[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fi4kDFkK_SkX52zefx3SEexDgWFiSHhlu2YlHfnZwjXg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":135,"fingerprints":258},"extension-profiles","Extension Profiles","1.0.0","David Towoju","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavexpression\u002F","\u003Cp>Extension Profiles lets WordPress administrators create named “profiles” that define which plugins should be active. When a profile is activated, only the plugins in that profile are loaded for your session. Other plugins are filtered out without actually being deactivated in the database.\u003C\u002Fp>\n\u003Cp>This is ideal for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Development and testing\u003C\u002Fstrong> – Quickly switch between different configurations without activating\u002Fdeactivating plugins one by one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Troubleshooting\u003C\u002Fstrong> – Isolate conflicts by creating minimal profiles.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance testing\u003C\u002Fstrong> – Compare site performance with different plugin sets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Cp>Extension Profiles uses a Must-Use (MU) plugin that intercepts the active plugins list before WordPress loads them. This approach:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Never actually deactivates plugins in the database.\u003C\u002Fli>\n\u003Cli>Only affects the current user’s session (via a secure cookie).\u003C\u002Fli>\n\u003Cli>Has zero overhead when no profile is active.\u003C\u002Fli>\n\u003Cli>Preserves all plugin settings and data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Taxonomy-style admin page\u003C\u002Fstrong> – Familiar interface for creating and managing profiles under the Plugins menu.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin bar switcher\u003C\u002Fstrong> – Quickly activate or deactivate profiles from the WordPress admin bar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dependency support\u003C\u002Fstrong> – Automatically includes required plugins when WordPress 6.5+ “Requires Plugins” headers are present.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-session isolation\u003C\u002Fstrong> – Each user can activate their own profile independently.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugins page notice\u003C\u002Fstrong> – Clear warning banner on the Plugins page when a profile is active.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 6.5 or higher (for dependency resolution).\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher.\u003C\u002Fli>\n\u003Cli>Write access to the \u003Ccode>wp-content\u002Fmu-plugins\u002F\u003C\u002Fcode> directory.\u003C\u002Fli>\n\u003C\u002Ful>\n","Create named profiles to quickly switch between different sets of active plugins per user session.",0,162,"2026-02-16T21:52:00.000Z","6.9.4","6.5","7.4",[18,19,20,21,22],"development","profiles","switching","testing","troubleshooting","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fextension-profiles.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"davexpression",4,470,96,30,91,"2026-04-04T15:27:47.807Z",[38,60,79,101,119],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":33,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"sf-adminbar-tools","Admin Bar Tools","4.0","Grégory Viguier","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreglone\u002F","\u003Cp>The plugin adds a new tab in your admin bar with simple but useful indications and tools.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Displays the number of queries in your page and the amount of time to generate the page.\u003C\u002Fli>\n\u003Cli>Displays the php memory usage and php memory limits (constants \u003Ccode>WP_MEMORY_LIMIT\u003C\u002Fcode> and \u003Ccode>WP_MAX_MEMORY_LIMIT\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>displays the php version and WP version.\u003C\u002Fli>\n\u003Cli>Displays \u003Ccode>WP_DEBUG\u003C\u002Fcode>, \u003Ccode>SCRIPT_DEBUG\u003C\u002Fcode>, \u003Ccode>WP_DEBUG_LOG\u003C\u002Fcode>, \u003Ccode>WP_DEBUG_DISPLAY\u003C\u002Fcode>, and error reporting values.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>In your site front-end:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Lists the template and all template parts used in the current page (template parts added with \u003Ccode>get_template_part()\u003C\u002Fcode>). Compatible with WooCommerce’s templates.\u003C\u002Fli>\n\u003Cli>\u003Ccode>$wp_query\u003C\u002Fcode>: this will open a lightbox displaying the content of \u003Ccode>$wp_query\u003C\u002Fcode>. Click the lightbox title to reload the value, click outside the lightbox to close it.