3\" rel=\"nofollow ugc\">Year\u002FMonth Archive\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-4\" rel=\"nofollow ugc\">List of Categories\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fw4dev.com\u002Fwp\u002Fw4-post-list-examples\u002F#example-5\" rel=\"nofollow ugc\">List of Terms\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>W4 Post List uses \u003Ca href=\"https:\u002F\u002Fappsero.com\" rel=\"nofollow ugc\">Appsero\u003C\u002Fa> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.\u003C\u002Fp>\n\u003Cp>Appsero SDK \u003Cstrong>does not gather any data by default.\u003C\u002Fstrong> The SDK only starts gathering basic telemetry data \u003Cstrong>when a user allows it via the admin notice\u003C\u002Fstrong>. We collect the data to ensure a great user experience for all our users.\u003C\u002Fp>\n\u003Cp>Integrating Appsero SDK \u003Cstrong>DOES NOT IMMEDIATELY\u003C\u002Fstrong> start gathering data, \u003Cstrong>without confirmation from users in any case.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Learn more about how \u003Ca href=\"https:\u002F\u002Fappsero.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">Appsero collects and uses this data\u003C\u002Fa>.\u003C\u002Fp>\n","W4 Post List lets you create a list of posts, terms, users or a combined one. Decorate output using shortcodes. It's just easy and fun.",193960,94,93,"2026-02-16T07:12:00.000Z","6.9.4",[56,21,22,74,75],"post-list","shortcode","https:\u002F\u002Fw4dev.com\u002Fplugins\u002Fw4-post-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fw4-post-list.2.5.5.zip",99,5,"2023-03-22 00:00:00",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":13,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":98,"download_link":99,"security_score":48,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"simple-revision-control","Simple Revision Control","2.2.4","Marcin Pietrzak","https:\u002F\u002Fprofiles.wordpress.org\u002Fiworks\u002F","\u003Cp>Easily control and limit post revisions per post type to keep your WordPress database clean and optimized—no coding required!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Simple Revision Control\u003C\u002Fem>\u003C\u002Fstrong> is a WordPress plugin that provides an easy way to manage and limit the number of post revisions stored for each post type on your site. Unlike editing the wp-config.php file—which only allows setting a single revision limit for all post types—this plugin lets you specify a different revision limit for each post type individually. You can also enable or disable revision support per post type and delete unwanted revisions directly from the plugin’s settings.\u003C\u002Fp>\n\u003Ch4>Key features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Set custom revision limits for each post type, rather than a global limit.\u003C\u002Fli>\n\u003Cli>Enable or disable revisions for post types that don’t support them by default.\u003C\u002Fli>\n\u003Cli>Delete all unwanted revisions with a single click to keep your database clean.\u003C\u002Fli>\n\u003Cli>Simple setup and configuration via the WordPress admin under Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Revisions.\u003C\u002Fli>\n\u003Cli>No coding required—ideal for users who prefer not to edit wp-config.php.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is especially useful for site owners who want granular control over revision storage to optimize database performance and avoid unnecessary clutter, without needing to modify core WordPress files.\u003C\u002Fp>\n\u003Ch4>Asset image\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Ftheenmoy\u002F8078124630\u002F\" rel=\"nofollow ugc\">My Filing Cabinet\u003C\u002Fa> by \u003Ca href=\"http:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Ftheenmoy\u002F\" rel=\"nofollow ugc\">Theen Moy\u003C\u002Fa> Creative Common\u003C\u002Fp>\n\u003Ch4>GitHub\u003C\u002Fh4>\n\u003Cp>The Simple Revision Control plugin is available also on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiworks\u002Fsimple-revision-control\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Easily control and limit post revisions per post type to keep your WordPress database clean and optimized—no coding required!",1000,14971,12,"2025-07-10T06:37:00.000Z","6.8.5","6.0","8.0",[56,57,22,23,97],"revisions","http:\u002F\u002Fiworks.pl\u002Fen\u002Fplugins\u002Fsimple-revision-control\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-revision-control.2.2.4.