[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1CYolgeSkHuT85XJckjyv6ZpQBxpe5rd_QhyjR8HDO0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":132,"fingerprints":157},"dolly","Dolly","1.0.0","Brad Parbs","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradparbs\u002F","\u003Cp>Keeps Hello Dolly deactivated.\u003C\u002Fp>\n","A WordPress plugin to make sure Hello Dolly stays deactivated.",90,3452,0,"2021-08-24T12:42:00.000Z","5.8.13","5.2","5.6",[19,20],"admin","hello-dolly","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdolly.1.0.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"bradparbs",16,3240,88,30,86,"2026-04-04T10:44:31.760Z",[36,54,72,89,108],{"slug":37,"name":38,"version":6,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":21,"requires_at_least":46,"requires_php":21,"tags":47,"homepage":52,"download_link":53,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"hello-star","Hello Star","sarahphp1","https:\u002F\u002Fprofiles.wordpress.org\u002Fsarahphp1\u002F","\u003Cp>Inspired by Hello Dolly, this plugin works as a reminder of which constellation\u002Fstar is visible for the current month.\u003Cbr \u002F>\nIt shows information about the 88 officially recognized constellations by the International Astronomical Union (IAU).\u003Cbr \u002F>\nIf a constellation has one of the 28 brightest stars, the line shown is designated with an ‘*’.\u003Cbr \u002F>\nIt is a nice reminder for astronomy amateur developers like myself who wants to be reminded of the constellations and stars that are most visible in a given month.\u003Cbr \u002F>\nYou can view Nasa’s Picture of the Day, control the color of text and background in the ‘Hello Star’ settings page under “Settings” menu.\u003C\u002Fp>\n\u003Cp>I am using NASA API demo_key for retrieving the daily Picture of the Day (apod) image. The demo key has a very low rate limits, if you want to keep apod, I recommend you get your own API key as described here:\u003Cbr \u002F>\nhttps:\u002F\u002Fapi.nasa.gov\u002Fapi.html#demo_key-rate-limits\u003C\u002Fp>\n\u003Cp>For suggestions to make this plugin any better, you can find me on twitter at (http:\u002F\u002Ftwitter.com\u002Fsarahphp1).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Credits:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Most of the information used in this plugin were taken from Chris Dolan’s website: http:\u002F\u002Fwww.astro.wisc.edu\u002F~dolan\u002Fconstellations\u002F\u003Cbr \u002F>\n* and Wikipedia.\u003Cbr \u002F>\n* Picture of the Day: Nasa apod API: https:\u002F\u002Fapod.nasa.gov\u002Fapod\u002Fastropix.html\u003C\u002Fp>\n","Yet another plugin inspired by Hello Dolly. This plugin shows information about the 88 constellations and their stars that are most visible given your …",10,1538,"2017-01-19T22:58:00.000Z","3.5",[48,49,50,51,20],"admin-panel","apod","astronomy","constellations","https:\u002F\u002Fgithub.com\u002FSarahphp1\u002Fhello-star","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhello-star.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":13,"downloaded":62,"rating":13,"num_ratings":13,"last_updated":21,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":68,"download_link":69,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":71},"ai-kotoba","Ai Kotoba","0.0.39","John Doe","https:\u002F\u002Fprofiles.wordpress.org\u002Fimouto\u002F","\u003Cp>This is JUST a plugin. When activated you will randomly see a lyric from the LYRICS in the upper right of your admin screen on every page.\u003C\u002Fp>\n","This is JUST a plugin. When activated you will randomly see a lyric from the LYRICS in the upper right of your admin screen on every page.",1082,"5.0.25","5.0.3","5.4.16",[19,55,20,67],"lyrics","https:\u002F\u002Fwww.futaba.love\u002Fplugins\u002Fai-kotoba\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fai-kotoba.zip",100,"2026-03-15T10:48:56.248Z",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":13,"downloaded":80,"rating":70,"num_ratings":81,"last_updated":21,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":87,"download_link":88,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":71},"hello-phil","Hello Phil","1.0.1","ryebell","https:\u002F\u002Fprofiles.wordpress.org\u002Fryebell\u002F","\u003Cp>Inspired by “Hello Dolly”, this provides admins with a line from Phil Collins’ “In the Air Tonight”… because the internet needs more Phil Collins.\u003C\u002Fp>\n","Inspired by \"Hello Dolly\", this provides admins with a line from Phil Collins' \"In the Air Tonight\"...",1048,1,"4.8.28","3.0.1","5.4",[19,20,86],"phil-collins","https:\u002F\u002Fgithub.com\u002Fryebell\u002Fhello-phil","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhello-phil.zip",{"slug":90,"name":91,"version":92,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":13,"downloaded":97,"rating":13,"num_ratings":13,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":101,"tags":102,"homepage":106,"download_link":107,"security_score":70,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"hola-emprendedor","Hola Emprendedor","1.1.1","Brandkover","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandkover\u002F","\u003Cp>Hello Entrepreneur is a tribute to the classic “Hello Dolly” plugin, but reimagined for founders, creators, and business owners.