[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLhe7xhzdSkPWF9Ub5QP0-EBQYFhp0rnvRY461rjxEIo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":141,"fingerprints":253},"dx-localhost","DX localhost","1.5","Mario Peshev","https:\u002F\u002Fprofiles.wordpress.org\u002Fnofearinc\u002F","\u003Cp>Display a notice when working on a localhost site on staging environment, based on your settings and adjustments\u003C\u002Fp>\n\u003Cp>Activate the plugin and see a yellow notice bar indicating that you’re working on localhost.\u003C\u002Fp>\n\u003Cp>Super helpful whenever you’re cloning a production website with virtual hosts using the same domain name, and are not sure which site are you editing. Visible both in the admin area, and the frontend to all site visitors.\u003C\u002Fp>\n","Display a yellow notice box when you're working on localhost",10,2899,100,3,"2019-11-15T11:32:00.000Z","5.2.24","3.1","5.6",[20,21,22,23,24],"development","localhost","notice","production","toolbar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdx-localhost\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdx-localhost.1.5.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"nofearinc",13,5120,86,164,69,"2026-04-05T00:47:01.205Z",[41,59,80,100,120],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":11,"downloaded":49,"rating":13,"num_ratings":14,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-dev-flag","WP Dev Flag","2.0.1","Poodle Plugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fpoodleplugins\u002F","\u003Cp>This plugin makes it easy to distinguish between your local development site, and your live site.\u003Cbr \u002F>\nI created this because I often use a local duplicate of my live site, for development, with the same DB, and the same URL.\u003C\u002Fp>\n\u003Cp>I needed a quick & easy way of distinguishing between my live and development sites at a glance. This plugin acheives that in the simplest way possible.\u003C\u002Fp>\n\u003Cp>There are settings for colour, positioning and the text displayed on the badge. It is also possible to add a link onto the badge.\u003C\u002Fp>\n","Shows a floating badge on the front end, to visually distinguish your development site from production.",2426,"2025-01-27T08:30:00.000Z","6.7.5","3.0.1",[54,20,55,21,23],"banner","flag","https:\u002F\u002Fpoodleplugins.com\u002Fwp-dev-flag","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dev-flag.2.0.1.zip",92,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":17,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"what-the-file","What The File","1.6.1","Barry Kooij","https:\u002F\u002Fprofiles.wordpress.org\u002Fbarrykooij\u002F","\u003Cp>What The File adds an option to your toolbar showing what file and template parts are used to display the page you’re currently viewing.\u003C\u002Fp>\n\u003Cp>You can click the file name to directly edit it through the theme editor, though I don’t recommend this for bigger changes.\u003C\u002Fp>\n\u003Cp>What The File supports BuddyPress and Roots Theme based themes.\u003C\u002Fp>\n\u003Cp>More information can be found \u003Ca href=\"http:\u002F\u002Fwww.barrykooij.com\u002Fwhat-the-file\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Looking for a great related posts plugin for WordPress?\u003C\u002Fh4>\n\u003Cp>Another plugin I’ve built, that I’m very proud of is Related Posts for WordPress. Related Posts for WordPress offers you the ability to link related posts to each other with just 1 click! And it’s 100% free! \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frelated-posts-for-wp\u002F\" rel=\"ugc\">Check it out on the WordPress repository.\u003C\u002Fa>\u003C\u002Fp>\n","What The File is the best tool to find out what template parts are used to display the page you're currently viewing!",40000,585647,98,882,"2026-02-19T17:21:00.000Z","6.9.4","5.3",[20,75,76,77,24],"file","template","template-editing","http:\u002F\u002Fwww.barrykooij.com\u002Fwhat-the-file\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-the-file.1.6.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":13,"num_ratings":90,"last_updated":91,"tested_up_to":72,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"display-environment-type","Display Environment Type","1.6.0","Stoil Dobreff","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdobreff\u002F","\u003Cp>WordPress 5.5 introduced a way to differentiate between environment types (development, staging, production). This plugin shows your site’s environment type in the admin bar and the dashboard “At a Glance” widget.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F07\u002F24\u002Fnew-wp_get_environment_type-function-in-wordpress-5-5\u002F\" rel=\"nofollow ugc\">More info about the feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To gain additional control — for example, setting the environment or other values from the WP admin (when \u003Ccode>wp-config.php\u003C\u002Fcode> is writable) — consider installing our other plugin \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Recommended Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa> — a powerful plugin for sites that need more insight into errors and runtime behavior. It includes a Cron manager, a Transient manager (database-backed), DB manager, Snippet manager, Mail manager, Plugin Version Switcher available from the Plugins page and many more.