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":48,"downloaded":108,"rating":48,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":115,"download_link":116,"security_score":117,"vuln_count":109,"unpatched_count":109,"last_vuln_date":118,"fetched_at":29},"media-folder","Media Folder","1.0.0","Kingdom Creation","https:\u002F\u002Fprofiles.wordpress.org\u002Fkingdomcreation\u002F","\u003Cp>Attach media files to a common parent post, easily upload and list the content of the folder using a shortcode. This plugin is intended for developers to use as it will facilitate the client to add pictures to a slider for instance. Media Folder offers the possibility to virtually group attachements behing to a single hidden post type, the “folder”.\u003C\u002Fp>\n","Attach media files to a common parent post, easily upload and list the content of the folder. Useful for making sliders that clients can manage or lis &hellip;",12452,1,"2016-12-21T02:03:00.000Z","4.8.28","3.0.1",[114],"custom-post-type-media-slider-attachements","http:\u002F\u002Fwww.globalsecuresystem.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmedia-folder.1.0.0.zip",63,"2025-07-07 00:00:00",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":48,"num_ratings":109,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":18,"tags":132,"homepage":134,"download_link":135,"security_score":136,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-revision-list","WP Revision List","1.1.9","Pete Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fgungeekatx\u002F","\u003Cp>This plugin allows you to include a list of revisions when viewing a list of posts, pages, or custom post types in the admin dashboard.  It can be configured\u003Cbr \u002F>\nto limit the number of revisions shown, the post types it is enabled for, and a prefix & suffix to wrap around the revision title to offset it from the rest of the list.\u003C\u002Fp>\n\u003Cp>Thanks to \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fpat_ramsey\" rel=\"nofollow ugc\">Pat Ramsey\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fzzramesses\" rel=\"nofollow ugc\">Corey Ellis\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002FNick_Batik\" rel=\"nofollow ugc\">Nick Batick\u003C\u002Fa> for\u003Cbr \u002F>\nencouraging me to write this plugin, and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fkenziemoss\" rel=\"nofollow ugc\">Kenzie Moss\u003C\u002Fa> for our WordPress icon.\u003C\u002Fp>\n","Show revisions when viewing lists of posts, pages, or custom post types in the admin dashboard",80,3898,"2025-01-13T21:03:00.000Z","6.7.5","4.0",[133,56,57,22,97],"admin","https:\u002F\u002Fgithub.com\u002Fpetenelson\u002Fwp-revision-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-revision-list.1.1.9.zip",92,{"attackSurface":138,"codeSignals":269,"taintFlows":325,"riskAssessment":434,"analyzedAt":443},{"hooks":139,"ajaxHandlers":265,"restRoutes":266,"shortcodes":267,"cronEvents":268,"entryPointCount":27,"unprotectedCount":27},[140,145,147,149,153,157,160,163,165,169,172,175,178,182,185,189,192,195,198,201,204,206,208,212,216,220,223,226,230,233,235,236,238,241,244,247,250,253,256,259,263],{"type":141,"name":142,"callback":142,"priority":91,"file":143,"line":144},"action","init","custom-taxonomies.php",29,{"type":141,"name":146,"callback":146,"file":143,"line":70},"document_search_widget",{"type":141,"name":148,"callback":148,"priority":11,"file":143,"line":69},"save_post",{"type":150,"name":151,"callback":151,"priority":91,"file":143,"line":152},"filter","post_updated_messages",95,{"type":150,"name":154,"callback":154,"priority":155,"file":143,"line":156},"the_content",9,96,{"type":150,"name":158,"callback":158,"file":143,"line":159},"document_search_query_vars",97,{"type":141,"name":142,"callback":142,"file":161,"line":162},"document-repository.php",54,{"type":150,"name":154,"callback":154,"file":161,"line":164},55,{"type":141,"name":142,"callback":166,"priority":167,"file":161,"line":168},"media_library",14,58,{"type":141,"name":170,"callback":170,"file":161,"line":171},"wp",61,{"type":141,"name":173,"callback":173,"file":161,"line":174},"admin_enqueue_scripts",62,{"type":141,"name":176,"callback":176,"priority":177,"file":161,"line":117},"admin_menu",20,{"type":141,"name":179,"callback":180,"file":161,"line":181},"admin_head_media_upload_type_form","media_upload_type_form",64,{"type":141,"name":183,"callback":183,"file":161,"line":184},"add_attachment",65,{"type":150,"name":186,"callback":187,"file":161,"line":188},"pre_site_option_mu_media_buttons","media_buttons_filter",66,{"type":150,"name":190,"callback":190,"priority":78,"file":161,"line":191},"media_upload_tabs",67,{"type":141,"name":193,"callback":193,"priority":177,"file":161,"line":194},"media_buttons",68,{"type":150,"name":196,"callback":196,"file":161