\u003C\u002Fp>\n\u003Cp>Instead of song lyrics, this plugin randomly displays a motivational quote from references such as Steve Jobs, Henry Ford, Elon Musk, or Seth Godin at the top of your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero Configuration:\u003C\u002Fstrong> Activate and go.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Code:\u003C\u002Fstrong> Developed following current standards (Namespaces, Singleton, Escaping).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive:\u003C\u002Fstrong> Unlike other clones, this plugin adapts perfectly to mobile devices, centering the text so it doesn’t interfere with the interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> Does not load unnecessary scripts or affect your site’s speed.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays inspiring quotes from great entrepreneurs in your admin dashboard. A modern and secure version of Hello Dolly.",115,"2025-12-25T16:07:00.000Z","6.9.4","5.8","7.4",[19,103,20,104,105],"entrepreneurship","motivation","quotes","https:\u002F\u002Fgithub.com\u002Fbrandkover\u002Fhola-emprendedor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhola-emprendedor.1.1.1.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":116,"downloaded":117,"rating":118,"num_ratings":119,"last_updated":120,"tested_up_to":99,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":127,"download_link":128,"security_score":129,"vuln_count":130,"unpatched_count":13,"last_vuln_date":131,"fetched_at":25},"loginizer","Loginizer","2.0.6","Softaculous","https:\u002F\u002Fprofiles.wordpress.org\u002Fsoftaculous\u002F","\u003Cp>Loginizer is a WordPress plugin which helps you fight against bruteforce attack by blocking login for the IP after it reaches maximum retries allowed. You can blacklist or whitelist IPs for login using Loginizer. You can use various other features like Two Factor Auth, reCAPTCHA, PasswordLess Login, etc. to improve security of your website.\u003C\u002Fp>\n\u003Cp>Loginizer is actively used by more than 1000000+ WordPress websites.\u003C\u002Fp>\n\u003Cp>You can find our official documentation at \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.com\u002Fdocs\u003C\u002Fa>. We are also active in our community support forums on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Floginizer\" rel=\"ugc\">wordpress.org\u003C\u002Fa> if you are one of our free users. Our Premium Support Ticket System is at \u003Ca href=\"https:\u002F\u002Floginizer.deskuss.com\" rel=\"nofollow ugc\">https:\u002F\u002Floginizer.deskuss.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Free Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Brute force protection. IPs trying to brute force your website will be blocked for 15 minutes after 3 failed login attempts. After multiple lockouts the IP is blocked for 24 hours. This is the default configuration and can be changed from Loginizer -> Brute force page in WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Failed login attempts logs.\u003C\u002Fli>\n\u003Cli>Blacklist IPs\u003C\u002Fli>\n\u003Cli>Whitelist IPs\u003C\u002Fli>\n\u003Cli>Custom error messages on failed login.\u003C\u002Fli>\n\u003Cli>Permission check for important files and folders.\u003C\u002Fli>\n\u003Cli>Allow only Trusted IP.\u003C\u002Fli>\n\u003Cli>Blocked Screen in place of the Login page.\u003C\u002Fli>\n\u003Cli>Email Notification on successful login.\u003C\u002Fli>\n\u003Cli>Let users login with LinkedIn\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Get Support and Pro Features\u003C\u002Fh4>\n\u003Cp>Get professional support from our experts and pro features to take your site’s security to the next level with \u003Ca href=\"https:\u002F\u002Floginizer.com\u002Fpricing\" rel=\"nofollow ugc\">Loginizer-Security\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Pro Features :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>MD5 Checksum – of Core WordPress Files. The admin can check and ignore files as well.\u003C\u002Fli>\n\u003Cli>PasswordLess Login – At the time of Login, the username \u002F email address will be asked and an email will be sent to the email address of that account with a temporary link to login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via Email – On login, an email will be sent to the email address of that account with a temporary 6 digit code to complete the login.\u003C\u002Fli>\n\u003Cli>Two Factor Auth via App – The user can configure the account with a 2FA App like Google Authenticator, Authy, etc.\u003C\u002Fli>\n\u003Cli>Login Challenge Question – The user can setup a Challenge Question and Answer as an additional security layer. After Login, the user will need to answer the question to complete the login.\u003C\u002Fli>\n\u003Cli>reCAPTCHA – Google’s reCAPTCHA v3\u002Fv2, Cloudflare Turnstile, hCAPTCHA can be configured for the Login screen, Comments Section, Registration Form, etc. to prevent automated brute force attacks. Supports WooCommerce as well.\u003C\u002Fli>\n\u003Cli>Rename Login Page – The Admin can rename the login URL (slug) to something different from wp-login.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename WP-Admin URL – The Admin area in WordPress is accessed via wp-admin. With loginizer you can change it to anything e.g. site-admin\u003C\u002Fli>\n\u003Cli>CSRF Protection – This helps in preventing CSRF attacks as it updates the admin URL with a session string which makes it difficult and nearly impossible for the attacker to predict the URL.