[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7Ef2MkZ3Zd-WFrj8DSOHjZnUbtjRvi9AnRZB2_k1w1o":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":36,"analysis":129,"fingerprints":268},"drafts-of-post-revisions","Drafts of Post Revisions","0.8.1","daxitude","https:\u002F\u002Fprofiles.wordpress.org\u002Fdaxitude\u002F","\u003Cp>Create drafts of WordPress posts\u002Fpages\u002FCPTs even after they’ve been published. And when you’re ready, merge the changes back into the original published post.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Create multiple drafts of already published posts\u003C\u002Fli>\n\u003Cli>Merge the changes back into the published post when you’re ready\u003C\u002Fli>\n\u003Cli>Uses the published posts’s original post type, so metas, taxonomies, etc all are available in admin screens and can even be modified in the draft and merged back into the original post\u003C\u002Fli>\n\u003Cli>Perform a post diff similar to WP’s default revision.php?action=diff with added ability to compare changes in post meta and taxonomies\u003C\u002Fli>\n\u003Cli>See a notice when the original post has been updated ahead of a draft\u003C\u002Fli>\n\u003Cli>Preview drafts in the post\u002Fpage\u002FCPT’s natural template\u003C\u002Fli>\n\u003Cli>Since drafts all carry the same custom post status, they are organized in the admin’s edit.php with their own status filter (see screenshot-4)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires javascript.\u003C\u002Fp>\n\u003Ch3>How Does it Work?\u003C\u002Fh3>\n\u003Cp>Go to a post’s edit screen and click on the “Save a Draft” button in the Drafts of Revisions postbox (make sure you’ve enabled the post type first). The post’s core data, taxonomies, and meta data are all copied into a new post – the draft – as a child of the original post. The draft has a custom post status; it will never show up in any queries for posts. You can create as many drafts as you like.\u003C\u002Fp>\n\u003Cp>You can edit a draft’s post content, taxonomies, and meta data as you like and save progress with the native WP “Save Draft” button. You can also preview the draft and compare changes against the parent at any time (even comparing changes in taxonomies and meta data).\u003C\u002Fp>\n\u003Cp>When you’re ready to update the parent post, click the Publish button from the draft’s edit page. All post data, taxonomies, and meta data are merged back into the parent post and the draft post is deleted.\u003C\u002Fp>\n","Create drafts of WordPress posts\u002Fpages\u002FCPTs even after they've been published",30,4878,98,7,"2013-12-21T18:03:00.000Z","3.4.2","3.4","",[20,21,22,23],"post-status","revision","status","workflow","http:\u002F\u002Fgithub.com\u002Fdaxitude\u002Fwp-draft-revisions","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdrafts-of-post-revisions.0.8.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":11,"trust_score":34,"computed_at":35},2,60,84,"2026-04-04T12:26:25.577Z",[37,57,75,93,110],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":45,"num_ratings":32,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":45,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"pending-status","Pending Status","1.0.4","Room 34 Creative Services, LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Froom34\u002F","\u003Cp>\u003Cstrong>Pending Status\u003C\u002Fstrong> is a super-simple solution for WordPress sites that need very basic workflow functionality. It’s easy to set up and doesn’t overload your site with unnecessary features.\u003C\u002Fp>\n\u003Cp>If you have Contributors who can create, but not publish, their own content on your site, Pending Status notifies you of any pending posts that are ready to review. By default, all users with the Administrator or Editor role will see a \u003Cstrong>Pending Status\u003C\u002Fstrong> box on the Dashboard, showing the counts of pending posts, with a convenient link to the list of pending posts for that post type.\u003C\u002Fp>\n\u003Cp>Optionally, you can also identify one or more Administrators\u002FEditors to receive email notifications whenever a post is saved with “pending” status. The subject and message of the email are fully editable, and a direct edit link for the post is included in the body of the email.\u003C\u002Fp>\n\u003Cp>Pending Status works with \u003Cem>all\u003C\u002Fem> publicly queryable post types: Posts, Pages, and even Custom Post Types created by third party plugins (e.g. WooCommerce, The Events Calendar, etc.), or your own custom code.\u003C\u002Fp>\n","Get notified when your site has posts pending review.",100,3677,"2025-04-24T17:36:00.000Z","6.8.5","4.9","7.0.0",[52,53,54,20,23],"notifications","pending","pending-review","https:\u002F\u002Froom34.