[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fcTJX-dEaKNo9muQMoyptshpqfX_KcW-X7cLKKa7JECQ":3,"$fUgUm07tE1m2SyFgqnIzQ_3Zu610h5b4f1da5sLkCSas":305,"$fy48MBMH0ogmWA_s6LfYB2yE9Ow-dYuC1LsZ5hN6XnvE":309},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"discovery_status":30,"vulnerabilities":31,"developer":64,"crawl_stats":37,"alternatives":71,"analysis":170,"fingerprints":281},"enhanced-plugin-admin","Enhanced Plugin Admin","1.17","Marios Alexandrou","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarios-alexandrou\u002F","\u003Cp>The Enhanced Plugin Admin plugin aims to save you time and warn you about potential compatibility and security problems for installed plugins right from the plugin admin screen. Information includes:\u003C\u002Fp>\n\u003Col>\n\u003Cli>last update date\u003C\u002Fli>\n\u003Cli>overall rating\u003C\u002Fli>\n\u003Cli>number of votes\u003C\u002Fli>\n\u003Cli>WordPress version compatibility range\u003C\u002Fli>\n\u003Cli>WordPress plugin repository status i.e. in repository, removed from repository, never in repository\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You can also hide (disable) individual plugin update notifications for when you don’t want to upgrade. These can be unhidden (re-enabled) at any time.\u003C\u002Fp>\n\u003Ch4>Planned Features\u003C\u002Fh4>\n\u003Cp>These are features I’ve been considering. Let me know if they’re of interest or if you have other ideas.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Schedule checks so that information is up to date without having to wait for plugin admin page to refresh.\u003C\u002Fli>\n\u003Cli>Email notifications when thresholds are first exceeded or when vulnerability discovered.\u003C\u002Fli>\n\u003Cli>Keep track of when a plugin was originally and most recently activated \u002F deactivated.\u003C\u002Fli>\n\u003C\u002Fol>\n","At-a-glance diagnostic and security info displayed on your site's plugin page about the plugins you have installed (both active and inactive).",200,5373,100,8,"2025-12-29T14:20:00.000Z","6.9.4","5.0","",[20,21,22],"plugin-admin","plugin-info","plugin-management","http:\u002F\u002Finfolific.com\u002Ftechnology\u002Fsoftware-worth-using\u002Fenhanced-plugin-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenhanced-plugin-admin.zip",99,2,0,"2023-03-21 00:00:00","2026-04-16T10:56:18.058Z","no_bundle",[32,49],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46,"patch_diff_files":47,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":27,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"CVE-2023-28618","enhanced-plugin-admin-cross-site-request-forgery-via-epaoptionspage","Enhanced Plugin Admin \u003C= 1.16 - Cross-Site Request Forgery via epa_options_page","The Enhanced Plugin Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.16. This is due to missing or incorrect nonce validation on the epa_options_page function. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.16","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:L","Cross-Site Request Forgery (CSRF)","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9b5bc030-7739-4eb4-b85d-99e5d0f2643a?source=api-prod",308,[],false,{"id":50,"url_slug":51,"title":52,"description":53,"plugin_slug":4,"theme_slug":37,"affected_versions":54,"patched_in_version":55,"severity":39,"cvss_score":56,"cvss_vector":57,"vuln_type":58,"published_date":59,"updated_date":43,"references":60,"days_to_patch":62,"patch_diff_files":63,"patch_trac_url":37,"research_status":37,"research_verified":48,"research_rounds_completed":27,"research_plan":37,"research_summary":37,"research_vulnerable_code":37,"research_fix_diff":37,"research_exploit_outline":37,"research_model_used":37,"research_started_at":37,"research_completed_at":37,"research_error":37,"poc_status":37,"poc_video_id":37,"poc_summary":37,"poc_steps":37,"poc_tested_at":37,"poc_wp_version":37,"poc_php_version":37,"poc_playwright_script":37,"poc_exploit_code":37,"poc_has_trace":48,"poc_model_used":37,"poc_verification_depth":37},"WF-13e8f16b-b5a3-4be1-9557-e11cd9ffaea7-enhanced-plugin-admin","enhanced-admin-plugin-reflected-cross-site-scripting","Enhanced