[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYGvWSP4k_QM_9bSUA96QjG9MYByD0gQ-OvDm6xQgj64":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":14,"requires_php":16,"tags":17,"homepage":14,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":136,"fingerprints":272},"files-fence","Files Fence","0.1.3","aixeiger","https:\u002F\u002Fprofiles.wordpress.org\u002Faixeiger\u002F","\u003Cp>Detect if a wordpress core files are changed and if a unwanted file(s) are uploaded or created in wordpress folders different to wp-content\u003C\u002Fp>\n\u003Ch3>How works\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Install the plugin\u003C\u002Fli>\n\u003Cli>That’s all\u003C\u002Fli>\n\u003Cli>For review the unknown or modified files go to “Files Fence” in the sidebar menu\u003C\u002Fli>\n\u003Cli>For ignore a file that you known that was modified click on “ignore”\u003C\u002Fli>\n\u003C\u002Ful>\n","Detect if a wordpress core files are changed and if a unwanted file(s) are uploaded or created in wordpress folders different to wp-content",50,1723,0,"","6.3.8","7.4",[18,19,20,21,22],"checksum-security","files","files-integrity","files-security","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffiles-fence.0.1.3.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},5,140,88,30,86,"2026-04-04T22:23:31.692Z",[36,56,78,98,117],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":24,"downloaded":44,"rating":24,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":16,"tags":49,"homepage":53,"download_link":54,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"reset-file-and-folder-permissions","Reset file and folder permissions","1.1.1","Prakhar Bhatia","https:\u002F\u002Fprofiles.wordpress.org\u002Fprakharb88\u002F","\u003Cp>Reset file and folder permissions is a powerful yet safe WordPress plugin designed to help administrators reset file and directory permissions to their recommended secure values, and optionally reset file\u002Ffolder ownership. This tool is particularly useful after site migrations, server changes, or when dealing with permission-related issues.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Dual Functionality\u003C\u002Fstrong>: Reset both permissions (0644\u002F0755) and ownership (user\u002Fgroup) in separate tabs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ownership Management\u003C\u002Fstrong>: Change file and folder ownership to the correct web server user (VPS\u002Fdedicated servers)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Compatibility Check\u003C\u002Fstrong>: Automatically detects if ownership functions are available on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Batch Processing\u003C\u002Fstrong>: Handles large directory structures efficiently with configurable batch sizes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time Progress\u003C\u002Fstrong>: Visual progress bar with detailed statistics during processing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safety First\u003C\u002Fstrong>: Multiple security checks and confirmations before making changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selective Processing\u003C\u002Fstrong>: Choose specific directories to process (entire site, wp-content, plugins, themes, or uploads)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Recommendations\u003C\u002Fstrong>: Automatically detects and recommends the correct owner\u002Fgroup for your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Error Handling\u003C\u002Fstrong>: Comprehensive error logging and reporting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Interface\u003C\u002Fstrong>: Works seamlessly on desktop and mobile devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Focused\u003C\u002Fstrong>: Only administrators can use this tool, with proper nonce verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Standard WordPress Permissions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Files (0644)\u003C\u002Fstrong>: Owner can read\u002Fwrite, group and others can read only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Directories (0755)\u003C\u002Fstrong>: Owner can read\u002Fwrite\u002Fexecute, group and others can read\u002Fexecute\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>When to Use This Plugin\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>For Permission Reset:\u003C\u002Fstrong>\u003Cbr \u002F>\n* After migrating your WordPress site to a new server\u003Cbr \u002F>\n* When files have incorrect permissions causing functionality issues\u003Cbr \u002F>\n* For security hardening when permissions are too permissive\u003Cbr \u002F>\n* When troubleshooting file access problems\u003Cbr \u002F>\n* During routine maintenance to ensure proper permissions\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Ownership Reset:\u003C\u002Fstrong>\u003Cbr \u002F>\n* After migrating to a new server with a different web server user\u003Cbr \u002F>\n* When WordPress cannot write files or install plugins\u002Fthemes\u003Cbr \u002F>\n* After manually uploading files via FTP with incorrect ownership\u003Cbr \u002F>\n* When troubleshooting “permission denied” errors despite correct permissions\u003Cbr \u002F>\n* When switching hosting providers or server