[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsF2Uf0jYMxoP6WNsyoNOX1cqLjr5i8p153sVMifxnkI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":150,"fingerprints":621},"enable-wp-debug-from-admin-dashboard","Debug Bar – Enable WP_DEBUG from admin dashboard","1.93","Puvox Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fpuvoxsoftware\u002F","\u003Ch4>[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍] :\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>• Revised for security to be reliable and free of vulnerability holes.\u003Cbr \u002F>\n  • Efficient, not to add any extra load\u002Fslowness to site.\u003Cbr \u002F>\n  • Don’t collect private data.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Plugin Description\u003C\u002Fh4>\n\u003Cp>READ DESCRIPTION BEFORE INSTALLING!\u003Cbr \u002F>\nEasily enable\u002Fdisable WP_DEBUG with one single click from Admin Toolbar. What’s more, this plugin is failsafe & clever – in case of errors, it automatically exits the WP_DEBUG mode, thus, you won’t face any problems.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works with \u003Ccode>Debug Bar\u003C\u002Fcode> plugin. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>NOTE\u003C\u002Fh4>\n\u003Cp>Plugin modifies \u003Ccode>wp-config.php\u003C\u002Fcode>. However, on some sites, this might cause some conflict with existing wp-config, causing to interfere the page-load. So, use at your own responsibility. If unsure, use on test site.\u003C\u002Fp>\n\u003Ch4>Available Options\u003C\u002Fh4>\n\u003Cp>See all available options and their description on plugin’s settings page.\u003C\u002Fp>\n","[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍]  You can easily enable WP_DEBUG using a toolbar button. READ DESCRIPTION!",200,15439,36,5,"2024-10-30T11:24:00.000Z","6.5.8","6.0","",[20,21,22,23,24],"admin","debug","enable","wp","wp_debug","https:\u002F\u002Fpuvox.software\u002Fsoftware\u002Fwordpress-plugins\u002F?plugin=enable-wp-debug-from-admin-dashboard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenable-wp-debug-from-admin-dashboard.zip",92,1,0,"2022-08-01 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"WF-12081e8c-7aec-4450-a1a6-15250e7037f4-enable-wp-debug-from-admin-dashboard","debug-bar-reflected-cross-site-scripting","Debug Bar \u003C= 1.85 - Reflected Cross-Site Scripting","The Debug Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.85  due to the use of add_query_arg\u002Fremove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.85","1.86","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F12081e8c-7aec-4450-a1a6-15250e7037f4?source=api-prod",540,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":48,"trust_score":54,"computed_at":55},"puvoxsoftware",16,51190,94,75,"2026-04-04T15:12:08.518Z",[57,79,99,114,131],{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":76,"download_link":77,"security_score":78,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"log-deprecated-notices","Log Deprecated Notices","0.4.1","Andrew Nacin","https:\u002F\u002Fprofiles.wordpress.org\u002Fnacin\u002F","\u003Cp>This plugin logs the usage of deprecated files, functions, and function arguments. It identifies where the deprecated functionality is being used and offers the alternative if available.\u003C\u002Fp>\n\u003Cp>This is a plugin for developers. WP_DEBUG is not needed, though its general usage is strongly recommended. Deprecated notices normally exposed by WP_DEBUG will be logged instead.\u003C\u002Fp>\n\u003Cp>This plugin also logs incorrect function usage, which WordPress started reporting in 3.1.\u003C\u002Fp>\n\u003Cp>Please report any bugs to plugins in a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Flog-deprecated-notices\" rel=\"ugc\">support thread\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This is young software. It works, but there’s a lot left on the todo (check out the Other Notes tab). Have an idea? Let me know.\u003C\u002Fp>\n\u003Ch3>Ideas\u003C\u002Fh3>\n\u003Cp>These are the various things on the @todo:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Plugin identification. Also, an unobstrusive note on plugins page next to said plugins.