[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faz8sqazLUfGCKloLc_zXRJRB4vzPenvRdFXvjSLCe7A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":144,"fingerprints":218},"exploit-scanner-for-active-theme","Exploit Scanner for Active Theme","1.0.5","Tauno Hanni","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaunoh\u002F","\u003Cp>Search the active theme files for signs that may indicate that it has fallen victim to malicious hackers.\u003C\u002Fp>\n\u003Cp>Or use this plugin as a tool to verify the integrity of the installed theme.\u003C\u002Fp>\n","Detects whether your theme files have fallen victim to malicious hackers.",20,3526,0,"2016-09-06T19:39:00.000Z","4.8.28","4.4","",[19,20,21,22,23],"crack","exploit","hack","hacking","scanner","http:\u002F\u002Fprixal.eu\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexploit-scanner-for-active-theme.1.0.5.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"taunoh",3,330,87,1,91,"2026-04-04T15:21:07.134Z",[39,61,87,106,126],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":17,"tags":54,"homepage":57,"download_link":58,"security_score":59,"vuln_count":35,"unpatched_count":13,"last_vuln_date":60,"fetched_at":28},"exploit-scanner","Exploit Scanner","1.5.2","Donncha O Caoimh (a11n)","https:\u002F\u002Fprofiles.wordpress.org\u002Fdonncha\u002F","\u003Cp>This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.\u003C\u002Fp>\n\u003Cp>It does not remove anything. That is left to the user to do.\u003C\u002Fp>\n\u003Cp>Latest MD5 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>17e2ccfc834d691bc68cc5c64f9bed89  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>1d5f9d6220fe159cd44cb70a998a1cd7  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>fbdf61c17f65094c8e331e1e364acf68  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>477d128d84802e3470cec408424a8de3  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>d53210f999847fbd6f5a2ecac0ad42f2  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Latest SHA1 hash values for Exploit Scanner:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>1decc1e47a53d1cab9e8f1ef15b31682198367ee  exploit-scanner.php (1.5.2)\u003C\u002Fli>\n\u003Cli>5cec64380a2acdc876fd22fbbbbf8c335df1ed3f  hashes-4.6.php\u003C\u002Fli>\n\u003Cli>99d9e7be23a350f3d1962d0f41e7b4e28c00841e  hashes-4.6.1.php\u003C\u002Fli>\n\u003Cli>1eeab377a1afc6d776827a063678d2461b29e71d  hashes-4.7.php\u003C\u002Fli>\n\u003Cli>8c890a6af26bb74e9d17e5d2b21d6be27764da45  hashes-4.7.5.php\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">Exploit Scanner homepage\u003C\u002Fa> for further information.\u003C\u002Fp>\n\u003Ch3>Interpreting the Results\u003C\u002Fh3>\n\u003Cp>It is likely that this scanner will find false positives (i.e. files which do not contain malicious code). However, it is best to err\u003Cbr \u002F>\non the side of caution; if you are unsure then ask in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002F\" rel=\"ugc\">Support Forums\u003C\u002Fa>,\u003Cbr \u002F>\ndownload a fresh copy of a plugin, search the Internet for similar situations, et cetera. You should be most concerned if the scanner is:\u003Cbr \u002F>\nmaking matches around unknown external links; finding base64 encoded text in modified core files or the \u003Ccode>wp-config.php\u003C\u002Fcode> file;\u003Cbr \u002F>\nlisting extra admin accounts; or finding content in posts which you did not put there.\u003C\u002Fp>\n\u003Cp>Understanding the three different result levels:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Severe:\u003C\u002Fstrong> results that are often strong indicators of a hack (though they are not definitive proof)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Warning:\u003C\u002Fstrong> these results are more commonly found in innocent circumstances than Severe matches, but they should still be treated with caution\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Note:\u003C\u002Fstrong> lowest priority, showing results that are very commonly used in legitimate code or notifications about events such as skipped files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help! I think I have been hacked!