[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVyr_RhjplKCVr1S65Sr1_k8sjDYilaT78ikYjVLn6XI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":141,"fingerprints":194},"feature-flags","Feature Flags","0.4.1","Mohan Raj","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohanrajp\u002F","\u003Cp>Feature flags allows developers to configure features behind the feature flags on both Server(PHP) and Client(JS\u002FTS) side.\u003C\u002Fp>\n","Feature flags allows developers to configure features behind the feature flags on both Server(PHP) and Client(JS\u002FTS) side.",10,3609,0,"2025-09-04T19:30:00.000Z","6.8.5","6.4","8.1",[4,19,20],"flags","wp-feature-flags","https:\u002F\u002Fgithub.com\u002Fcodebtech\u002Fwp-feature-flags","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeature-flags.0.4.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"mohanrajp",3,20,95,30,91,"2026-04-05T02:22:11.552Z",[36,55,75,94,117],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":13,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"beta-flags","Beta Flags … now with A\u002FB Testing!","1.3.0","Charles Jaimet","https:\u002F\u002Fprofiles.wordpress.org\u002Fcmjaimet\u002F","\u003Cp>Beta Flags allow developers to manage the release of new features. Instead of having code execute as soon as it is deployed to the production environment. You can now wrap it in a beta flag conditional and activate it from the back end.\u003C\u002Fp>\n\u003Cp>A\u002FB Testing works very similarly, except that instead of turning a code block on or off, they allow you to turn it on 50% of the time. This uses a slight variant on the URL used to display a post or term page, which can then be tracked in an analytics service (e.g. Adobe Omniture, Google 360).\u003C\u002Fp>\n\u003Ch3>The Basics of Beta Flags\u003C\u002Fh3>\n\u003Cp>To create a new beta flag, open the configuration JSON file. A copy of this file is provided with this plugin and is stored at \u003Ccode>data\u002Fbeta-flags.json\u003C\u002Fcode>. You may prefer to create a copy in the root of your theme, the same folder that contains functions.php (\u003Ccode>[theme]\u002Fbeta-flags.json\u003C\u002Fcode>).\u003C\u002Fp>\n\u003Cp>The JSON file follows the format below:\u003Cbr \u002F>\n    \u003Ccode>{\u003Cbr \u002F>\n    \"flags\": {\u003Cbr \u002F>\n        \"sidebar_web\": {\u003Cbr \u002F>\n            \"title\": \"Beta Flags IN THEME\",\u003Cbr \u002F>\n            \"description\": \"Add a sidebar to the post page\",\u003Cbr \u002F>\n            \"author\": \"Charles Jaimet\"\u003Cbr \u002F>\n        },\u003Cbr \u002F>\n        \"library_admin\": {\u003Cbr \u002F>\n            \"title\": \"Beta Flags QA: Plugin Admin Test\",\u003Cbr \u002F>\n            \"description\": \"For Beta Flag testing in admin interface\",\u003Cbr \u002F>\n            \"author\": \"Charles Jaimet\"\u003Cbr \u002F>\n        }\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Each flag is defined by a key (e.g. sidebar_web, library_admin), representing an object with a title, description, and author. The key must be unique, and is used throughout to identify the given flag.\u003C\u002Fp>\n\u003Cp>Once you have activated the plugin (there are no special instructions for this), navigate to Tools > Beta Flags in the admin interface (\u003Ccode>\u002Fwp-admin\u002Ftools.php?page=beta-flags\u003C\u002Fcode>). Here you will find the flags from your JSON file if you have created it correctly.\u003C\u002Fp>\n\u003Cp>A note about JSON, the easiest mistake to make is to put a comma after the last element in an array or object. This will break the JSON but is easy enough to fix when you know what to look for. Kinda like forgetting a semi-colon in PHP. Stupid semi-colons…\u003C\u002Fp>\n\u003Cp>When you first load the plugin, and any time after you update the JSON file, you should return to this admin screen. New flags are disabled by default, and can only be enabled here. Check the box in the Enabled column beside each flag you want to turn on. Click Save Changes when done.