\u003C\u002Fli>\n\u003Cli>Perhaps the ability to auto-purge the log.\u003C\u002Fli>\n\u003Cli>Ability to filter on file or plugin in which the deprecated functionality is used.\u003C\u002Fli>\n\u003Cli>Offer some kind of better multisite support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Want to add something here? I’m all ears. plugins at \u003Ca href=\"http:\u002F\u002Fandrewnacin.com\u002F\" rel=\"nofollow ugc\">andrewnacin.com\u003C\u002Fa> or @\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fnacin\" rel=\"nofollow ugc\">nacin\u003C\u002Fa> on Twitter.\u003C\u002Fp>\n\u003Cp>I will prioritize these tasks based on feedback, so let me know what you’d like to see.\u003C\u002Fp>\n","Logs the usage of deprecated files, functions, and function arguments, and identifies where the deprecated functionality is being used.",1000,165887,100,10,"2021-06-25T14:17:00.000Z","5.8.13","3.0",[20,73,74,75,24],"deprecated","e_notice","logging","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flog-deprecated-notices\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flog-deprecated-notices.0.4.1.zip",85,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":68,"downloaded":87,"rating":29,"num_ratings":29,"last_updated":88,"tested_up_to":89,"requires_at_least":71,"requires_php":18,"tags":90,"homepage":97,"download_link":98,"security_score":78,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"admins-debug-tool","Admin's Debug Tool","0.1","pantsonhead","https:\u002F\u002Fprofiles.wordpress.org\u002Fpantsonhead\u002F","\u003Cp>Admin’s Debug Tool allows administrators to analyze page execution without executing\u002Fdisplaying for non-admin users.\u003Cbr \u002F>\nThis can be useful when trying to track slow queries or badly performing plugins or widgets.\u003Cbr \u002F>\nThe admin-only nature of this plugin can also be useful when trying to track issues that only occur on production servers.\u003C\u002Fp>\n","Admin-only tool for checking execution times and error output of current theme\u002Fplugins",2766,"2015-08-08T02:00:00.000Z","4.2.39",[20,21,91,92,93,94,95,96,24],"execution","hooks","monitor","queries","timer","widget","http:\u002F\u002Fhttp:\u002F\u002Fmeasurablewins.blogspot.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmins-debug-tool.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":68,"downloaded":107,"rating":29,"num_ratings":29,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":112,"download_link":113,"security_score":78,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"log-deprecated-notices-extender","Log Deprecated Notices Extender","0.1.2","Joey Kudish","https:\u002F\u002Fprofiles.wordpress.org\u002Fjkudish\u002F","\u003Cp>This developer-oriented WordPress plugin extends Log Deprecated Notices to show a link in the WP 3.3+ Toolbar. Based on \u003Ca href=\"http:\u002F\u002Fnacin.com\" rel=\"nofollow ugc\">Andrew Nacin\u003C\u002Fa>‘s \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flog-deprecated-notices\u002F\" rel=\"ugc\">Log Deprecated Notices\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This plugin is built and maintained by \u003Ca href=\"http:\u002F\u002Fjkudish.com\" title=\"Joachim Kudish\" rel=\"nofollow ugc\">Joachim Kudish\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Follow development, fork and contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjkudish\u002FLogDeprecatedNoticesExtender\" rel=\"nofollow ugc\">github\u003C\u002Fa>\u003C\u002Fp>\n","This developer-oriented WordPress plugin extends Andrew Nacin's Log Deprecated Notices to show a link in the WP 3.3+ Toolbar.",2501,"2012-01-14T23:19:00.000Z","3.4.2","3.3",[20,73,74,75,24],"http:\u002F\u002Fjkudish.com\u002Flog-deprecated-notices-extender\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flog-deprecated-notices-extender.0.1.2.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":29,"downloaded":122,"rating":29,"num_ratings":29,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":126,"tags":127,"homepage":18,"download_link":130,"security_score":67,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"track-debug","Track Debug","1.6","Bhumi","https:\u002F\u002Fprofiles.wordpress.org\u002Fbhumi239\u002F","\u003Cp>\u003Cstrong>Track Debug\u003C\u002Fstrong> is a simple admin-only tool to help developers monitor WordPress debug settings and review the most recent PHP error logs — all from a neat, clean admin dashboard page.