\u003C\u002Fh3>\n\u003Cp>Follow the guides from the Codex:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFAQ_My_site_was_hacked\" rel=\"nofollow ugc\">Codex: FAQ – My site was hacked\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress\" rel=\"nofollow ugc\">Codex: Hardening WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Ensure that you change \u003Cstrong>all\u003C\u002Fstrong> of your WordPress related passwords (site, FTP, MySQL, etc.). A regular backup routine\u003Cbr \u002F>\n(either manual or plugin powered) is extremely useful; if you ever find that your site has been hacked you can easily restore your site from\u003Cbr \u002F>\na clean backup and fresh set of files and, of course, use a new set of passwords.\u003C\u002Fp>\n\u003Ch3>Updates\u003C\u002Fh3>\n\u003Cp>Updates to the plugin will be posted here, to \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002F\" rel=\"nofollow ugc\">Holy Shmoly!\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Focaoimh.ie\u002Fexploit-scanner\u002F\" rel=\"nofollow ugc\">WordPress Exploit Scanner\u003C\u002Fa> page will always link to the newest version.\u003C\u002Fp>\n\u003Ch3>Other Languages\u003C\u002Fh3>\n\u003Cp>Unfortunately for people using WordPress versions for other locales some of the file hashes may be incorrect as some strings have to be hardcoded in their translated form. Here are some file hashes for WordPress in other languagues provided separately by other members of the community:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwpbiz.jp\u002Ffiles\u002Fexploit-scanner-hashes\u002Fja\u002F\" rel=\"nofollow ugc\">Japanese\u003C\u002Fa> – thanks to Naoko\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftalkpress.de\u002Fartikel\u002Fexploit-scanner-hash-deutsch-wordpress\" rel=\"nofollow ugc\">German\u003C\u002Fa> – thanks to Robert Wetzlmayr\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The hash files should only be declaring an array called $filehashes and the majority of the hashes should still be the same.\u003C\u002Fp>\n","Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.",9000,1067302,64,40,"2017-11-28T06:49:00.000Z","4.7.32","3.3",[21,22,23,55,56],"security","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fexploit-scanner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexploit-scanner.1.5.2.zip",84,"2013-05-29 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":82,"download_link":83,"security_score":84,"vuln_count":85,"unpatched_count":13,"last_vuln_date":86,"fetched_at":28},"injection-guard","Injection Guard","1.3.0","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cp>\u003Cstrong>Author:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Project URI:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>License:\u003C\u002Fstrong> GPL v3\u003C\u002Fp>\n\u003Cp>Injection Guard is a WordPress plugin designed to block malicious query string attacks and suspicious URL parameters. It logs all incoming attempts, blocks harmful parameters, and adds extra security intelligence to your WordPress admin—like user session tracking and capability audit.\u003C\u002Fp>\n\u003Cp>The plugin uses the \u003Ccode>ig_\u003C\u002Fcode> prefix for database keys and functions, follows WordPress coding standards, and supports multiple languages. It’s compatible with pretty permalinks and helps in securing your site from automated bots and manual attacks.\u003C\u002Fp>\n\u003Ch3>Method A (Admin Panel)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Login to WordPress Admin > Plugins > Add New > Upload Plugin\u003C\u002Fli>\n\u003Cli>Upload the ZIP file and activate the plugin\u003C\u002Fli>\n\u003Cli>Go to Settings > IG Settings and click “Save Settings”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Method B (Manual Upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download and unzip the plugin package\u003C\u002Fli>\n\u003Cli>Upload the folder to \u003Ccode>\u002Fwp-content\u002Fplugins\u002Finjection-guard\u002F\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Activate the plugin from the WordPress Dashboard\u003C\u002Fli>\n\u003Cli>Visit Settings > IG Settings to configure\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Logs all unique query strings attempting to penetrate your website\u003C\u002Fli>\n\u003Cli>Blocks malicious or unknown query parameters\u003C\u002Fli>\n\u003Cli>Tracks login, logout, session start and duration per user\u003C\u002Fli>\n\u003Cli>Capability audit report for all WordPress users\u003C\u002Fli>\n\u003Cli>Multi-language support (FR, DE, ES)\u003C\u002Fli>\n\u003Cli>Bootstrap-based admin UI and dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software licensed under the GNU GPL v2 or later.