Admin Plugin \u003C 1.16 - Reflected Cross-Site Scripting","The Enhanced Admin Plugin for WordPress is vulnerable to Cross-Site Scripting via the 'REQUEST_URI' variable in versions before 1.16 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.","\u003C1.16","1.16",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2017-04-14 00:00:00",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F13e8f16b-b5a3-4be1-9557-e11cd9ffaea7?source=api-prod",2475,[],{"slug":65,"display_name":7,"profile_url":8,"plugin_count":66,"total_installs":67,"avg_security_score":25,"avg_patch_time_days":68,"trust_score":69,"computed_at":70},"marios-alexandrou",7,195200,1456,78,"2026-05-19T23:27:17.370Z",[72,93,116,135,152],{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":27,"num_ratings":27,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":91,"download_link":92,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"milesweb-tools","MilesWeb Tools","1.0.2","MilesWeb","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilesweb\u002F","\u003Cp>\u003Cstrong>MilesWeb Tools\u003C\u002Fstrong> is a powerful WordPress plugin designed to enhance your site’s functionality and security. It helps you manage security settings, maintenance mode, enforce HTTPS, disable file editing, log user activity, track storage usage, and provides detailed insights into active and inactive themes and plugins.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable\u002Fdisable maintenance mode.\u003C\u002Fli>\n\u003Cli>Force HTTPS redirection.\u003C\u002Fli>\n\u003Cli>Disable file editing in the WordPress admin panel.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC to prevent security vulnerabilities.\u003C\u002Fli>\n\u003Cli>Track user logins.\u003C\u002Fli>\n\u003Cli>Display active theme details and inactive theme storage usage.\u003C\u002Fli>\n\u003Cli>Show active\u002Finactive plugins, including their size, and memory usage.\u003C\u002Fli>\n\u003Cli>Identify outdated plugins and themes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>Manage security, maintenance, and user logging while monitoring storage usage in one plugin.\u003C\u002Fp>\n\u003Ch3>License & Credits\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under GPLv2 or later. Contributions from the WordPress community are appreciated.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, visit MilesWeb Support or the WordPress support forums.\u003C\u002Fp>\n","MilesWeb Tools is a powerful WordPress plugin designed to enhance your site's functionality and security. It helps you manage security settings,  &hellip;",9000,18895,"2025-07-25T11:31:00.000Z","6.8.5","5.6","7.4",[87,21,88,89,90],"maintenance","security","storage-usage","user-logging","https:\u002F\u002Fmilesweb.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmilesweb-tools.1.0.2.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":103,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":18,"download_link":114,"security_score":115,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"export-plugin-details","Export Plugin Details","1.1.7","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FHnvBqXMcSxA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>This plugin allows you to export your installed plugin list in CSV format. CSV file having the following fields\u003C\u002Fp>\n\u003Col>\n\u003Cli>Plugin Name\u003C\u002Fli>\n\u003Cli>Description\u003C\u002Fli>\n\u003Cli>Author\u003C\u002Fli>\n\u003Cli>Active\u002FInactive\u003C\u002Fli>\n\u003Cli>Current Version\u003C\u002Fli>\n\u003Cli>Update Available(Yes\u002FNo)\u003C\u002Fli>\n\u003Cli>New Version\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Kindly let us know your feedback or comments to add more features in this plugin.