\u003C\u002Fp>\n\u003Cp>In your theme or other plugins, you can use these beta flag keys to control feature execution by wrapping a conditional around the relevant code. Try to group your wrapped code into a single function, method, or class to avoid littering your theme with beta flag conditionals.\u003C\u002Fp>\n\u003Cp>The public function \u003Ccode>beta_flag_enabled( $key )\u003C\u002Fcode> will return a true|false value if the beta flag is enabled.\u003C\u002Fp>\n\u003Cp>Some examples:\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'sidebar_web' ) ) {\u003Cbr \u002F>\n    get_sidebar();\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'new_design' ) ) {\u003Cbr \u002F>\n    wp_register_style( 'my_styles', '\u002Fassets\u002Fmy_styles.css', array(), '1.0.0', false );\u003Cbr \u002F>\n    wp_enqueue_style( 'my_styles' );\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'popup_offer' ) ) {\u003Cbr \u002F>\n    new PopupOffer( '10% Off', 0.1 );\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>I suggest using beta flag keys that make sense and convey their purpose. Adding a version number never hurt, either. There is no character limit, so go nuts.\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'revised_sticky_video_for_youtube_widgets_v.1.0.5' ) ) {\u003Cbr \u002F>\n    get_sidebar();\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>A\u002FB Testing\u003C\u002Fh3>\n\u003Cp>Now you have your beta flags and you’ve embedded them in your code. The feature works as expected and you have it running on production. Is it better than what it replaced?\u003C\u002Fp>\n\u003Cp>Enter A\u002FB testing.\u003C\u002Fp>\n\u003Cp>Check the A\u002FB Test box beside the flag you want to test in the admin interface (see screen shot below), and check the “Enable beta testing” box at the bottom of the flag list, then click “Save Changes”.\u003C\u002Fp>\n\u003Cp>Go to your website and refresh a few times. You will start to see some term and post links appearing with \u003Ccode>?ab=1\u003C\u002Fcode> appended to their URLs. (e.g. \u003Ccode>http:\u002F\u002Flocal.wordpress.test\u002Fhello-world\u002F?ab=1\u003C\u002Fcode>).\u003C\u002Fp>\n\u003Cp>When a visitor follows one of these links they will see your page with the beta flag disabled. When they follow the normal URL without the query string (e.g. \u003Ccode>http:\u002F\u002Flocal.wordpress.test\u002Fhello-world\u002F\u003C\u002Fcode>) they will see the page with the beta flag enabled.\u003C\u002Fp>\n\u003Cp>The query string is randomly appended 50% of time, so two visitors may follow the same link in the sidebar or menu, and one will get the flag turned on and one will get it turned off.\u003C\u002Fp>\n\u003Cp>Because the URL matches the state of the beta flag, you will be able to see in your analytics service which experience visitors engaged with more. Implementing an effective A\u002FB testing campaign is outside the scope of a README file but there are plenty of good reference books and sites.\u003C\u002Fp>\n\u003Cp>As long as the “Enable beta testing” box is checked, post and term URLs on your site will get this query string treatment. Only beta flags that have the A\u002FB Test box checked will be affected. Those with it unchecked will be controlled strictly by their Enabled box. Note also that checking A\u002FB Test on a flag that is disabled will have no effect. Off is off.\u003C\u002Fp>\n","Thanks to: James Williams, whose plugin inspired this one (https:\u002F\u002Fgithub.com\u002Fjamesrwilliams\u002Ffeature-flags)",1123,"2018-11-02T13:34:00.000Z","4.9.29","3.0","",[50,37,51,4],"ab-testing","developers","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbeta-flags\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeta-flags.zip",85,{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":13,"downloaded":63,"rating":13,"num_ratings":13,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":67,"tags":68,"homepage":73,"download_link":74,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"great-feature-toggle","Great Feature Toggle – Feature Flags for WordPress","6.5.6","Geoff Mulligan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgmulligan\u002F","\u003Cp>Great Feature Toggle is a lightweight feature toggle plugin for WordPress that allows administrators to quickly enable or disable site functionality from a single admin panel.