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpending-status.1.0.4.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":27,"num_ratings":27,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":73,"download_link":74,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-unpublish","WP Unpublish","1.1.1","Alexandre Froger","https:\u002F\u002Fprofiles.wordpress.org\u002Ffrogerme\u002F","\u003Cp>Consider the 8 default post statuses that WordPress uses by default:\u003Cbr \u002F>\n* \u003Cstrong>Publish\u003C\u002Fstrong>: Viewable by everyone. (publish)\u003Cbr \u002F>\n* \u003Cstrong>Future\u003C\u002Fstrong>: Scheduled to be published in a future date. (future)\u003Cbr \u002F>\n* \u003Cstrong>Draft\u003C\u002Fstrong>: Incomplete post viewable by anyone with proper user role. (draft)\u003Cbr \u002F>\n* \u003Cstrong>Pending\u003C\u002Fstrong>: Awaiting a user with the publish_posts capability (typically a user assigned the Editor role) to publish. (pending)\u003Cbr \u002F>\n* \u003Cstrong>Private\u003C\u002Fstrong>: Viewable only to WordPress users at Administrator level. (private)\u003Cbr \u002F>\n* \u003Cstrong>Trash\u003C\u002Fstrong>: Posts in the Trash are assigned the trash status. (trash)\u003Cbr \u002F>\n* \u003Cstrong>Auto-Draft\u003C\u002Fstrong>: Revisions that WordPress saves automatically while you are editing. (auto-draft)\u003Cbr \u002F>\n* \u003Cstrong>Inherit\u003C\u002Fstrong> – Used with a child post (such as Attachments and Revisions) to determine the actual status from the parent post. (inherit)\u003C\u002Fp>\n\u003Cp>A typical publishing workflow would be:\u003Cbr \u002F>\n    Auto-Draft > \u003Ccode>Draft\u003C\u002Fcode> > \u003Ccode>Pending\u003C\u002Fcode> > \u003Ccode>Future\u003C\u002Fcode> > \u003Ccode>Publish\u003C\u002Fcode>\u003Cbr \u002F>\nBut what then? \u003Ccode>Trash\u003C\u002Fcode>? \u003Ccode>Private\u003C\u002Fcode>? These seem inadapted.\u003C\u002Fp>\n\u003Cp>This is where the \u003Cstrong>Unpublished\u003C\u002Fstrong> (unpublish) post status provided by this plugin comes into play.\u003Cbr \u002F>\nIt allows content publishers to assign a dedicated status to content they desire not to be published, and avoid assigning a semantically inaccurate status.\u003C\u002Fp>\n","WP Unpublish adds a post status \"Unpublished\" to your WordPress Posts (Classic Editor).",50,2203,"2020-02-21T02:43:00.000Z","5.0.25","4.9.5","7.0",[20,72,23],"publication","https:\u002F\u002Fgithub.com\u002Ffroger-me\u002Fwp-unpublish","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-unpublish.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":27,"downloaded":83,"rating":45,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":70,"tags":88,"homepage":91,"download_link":92,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"post-snapshots","Post Snapshots","0.9","Blackbam","https:\u002F\u002Fprofiles.wordpress.org\u002Fblackbam\u002F","\u003Cp>Create, manage and view snapshots of any post (or custom post type) whenever you want. Like user-managed revisions with a lot of useful functionality.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Create snapshots of any post type including all metadata at any point manually as a secure history and backup of your posts\u003Cbr \u002F>\n* Uses the standard WordPress posts table (like revisions)\u003Cbr \u002F>\n* Uses a custom post status (and therefore works for any post type)\u003Cbr \u002F>\n* Easy snapshot management meta box\u003Cbr \u002F>\n* Create Snapshots comfortably in the publish post box\u003Cbr \u002F>\n* Choose which post types you want to enable the snapshots feature for\u003C\u002Fp>\n\u003Cp>PHP Developer API:\u003Cbr \u002F>\n    pos_create_snapshot_from($post_id): Creates a new snapshot for a given post ID\u003Cbr \u002F>\n    pos_delete_snapshot($snap_id): Delete a snapshot by its ID\u003Cbr \u002F>\n    pos_get_latest_snapshot($post_id): Returns the ID of the latest snapshot for a given post ID\u003Cbr \u002F>\n    pos_get_plainview_url($snap_id): Get the URL to the plain snapshot view\u003C\u002Fp>\n\u003Cp>This Plugin is sponsored by ready2order GmbH, the company which is producing Austria’s best point-of-sale system. Visit us at https:\u002F\u002Fwww.ready2order.com\u002F.\u003C\u002Fp>\n\u003Cp>NOTE: The use of a custom post status in WordPress is still in beta. The developers of this plugin are in no possible case responsible for any data loss.\u003Cbr \u002F>\nIf you want to be sure nothing happens, backup your database on a regular basis. You should do it anyway.\u003C\u002Fp>\n","Create, manage and view snapshots of any post (or custom post type) whenever you want. Like user-managed revisions with a lot of useful functionality.",1562,1,"2018-08-14T17:22:00.000Z","4.9.29","4.8",[89,20,21,90],"history","snapshot","https:\u002F\u002Fready2order.com\u002Fen\u002Fcontact\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-snapshots.