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with this plugin. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin blocks all unauthorized and irrelevant requests through query strings and provides extended session tracking and capability audit.",1000,32926,100,4,"2026-03-14T21:13:00.000Z","6.9.4","3.0","7.0",[78,79,55,80,81],"anti-hacking","firewall","sql-injection","wordpress-security","https:\u002F\u002Fwww.androidbubbles.com\u002Fextends\u002Fwordpress\u002Fplugins\u002Finjection-guard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finjection-guard.1.3.0.zip",92,6,"2026-03-20 10:55:45",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":71,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":17,"tags":101,"homepage":17,"download_link":105,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"gauntlet-security","Gauntlet Security","1.4.1","Cornelius Bergen","https:\u002F\u002Fprofiles.wordpress.org\u002Fcbergen\u002F","\u003Cp>Gauntlet Security can find opportunities for improving the security of your site. It checks many aspects of the site’s configuration including file permissions, server software, PHP, database, plugins, themes, and user accounts. The plugin will give each check a pass, warning, or fail and explain in clear language how you can fix the issue.\u003C\u002Fp>\n\u003Cp>How you ultimately choose to patch these issues is up to you but whatever method you use, this plugin should always provide an accurate report. It does not make changes to your database or to any of your files and it should be compatible with all other security plugins.\u003C\u002Fp>\n\u003Cp>Checks and recommendations include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set correct file and directory permissions\u003C\u002Fli>\n\u003Cli>Turn off directory indexing\u003C\u002Fli>\n\u003Cli>Prevent code execution in the uploads directory\u003C\u002Fli>\n\u003Cli>Block files in the includes directory\u003C\u002Fli>\n\u003Cli>Prevent access to stray files which could be useful to attackers\u003C\u002Fli>\n\u003Cli>Keep PHP up-to-date\u003C\u002Fli>\n\u003Cli>Disable dangerous PHP functions\u003C\u002Fli>\n\u003Cli>Disable allow_url_include and allow_url_fopen PHP flags\u003C\u002Fli>\n\u003Cli>Turn off the display of PHP errors\u003C\u002Fli>\n\u003Cli>Don’t advertise the PHP version you are running\u003C\u002Fli>\n\u003Cli>Use a strong database password\u003C\u002Fli>\n\u003Cli>Change the default database table prefix\u003C\u002Fli>\n\u003Cli>Keep WordPress up-to-date\u003C\u002Fli>\n\u003Cli>Turn off file editing in the control panel\u003C\u002Fli>\n\u003Cli>Set security keys in WP-Config file\u003C\u002Fli>\n\u003Cli>Don’t advertise the WordPress version you are running\u003C\u002Fli>\n\u003Cli>Turn off self-registration\u003C\u002Fli>\n\u003Cli>Force SSL when accessing the admin area\u003C\u002Fli>\n\u003Cli>Review the development activity and reputation of all plugins\u003C\u002Fli>\n\u003Cli>Remove unused themes from the server\u003C\u002Fli>\n\u003Cli>Rename the plugin directory\u003C\u002Fli>\n\u003Cli>Move the active theme to an alternate location\u003C\u002Fli>\n\u003Cli>Do not use TimThumb\u003C\u002Fli>\n\u003Cli>Do not use common user names (such as “admin”)\u003C\u002Fli>\n\u003Cli>Do not use weak passwords\u003C\u002Fli>\n\u003Cli>Do not have a user with an ID = 1\u003C\u002Fli>\n\u003Cli>Minimize the number of admin users\u003C\u002Fli>\n\u003Cli>Users should not display their login usernames publicly\u003C\u002Fli>\n\u003Cli>Prevent username enumeration through standard author URLs\u003C\u002Fli>\n\u003Cli>…more tests planned\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check the \u003Ca href=\"screenshots\" rel=\"nofollow ugc\">screenshots\u003C\u002Fa> for more detail on some of the above features.