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Custom admin dashboard menu: \u003Cem>Track Debug\u003C\u002Fem>\u003Cbr \u002F>\n– Shows current WP_DEBUG status\u003Cbr \u002F>\n– Displays the last 50 lines of \u003Ccode>error_log\u003C\u002Fcode>\u003Cbr \u002F>\n– Fully OOP, minimal code, no bloat\u003Cbr \u002F>\n– Safe for production (admin-only access)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL v2 or later.\u003C\u002Fp>\n","A lightweight WordPress plugin that adds a custom admin panel to display WP_DEBUG status and recent PHP error logs.",554,"2025-12-14T03:28:00.000Z","6.9.4","5.0","7.2",[128,21,129,24],"admin-panel","error-log","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftrack-debug.1.6.zip",{"slug":132,"name":133,"version":126,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":67,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":124,"requires_at_least":142,"requires_php":143,"tags":144,"homepage":18,"download_link":149,"security_score":67,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"conflict-finder-wp-fix-it","Conflict Finder","WP Fix It - WordPress Experts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfixit\u002F","\u003Cp>Conflict Finder is a comprehensive troubleshooting plugin designed for WordPress administrators, developers, and support professionals who need to identify the root cause of site issues.\u003C\u002Fp>\n\u003Cp>From a single interface, Conflict Finder allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable and manage WP_DEBUG without manually editing files\u003C\u002Fli>\n\u003Cli>View, download, and clear the WordPress debug log\u003C\u002Fli>\n\u003Cli>Temporarily disable plugins to identify conflicts\u003C\u002Fli>\n\u003Cli>Switch themes to test theme-related issues\u003C\u002Fli>\n\u003Cli>Test WordPress email delivery using \u003Ccode>wp_mail()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong>\u003Cbr \u002F>\nConflict Finder \u003Cstrong>does temporarily affect site behavior\u003C\u002Fstrong> while troubleshooting is active. This may include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabled plugins\u003C\u002Fli>\n\u003Cli>A different active theme\u003C\u002Fli>\n\u003Cli>Debug notices or errors being displayed\u003C\u002Fli>\n\u003Cli>Changes visible to logged-out visitors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For this reason, troubleshooting should be performed during maintenance windows or on staging sites whenever possible.\u003C\u002Fp>\n\u003Cp>Conflict Finder automatically tracks your original configuration and allows you to restore plugins, themes, and debugging settings once testing is complete.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Troubleshooting Dashboard\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Central overview of debugging and conflict states\u003C\u002Fli>\n\u003Cli>Environment snapshot including WordPress, PHP, memory, and server software\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WP_DEBUG Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable WP_DEBUG with a single switch\u003C\u002Fli>\n\u003Cli>Control error display and logging behavior\u003C\u002Fli>\n\u003Cli>Load unminified scripts for debugging\u003C\u002Fli>\n\u003Cli>View, download, or clear \u003Ccode>wp-content\u002Fdebug.log\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Safely updates \u003Ccode>wp-config.php\u003C\u002Fcode> as needed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Conflict Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Temporarily deactivate all active plugins\u003C\u002Fli>\n\u003Cli>Save and restore original plugin states\u003C\u002Fli>\n\u003Cli>Activate plugins one at a time to identify conflicts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Theme Conflict Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Temporarily switch to another installed theme\u003C\u002Fli>\n\u003Cli>Identify theme-related layout or functionality