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlights\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Simple Contact Form\u003C\u002Fstrong> shortcode: built-in \u003Cem>CAPTCHA\u003C\u002Fem> and sane validation.\u003Cbr \u002F>\n* \u003Cstrong>SEO Meta\u003C\u002Fstrong>: set site title\u002Fdescription (lightweight, theme-agnostic).\u003Cbr \u002F>\n* \u003Cstrong>Custom Login Logo\u003C\u002Fstrong>: for branded admin\u002Flogin views.\u003Cbr \u002F>\n* \u003Cstrong>Custom Mail-From\u003C\u002Fstrong>: set name\u002Faddress (including envelope) for outgoing emails.\u003Cbr \u002F>\n* \u003Cstrong>Disable Comments\u003C\u002Fstrong>: site-wide for posts\u002Fmedia (fully reversible).\u003Cbr \u002F>\n* \u003Cstrong>Force Login\u003C\u002Fstrong>: limit pages with \u003Cem>allowlist\u003C\u002Fem> of public paths (e.g., \u002Fprivacy-policy, \u002Fcontact).\u003Cbr \u002F>\n* \u003Cstrong>Hide Login\u002FAccount Nav Links\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Hide Admin Screen Options & Help Tabs\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Hide Menu Items\u003C\u002Fstrong>: a limit menu for logged out users.\u003Cbr \u002F>\n* \u003Cstrong>Shortcodes\u003C\u002Fstrong>: \u003Ccode>[grftg_message]\u003C\u002Fcode> to output a message; \u003Ccode>[grftg_reading_time]\u003C\u002Fcode> to show estimated reading time.\u003Cbr \u002F>\n* Built to WordPress coding standards and security best-practices (nonces, capabilities, escaping\u002Fsanitization).\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Performance-optimized compilation system\u003Cbr \u002F>\n* Categorized feature organization\u003Cbr \u002F>\n* Real-time admin interface\u003Cbr \u002F>\n* Robust error handling\u003Cbr \u002F>\n* Translation ready\u003C\u002Fp>\n\u003Ch3>WordPress Feature Toggles\u003C\u002Fh3>\n\u003Cp>Great Feature Toggle adds simple feature toggles so you can enable or disable WordPress features without modifying code.\u003C\u002Fp>\n\u003Ch3>Feature Flag Plugin\u003C\u002Fh3>\n\u003Cp>Great Feature Toggle acts as a feature flag plugin for WordPress administrators who want to enable or disable functionality without modifying code.\u003C\u002Fp>\n","Great Feature Toggle is a WordPress feature toggle and feature flag plugin that lets administrators enable or disable WordPress features such as conta &hellip;",299,"2026-03-14T20:51:00.000Z","6.9.4","6.0","7.4",[69,4,70,71,72],"feature-flag","feature-management-plugin","feature-toggle","wordpress-feature-toggle","https:\u002F\u002Fwww.mulligan.com\u002Fgft","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgreat-feature-toggle.6.5.6.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":13,"downloaded":83,"rating":13,"num_ratings":13,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":91,"download_link":92,"security_score":93,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"switcheroo","Switcheroo","1.0.2","John Thompson","https:\u002F\u002Fprofiles.wordpress.org\u002Fufmedia\u002F","\u003Cp>Feature flags are a powerful tool for controlling the availability of features on your site. By enabling or disabling flags, you can control what is active on your site without needing to deploy new code.\u003C\u002Fp>\n\u003Cp>Features are defined in the \u003Ccode>switcheroo.json\u003C\u002Fcode> file located in the root of your project.\u003Cbr \u002F>\nEach feature has:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unique ID\u003C\u002Fstrong>: An identifier for the feature.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Title\u003C\u002Fstrong>: A human-readable name.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Description\u003C\u002Fstrong>: Explains the feature’s purpose.