[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEGZrqeOTHDOLYzSOhAXUxFNhKmoiA5yMsbaYoyJh4V8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":57,"fingerprints":115},"editor-appearance-access","Editor Appearance Access","1.0.0","byronj","https:\u002F\u002Fprofiles.wordpress.org\u002Fbyronj\u002F","\u003Cp>By default, the Editor user role does not have access to any of the Appearance menu options. Editor Appearance Access grants users with the Editor role access to menus under the Appearance menu. Each menu item can be enabled by selecting the menu within the options page located at Settings > Editor Appearance Access.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Grants the Editor user role access to menu items listed under the Appearance menu.\u003C\u002Fli>\n\u003Cli>Allows you to select each menu that you would like to be displayed to the Editor user role.\u003C\u002Fli>\n\u003Cli>If no menus are selected, the Appearance menu will not be visible to the Editor users.\u003C\u002Fli>\n\u003C\u002Ful>\n","A WordPress plugin that grants the Editor user role access to menus under the Appearance menu.",10,1093,0,"2020-04-11T16:04:00.000Z","5.4.19","3.5","",[19,20,21,22,23],"appearance-menu","editor-menu-access","editor-role-options","edtior","menus-access","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feditor-appearance-access.1.0.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,110,30,84,"2026-04-04T05:25:48.350Z",[36],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"add-customizer","Add Customizer","1.0","Kris C","https:\u002F\u002Fprofiles.wordpress.org\u002Fkcor555\u002F","\u003Cp>Add Customizer plugin adds the customize option back to the admin appearance menu.\u003C\u002Fp>\n\u003Ch3>How\u003C\u002Fh3>\n\u003Cp>Using this plugin:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install the plugin.\u003C\u002Fli>\n\u003Cli>Activate the plugin.\u003C\u002Fli>\n\u003Cli>Navigate to the dashboard -> appearance menu.\u003C\u002Fli>\n\u003Cli>Click on the customizer link.\u003C\u002Fli>\n\u003C\u002Fol>\n","Adds the customizer link in the admin appearance menu.",1607,100,1,"2022-11-11T21:11:00.000Z","6.1.10","5.9","5.6",[52,19,53,54],"appearance","customize","customizer","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fadd-customizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-customizer.1.0.zip",{"attackSurface":58,"codeSignals":92,"taintFlows":104,"riskAssessment":105,"analyzedAt":114},{"hooks":59,"ajaxHandlers":88,"restRoutes":89,"shortcodes":90,"cronEvents":91,"entryPointCount":13,"unprotectedCount":13},[60,66,70,73,78,81,83,86],{"type":61,"name":62,"callback":63,"file":64,"line":65},"action","admin_menu","add_options_link","admin\\class-editor-appearance-access-admin-display.php",178,{"type":61,"name":67,"callback":68,"file":64,"line":69},"admin_init","register_settings",179,{"type":61,"name":62,"callback":71,"file":64,"line":72},"add_remove_menu_pages",180,{"type":61,"name":74,"callback":75,"file":76,"line":77},"plugins_loaded","anonymous","includes\\class-editor-appearance-access.php",143,{"type":61,"name":79,"callback":75,"file":76,"line":80},"admin_enqueue_scripts",158,{"type":61,"name":79,"callback":75,"file":76,"line":82},159,{"type":61,"name":84,"callback":75,"file":76,"line":85},"wp_enqueue_scripts",174,{"type":61,"name":84,"callback":75,"file":76,"line":87},175,[],[],[],[],{"dangerousFunctions":93,"sqlUsage":94,"outputEscaping":96,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":103},[],{"prepared":13,"raw":13,"locations":95},[],{"escaped":13,"rawEcho":30,"locations":97},[98,101],{"file":64,"line":99,"context":100},43,"raw output",{"file":64,"line":102,"context":100},95,[],[],{"summary":106,"deductions":107},"The \"editor-appearance-access\" v1.0.0 plugin exhibits a generally strong security posture based on the static analysis.  The absence of any detected entry points (AJAX handlers, REST API routes, shortcodes, cron events) significantly limits its attack surface. Furthermore, the code shows good practices by exclusively using prepared statements for its SQL queries and not performing any file operations or external HTTP requests. The lack of any known CVEs, either historical or currently unpatched, is also a positive indicator of its security track record.\n\nHowever, there are significant concerns stemming from the output escaping and capability checks. With 100% of its outputs unescaped, this presents a considerable risk of cross-site scripting (XSS) vulnerabilities. Any data rendered by the plugin that originates from user input or external sources is not sanitized, making it susceptible to malicious script injection. The complete absence of capability checks for any potential actions or data handling is also a critical oversight, meaning that any user, regardless of their role or permissions, could potentially interact with or manipulate the plugin's functionality if an entry point were to be discovered or introduced in the future. The lack of taint analysis flows, while seemingly positive, could also indicate a very small or non-existent interaction with user-supplied data, which in itself may be a limitation or simply not a feature of the plugin.\n\nIn conclusion, while the plugin benefits from a small attack surface and secure data handling for SQL, the critical lack of output escaping and capability checks introduces significant security weaknesses. The primary risk lies in potential XSS vulnerabilities and authorization bypasses, which could have severe consequences if exploited. The plugin's history of zero vulnerabilities is a strength, but it does not negate the immediate and evident risks identified in the static analysis.",[108,111],{"reason":109,"points":110},"Unescaped output (0% properly escaped)",6,{"reason":112,"points":113},"Missing capability checks",8,"2026-03-17T01:18:00.072Z",{"wat":116,"direct":125},{"assetPaths":117,"generatorPatterns":120,"scriptPaths":121,"versionParams":122},[118,119],"\u002Fwp-content\u002Fplugins\u002Feditor-appearance-access\u002Fadmin\u002Fcss\u002Feditor-appearance-access-admin.css","\u002Fwp-content\u002Fplugins\u002Feditor-appearance-access\u002Fadmin\u002Fjs\u002Feditor-appearance-access-admin.js",[],[119],[123,124],"editor-appearance-access\u002Fadmin\u002Fcss\u002Feditor-appearance-access-admin.css?ver=","editor-appearance-access\u002Fadmin\u002Fjs\u002Feditor-appearance-access-admin.js?ver=",{"cssClasses":126,"htmlComments":127,"htmlAttributes":128,"restEndpoints":129,"jsGlobals":130,"shortcodeOutput":131},[],[],[],[],[],[]]