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":27,"downloaded":101,"rating":27,"num_ratings":27,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":70,"tags":105,"homepage":108,"download_link":109,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"post-status-indicator","Post Status Indicator","1.0.1","Sean Hayes","https:\u002F\u002Fprofiles.wordpress.org\u002Fseanchayes\u002F","\u003Cp>Adds and allows customization of a visual indicator in WordPress admin for the publish state of your content.\u003Cbr \u002F>\nTo help you visually organize your content viewing the All Posts screen choose colors for each post status and see your content displayed with those colors\u003C\u002Fp>\n\u003Cp>The plugin also allows you to choose the menu location for the plugin settings page (screen shot #2)\u003C\u002Fp>\n\u003Cp>Options included letting you choose from it’s own page or a child of either Settings or Tools menus.\u003C\u002Fp>\n","Allow color customization in WordPress admin for the publish state of your content.",904,"2021-01-07T17:41:00.000Z","5.6.17","3.8",[106,20,107,22,23],"admin","posts","https:\u002F\u002Fwww.seanhayes.biz\u002Fpost-status-indicator-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-status-indicator.1.0.1.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":13,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":18,"download_link":128,"security_score":45,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"archived-post-status","Archive Content with Archived Post Status","0.3.12","Joshua David Nelson","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshuadnelson\u002F","\u003Cp>This plugin allows you to archive your WordPress content similar to the way you archive your e-mail.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Unpublish your posts and pages without having to trash them\u003C\u002Fli>\n\u003Cli>Archive content is hidden from public view\u003C\u002Fli>\n\u003Cli>Compatible with posts, pages, and public custom post types\u003C\u002Fli>\n\u003Cli>Ideal for sites where certain kinds of content is not meant to be evergreen\u003C\u002Fli>\n\u003Cli>Easily extended (see below)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Farchived-post-status\u002F\" rel=\"nofollow ugc\">Over 13\u003C\u002Fa>\u003C\u002Fstrong> languages supported\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Did you find this plugin helpful? Please consider \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Farchived-post-status\" rel=\"ugc\">leaving a 5-star review\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Development of this plugin is done \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoshuadavidnelson\u002Farchived-post-status\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>. Pull requests welcome. Please see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjoshuadavidnelson\u002Farchived-post-status\u002Fissues\" rel=\"nofollow ugc\">issues reported\u003C\u002Fa> there before going to the plugin forum.\u003C\u002Fstrong>\u003C\u002Fp>\n","Use an \"Archived\" status to unpublish content without having to trash it.",5000,81069,36,"2026-02-17T00:16:00.000Z","6.9.4","5.9","8.1",[126,127,20,22],"archive","archived","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farchived-post-status.0.3.12.zip",{"attackSurface":130,"codeSignals":197,"taintFlows":229,"riskAssessment":257,"analyzedAt":267},{"hooks":131,"ajaxHandlers":193,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":27,"unprotectedCount":27},[132,138,144,149,153,157,161,165,169,174,178,182,184,189],{"type":133,"name":134,"callback":135,"file":136,"line":137},"filter","_wp_post_revision_fields","add_rev_fields","Admin\\Diff.php",28,{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_notices","print_notices","Admin\\Notice.php",55,{"type":139,"name":145,"callback":146,"priority":84,"file":147,"line":148},"pre_post_update","route_create","core.php",40,{"type":139,"name":150,"callback":151,"file":147,"line":152},"dpr_draft_to_publish","route_publish",42,{"type":139,"name":154,"callback":155,"file":147,"line":156},"admin_menu","options_page",44,{"type":139,"name":158,"callback":159,"file":147,"line":160},"admin_head","maybe_render_admin_notices",46,{"type":139,"name":162,"callback":163,"file":147,"line":164},"add_meta_boxes","meta_boxes",48,{"type":139,"name":166,"callback":167,"file":147,"line":168},"admin_print_scripts","add_js",51,{"type":139,"name":170,"callback":171,"priority":172,"file":147,"line":173},"admin_footer-post.php","add_autosave_cancel_js",999999,54