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>In your site administration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin hooks: lists some oftenly used hooks (like \u003Ccode>admin_init\u003C\u002Fcode>). The indicator to the right of the line tells you how many times the hook has been triggered by a callback. A “P” means the hook has a parameter: hover it for more details. Click a hook (on its text) to auto-select its code, for example: click \u003Cem>admin_init\u003C\u002Fem> to select \u003Ccode>add_action( 'admin_init', '' );\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>$current_screen\u003C\u002Fcode>: displays the value of 4 properties of this object: \u003Ccode>id\u003C\u002Fcode>, \u003Ccode>base\u003C\u002Fcode>, \u003Ccode>parent_base\u003C\u002Fcode>, \u003Ccode>parent_file\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>$...now\u003C\u002Fcode>: displays the value of the well-known variables \u003Ccode>$pagenow\u003C\u002Fcode>, \u003Ccode>$typenow\u003C\u002Fcode>, and \u003Ccode>$taxnow\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>On a user profile page, \u003Ccode>$userdata\u003C\u002Fcode>: : this will open a lightbox displaying the user’s data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can decide who’s gonna use this plugin (go to your profile page for all the settings). This way, the plugin’s items won’t show up to other users (your client for example).\u003Cbr \u002F>\nAlso, a new menu item \u003Ccode>Code Tester\u003C\u002Fcode> will appear. There you are able to do some tests with your code.\u003C\u002Fp>\n","Adds some small development tools to the admin bar.",400,15121,8,"2021-01-18T16:09:00.000Z","5.6.0","4.7","5.6",[54,18,55,21,56],"debug","query","tests","https:\u002F\u002Fwww.screenfeed.fr\u002Fsf-abt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsf-adminbar-tools.zip",85,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":25,"downloaded":68,"rating":25,"num_ratings":69,"last_updated":70,"tested_up_to":14,"requires_at_least":71,"requires_php":16,"tags":72,"homepage":77,"download_link":78,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"eli-php-compatibility-scanner","Eli's PHP Compatibility Scanner","1.1.1","Eli Hanna","https:\u002F\u002Fprofiles.wordpress.org\u002Feliehanna\u002F","\u003Cp>\u003Cstrong>⚠️ Important: Development Environment Only\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is designed for development environments like LocalWP, XAMPP, or self-hosted servers. It will \u003Cstrong>not work\u003C\u002Fstrong> on most managed hosting providers (WP Engine, Kinsta, SiteGround, etc.) due to security restrictions that disable the \u003Ccode>exec()\u003C\u002Fcode> function and limit access to PHP binaries.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How It Works\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin leverages \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsquizlabs\u002FPHP_CodeSniffer\" rel=\"nofollow ugc\">PHP_CodeSniffer\u003C\u002Fa> with the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPHPCompatibility\u002FPHPCompatibility\" rel=\"nofollow ugc\">PHPCompatibility\u003C\u002Fa> standard to perform deep static analysis of your PHP code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Core Components:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Bundled Dependencies\u003C\u002Fstrong>: Includes PHP_CodeSniffer and PHPCompatibility ruleset\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Batch Processing\u003C\u002Fstrong>: Scans files in configurable batches (10-100 files) to manage memory usage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Command Execution\u003C\u002Fstrong>: Executes PHPCS via PHP’s \u003Ccode>exec()\u003C\u002Fcode> function with specific parameters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server-Side State\u003C\u002Fstrong>: Stores file lists in WordPress options to optimize AJAX requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Progressive UI\u003C\u002Fstrong>: Real-time batch results with stop\u002Fstart controls\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>How to Use:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Navigate to \u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> PHP Compatibility Scanner\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Review the \u003Cstrong>System Check\u003C\u002Fstrong> section to ensure your environment is compatible\u003C\u002Fli>\n\u003Cli>Select the \u003Cstrong>plugins and\u002For themes\u003C\u002Fstrong> you want to scan by checking their boxes\u003C\u002Fli>\n\u003Cli>Configure your scan options:\n\u003Cul>\n\u003Cli>\u003Cstrong>Target PHP Version\u003C\u002Fstrong>: Choose the PHP version you want to test against (7.4 – 8.4)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Batch Size\u003C\u002Fstrong>: Select how many files to process at once (default: 50 files)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Skip Vendor Directory\u003C\u002Fstrong>: Keep checked to skip third-party dependencies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Start Scan\u003C\u002Fstrong> to begin the compatibility check\u003C\u002Fli>\n\u003Cli>View results in real-time as each plugin\u002Ftheme is scanned\u003C\u002Fli>\n\u003Cli>Review any \u003Cstrong>errors\u003C\u002Fstrong> (❌) or \u003Cstrong>warnings\u003C\u002Fstrong> (⚠️) found in your code\u003C\u002Fli>\n\u003Cli>Click