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays WordPress 5.5's environment type setting in the admin bar and the \"At a Glance\" dashboard widget.",1000,135115,4,"2025-12-19T15:09:00.000Z","5.5","7.4",[20,95,96,23,97],"dtap","environment","staging","https:\u002F\u002Froytanck.com\u002F2020\u002F08\u002F21\u002Fnew-wordpress-plugin-display-environment-type\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-environment-type.1.6.0.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":13,"num_ratings":110,"last_updated":111,"tested_up_to":72,"requires_at_least":112,"requires_php":93,"tags":113,"homepage":116,"download_link":117,"security_score":13,"vuln_count":118,"unpatched_count":28,"last_vuln_date":119,"fetched_at":30},"local-development","Local Development","2.11.0","Andy Fragen","https:\u002F\u002Fprofiles.wordpress.org\u002Fafragen\u002F","\u003Cp>Places development notice for plugins or themes that are in local development. Notices are placed on the plugins page and the themes page. Prevents updating of selected plugins and themes.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically adds plugins and themes under version control.\u003C\u002Fli>\n\u003Cli>Automatically allows for using a local file server.\u003C\u002Fli>\n\u003Cli>Allows for bypassing the WordPress 5.2 WSOD Shutdown Handler.\u003C\u002Fli>\n\u003Cli>Add a warning color to admin bar when running under localhost. Default is on.\u003C\u002Fli>\n\u003Cli>Add a git host icon to the plugins page. Default is off. No option if GitHub Updater is running.\u003C\u002Fli>\n\u003Cli>Allows setting of \u003Ccode>WP_ENVIRONMENT_TYPE\u003C\u002Fcode> in \u003Ccode>wp-config.php\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Pull Requests are welcome against the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fafragen\u002Flocal-development\" rel=\"nofollow ugc\">develop branch on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Requires PHP 7.4 or greater.\u003C\u002Fp>\n","Places development notice for plugins or themes that are in local development. Prevents updating of selected plugins and themes.",90,9948,5,"2025-10-08T19:04:00.000Z","5.4",[20,21,114,115],"theme","upgrade","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flocal-development","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocal-development.2.11.0.zip",1,"2023-07-24 00:00:00",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":118,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":139,"download_link":140,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-ngrok","WP-ngrok","1.1.2","Theme.id","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeid\u002F","\u003Cp>Expose a WordPress local web server to the internet ngrok allows you to expose a web server running on your local machine to the internet.\u003Cbr \u002F>\nThis plugin works by hooking to the start and end of the page creation and capturing it into an output buffer, it then uses the URL from the database for a str_replace, stripping it out before sending back out to the shutdown hook. This means that I can share either the HTTP or HTTPS versions of the ngrok URLs.\u003C\u002Fp>\n\u003Ch3>How To Use\u003C\u002Fh3>\n\u003Ch3>Step One: Install ngrok\u003C\u002Fh3>\n\u003Cp>Download and install ngrok here  \u003Ca href=\"https:\u002F\u002Fngrok.com\u002Fdownload\" title=\"Download Ngrok\" rel=\"nofollow ugc\">https:\u002F\u002Fngrok.com\u002Fdownload\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Step Two: Install WP-NGROK\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Upload \u003Ccode>wp-ngrok.zip\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003Cli>\n\u003Cp>run command in your terminal\u003C\u002Fp>\n\u003Cp>~\u002Fngrok http -host-header=localdomain.test 8888\u003C\u002Fp>\n\u003Ch3>Step Three: Creating the localtunnel\u003C\u002Fh3>\n\u003Cp>Send through the host name of the site that we use locally as well as the port number and this will then direct the traffic to my local site. This works whether we had created it, or using something like MAMP Pro to set this up for me.\u003C\u002Fp>\n\u003Cp>~\u002Fngrok http -host-header=sitename.localhost 8888\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Once ngrok is up and running I will be presented with the display that you can see below\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Session Status                online\nAccount                       Theme.id (Plan: Pro)\nVersion                       2.3.35\nRegion                        United States (us)\nWeb Interface                 http:\u002F\u002F127.0.0.1:4040\nForwarding                    http:\u002F\u002Fyourapp.ngrok.io -> http:\u002F\u002Flocalhost:8888\nForwarding                    https:\u002F\u002Fyourapp.ngrok.io -> http:\u002F\u002Flocalhost:8888\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Minimum Requirements\u003C\u002Fh4>\n\u003Cp>WordPress 5.0 or greater\u003Cbr \u002F>\nPHP version 5.6 or greater\u003Cbr \u002F>\nMySQL version 5.0 or greater\u003C\u002Fp>\n\u003Ch4>We