\u003C\u002Fp>\n\u003Cp>Many of these security checks are based on recommendations from the WordPress codex: https:\u002F\u002Fcodex.wordpress.org\u002FHardening_WordPress.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>Some of the tips included in this plugin only require making small changes to configuration files (.htaccess, php.ini, wp-config.php, functions.php). Others require more in-depth changes to the filesystem or database. Before attempting any of these fixes, you should be comfortable experimenting and know how to undo any change you make. That includes making backups and knowing how restore your site from those backups. I can’t guarantee that the recommendations or sample code provided in this plugin will not break your site or that they will prevent it from being hacked.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Apache web server\u003C\u002Fli>\n\u003Cli>WordPress 3.4 minimum\u003C\u002Fli>\n\u003Cli>PHP 5.2.7 minimum\u003C\u002Fli>\n\u003C\u002Ful>\n","Performs a detailed security analysis of your WordPress installation. Provides specific instructions on how to make your site more secure.",70,8052,8,"2016-07-19T02:06:00.000Z","4.6.30","3.4",[20,102,103,55,104],"hacks","secure","vulnerability","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgauntlet-security.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":17,"tags":121,"homepage":124,"download_link":125,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-sentinel","WP-Sentinel","2.0.3","evilsocket","https:\u002F\u002Fprofiles.wordpress.org\u002Fevilsocket\u002F","\u003Cp>WP-Sentinel, is a plugin for the WordPress platform which will increase the security of your blog against attacks\u003Cbr \u002F>\nfrom crackers, lamers, black hats, h4x0rs, etc .\u003Cbr \u002F>\nThe plugin will be loaded by wordpress before every other installed plugin and will execute some security checks upon incoming http requests and, when one of more\u003Cbr \u002F>\nrequests turn on the system alarm, they will be blocked, the sentinel then will show a warning message to the user and send a notification email to the blog\u003Cbr \u002F>\nadministrator with the whole attack details.\u003Cbr \u002F>\nFurthermore wp-sentinel will communicate with a centralized server to collect attackers data and build a ip address blacklist.\u003C\u002Fp>\n\u003Cp>This plugin is able to block those kind of attacks :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cross Site Scriptings\u003C\u002Fli>\n\u003Cli>HTML Injections\u003C\u002Fli>\n\u003Cli>Remote File Inclusions\u003C\u002Fli>\n\u003Cli>Remote Command Executions\u003C\u002Fli>\n\u003Cli>Local File Inclusions\u003C\u002Fli>\n\u003Cli>SQL Injections \u003C\u002Fli>\n\u003Cli>Integer & string overflows\u003C\u002Fli>\n\u003Cli>Cross Site Request Forgery \u003C\u002Fli>\n\u003Cli>Login bruteforcing\u003C\u002Fli>\n\u003Cli>Flooding\u003C\u002Fli>\n\u003Cli>… and so on 🙂\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>WP-Sentinel will NOT check requests from the user logged in as administrator, so if you want to check the installation you have to log out first.\u003C\u002Fp>\n","A wordpress security system plugin which will check every HTTP request against a given set of rules to filter out malicious requests.",60,23802,52,5,"2012-02-03T11:57:00.000Z","3.3.2","2.8",[20,21,122,123,55],"ids","ips","http:\u002F\u002Flab.evilsocket.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-sentinel.2.0.3.zip",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":11,"downloaded":134,"rating":13,"num_ratings":13,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":17,"tags":138,"homepage":142,"download_link":143,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"ph-protection","Proxy Hacking Protection","0.0.1","niyari","https:\u002F\u002Fprofiles.wordpress.org\u002Fniyari\u002F","\u003Cp>Proxy Hacking Protection.\u003C\u002Fp>\n\u003Cp>To prevent a reduction in the search results by the replication of illegal content.\u003C\u002Fp>\n\u003Cp>不正なコンテンツの複製による検索結果の低下を防止。