\u003C\u002Fli>\n\u003Cli>Rename Login with Secrecy – If set, then all Login URL’s will still point to wp-login.php and users will have to access the New Login Slug by typing it in the browser.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC – An option to simply disable XML-RPC in WordPress. Most of the WordPress users don’t need XML-RPC and can disable it to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Rename XML-RPC – The Admin can rename the XML-RPC to something different from xmlrpc.php to prevent automated brute force attacks.\u003C\u002Fli>\n\u003Cli>Username Auto Blacklist – Attackers generally use common usernames like admin, administrator, or variations of your domain name \u002F business name. You can specify such username here and Loginizer will auto-blacklist the IP Address(s) of clients who try to use such username(s).\u003C\u002Fli>\n\u003Cli>New Registration Domain Blacklist – If you would like to ban new registrations from a particular domain, you can use this utility to do so.\u003C\u002Fli>\n\u003Cli>Change the Admin Username – The Admin can rename the admin username to something more difficult.\u003C\u002Fli>\n\u003Cli>Auto Blacklist IPs – IPs will be auto blacklisted, if certain usernames saved by the Admin are used to login by malicious bots \u002F users.\u003C\u002Fli>\n\u003Cli>Disable Pingbacks – Simple way to disable PingBacks.\u003C\u002Fli>\n\u003Cli>SSO – Single Sign-on, let any user access to your WordPress Dashboard without the need to share username or password.\u003C\u002Fli>\n\u003Cli>Limit Concurrent Logins – It prevents user to login from different devices concurrently, you can define how many devices you want to allow, and how you want to restrict the user when concurrent limit is reached.\u003C\u002Fli>\n\u003Cli>Social Login – Users can login or register with their Google, Github, Facebook, X (Twitter), Discord, Twitch, LinkedIn, Microsoft with support for WooCommerce and Ultimate Member.\u003C\u002Fli>\n\u003Cli>Key Less Social Login – Use Loginizer’s Social Auth for easy key less Social login configuration, now supports Google, GitHub, X, LinkedIn more to be added later\u003C\u002Fli>\n\u003Cli>Country Blocking – Block IPs from specific countries to restrict access to your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Features in Loginizer include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Blocks IP after maximum retries allowed\u003C\u002Fli>\n\u003Cli>Extended Lockout after maximum lockouts allowed\u003C\u002Fli>\n\u003Cli>Email notification to admin after max lockouts\u003C\u002Fli>\n\u003Cli>Blacklist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Whitelist IP\u002FIP range\u003C\u002Fli>\n\u003Cli>Check logs of failed attempts\u003C\u002Fli>\n\u003Cli>Create IP ranges\u003C\u002Fli>\n\u003Cli>Delete IP ranges\u003C\u002Fli>\n\u003Cli>Licensed under LGPLv2.1\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003C\u002Ful>\n","Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.",1000000,29791210,96,1020,"2026-03-02T12:38:00.000Z","3.0","5.5",[124,19,125,109,126],"access","login","security","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Floginizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floginizer.2.0.6.zip",87,8,"2024-11-04 00:00:00",{"attackSurface":133,"codeSignals":145,"taintFlows":152,"riskAssessment":153,"analyzedAt":156},{"hooks":134,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":13,"unprotectedCount":13},[135],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","plugins_loaded","closure","dolly.php",17,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":151},[],{"prepared":13,"raw":13,"locations":148},[],{"escaped":13,"rawEcho":13,"locations":150},[],[],[],{"summary":154,"deductions":155},"Based on the provided static analysis and vulnerability history, the 'dolly' v1.0.0 plugin exhibits an exceptionally strong security posture. The static analysis reveals a complete absence of exposed attack vectors such as AJAX handlers, REST API routes, shortcodes, or cron events that are not properly authenticated. Furthermore, the code demonstrates excellent security hygiene by not utilizing dangerous functions, performing all SQL queries using prepared statements, and properly escaping all output.  The lack of file operations and external HTTP requests further minimizes potential vulnerabilities. Taint analysis also shows no identified unsanitized paths, indicating a robust approach to preventing data injection flaws. The plugin's vulnerability history is equally reassuring, with no recorded CVEs of any severity. This pattern suggests a well-written and securely developed plugin that has likely undergone rigorous testing or has a very limited scope, making it highly unlikely to harbor common WordPress vulnerabilities.  The plugin's strengths lie in its minimal attack surface and adherence to secure coding practices, making it a low-risk option. However, it's important to note that the absence of any entry points or complex logic might also indicate a very simple functionality, which in itself is not a security weakness but a characteristic of its design.",[],"2026-03-16T21:17:52.818Z",{"wat":158,"direct":163},{"assetPaths":159,"generatorPatterns":160,"scriptPaths":161,"versionParams":162},[],[],[],[],{"cssClasses":164,"htmlComments":165,"htmlAttributes":166,"restEndpoints":167,"jsGlobals":168,"shortcodeOutput":169},[],[],[],[],[],[]]