on any target to expand and see detailed compatibility issues\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Why It Requires Development Environments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ccode>exec()\u003C\u002Fcode> Function\u003C\u002Fstrong>: Required to run PHPCS binary – disabled on managed hosts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP Binary Access\u003C\u002Fstrong>: Needs access to PHP executable – restricted on shared hosting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Composer Dependencies\u003C\u002Fstrong>: Requires vendor directory with PHPCS installation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File System Access\u003C\u002Fstrong>: Creates temporary files for batch processing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Memory\u002FTime Limits\u003C\u002Fstrong>: Long-running scans need relaxed execution limits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Environments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>LocalWP\u003C\u002Fstrong> (recommended)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XAMPP\u002FMAMP\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Docker WordPress\u003C\u002Fstrong> setups\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Self-hosted\u003C\u002Fstrong> VPS\u002Fdedicated servers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development\u003C\u002Fstrong> environments with shell access\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Unsupported Environments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WP Engine\u003C\u002Fstrong> (exec() disabled)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Kinsta\u003C\u002Fstrong> (security restrictions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SiteGround\u003C\u002Fstrong> (managed hosting limitations)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GoDaddy Managed WordPress\u003C\u002Fstrong> (function restrictions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress.com\u003C\u002Fstrong> (no plugin uploads)\u003C\u002Fli>\n\u003Cli>Most \u003Cstrong>shared hosting\u003C\u002Fstrong> providers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>This plugin is actively developed for WordPress development environments. Contributions are welcome, especially:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Additional PHP version compatibility rules\u003C\u002Fli>\n\u003Cli>Performance optimizations\u003C\u002Fli>\n\u003Cli>UI\u002FUX improvements\u003C\u002Fli>\n\u003Cli>Hosted environment compatibility solutions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Details\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Dependencies\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>PHP_CodeSniffer\u003C\u002Fstrong>: ^3.13 (static analysis engine)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHPCompatibility\u003C\u002Fstrong>: dev-develop (compatibility ruleset)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>License\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>GPLv2 or later – same as WordPress core.\u003C\u002Fp>\n","A comprehensive WordPress plugin that scans your plugins and themes for PHP version compatibility issues using the  PHPCompatibility ruleset.",891,1,"2026-03-09T20:55:00.000Z","4.5",[73,74,75,21,76],"code-quality","compatibility","phpcs","wordpress-development","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feli-php-compatibility-scanner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feli-php-compatibility-scanner.1.1.1.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":25,"downloaded":87,"rating":25,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":98,"download_link":99,"security_score":100,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-user-role-switcher","User Role Switcher","0.2.1","Dhanendran Rajagopal","https:\u002F\u002Fprofiles.wordpress.org\u002Fdhanendran\u002F","\u003Cp>This plugin allows you to quickly swap between user roles in WordPress at the click of a button. You’ll be instantly switched to the new user role. This is handy for test environments where you regularly log out and in between different accounts, or for administrators who need to switch between multiple accounts to test the feature in different user roles.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Switch Role To: Instantly switch to any user role from the admin bar at top.\u003C\u002Fli>\n\u003Cli>Switch back: Instantly switch back to your originating role.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress, WordPress Multisite, WooCommerce.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Only users with the ability to edit other users can switch user roles. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Once plugin is activated, you will see \u003Cem>Switch Role To\u003C\u002Fem> in the top admin bar.\u003C\u002Fli>\n\u003Cli>Clicking this will bring the list of user roles available in the system.\u003C\u002Fli>\n\u003Cli>Click on any user role you want to test as.