\u003C\u002Fp>\n","Simple way to export your installed plugins list in CSV format.",2000,22788,98,18,"2024-07-31T07:27:00.000Z","6.6.5","4.3","5.2.4",[110,111,94,112,113],"csv-export","export-plugin","export-plugin-information","plugin-details","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexport-plugin-details.1.1.7.zip",92,{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":27,"num_ratings":27,"last_updated":126,"tested_up_to":83,"requires_at_least":127,"requires_php":85,"tags":128,"homepage":133,"download_link":134,"security_score":115,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"plugin-activation-tracker","Plugin Activation Tracker","3.6","Galaxy Weblinks","https:\u002F\u002Fprofiles.wordpress.org\u002Fgalaxyweblinks\u002F","\u003Cp>Keep track of plugins you activate or deactivate through the dashboard by viewing when each and every one of them was enabled or disabled.\u003C\u002Fp>\n\u003Cp>This plugin allows storing plugin status tracker records for 60 days. Site administrator can customize the duration as their requirements.\u003C\u002Fp>\n\u003Cp>Current features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds new columns on the plugins dashboard screen that shows when each plugin was activated and deactivated with author name and IP address.\u003C\u002Fli>\n\u003Cli>Supported on multisite.\u003C\u002Fli>\n\u003Cli>Control whether you’d like to see a relative date or a “regular” date as set under Settings > General\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>While by default the date & time settings are being used, you can always change the date format by filtering ‘pat_date_time_format_gwl’. For instance:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n\nadd_filter( 'pat_date_time_format_gwl', 'my_pat_date_time_format_gwl' );\nfunction my_pat_date_time_format_gwl( $date_format ) {\n    return 'm-d-Y';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Here’s some more info on \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFormatting_Date_and_Time\" rel=\"nofollow ugc\">date & time formatting in WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Here’s a link to the documentation for the plugin. This will help you learn more about its features and how to use it.\u003Cbr \u002F>\n\u003Cstrong>\u003C\u002Fstrong>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fwp-plugins\u002Fplugin-activation-tracker\u002Fdoc\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fstrong>\u003Cbr \u002F>\nFor any feedback or queries regarding this plugin, please contact our \u003Ca href=\"https:\u002F\u002Fwp-plugins.galaxyweblinks.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Support team\u003C\u002Fa>.\u003C\u002Fp>\n","Keep track of plugins you activate or deactivate through the dashboard by viewing when each and every one of them was enabled or disabled.",1000,8307,"2025-04-28T11:56:00.000Z","4.9",[21,129,130,131,132],"plugin-status","plugin-tracker","plugins","tracker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-activation-tracker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-activation-tracker.3.6.zip",{"slug":136,"name":137,"version":138,"author":139,"author_profile":140,"description":141,"short_description":142,"active_installs":124,"downloaded":143,"rating":13,"num_ratings":144,"last_updated":145,"tested_up_to":16,"requires_at_least":146,"requires_php":84,"tags":147,"homepage":150,"download_link":151,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"plugin-report","Plugin Report","2.2.2","Torsten Landsiedel","https:\u002F\u002Fprofiles.wordpress.org\u002Fzodiac1978\u002F","\u003Cp>A WordPress plugin that provides detailed information about currently installed plugins.\u003C\u002Fp>\n\u003Ch3>Plugin Report will allow you to:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Spot plugins that are no longer maintained.\u003C\u002Fli>\n\u003Cli>Get a quick overview of the “plugin health” of your site.\u003C\u002Fli>\n\u003Cli>Provide clients with a detailed report, right from their own dashboard, or as CSV spreadsheet.\u003C\u002Fli>\n\u003Cli>Find plugins that are no longer active on multisite installs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to Roy Tanck for trusting me to adopt this great plugin. Hartelijk bedankt!\u003C\u002Fp>\n\u003Cp>Special thanks go to \u003Ca href=\"http:\u002F\u002Ftristen.ca\u002F\" rel=\"nofollow ugc\">Tristen Forsythe Brown\u003C\u002Fa> for the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftristen\u002Ftablesort\" rel=\"nofollow ugc\">tablesort JavaScript library\u003C\u002Fa> licensed under the MIT License.