issues\u003C\u002Fli>\n\u003Cli>Restore the original theme instantly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Delivery Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send a real test email using WordPress mail\u003C\u002Fli>\n\u003Cli>Confirm whether the server can successfully send email\u003C\u002Fli>\n\u003Cli>Helps identify SMTP or hosting mail issues\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>When to Use Conflict Finder\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Diagnosing white screens or fatal errors\u003C\u002Fli>\n\u003Cli>Identifying plugin conflicts\u003C\u002Fli>\n\u003Cli>Testing theme-related layout or functionality issues\u003C\u002Fli>\n\u003Cli>Investigating PHP notices or warnings\u003C\u002Fli>\n\u003Cli>Verifying WordPress email delivery\u003C\u002Fli>\n\u003Cli>Support and development workflows\u003C\u002Fli>\n\u003C\u002Ful>\n","Conflict Finder is a WordPress troubleshooting toolkit that helps diagnose plugin conflicts, theme issues, debugging errors, and email delivery proble …",8747,90,4,"2026-01-27T14:26:00.000Z","4.9","5.6",[145,146,147,148,24],"debug-log","plugin-conflict","theme-conflict","troubleshooting","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconflict-finder-wp-fix-it.7.2.zip",{"attackSurface":151,"codeSignals":287,"taintFlows":474,"riskAssessment":603,"analyzedAt":620},{"hooks":152,"ajaxHandlers":283,"restRoutes":284,"shortcodes":285,"cronEvents":286,"entryPointCount":29,"unprotectedCount":29},[153,160,164,168,171,175,180,183,187,189,195,198,200,202,204,208,211,214,216,218,221,223,225,228,231,234,237,240,244,248,252,254,258,261,264,268,271,274,276,280],{"type":154,"name":155,"callback":156,"priority":157,"file":158,"line":159},"action","admin_init","first_time_setups",22,"index.php",59,{"type":154,"name":161,"callback":162,"priority":14,"file":158,"line":163},"admin_bar_menu","my_admin_bar",61,{"type":154,"name":165,"callback":166,"priority":157,"file":158,"line":167},"wp_head","my_head",64,{"type":154,"name":169,"callback":166,"priority":157,"file":158,"line":170},"admin_head",65,{"type":154,"name":172,"callback":173,"priority":157,"file":158,"line":174},"init","reload_page_after_click",66,{"type":154,"name":176,"callback":177,"priority":178,"file":158,"line":179},"admin_footer","footer",990,68,{"type":154,"name":181,"callback":177,"priority":178,"file":158,"line":182},"wp_footer",69,{"type":154,"name":165,"callback":184,"priority":28,"file":185,"line":186},"closure","library.php",4768,{"type":154,"name":169,"callback":184,"priority":28,"file":185,"line":188},4769,{"type":154,"name":190,"callback":191,"priority":192,"file":193,"line":194},"wp_enqueue_scripts","my_styles_hook",9,"library_wp.php",73,{"type":154,"name":196,"callback":191,"priority":192,"file":193,"line":197},"admin_enqueue_scripts",74,{"type":154,"name":176,"callback":184,"file":193,"line":199},148,{"type":154,"name":172,"callback":184,"file":193,"line":201},163,{"type":154,"name":155,"callback":184,"file":193,"line":203},210,{"type":205,"name":206,"callback":184,"file":193,"line":207},"filter","mce_external_plugins",212,{"type":205,"name":209,"callback":184,"file":193,"line":210},"mce_buttons_2",213,{"type":205,"name":212,"callback":184,"file":193,"line":213},"tiny_mce_version",215,{"type":154,"name":23,"callback":184,"priority":28,"file":193,"line":215},231,{"type":154,"name":217,"callback":184,"priority":28,"file":193,"line":48},"plugins_loaded",{"type":154,"name":23,"callback":219,"file":193,"line":220},"my_flush__rewrite",550,{"type":154,"name":181,"callback":184,"file":193,"line":222},700,{"type":154,"name":172,"callback":184,"file":193,"line":224},711,{"type":154,"name":226,"callback":184,"file":193,"line":227},"wp_loaded",854,{"type":154,"name":229,"callback":184,"file":193,"line":230},"shutdown",859,{"type":154,"name":172,"callback":232,"file":193,"line":233},"load_textdomain",1732,{"type":154,"name":169,"callback":235,"file":193,"line":236},"admin_head_func",1743,{"type":154,"name":238,"callback":184,"file":193,"line":239},"current_screen",1744,{"type":154,"name":23,"callback":241,"priority":242,"file":193,"line":243},"flush_checkpoint",999,1753,{"type":205,"name":245,"callback