,{"type":139,"name":175,"callback":176,"file":147,"line":177},"load-revision.php","dpr_revision",57,{"type":139,"name":179,"callback":180,"file":147,"line":181},"publish_to_trash","post_deletion",59,{"type":139,"name":166,"callback":167,"file":147,"line":183},290,{"type":139,"name":185,"callback":186,"priority":32,"file":187,"line":188},"init","add_post_status","Postdrafter.php",18,{"type":139,"name":190,"callback":191,"file":187,"line":192},"deleted_post","parent_deleted",20,[],[],[],[],{"dangerousFunctions":198,"sqlUsage":210,"outputEscaping":213,"fileOperations":227,"externalRequests":27,"nonceChecks":27,"capabilityChecks":227,"bundledLibraries":228},[199,203,205,208],{"fn":200,"file":136,"line":201,"context":202},"create_function",49,"$term_names = array_map(create_function('$term', 'return $term->name;'), $terms);",{"fn":200,"file":142,"line":13,"context":204},"uasort($notices, create_function('$a, $b', 'return $a[\\'position\\'] \u003C $b[\\'position\\'] ? -1 : 1;'));",{"fn":200,"file":147,"line":206,"context":207},266,"create_function(",{"fn":200,"file":147,"line":209,"context":207},329,{"prepared":211,"raw":27,"locations":212},8,[],{"escaped":27,"rawEcho":214,"locations":215},5,[216,219,221,223,225],{"file":142,"line":217,"context":218},90,"raw output",{"file":147,"line":220,"context":218},193,{"file":147,"line":222,"context":218},278,{"file":147,"line":224,"context":218},313,{"file":147,"line":226,"context":218},335,4,[],[230,249],{"entryPoint":231,"graph":232,"unsanitizedCount":27,"severity":248},"dpr_revision (core.php:141)",{"nodes":233,"edges":245},[234,239],{"id":235,"type":236,"label":237,"file":147,"line":238},"n0","source","$_GET",149,{"id":240,"type":241,"label":242,"file":147,"line":243,"wp_function":244},"n1","sink","wp_redirect() [Open Redirect]",177,"wp_redirect",[246],{"from":235,"to":240,"sanitized":247},true,"low",{"entryPoint":250,"graph":251,"unsanitizedCount":27,"severity":248},"\u003Ccore> (core.php:0)",{"nodes":252,"edges":255},[253,254],{"id":235,"type":236,"label":237,"file":147,"line":238},{"id":240,"type":241,"label":242,"file":147,"line":243,"wp_function":244},[256],{"from":235,"to":240,"sanitized":247},{"summary":258,"deductions":259},"The \"drafts-of-post-revisions\" plugin v0.8.1 demonstrates a mixed security posture.  On the positive side, the plugin exhibits no known historical vulnerabilities (CVEs) and has no recorded critical or high-severity taint flows. All SQL queries are properly prepared, and there are no external HTTP requests, reducing the attack surface in those areas. However, there are significant concerns regarding output escaping and the use of dangerous functions.\n\nThe static analysis reveals that 100% of the plugin's outputs are not properly escaped. This is a critical security weakness as it opens the door to Cross-Site Scripting (XSS) vulnerabilities, where malicious code could be injected and executed within the user's browser. Furthermore, the plugin utilizes the `create_function` function four times, which is deprecated and considered a security risk due to its potential for code injection if not handled with extreme caution. The absence of any nonce checks on the identified entry points, although the attack surface is currently zero, is a missed security best practice.\n\nGiven the complete lack of historical vulnerabilities, the plugin may have been developed with security in mind, or simply hasn't been a target. However, the identified code signals, particularly the lack of output escaping and the use of `create_function`, represent immediate and actionable security risks that should be addressed. While the plugin currently has no entry points with missing authentication, future updates or modifications could introduce vulnerabilities if these core issues are not resolved. Overall, the plugin's current state is risky due to the unescaped output and dangerous function usage, despite its clean vulnerability history.",[260,262,265],{"reason":261,"points":211},"No output escaping",{"reason":263,"points":264},"Dangerous functions used (create_function)",6,{"reason":266,"points":214},"No nonce checks on entry points","2026-03-16T22:28:27.820Z",{"wat":269,"direct":276},{"assetPaths":270,"generatorPatterns":272,"scriptPaths":273,"versionParams":274},[271],"\u002Fwp-content\u002Fplugins\u002Fdrafts-of-post-revisions\u002Fassets\u002Fdpr.dev.js",[],[271],[275],"drafts-of-post-revisions\u002Fassets\u002Fdpr.dev.js?ver=",{"cssClasses":277,"htmlComments":278,"htmlAttributes":279,"restEndpoints":281,"jsGlobals":282,"shortcodeOutput":285},[],[],[280],"data-dpr-confirm-delete",[],[283,284],"wp.autosave.local.setData","wp.autosave.local.checkPost",[286,287,288],"[dpr-notice]","[dpr-revision-link]","[dpr-post-link]"]