\u003C\u002Fp>\n","A WordPress plugin that provides detailed information about currently installed plugins.",26636,14,"2026-01-18T12:46:00.000Z","4.6",[148,149,21,131],"admin","multisite","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-report\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-report.2.2.2.zip",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":123,"active_installs":159,"downloaded":160,"rating":161,"num_ratings":162,"last_updated":163,"tested_up_to":164,"requires_at_least":165,"requires_php":18,"tags":166,"homepage":167,"download_link":168,"security_score":169,"vuln_count":27,"unpatched_count":27,"last_vuln_date":37,"fetched_at":29},"plugin-activation-date","Plugin Activation Date","1.1","Maor Chasen","https:\u002F\u002Fprofiles.wordpress.org\u002Fmaor\u002F","\u003Cp>Current features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds a new column on the plugins dashboard screen that shows when each plugin was activated, only if PAD was installed before\u003C\u002Fli>\n\u003Cli>Control whether you’d like to see a relative date or a “regular” date as set under Settings > General\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>While by default the date & time settings are being used, you can always change the date format by filtering ‘pad_date_time_format’. For instance:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php\n\nadd_filter( 'pad_date_time_format', 'my_pad_date_time_format' );\nfunction my_pad_date_time_format( $date_format ) {\n    return 'm-d-Y';\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Here’s some more info on \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFormatting_Date_and_Time\" rel=\"nofollow ugc\">date & time formatting in WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Feel free to post your feature requests, issues and pull requests to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmaor\u002Fplugin-activation-date\" title=\"PAD on GitHub\" rel=\"nofollow ugc\">Plugin Activation Date on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n",300,6453,94,10,"2012-10-19T21:47:00.000Z","3.4.2","3.0",[21,131],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fplugin-activation-date\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-activation-date.zip",85,{"attackSurface":171,"codeSignals":199,"taintFlows":232,"riskAssessment":271,"analyzedAt":280},{"hooks":172,"ajaxHandlers":195,"restRoutes":196,"shortcodes":197,"cronEvents":198,"entryPointCount":27,"unprotectedCount":27},[173,179,183,188,192],{"type":174,"name":175,"callback":176,"priority":162,"file":177,"line":178},"filter","plugin_row_meta","epa_plugin_meta","enhanced-plugin-admin.php",46,{"type":174,"name":180,"callback":181,"file":177,"line":182},"site_transient_update_plugins","epa_pn_hide_update_notifications",47,{"type":184,"name":185,"callback":186,"file":177,"line":187},"action","admin_menu","epa_add_pages",49,{"type":184,"name":189,"callback":190,"file":177,"line":191},"init","epa_pn_get",50,{"type":184,"name":189,"callback":193,"file":177,"line":194},"epa_pn_add_filters",51,[],[],[],[],{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":203,"fileOperations":27,"externalRequests":230,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":231},[],{"prepared":27,"raw":27,"locations":202},[],{"escaped":204,"rawEcho":205,"locations":206},3,11,[207,210,212,214,216,218,220,222,224,226,228],{"file":177,"line":208,"context":209},82,"raw output",{"file":177,"line":211,"context":209},312,{"file":177,"line":213,"context":209},391,{"file":177,"line":215,"context":209},395,{"file":177,"line":217,"context":209},399,{"file":177,"line":219,"context":209},403,{"file":177,"line":221,"context":209},407,{"file":177,"line":223,"context":209},418,{"file":177,"line":225,"context":209},540,{"file":177,"line":227,"context":209},545,{"file":177,"line":229,"context":209},550,1,[],[233,260],{"entryPoint":234,"graph":235,"unsanitizedCount":27,"severity":259},"epa_options_page (enhanced-plugin-admin.php:339)",{"nodes":236,"edges":255},[237,242,247,251],{"id":238,"type":239,"label":240,"file":177,"line":241},"n0","source","$_POST",342,{"id":243,"type":244,"label":245,"file":177,"line":241,"wp_function":246},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":248,"type":239,"label":249,"file":177,"line":250},"n2","$_SERVER['REQUEST_URI']",353,{"id":252,"type":244,"label":253,"file":177,"line":250,"wp_function":254},"n3","echo() [XSS]","echo",[256,258],{"from":238,"to":243,"sanitized":257},true,{"from":248,"to":252,"sanitized":257},"low",{"entryPoint":261,"graph":262,"unsanitizedCount":27,"severity":259},"\u003Cenhanced-plugin-admin> (enhanced-plugin-admin.php:0)",{"nodes":263,"edges":268},[264,265,266,267],{"id":238,"type":239,"label":240,"file":177,"line":241},{"id":243,"type":244,"label":245,"file":177,"line":241,"wp_function":246},{"id":248,"type":239,"label":249,"file":177,"line":250},{"id":252,"type":244,"label":253,"file":177,"line":250,"wp_function":254},[269,270],{"from":238,"to":243,"sanitized":257},{"from":248,"to":252,"sanitized":257},{"summary":272,"deductions":273},"The \"enhanced-plugin-admin\" plugin v1.17 exhibits a mixed security posture. While it demonstrates strengths in areas like SQL query preparation and a seemingly small attack surface from static analysis, significant concerns arise from its historical vulnerability record and output escaping deficiencies.  The plugin has a history of two medium-severity vulnerabilities, including Cross-Site Request Forgery (CSRF) and Cross-site Scripting (XSS), indicating potential issues with input validation and secure handling of user-supplied data in the past. The fact that the last vulnerability was relatively recent (March 2023) suggests ongoing security challenges.\n\nSpecific risks identified in the code analysis include a low percentage of properly escaped output (21%), which is a significant concern as it directly contributes to the risk of Cross-site Scripting vulnerabilities. Although there are no critical or high severity taint flows and all SQL queries are prepared, the low output escaping rate presents a tangible risk. The presence of an external HTTP request also warrants investigation for potential vulnerabilities if not handled securely. The plugin's vulnerability history, particularly the types of past issues (CSRF, XSS), aligns with the observed output escaping problems and reinforces the need for vigilance in sanitizing user-controllable data.\n\nIn conclusion, while the plugin has made positive strides in securing SQL operations and has a low apparent attack surface in terms of entry points, the persistent issues with output escaping and the history of medium-severity vulnerabilities, including XSS and CSRF, point to an area requiring immediate attention.  The overall security posture is therefore considered moderate, with a need for improvement in output sanitization and a cautious approach due to past exploits.",[274,276,278],{"reason":275,"points":162},"Low output escaping percentage (21%)",{"reason":277,"points":162},"History of 2 medium-severity CVEs",{"reason":279,"points":204},"Presence of external HTTP request","2026-03-16T20:30:45.095Z",{"wat":282,"direct":291},{"assetPaths":283,"generatorPatterns":286,"scriptPaths":287,"versionParams":288},[284,285],"\u002Fwp-content\u002Fplugins\u002Fenhanced-plugin-admin\u002Fepa-admin.css","\u002Fwp-content\u002Fplugins\u002Fenhanced-plugin-admin\u002Fepa-admin.js",[],[285],[289,290],"enhanced-plugin-admin\u002Fepa-admin.css?ver=","enhanced-plugin-admin\u002Fepa-admin.js?ver=",{"cssClasses":292,"htmlComments":294,"htmlAttributes":301,"restEndpoints":302,"jsGlobals":303,"shortcodeOutput":304},[293],"epa-admin-plugin-row-meta",[295,296,297,298,299,300],"\u003C!-- epa: data from call_api -->","\u003C!-- epa: data from transient -->","\u003C!-- epa: call_api successful -->","\u003C!-- epa: checking svn url a -->","\u003C!-- epa: in plugin svn a -->","\u003C!-- epa: not in plugin svn a -->",[],[],[],[],{"error":257,"url":306,"statusCode":307,"statusMessage":308,"message":308},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fenhanced-plugin-admin\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":27,"versions":310},[]]