":246,"priority":28,"file":193,"line":247},"upload_mimes","upload_mimes_filter",1759,{"type":205,"name":249,"callback":250,"priority":68,"file":193,"line":251},"wp_handle_upload","wp_handle_upload_filter",1760,{"type":154,"name":172,"callback":184,"file":193,"line":253},1822,{"type":154,"name":255,"callback":256,"file":193,"line":257},"network_admin_menu","plugin__add_menu_or_submenu",1912,{"type":154,"name":259,"callback":256,"file":193,"line":260},"admin_menu",1914,{"type":154,"name":262,"callback":184,"file":193,"line":263},"activated_plugin",1916,{"type":154,"name":265,"callback":266,"file":193,"line":267},"network_admin_notices","admin_error_notice_pro",2103,{"type":154,"name":269,"callback":266,"file":193,"line":270},"admin_notices",2104,{"type":205,"name":272,"callback":184,"priority":68,"file":193,"line":273},"wp_php_error_message",2187,{"type":154,"name":181,"callback":184,"file":193,"line":275},2375,{"type":205,"name":277,"callback":278,"file":193,"line":279},"widget_text","do_shortcode",2399,{"type":205,"name":281,"callback":184,"file":193,"line":282},"site_transient_update_plugins",3266,[],[],[],[],{"dangerousFunctions":288,"sqlUsage":293,"outputEscaping":328,"fileOperations":470,"externalRequests":140,"nonceChecks":471,"capabilityChecks":472,"bundledLibraries":473},[289],{"fn":290,"file":185,"line":291,"context":292},"unserialize",3813,"if ( @unserialize($serialized_string) !== false ) \treturn $serialized_string;",{"prepared":294,"raw":295,"locations":296},46,14,[297,300,302,304,306,309,311,313,315,317,320,322,324,326],{"file":185,"line":298,"context":299},645,"$wpdb->query() with variable interpolation",{"file":193,"line":301,"context":299},784,{"file":193,"line":303,"context":299},785,{"file":193,"line":305,"context":299},1023,{"file":193,"line":307,"context":308},1224,"$wpdb->get_var() with variable interpolation",{"file":193,"line":310,"context":299},1353,{"file":193,"line":312,"context":299},1355,{"file":193,"line":314,"context":299},1368,{"file":193,"line":316,"context":299},1420,{"file":193,"line":318,"context":319},1421,"$wpdb->get_results() with variable interpolation",{"file":193,"line":321,"context":299},1430,{"file":193,"line":323,"context":299},1434,{"file":193,"line":325,"context":319},3058,{"file":193,"line":327,"context":299},3074,{"escaped":329,"rawEcho":330,"locations":331},80,70,[332,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,369,371,373,375,376,377,379,381,383,385,387,389,391,393,395,397,398,400,402,404,406,408,410,412,414,416,418,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466,468],{"file":185,"line":333,"context":334},480,"raw output",{"file":185,"line":336,"context":334},2316,{"file":185,"line":338,"context":334},2915,{"file":185,"line":340,"context":334},3231,{"file":185,"line":342,"context":334},3238,{"file":185,"line":344,"context":334},3278,{"file":185,"line":346,"context":334},3391,{"file":185,"line":348,"context":334},3646,{"file":185,"line":350,"context":334},4194,{"file":185,"line":352,"context":334},4195,{"file":185,"line":354,"context":334},4245,{"file":185,"line":356,"context":334},4247,{"file":185,"line":358,"context":334},4442,{"file":185,"line":360,"context":334},4451,{"file":185,"line":362,"context":334},4453,{"file":185,"line":364,"context":334},4602,{"file":185,"line":366,"context":334},4694,{"file":185,"line":368,"context":334},4698,{"file":185,"line":370,"context":334},4705,{"file":185,"line":372,"context":334},4716,{"file":185,"line":374,"context":334},4722,{"file":185,"line":186,"context":334},{"file":185,"line":188,"context":334},{"file":185,"line":378,"context":334},5119,{"file":185,"line":380,"context":334},5121,{"file":193,"line":382,"context":334},396,{"file":193,"line":384,"context":334},401,{"file":193,"line":386,"context":334},410,{"file":193,"line":388,"context":334},442,{"file":193,"line":390,"context":334},576,{"file":193,"line":392,"context":334},655,{"file":193,"line":394,"context":334},660,{"file":193,"line":396,"context":334},674,{"file":193,"line":396,"context":334},{"file":193,"line":399,"context":334},1312,{"file":193,"line":401,"context":334},1317,{"file":193,"line":403,"context":334},1328,{"file":193,"line":405,"context":334},2320