recommend your host supports:\u003C\u002Fh4>\n\u003Cp>PHP version 7.0 or greater\u003Cbr \u002F>\nMySQL version 5.6 or greater\u003Cbr \u002F>\nWordPress Memory limit of 64 MB or greater (128 MB or higher is preferred)\u003C\u002Fp>\n\u003Ch3>Please ask in WordPress Support\u003C\u002Fh3>\n\u003Cp>Please to ask about this plugin\u003C\u002Fp>\n","Expose your local WordPress to the world. only work in your localhost",30,6194,60,"2022-12-04T07:25:00.000Z","6.1.10","5.0","8.0",[136,20,137,21,138],"debug","local-server","ngrok","https:\u002F\u002Ftheme.id","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-ngrok.zip",{"attackSurface":142,"codeSignals":177,"taintFlows":216,"riskAssessment":243,"analyzedAt":252},{"hooks":143,"ajaxHandlers":173,"restRoutes":174,"shortcodes":175,"cronEvents":176,"entryPointCount":28,"unprotectedCount":28},[144,150,154,158,163,167,170],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_menu","dx_localhost_menu","dx-localhost.php",50,{"type":145,"name":151,"callback":152,"file":148,"line":153},"admin_init","dx_localhost_admin_init",51,{"type":145,"name":155,"callback":156,"file":148,"line":157},"plugins_loaded","dx_localhost_load_textdomain",52,{"type":145,"name":159,"callback":160,"priority":161,"file":148,"line":162},"admin_bar_menu","dx_localhost_admin_bar_menu",999,53,{"type":145,"name":164,"callback":165,"file":148,"line":166},"admin_enqueue_scripts","dx_localhost_display_notice_line",54,{"type":145,"name":168,"callback":165,"file":148,"line":169},"wp_enqueue_scripts",55,{"type":145,"name":164,"callback":171,"file":148,"line":172},"dx_enqueue_color_picker",56,[],[],[],[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":215},[],{"prepared":28,"raw":28,"locations":180},[],{"escaped":118,"rawEcho":182,"locations":183},15,[184,187,189,191,193,195,197,199,201,203,205,207,209,211,213],{"file":148,"line":185,"context":186},116,"raw output",{"file":148,"line":188,"context":186},225,{"file":148,"line":190,"context":186},229,{"file":148,"line":192,"context":186},233,{"file":148,"line":194,"context":186},237,{"file":148,"line":196,"context":186},248,{"file":148,"line":198,"context":186},252,{"file":148,"line":200,"context":186},257,{"file":148,"line":202,"context":186},263,{"file":148,"line":204,"context":186},333,{"file":148,"line":206,"context":186},339,{"file":148,"line":208,"context":186},342,{"file":148,"line":210,"context":186},345,{"file":148,"line":212,"context":186},363,{"file":148,"line":214,"context":186},368,[],[217,234],{"entryPoint":218,"graph":219,"unsanitizedCount":118,"severity":233},"dx_localhost_options_cb (dx-localhost.php:177)",{"nodes":220,"edges":230},[221,225],{"id":222,"type":223,"label":224,"file":148,"line":202},"n0","source","$_SERVER['SERVER_ADDR']",{"id":226,"type":227,"label":228,"file":148,"line":202,"wp_function":229},"n1","sink","echo() [XSS]","echo",[231],{"from":222,"to":226,"sanitized":232},false,"medium",{"entryPoint":235,"graph":236,"unsanitizedCount":118,"severity":242},"\u003Cdx-localhost> (dx-localhost.php:0)",{"nodes":237,"edges":240},[238,239],{"id":222,"type":223,"label":224,"file":148,"line":202},{"id":226,"type":227,"label":228,"file":148,"line":202,"wp_function":229},[241],{"from":222,"to":226,"sanitized":232},"low",{"summary":244,"deductions":245},"The \"dx-localhost\" v1.5 plugin exhibits a generally strong security posture in many areas. Its lack of external dependencies, file operations, and HTTP requests are positive signs.  Furthermore, the absence of known CVEs and a clean vulnerability history suggest a mature and well-maintained codebase regarding past security issues.\n\nHowever, the static analysis reveals significant concerns regarding output escaping, with only 6% of outputs being properly escaped. This indicates a high potential for cross-site scripting (XSS) vulnerabilities, especially if user-supplied data is reflected in the output without adequate sanitization. The taint analysis showing two flows with unsanitized paths, even without critical or high severity, is also a red flag. While not currently flagged as severe, these unsanitized paths are potential entry points for malicious input that could be exploited if the application logic evolves or if attackers find ways to leverage them.\n\nIn conclusion, while the plugin has a clean history and avoids common pitfalls like raw SQL queries, the low output escaping rate and identified unsanitized paths present real security risks. The plugin's small attack surface is a mitigating factor, but these code-level weaknesses require attention to prevent potential vulnerabilities, particularly XSS.",[246,249],{"reason":247,"points":248},"Low output escaping rate",12,{"reason":250,"points":251},"Unsanitized paths in taint analysis",6,"2026-03-16T23:46:45.070Z",{"wat":254,"direct":260},{"assetPaths":255,"generatorPatterns":257,"scriptPaths":258,"versionParams":259},[256],"\u002Fwp-content\u002Fplugins\u002Fdx-localhost\u002Fassets\u002Fcss\u002Fdx-localhost.css",[],[],[],{"cssClasses":261,"htmlComments":263,"htmlAttributes":264,"restEndpoints":266,"jsGlobals":267,"shortcodeOutput":268},[262],"dx-localhost-notice",[],[265],"id=\"dx-localhost-notice\"",[],[],[269],"You are working on "]