\u003C\u002Fli>\n\u003Cli>You can switch back to your originating user role via the \u003Cem>Switch back\u003C\u002Fem> link on the top admin bar.\u003C\u002Fli>\n\u003C\u002Fol>\n","Instant switching between user roles in WordPress.",4683,2,"2025-01-02T08:02:00.000Z","5.6.17","3.7","6.2.2",[94,19,95,96,97],"admin-role","role","user-role-switching","users","https:\u002F\u002Fgithub.com\u002Fdhanendran\u002Fwp-user-role-switcher","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-user-role-switcher.0.2.2.zip",92,{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":11,"num_ratings":11,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":23,"download_link":118,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"test-email-redirector","Test Email Redirector","1.3.3","Zaib Makda","https:\u002F\u002Fprofiles.wordpress.org\u002Fconnectzaib\u002F","\u003Cp>The Test Email Redirector ensures no accidental emails reach real users during WordPress development, staging, or testing. Redirect’s all outgoing emails to a designated test address. Additional features include optional CC\u002FBCC addresses and the ability to include original recipient information in the forwarded email.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Redirect all outgoing emails to a test email address.\u003Cbr \u002F>\n– Add optional CC and BCC addresses.\u003Cbr \u002F>\n– Include original recipient information in the forwarded email.\u003Cbr \u002F>\n– Enable or disable email redirection without deactivating the plugin.\u003Cbr \u002F>\n– Fully configurable via the WordPress admin Tools menu.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later. See the \u003Ca href=\"https:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">License URI\u003C\u002Fa> for details.\u003C\u002Fp>\n","Redirects all outgoing WordPress emails to a specified test address for development and testing purposes.",60,534,"2025-08-01T09:59:00.000Z","6.8.5","5.0","7.2",[18,116,117,21],"email","forward","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftest-email-redirector.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":11,"num_ratings":11,"last_updated":129,"tested_up_to":130,"requires_at_least":131,"requires_php":50,"tags":132,"homepage":23,"download_link":134,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"back-to-the-theme","Back To The Theme","1.2.0","Mikael Korpela","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimison\u002F","\u003Cp>A tool to observe how a page loads in different themes simultaneously.\u003Cbr \u002F>\nUseful for debugging plugins or Gutenberg blocks.\u003C\u002Fp>\n\u003Cp>How to Use:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install several themes you’d like to check out.\u003C\u002Fli>\n\u003Cli>Create a new page.\u003C\u002Fli>\n\u003Cli>Navigate to \u003Cem>Tools\u003C\u002Fem> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Cem>Back To The Theme\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Choose if you want to demo editor- or view side.\u003C\u002Fli>\n\u003Cli>Select the themes you’d like to check out.\u003C\u002Fli>\n\u003Cli>Choose the page you just created. This page will be previewed with all the themes you’ve selected.\u003C\u002Fli>\n\u003Cli>Click \u003Cem>Do it!\u003C\u002Fem>.\u003C\u002Fli>\n\u003Cli>Scroll to see the page rendered with all the themes you selected.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You’ll see your page load with different themes in a bunch of iframes for handy preview and debugging.\u003C\u002Fp>\n\u003Cp>A nice list of popular themes to test:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>wp theme install \\\u003Cbr \u002F>\n  astra \\\u003Cbr \u002F>\n  colormag \\\u003Cbr \u002F>\n  customizr \\\u003Cbr \u002F>\n  generatepress \\\u003Cbr \u002F>\n  hestia \\\u003Cbr \u002F>\n  hueman \\\u003Cbr \u002F>\n  oceanwp \\\u003Cbr \u002F>\n  shapely \\\u003Cbr \u002F>\n  storefront \\\u003Cbr \u002F>\n  sydney \\\u003Cbr \u002F>\n  twentyeleven \\\u003Cbr \u002F>\n  twentyfifteen \\\u003Cbr \u002F>\n  twentyfourteen \\\u003Cbr \u002F>\n  twentynineteen \\\u003Cbr \u002F>\n  twentyseventeen \\\u003Cbr \u002F>\n  twentysixteen \\\u003Cbr \u002F>\n  twentyten \\\u003Cbr \u002F>\n  twentythirteen \\\u003Cbr \u002F>\n  twentytwelve \\\u003Cbr \u002F>\n  vantage\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>See docs for \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fcli\u002Fcommands\u002Ftheme\u002Finstall\u002F\" rel=\"nofollow ugc\">wp theme install\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsimison\u002Fback-to-the-theme\" rel=\"nofollow ugc\">Plugin’s source code on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","See a page with different themes all at once, just like