\u003C\u002Fp>\n","To prevent a reduction in the search results by the replication of illegal content.",2314,"2015-11-13T13:45:00.000Z","4.3.34","4.3.1",[139,21,22,140,141],"google","protection","proxy","http:\u002F\u002Fpsn.hatenablog.jp\u002Fentry\u002Fproxy-hacking-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fph-protection.0.0.1.zip",{"attackSurface":145,"codeSignals":181,"taintFlows":192,"riskAssessment":210,"analyzedAt":217},{"hooks":146,"ajaxHandlers":163,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":32,"unprotectedCount":13},[147,153,156,159],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","admin_menu","addOptionPage","index.php",39,{"type":148,"name":154,"callback":155,"file":151,"line":50},"admin_enqueue_scripts","scripts",{"type":148,"name":154,"callback":157,"file":151,"line":158},"styles",41,{"type":148,"name":160,"callback":161,"file":151,"line":162},"plugins_loaded","downloadAsJSON",45,[164,170,174],{"action":165,"nopriv":166,"callback":167,"hasNonce":168,"hasCapCheck":166,"file":151,"line":169},"px_theme_scanner_hashes",false,"ajaxNewHashes",true,42,{"action":171,"nopriv":166,"callback":172,"hasNonce":168,"hasCapCheck":166,"file":151,"line":173},"px_theme_scanner_check","ajaxCheckHashes",43,{"action":175,"nopriv":166,"callback":176,"hasNonce":168,"hasCapCheck":166,"file":151,"line":177},"px_theme_scanner_upload","ajaxFileUpload",44,[],[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":35,"externalRequests":13,"nonceChecks":32,"capabilityChecks":35,"bundledLibraries":191},[],{"prepared":13,"raw":13,"locations":184},[],{"escaped":186,"rawEcho":35,"locations":187},2,[188],{"file":151,"line":189,"context":190},302,"raw output",[],[193],{"entryPoint":194,"graph":195,"unsanitizedCount":13,"severity":209},"\u003Cindex> (index.php:0)",{"nodes":196,"edges":207},[197,202],{"id":198,"type":199,"label":200,"file":151,"line":201},"n0","source","$_POST",170,{"id":203,"type":204,"label":205,"file":151,"line":189,"wp_function":206},"n1","sink","echo() [XSS]","echo",[208],{"from":198,"to":203,"sanitized":168},"low",{"summary":211,"deductions":212},"The 'exploit-scanner-for-active-theme' v1.0.5 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history.  The absence of known CVEs and a lack of critical findings in taint analysis are significant positive indicators.  The plugin demonstrates good practice by implementing nonce checks and capability checks for its AJAX handlers, and all SQL queries are secured using prepared statements.  Furthermore, the limited number of entry points and the lack of REST API routes, shortcodes, or cron events contribute to a reduced attack surface.",[213,215],{"reason":214,"points":32},"One file operation without specific context",{"reason":216,"points":72},"One third of outputs not properly escaped","2026-03-16T22:53:49.810Z",{"wat":219,"direct":226},{"assetPaths":220,"generatorPatterns":223,"scriptPaths":224,"versionParams":225},[221,222],"\u002Fwp-content\u002Fplugins\u002Fexploit-scanner-for-active-theme\u002Fjs\u002Fcustom.js","\u002Fwp-content\u002Fplugins\u002Fexploit-scanner-for-active-theme\u002Fcss\u002Fstyles.css",[],[221],[],{"cssClasses":227,"htmlComments":233,"htmlAttributes":234,"restEndpoints":238,"jsGlobals":258,"shortcodeOutput":260},[228,229,230,231,232],"px-theme-scanner-hashes","px-theme-scanner-scan","px-theme-scanner-results","card-tools","has-hashes",[],[235,236,237],"data-action=\"pxNewHashes\"","data-action=\"pxScanHashes\"","data-action=\"pxUploadJSON\"",[239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fposts","\u002Fwp-json\u002Fwp\u002Fv2\u002Fpages","\u002Fwp-json\u002Fwp\u002Fv2\u002Fmedia","\u002Fwp-json\u002Fwp\u002Fv2\u002Fcategories","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftags","\u002Fwp-json\u002Fwp\u002Fv2\u002Fusers","\u002Fwp-json\u002Fwp\u002Fv2\u002Fcomments","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftypes","\u002Fwp-json\u002Fwp\u002Fv2\u002Ftaxonomies","\u002Fwp-json\u002Fwp\u002Fv2\u002Fsettings","\u002Fwp-json\u002Fwp\u002Fv2\u002Fthemes","\u002Fwp-json\u002Fwp\u002Fv2\u002Fplugins","\u002Fwp-json\u002Fwp\u002Fv2\u002Fsearch","\u002Fwp-json\u002Fwp\u002Fv2\u002Fblock-renderer","\u002Fwp-json\u002Fwp\u002Fv2\u002Fmenu-locations","\u002Fwp-json\u002Fwp\u002Fv2\u002Fmenus","\u002Fwp-json\u002Fwp\u002Fv2\u002Fmenu-items","\u002Fwp-json\u002Fwp\u002Fv2\u002Fterm","\u002Fwp-json\u002Fwp\u002Fv2\u002Fterms",[259],"pxThemeScannerVars",[]]