,{"file":193,"line":407,"context":334},2499,{"file":193,"line":409,"context":334},2513,{"file":193,"line":411,"context":334},2551,{"file":193,"line":413,"context":334},2553,{"file":193,"line":415,"context":334},2554,{"file":193,"line":417,"context":334},2582,{"file":193,"line":419,"context":334},2586,{"file":193,"line":421,"context":334},2589,{"file":193,"line":423,"context":334},2636,{"file":193,"line":425,"context":334},2656,{"file":193,"line":427,"context":334},2666,{"file":193,"line":429,"context":334},2671,{"file":193,"line":431,"context":334},2673,{"file":193,"line":433,"context":334},2700,{"file":193,"line":435,"context":334},2707,{"file":193,"line":437,"context":334},2754,{"file":193,"line":439,"context":334},2769,{"file":193,"line":441,"context":334},2782,{"file":193,"line":443,"context":334},2789,{"file":193,"line":445,"context":334},2790,{"file":193,"line":447,"context":334},2791,{"file":193,"line":449,"context":334},2796,{"file":193,"line":451,"context":334},2798,{"file":193,"line":453,"context":334},2806,{"file":193,"line":455,"context":334},2867,{"file":193,"line":457,"context":334},2981,{"file":193,"line":459,"context":334},2997,{"file":193,"line":461,"context":334},3006,{"file":193,"line":463,"context":334},3148,{"file":193,"line":465,"context":334},3393,{"file":193,"line":467,"context":334},3420,{"file":193,"line":469,"context":334},3423,29,6,2,[],[475,492,501,512,522,562,573,594],{"entryPoint":476,"graph":477,"unsanitizedCount":28,"severity":41},"force_redirect_to_https (library.php:103)",{"nodes":478,"edges":489},[479,484],{"id":480,"type":481,"label":482,"file":185,"line":483},"n0","source","$_SERVER['REQUEST_URI']",104,{"id":485,"type":486,"label":487,"file":185,"line":483,"wp_function":488},"n1","sink","header() [Header Injection]","header",[490],{"from":480,"to":485,"sanitized":491},false,{"entryPoint":493,"graph":494,"unsanitizedCount":28,"severity":41},"password_site (library.php:2312)",{"nodes":495,"edges":499},[496,498],{"id":480,"type":481,"label":482,"file":185,"line":497},2315,{"id":485,"type":486,"label":487,"file":185,"line":497,"wp_function":488},[500],{"from":480,"to":485,"sanitized":491},{"entryPoint":502,"graph":503,"unsanitizedCount":28,"severity":41},"redirect_to_https (library.php:3790)",{"nodes":504,"edges":510},[505,508],{"id":480,"type":481,"label":506,"file":185,"line":507},"$_SERVER",3793,{"id":485,"type":486,"label":487,"file":185,"line":509,"wp_function":488},3795,[511],{"from":480,"to":485,"sanitized":491},{"entryPoint":513,"graph":514,"unsanitizedCount":28,"severity":41},"redirect_to_nonwww (library.php:3800)",{"nodes":515,"edges":520},[516,518],{"id":480,"type":481,"label":506,"file":185,"line":517},3802,{"id":485,"type":486,"label":487,"file":185,"line":519,"wp_function":488},3804,[521],{"from":480,"to":485,"sanitized":491},{"entryPoint":523,"graph":524,"unsanitizedCount":192,"severity":41},"\u003Clibrary> (library.php:0)",{"nodes":525,"edges":556},[526,528,529,532,537,539,544,547,549,552],{"id":480,"type":481,"label":527,"file":185,"line":483},"$_SERVER['REQUEST_URI'] (x2)",{"id":485,"type":486,"label":487,"file":185,"line":483,"wp_function":488},{"id":530,"type":481,"label":506,"file":185,"line":531},"n2",256,{"id":533,"type":486,"label":534,"file":185,"line":535,"wp_function":536},"n3","wp_remote_get() [SSRF]",3066,"wp_remote_get",{"id":538,"type":481,"label":506,"file":185,"line":531},"n4",{"id":540,"type":486,"label":541,"file":185,"line":542,"wp_function":543},"n5","wp_remote_post() [SSRF]",3072,"wp_remote_post",{"id":545,"type":481,"label":546,"file":185,"line":507},"n6","$_SERVER (x2)",{"id":548,"type":486,"label":487,"file":185,"line":509,"wp_function":488},"n7",{"id":550,"type":481,"label":551,"file":185,"line":531},"n8","$_SERVER (x3)",{"id":553,"type":486,"label":554,"file":185,"line":354,"wp_function":555},"n9","echo() [XSS]","echo",[557,558,559,560,561],{"from":480,"to":485,"sanitized":491},{"from":530,"to":533,"sanitized":491},{"from":538,"to":540,"sanitized":491},{"from":545,"to":548,"sanitized":491},{"from":550,"to":553,"sanitized":491},{"entryPoint":563,"graph":564,"unsanitizedCount":29,"severity":572},"ajax_backend_call (library_wp.php:432)",{"nodes":565,"edges":569},[566,568],{"id":480,"type":481,"label":567,"file":193,"line":388},"$_POST['PRO_check_key']",{"id":485,"type":486,"label":554,"file":193,"line":388,"wp_function":555},[570],{"from":480,"to":485,"sanitized":571},true,"low",{"entryPoint":574,"graph":575,"unsanitizedCount":29,"severity":572},"\u003Clibrary_wp> (library_wp.php:0)",{"nodes":576,"edges":590},[577,578,579,582,586,589],{"id":480,"type":481,"label":567,"file":193,"line":388},{"id":485,"type":486,"label":554,"file":193,"line":388,"wp_function":555},{"id":530,"type":481,"label":580,"file":193,"line":581},"$_POST (x2)",1454,{"id":533,"type":486,"label":583,"file":193,"line":584,"wp_function":585},"get_var() [SQLi]",1456,"get_var",{"id":538,"type":481,"label":587,"file":193,"line":588},"$_POST",2527,{"id":540,"type":486,"label":554,"file":193,"line":439,"wp_function":555},[591,592,593],{"from":480,"to":485,"sanitized":571},{"from":530,"to":533,"sanitized":571},{"from":538,"to":540,"sanitized":571},{"entryPoint":595,"graph":596,"unsanitizedCount":472,"severity":602},"change_slug_2_old (library_wp.php:1451)",{"nodes":597,"edges":600},[598,599],{"id":480,"type":481,"label":580,"file":193,"line":581},{"id":485,"type":486,"label":583,"file":193,"line":584,"wp_function":585},[601],{"from":480,"to":485,"sanitized":491},"high",{"summary":604,"deductions":605},"The 'enable-wp-debug-from-admin-dashboard' plugin v1.93 presents a mixed security posture.  While it boasts a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events without authentication, this is somewhat offset by internal code analysis concerns. The presence of the `unserialize` dangerous function is a significant red flag, as it can be a vector for remote code execution if untrusted data is passed to it. Furthermore, the taint analysis indicates a concerning number of flows with unsanitized paths, including one of high severity, suggesting potential vulnerabilities if these paths are exposed to user input.  The plugin's vulnerability history shows one medium severity Cross-site Scripting (XSS) vulnerability discovered in August 2022, which is now patched. While the lack of currently unpatched vulnerabilities is positive, the history of XSS indicates a need for careful input sanitization and output escaping, which the static analysis shows is only properly implemented in 53% of outputs.\n\nOverall, the plugin's strengths lie in its limited direct attack vectors. However, the internal code analysis, particularly the use of `unserialize` and the high number of unsanitized taint flows, coupled with a history of XSS, points to significant potential risks. The moderate rate of proper output escaping is also a concern.  Users should exercise caution, and further investigation into the specific taint flows and the usage of `unserialize` is highly recommended to fully understand the risk.",[606,609,612,615,618],{"reason":607,"points":608},"Presence of 'unserialize' dangerous function",15,{"reason":610,"points":611},"High severity taint flow found",12,{"reason":613,"points":614},"Flows with unsanitized paths found",8,{"reason":616,"points":617},"Output escaping only 53% properly done",7,{"reason":619,"points":614},"Medium severity CVE in vulnerability history","2026-03-16T20:30:16.072Z",{"wat":622,"direct":633},{"assetPaths":623,"generatorPatterns":628,"scriptPaths":629,"versionParams":630},[624,625,626,627],"\u002Fwp-content\u002Fplugins\u002Fenable-wp-debug-from-admin-dashboard\u002Flibrary.php","\u002Fwp-content\u002Fplugins\u002Fenable-wp-debug-from-admin-dashboard\u002Flibrary_wp.php","\u002Fwp-content\u002Fplugins\u002Fenable-wp-debug-from-admin-dashboard\u002F_wp_config_addon.php","\u002Fwp-content\u002Fplugins\u002Fenable-wp-debug-from-admin-dashboard\u002F_wp_debug_ip_permission.php",[],[],[631,632],"enable-wp-debug-from-admin-dashboard\u002Flibrary.php?ver=","enable-wp-debug-from-admin-dashboard\u002Flibrary_wp.php?ver=",{"cssClasses":634,"htmlComments":638,"htmlAttributes":639,"restEndpoints":644,"jsGlobals":645,"shortcodeOutput":647},[635,636,637],"button_ewdfad","ewdfad_off","ewdfad_on",[],[640,641,642,643],"ewdfad_STATE","ewdfad_nonce","ewdfad_debug_type","ewdfad_ip_type",[],[646],"redirect_to_ewdfad",[]]