that!",10,1687,"2019-03-01T22:26:00.000Z","5.1.22","4.6",[54,18,21,133],"themes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fback-to-the-theme.zip",{"attackSurface":136,"codeSignals":206,"taintFlows":224,"riskAssessment":252,"analyzedAt":257},{"hooks":137,"ajaxHandlers":192,"restRoutes":203,"shortcodes":204,"cronEvents":205,"entryPointCount":88,"unprotectedCount":88},[138,144,148,151,156,160,164,169,173,175,179,184,189],{"type":139,"name":140,"callback":141,"priority":25,"file":142,"line":143},"action","admin_bar_menu","add_menu","app\\Admin\\AdminBarMenu.php",44,{"type":139,"name":145,"callback":146,"file":142,"line":147},"admin_enqueue_scripts","enqueue_assets",45,{"type":139,"name":149,"callback":146,"file":142,"line":150},"wp_enqueue_scripts",46,{"type":139,"name":152,"callback":153,"file":154,"line":155},"add_meta_boxes_extension_profile","add_meta_box","app\\Admin\\MetaBoxes\\PluginSelectorMetaBox.php",49,{"type":139,"name":157,"callback":158,"priority":127,"file":154,"line":159},"save_post_extension_profile","save_meta_box",50,{"type":139,"name":161,"callback":162,"file":163,"line":143},"admin_notices","maybe_show_notice","app\\Admin\\PluginsPageNotice.php",{"type":139,"name":165,"callback":166,"file":167,"line":168},"admin_menu","add_submenu_page","app\\Admin\\ProfileAdminPage.php",70,{"type":139,"name":170,"callback":171,"file":167,"line":172},"admin_init","handle_form_submission",71,{"type":139,"name":145,"callback":146,"file":174,"line":109},"app\\Providers\\AdminProvider.php",{"type":139,"name":170,"callback":176,"file":177,"line":178},"verify_mu_plugin","app\\Providers\\MuPluginProvider.php",42,{"type":139,"name":180,"callback":181,"file":182,"line":183},"init","register_post_type","app\\Providers\\ProfilePostTypeProvider.php",26,{"type":185,"name":186,"callback":187,"file":188,"line":35},"filter","pre_option_active_plugins","filter_active_plugins","templates\\mu-plugin.php",{"type":185,"name":190,"callback":191,"file":188,"line":100},"pre_option_active_sitewide_plugins","filter_sitewide_plugins",[193,199],{"action":194,"nopriv":195,"callback":196,"hasNonce":195,"hasCapCheck":195,"file":197,"line":198},"extension_profiles_activate",false,"ajax_activate_profile","app\\Providers\\ProfileManagerProvider.php",52,{"action":200,"nopriv":195,"callback":201,"hasNonce":195,"hasCapCheck":195,"file":197,"line":202},"extension_profiles_deactivate","ajax_deactivate_profile",56,[],[],[],{"dangerousFunctions":207,"sqlUsage":208,"outputEscaping":210,"fileOperations":88,"externalRequests":11,"nonceChecks":221,"capabilityChecks":222,"bundledLibraries":223},[],{"prepared":11,"raw":11,"locations":209},[],{"escaped":211,"rawEcho":212,"locations":213},69,3,[214,217,219],{"file":167,"line":215,"context":216},479,"raw output",{"file":167,"line":218,"context":216},483,{"file":167,"line":220,"context":216},487,5,7,[],[225,244],{"entryPoint":226,"graph":227,"unsanitizedCount":11,"severity":243},"render_page (app\\Admin\\ProfileAdminPage.php:235)",{"nodes":228,"edges":240},[229,234],{"id":230,"type":231,"label":232,"file":167,"line":233},"n0","source","$_GET",238,{"id":235,"type":236,"label":237,"file":167,"line":238,"wp_function":239},"n1","sink","echo() [XSS]",292,"echo",[241],{"from":230,"to":235,"sanitized":242},true,"low",{"entryPoint":245,"graph":246,"unsanitizedCount":11,"severity":243},"\u003CProfileAdminPage> (app\\Admin\\ProfileAdminPage.php:0)",{"nodes":247,"edges":250},[248,249],{"id":230,"type":231,"label":232,"file":167,"line":233},{"id":235,"type":236,"label":237,"file":167,"line":238,"wp_function":239},[251],{"from":230,"to":235,"sanitized":242},{"summary":253,"deductions":254},"The \"extension-profiles\" plugin v1.0.0 demonstrates a generally good security posture with several strengths. Notably, it shows no history of known vulnerabilities (CVEs) and uses prepared statements for all SQL queries, indicating a strong defense against SQL injection. The plugin also has a high percentage of properly escaped outputs and incorporates nonce checks and capability checks, which are essential for secure WordPress development.  However, there are significant concerns regarding its attack surface.  The presence of two AJAX handlers without any authentication checks presents a clear risk. This means that any unauthenticated user can trigger these AJAX actions, potentially leading to unintended consequences or exploitation if the functionality is sensitive. While no critical taint flows or dangerous functions were detected in the static analysis, this lack of authentication on entry points is a substantial weakness that requires immediate attention.",[255],{"reason":256,"points":127},"AJAX handlers without auth checks","2026-03-17T07:20:33.964Z",{"wat":259,"direct":268},{"assetPaths":260,"generatorPatterns":263,"scriptPaths":264,"versionParams":265},[261,262],"\u002Fwp-content\u002Fplugins\u002Fextension-profiles\u002Fassets\u002Fcss\u002Fextension-profiles.css","\u002Fwp-content\u002Fplugins\u002Fextension-profiles\u002Fassets\u002Fjs\u002Fextension-profiles.js",[],[262],[266,267],"extension-profiles\u002Fassets\u002Fcss\u002Fextension-profiles.css?ver=","extension-profiles\u002Fassets\u002Fjs\u002Fextension-profiles.js?ver=",{"cssClasses":269,"htmlComments":271,"htmlAttributes":272,"restEndpoints":274,"jsGlobals":275,"shortcodeOutput":277},[270],"extension-profiles-admin-notice",[],[273],"data-extension-profiles-plugin-file",[],[276],"ExtensionProfilesAdmin",[]]