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status\u003C\u002Fstrong>: Indicates whether the feature is active, experimental, deprecated, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Link\u003C\u002Fstrong>: An optional link to further information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can toggle each feature within the Switcheroo Settings in the WP Admin (Settings -> Switcheroo).\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch3>Managing Feature Flags in Code\u003C\u002Fh3>\n\u003Cp>You can wrap your feature-specific code in a conditional statement to check if a flag is enabled.\u003C\u002Fp>\n\u003Cp>For example, use the \u003Ccode>switcheroo_flag_status('my_feature')\u003C\u002Fcode> function to determine whether a feature is active and include its logic conditionally.\u003C\u002Fp>\n\u003Ch3>Suggested Feature Flag Statuses\u003C\u002Fh3>\n\u003Cp>Each feature flag can be assigned a status, allowing for better organisation and understanding of the feature’s state:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Draft\u003C\u002Fstrong>: The feature is still in development and not ready for use.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Experimental\u003C\u002Fstrong>: The feature is available for testing but may have known issues.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active\u003C\u002Fstrong>: The feature is live and functional on the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deprecated\u003C\u002Fstrong>: The feature is being phased out and may be removed in the future.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Breaking\u003C\u002Fstrong>: The feature introduces significant changes; enabling or disabling it may cause issues.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Archived\u003C\u002Fstrong>: The feature has been permanently removed or is no longer supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Risk\u003C\u002Fstrong>: The feature introduces significant changes or is under scrutiny for potential issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Command Line Management\u003C\u002Fh3>\n\u003Cp>You can also manage your feature flags via the command line using WP-CLI. The \u003Ccode>wp switcheroo\u003C\u002Fcode> command allows you to view and modify feature flags.\u003C\u002Fp>\n\u003Cp>Examples:\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo\u003C\u002Fcode>: List all flags and their statuses.\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo my_feature\u003C\u002Fcode>: Check the status of the \u003Ccode>my_feature\u003C\u002Fcode> flag.\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo my_feature on\u003C\u002Fcode>: Enable the \u003Ccode>my_feature\u003C\u002Fcode> flag.\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo my_feature off\u003C\u002Fcode>: Disable the \u003Ccode>my_feature\u003C\u002Fcode> flag.\u003C\u002Fp>\n","Easily manage feature flags to control the availability of features on your WordPress site without deploying new code.",1593,"2025-03-12T12:29:00.000Z","6.7.5","5.0","8.0",[89,4,90],"development","site-management","https:\u002F\u002Fufmedia.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswitcheroo.1.0.2.zip",92,{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":102,"downloaded":103,"rating":93,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":115,"download_link":116,"security_score":54,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"international-telephone-input-for-contact-form-7","International Telephone Input for Contact Form 7","1.5.7","Yordan Soares","https:\u002F\u002Fprofiles.wordpress.org\u002Fyordansoares\u002F","\u003Cp>Addon for Contact Form 7 that creates a new type of input for entering and validating international telephone numbers. It adds a flag dropdown with prefix of the telephone number, detects the user’s country, displays a relevant placeholder and provides formatting\u002Fvalidation methods.