,"line":197},"umw_document_rewrite_rules",69,{"type":150,"name":199,"callback":199,"file":161,"line":200},"wp_handle_upload_prefilter",70,{"type":141,"name":202,"callback":202,"file":161,"line":203},"delete_post",71,{"type":150,"name":151,"callback":151,"file":161,"line":205},72,{"type":150,"name":154,"callback":154,"file":161,"line":207},283,{"type":141,"name":209,"callback":210,"priority":155,"file":161,"line":211},"do_meta_boxes","add_metabox",346,{"type":141,"name":213,"callback":214,"file":161,"line":215},"widgets_init","register_ra_document_search_widget",617,{"type":141,"name":217,"callback":217,"file":218,"line":219},"plugins_loaded","extras.php",33,{"type":141,"name":221,"callback":221,"file":218,"line":222},"admin_init",34,{"type":141,"name":224,"callback":224,"priority":48,"file":218,"line":225},"admin_bar_menu",35,{"type":141,"name":227,"callback":228,"priority":78,"file":218,"line":229},"admin_head_ra_media_document_callback","admin_head_document",36,{"type":141,"name":231,"callback":231,"file":218,"line":232},"media_upload_document",37,{"type":150,"name":234,"callback":234,"file":218,"line":171},"media_buttons_context",{"type":141,"name":193,"callback":193,"file":218,"line":117},{"type":141,"name":142,"callback":142,"priority":91,"file":237,"line":225},"user-roles.php",{"type":141,"name":176,"callback":239,"priority":177,"file":237,"line":240},"add_admin_page",42,{"type":150,"name":242,"callback":242,"priority":11,"file":237,"line":243},"map_meta_cap",44,{"type":150,"name":245,"callback":245,"priority":11,"file":237,"line":246},"manage_posts_columns",48,{"type":141,"name":248,"callback":248,"priority":109,"file":237,"line":249},"manage_posts_custom_column",49,{"type":150,"name":251,"callback":251,"file":237,"line":252},"manage_users_columns",50,{"type":150,"name":254,"callback":254,"priority":109,"file":237,"line":255},"manage_users_custom_column",51,{"type":141,"name":257,"callback":257,"file":237,"line":258},"personal_options",52,{"type":141,"name":260,"callback":261,"file":237,"line":262},"personal_options_update","update_profile",53,{"type":141,"name":264,"callback":261,"file":237,"line":162},"edit_user_profile_update",[],[],[],[],{"dangerousFunctions":270,"sqlUsage":271,"outputEscaping":285,"fileOperations":109,"externalRequests":27,"nonceChecks":323,"capabilityChecks":14,"bundledLibraries":324},[],{"prepared":11,"raw":272,"locations":273},4,[274,277,280,283],{"file":161,"line":275,"context":276},338,"$wpdb->query() with variable interpolation",{"file":237,"line":278,"context":279},175,"$wpdb->get_results() with variable interpolation",{"file":237,"line":281,"context":282},230,"$wpdb->get_var() with variable interpolation",{"file":237,"line":284,"context":276},237,{"escaped":286,"rawEcho":287,"locations":288},27,18,[289,292,294,296,298,300,302,304,306,308,309,310,312,314,316,318,320,322],{"file":143,"line":290,"context":291},154,"raw output",{"file":161,"line":293,"context":291},146,{"file":161,"line":295,"context":291},542,{"file":161,"line":297,"context":291},579,{"file":161,"line":299,"context":291},581,{"file":161,"line":301,"context":291},583,{"file":161,"line":303,"context":291},590,{"file":161,"line":305,"context":291},595,{"file":161,"line":307,"context":291},602,{"file":161,"line":307,"context":291},{"file":161,"line":307,"context":291},{"file":218,"line":311,"context":291},148,{"file":218,"line":313,"context":291},165,{"file":237,"line":315,"context":291},73,{"file":237,"line":317,"context":291},121,{"file":237,"line":319,"context":291},122,{"file":237,"line":321,"context":291},162,{"file":237,"line":321,"context":291},2,[],[326,344,366,377,390],{"entryPoint":327,"graph":328,"unsanitizedCount":109,"severity":343},"media_library (document-repository.php:80)",{"nodes":329,"edges":340},[330,335],{"id":331,"type":332,"label":333,"file":161,"line":334},"n0","source","$_GET",83,{"id":336,"type":337,"label":338,"file":161,"line":34,"wp_function":339},"n1","sink","header() [Header Injection]","header",[341],{"from":331,"to":336,"sanitized":342},false,"medium",{"entryPoint":345,"graph":346,"unsanitizedCount":27,"severity":365},"admin_page (user-roles.php:96)",{"nodes":347,"edges":361},[348,350,354,357],{"id":331,"type":332,"label":333,"file":237,"line":349},102,{"id":336,"type":337,"label":351,"file":237,"line":352,"wp_function":353},"query() [SQLi]",104,"query",{"id":355,"type":332,"label":356,"file":237,"line":349},"n2","$_GET (x2)",{"id":358,"type":337,"label":359,"file":237,"line":317,"wp_function":360},"n3","echo() [XSS]","echo",[362,364],{"from":331,"to":336,"sanitized":363},true,{"from":355,"to":358,"sanitized":363},"low",{"entryPoint":367,"graph":368,"unsanitizedCount":27,"severity":365},"\u003Cuser-roles> (user-roles.php:0)",{"nodes":369,"edges":374},[370,371,372,373],{"id":331,"type":332,"label":333,"file":237,"line":349},{"id":336,"type":337,"label":351,"file":237,"line":352,"wp_function":353},{"id":355,"type":332,"label":356,"file":237,"line":349},{"id":358,"type":337,"label":359,"file":237,"line":317,"wp_function":360},[375,376],{"from":331,"to":336,"sanitized":363},{"from":355,"to":358,"sanitized":363},{"entryPoint":378,"graph":379,"unsanitizedCount":109,"severity":389},"make_current (document-repository.php:400)",{"nodes":380,"edges":387},[381,383],{"id":331,"type":332,"label":333,"file":161,"line":382},403,{"id":336,"type":337,"label":384,"file":161,"line":385,"wp_function":386},"get_col() [SQLi]",416,"get_col",[388],{"from":331,"to":336,"sanitized":342},"high",{"entryPoint":391,"graph":392,"unsanitizedCount":323,"severity":389},"\u003Cdocument-repository> (document-repository.php:0)",{"nodes":393,"edges":426},[394,395,396,399,401,403,405,407,412,414,416,420,424],{"id":331,"type":332,"label":333,"file":161,"line":334},{"id":336,"type":337,"label":338,"file":161,"line":34,"wp_function":339},{"id":355,"type":332,"label":397,"file":161,"line":398},"$_REQUEST",190,{"id":358,"type":337,"label":384,"file":161,"line":400,"wp_function":386},235,{"id":402,"type":332,"label":333,"file":161,"line":382},"n4",{"id":404,"type":337,"label":384,"file":161,"line":385,"wp_function":386},"n5",{"id":406,"type":332,"label":333,"file":161,"line":382},"n6",{"id":408,"type":337,"label":409,"file":161,"line":410,"wp_function":411},"n7","get_results() [SQLi]",441,"get_results",{"id":413,"type":332,"label":333,"file":161,"line":382},"n8",{"id":415,"type":337,"label":359,"file":161,"line":295,"wp_function":360},"n9",{"id":417,"type":332,"label":418,"file":161,"line":419},"n10","$_REQUEST (x2)",329,{"id":421,"type":422,"label":423,"file":161,"line":419},"n11","transform","→ get_child_documents()",{"id":425,"type":337,"label":409,"file":161,"line":410,"wp_function":411},"n12",[427,428,429,430,431,432,433],{"from":331,"to":336,"sanitized":363},{"from":355,"to":358,"sanitized":363},{"from":402,"to":404,"sanitized":363},{"from":406,"to":408,"sanitized":363},{"from":413,"to":415,"sanitized":363},{"from":417,"to":421,"sanitized":342},{"from":421,"to":425,"sanitized":342},{"summary":435,"deductions":436},"The document-repository plugin v0.2.5 exhibits a generally good security posture with no known vulnerabilities in its history. The static analysis reveals a very small attack surface, with zero unprotected entry points across AJAX handlers, REST API routes, shortcodes, and cron events. This indicates strong foundational security practices in limiting external interaction points.\n\nHowever, the code analysis does highlight some areas for concern. A significant portion of SQL queries (29%) are not using prepared statements, which could be susceptible to SQL injection if user input is not strictly validated. Additionally, 40% of output operations are not properly escaped, creating potential for cross-site scripting (XSS) vulnerabilities. The taint analysis further flags two high-severity flows, indicating that unsanitized data is potentially being used in sensitive operations, despite the absence of critical severity issues. The presence of file operations and nonce checks, while present, should be carefully reviewed to ensure they are implemented correctly and securely.\n\nIn conclusion, while the plugin's lack of historical vulnerabilities and minimal attack surface are positive indicators, the identified code quality issues in SQL usage and output escaping, coupled with high-severity taint flows, warrant attention. Addressing these specific areas will be crucial in strengthening the plugin's overall security and preventing potential exploits.",[437,439,441],{"reason":438,"points":79},"SQL queries not using prepared statements",{"reason":440,"points":272},"Output escaping is not properly handled",{"reason":442,"points":91},"High severity taint flows found","2026-03-17T01:39:08.571Z",{"wat":445,"direct":452},{"assetPaths":446,"generatorPatterns":447,"scriptPaths":448,"versionParams":450},[],[],[449],"\u002Fwp-content\u002Fplugins\u002Fdocument-repository\u002Fjs\u002Fdocument-repository.js",[451],"document-repository\u002Fjs\u002Fdocument-repository.js?ver=",{"cssClasses":453,"htmlComments":456,"htmlAttributes":457,"restEndpoints":459,"jsGlobals":461,"shortcodeOutput":463},[454,455],"doc-lib-taxonomy","doc-terms",[],[458],"data-document-repository-ajax-url",[460],"\u002Fwp-json\u002Fdocument-repository\u002Fv1\u002Fsearch",[462],"documentRepository",[]]