\u003C\u002Fp>\n\u003Ch4>How to use\u003C\u002Fh4>\n\u003Cp>Once you have installed and activated your plugin, a new type of input field will be available in your Contact Form 7 forms. In order to add it to your form, you can either click on the “International Telephone” button above your form editor, or add the shortcode like: \u003Ccode>[intl_tel* {your-phone}]\u003C\u002Fcode>. Replace \u003Ccode>{your-phone}\u003C\u002Fcode> by the name do you want to give the field. Optionally, you can use the asterisk (*) to makes the field required.\u003C\u002Fp>\n\u003Cp>To display the field’s info on your email, use this tag: \u003Ccode>[{your-phone}]\u003C\u002Fcode>. It will display something like +12025550109\u003C\u002Fp>\n\u003Ch4>Aditional info in your email\u003C\u002Fh4>\n\u003Cp>You can also recover specific parts of the telephone number: the name of the country it refers to, the country code, the number without the country code. Use this tags:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>[{your-phone}-cf7it-country-name]\u003C\u002Fcode>: It prints the name of the country. For the example above: United States\u003C\u002Fli>\n\u003Cli>\u003Ccode>[{your-phone}-cf7it-country-code]\u003C\u002Fcode>: It prints the country code of the phone number. For the example above: 1\u003C\u002Fli>\n\u003Cli>\u003Ccode>[{your-phone}-cf7it-country-iso2]\u003C\u002Fcode>: It prints the country iso code. For the example above: us\u003C\u002Fli>\n\u003Cli>\u003Ccode>[{your-phone}-cf7it-national]\u003C\u002Fcode>: It prints the phone number without international prefix. For the example above: 2025550109\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Third-party software\u003C\u002Fh4>\n\u003Cp>This plugin uses the \u003Ca href=\"https:\u002F\u002Fintl-tel-input.com\u002F\" rel=\"nofollow ugc\">International Telephone Input\u003C\u002Fa> JavaScript library and the \u003Ca href=\"https:\u002F\u002Fextreme-ip-lookup.com\" rel=\"nofollow ugc\">eXTReMe-IP-LOOKUP.com API\u003C\u002Fa>.\u003C\u002Fp>\n","Addon for Contact Form 7 that creates a new type of input for entering and validating international telephone numbers. It adds a flag dropdown, detect &hellip;",9000,78374,26,"2022-02-21T04:53:00.000Z","5.9.13","4.0","7.0",[110,111,112,113,114],"cf7-international-phone-input","contact-form-7","country-code","international-phone-input","telephone-flags-input","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Finternational-telephone-input-for-contact-form-7\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finternational-telephone-input-for-contact-form-7.1.5.7.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":127,"num_ratings":30,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":48,"tags":131,"homepage":136,"download_link":137,"security_score":138,"vuln_count":139,"unpatched_count":139,"last_vuln_date":140,"fetched_at":25},"language-icons-flags-switcher","Flag Icons","2.2","Vasilis Triantafyllou","https:\u002F\u002Fprofiles.wordpress.org\u002Fhavengr\u002F","\u003Cp>This plugin helps you to add the flag icons with the targeted links on your site by choosing desired position or using a shortcode.\u003C\u002Fp>\n\u003Cp>Version 2 supports Google Translate ICON !\u003C\u002Fp>\n\u003Cp>You just have to select position,flag and add the link!\u003C\u002Fp>\n\u003Cp>Flags Icons: English, Bosnia, Nepal, Klingon, Iceland, Switzerland, Mongolia, Moldova, Greece, Belgium, EU, UAE, Indonesia, Hong Kong, Brazil, Estonia, Lithuania, Latvia, Argentina, Finland, Norway, Germany, Spain, Wales, Ireland, Romania, India, Hungary, Portugal, Usa, Turkey, Japan, Israel, Saudi Arabia, Sweden, France, Italy, Netherlands, s. Korea, China, Czech , Cyprus, Russia, Malaysia, Singapore, Thailand, Denmark, Bulgaria , Canada, Dominician Republic, Croatia, Egypt, New Zealand, Myanmar, Algeria, Australia, Esperado, Iran, Iraq, Catalan, Taiwav, Albania, Morocco, Palestine, Luxembourg, Mexico, Vietnam, Azerbaijan,Belarus,Cambodia,Libya,Ethiopia, Luxembourg, Afghanistan, Aruba, Georgia, Haiti, Kuwait, Malta, paraguay, Peru, South-Africa, Uzbekistan, Ukraine, Pakistan, Australia, Austria, Tunisia and Poland.\u003C\u002Fp>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n\u003Cp>Thanks for using! Its my first plugin i hope it will help!\u003C\u002Fp>\n","Flags Icons Language Switcher.",4000,63370,98,"2022-04-10T20:50:00.000Z","5.8.13","3.3",[19,132,133,134,135],"icons","language","multisite","switch","http:\u002F\u002Fwww.webcraft.gr\u002Fmuli","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flanguage-icons-flags-switcher.zip",64,1,"2025-03-31 00:00:00",{"attackSurface":142,"codeSignals":179,"taintFlows":187,"riskAssessment":188,"analyzedAt":193},{"hooks":143,"ajaxHandlers":170,"restRoutes":171,"shortcodes":177,"cronEvents":178,"entryPointCount":139,"unprotectedCount":139},[144,150,155,160,164,166],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","rest_api_init","register_routes","includes\\Api\\Flags.php",39,{"type":145,"name":151,"callback":152,"file":153,"line":154},"admin_menu","register_settings","includes\\Settings.php",29,{"type":145,"name":156,"callback":157,"file":158,"line":159},"admin_enqueue_scripts","closure","plugin.php",43,{"type":145,"name":161,"callback":162,"file":158,"line":163},"wp_enqueue_scripts","anonymous",81,{"type":145,"name":156,"callback":162,"file":158,"line":165},87,{"type":167,"name":168,"callback":157,"file":158,"line":169},"filter","plugin_action_links_codeb-feature-flags\u002Fplugin.php",134,[],[172],{"namespace":173,"route":19,"methods":174,"callback":162,"permissionCallback":24,"file":148,"line":176},"feature-flags\u002Fv1",[175],"GET",51,[],[],{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":183,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":185,"bundledLibraries":186},[],{"prepared":13,"raw":13,"locations":182},[],{"escaped":139,"rawEcho":13,"locations":184},[],2,[],[],{"summary":189,"deductions":190},"The 'feature-flags' plugin v0.4.1 exhibits a generally strong security posture with several good practices evident. The plugin has no recorded vulnerabilities, including critical or high severity ones, and has a history free of any CVEs, suggesting a well-maintained and secure codebase.  The static analysis further supports this, showing no dangerous functions, file operations, or external HTTP requests, and all SQL queries are properly prepared, with all output correctly escaped. However, a significant concern arises from the presence of one unprotected REST API route. This unprotected endpoint represents a direct attack vector that could potentially be exploited if it handles sensitive data or performs actions without proper authorization checks.\n\nWhile the absence of dangerous functions, prepared SQL statements, and proper output escaping are commendable, the single unprotected REST API route is a notable weakness that detracts from an otherwise robust security profile. The lack of taint analysis results and the limited number of capability checks might indicate a smaller scope of functionality, which is good for security, but it's crucial to ensure that all entry points, especially REST API routes, are adequately protected against unauthorized access and potential misuse.  In conclusion, the plugin is strong in many areas of secure coding, but the unprotected REST API route requires immediate attention to mitigate potential risks.",[191],{"reason":192,"points":11},"Unprotected REST API route","2026-03-17T00:58:40.697Z",{"wat":195,"direct":206},{"assetPaths":196,"generatorPatterns":200,"scriptPaths":201,"versionParams":202},[197,198,199],"\u002Fwp-content\u002Fplugins\u002Ffeature-flags\u002Fbuild\u002Fsettings.js","\u002Fwp-content\u002Fplugins\u002Ffeature-flags\u002Fbuild\u002Fsettings.css","\u002Fwp-content\u002Fplugins\u002Ffeature-flags\u002Fbuild\u002Findex.js",[],[197,199],[203,204,205],"feature-flags\u002Fbuild\u002Fsettings.js?ver=","feature-flags\u002Fbuild\u002Fsettings.css?ver=","feature-flags\u002Fbuild\u002Findex.js?ver=",{"cssClasses":207,"htmlComments":208,"htmlAttributes":209,"restEndpoints":210,"jsGlobals":212,"shortcodeOutput":214},[],[],[],[211],"\u002Fwp-json\u002Ffeature-flags\u002Fv1\u002Fflags",[213],"codebFeatureFlags",[]]