configurations\u003C\u002Fp>\n\u003Ch4>Safety Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Requires explicit confirmation before processing\u003C\u002Fli>\n\u003Cli>Batch processing prevents server timeouts\u003C\u002Fli>\n\u003Cli>Real-time progress monitoring\u003C\u002Fli>\n\u003Cli>Comprehensive error logging\u003C\u002Fli>\n\u003Cli>Restricted to administrators only\u003C\u002Fli>\n\u003Cli>Path validation to prevent processing outside WordPress directory\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports:\u003Cbr \u002F>\n* Email: prakhar@nandann.com\u003Cbr \u002F>\n* Website: https:\u002F\u002Fnandann.com\u003Cbr \u002F>\n* Subject: WordPress Development Help Request\u003C\u002Fp>\n\u003Cp>Professional WordPress development and troubleshooting services available. Expert solutions for complex WordPress challenges including custom development, site migrations, security audits, and performance optimization.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin is developed with security and reliability in mind. All user inputs are sanitized, permissions are validated, and operations are logged for transparency.\u003C\u002Fp>\n\u003Ch4>Technical Details\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Uses WordPress native functions and hooks\u003C\u002Fli>\n\u003Cli>Implements proper AJAX handling with nonce verification\u003C\u002Fli>\n\u003Cli>Follows WordPress coding standards\u003C\u002Fli>\n\u003Cli>Includes comprehensive error handling\u003C\u002Fli>\n\u003Cli>Responsive design using WordPress admin styles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data. All operations are performed locally on your server, and no data is sent to external services.\u003C\u002Fp>\n\u003Ch3>About the Developer\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Prakhar Bhatia\u003C\u002Fstrong> is a professional WordPress developer and troubleshooter with extensive experience in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Troubleshooting\u003C\u002Fstrong>: Expert diagnosis and resolution of complex WordPress issues, performance optimization, and security hardening\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Development\u003C\u002Fstrong>: Bespoke WordPress plugins, themes, and custom functionality tailored to specific business needs  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Migration & Hosting\u003C\u002Fstrong>: Seamless website migrations, hosting optimization, and server configuration for peak performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security & Maintenance\u003C\u002Fstrong>: Comprehensive security audits, malware removal, and ongoing maintenance to keep sites secure\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Nandann Creative Agency\u003C\u002Fstrong> specializes in WordPress development solutions for businesses of all sizes.\u003C\u002Fp>\n\u003Cp>Contact: prakhar@nandann.com | Website: https:\u002F\u002Fnandann.com\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Built with security and usability in mind, following WordPress development best practices. Developed by Prakhar Bhatia at Nandann Creative Agency.\u003C\u002Fp>\n","A WordPress plugin to reset file permissions to 0644, directory permissions to 0755, and file\u002Ffolder ownership for security and maintenance purposes.",1057,2,"2025-12-07T02:56:00.000Z","6.9.4","5.0",[50,19,51,52,22],"directories","maintenance","permissions","https:\u002F\u002Fnandann.com\u002Fcontact","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-file-and-folder-permissions.1.1.1.zip","2026-03-15T15:16:48.613Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":14,"tags":71,"homepage":75,"download_link":76,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"s2member-secure-file-uploader","s2member Secure File Uploader","0.0.2","Lew Ayotte","https:\u002F\u002Fprofiles.wordpress.org\u002Flayotte\u002F","\u003Cp>You must have the \u003Ca href=\"http:\u002F\u002Fwww.s2member.com\u002F2496.html\" rel=\"nofollow ugc\">s2member Membership Plugin\u003C\u002Fa> installed and activated to use this plugin.\u003C\u002Fp>\n\u003Cp>This simple plugin that allows you to upload a file to the s2member-files\u002F secure directory and automatically insert it into your post.\u003C\u002Fp>\n\u003Cp>This plugin was requested by a client, who would only pay for 5 hours worth of work. The plugin could use some polishing and maybe some extra GUI love, but it does what the cliented wanted at the time. Because I feel like it could use some improvements, I’m releasing it as version 0.0.1.\u003C\u002Fp>\n","A s2member add-on that allows you to upload a file to the s2member-files\u002F secure directory and automatically insert a link into your post.",90,8188,60,4,"2013-03-28T23:27:00.000Z","3.5.2","3.2",[72,19,73,74,22],"downloads","s2member","secure","http:\u002F\u002Flewayotte.com\u002Fplugins\u002Fs2member-secure-file-uploader\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fs2member-secure-file-uploader.0.0.2.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":24,"num_ratings":88,"last_updated":89,"tested_up_to":47,"requires_at_least":48,"requires_php":14,"tags":90,"homepage":96,"download_link":97,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"wphhsecure","WPHH SECURE – AIO WordPress Security With File Locking & WP Hide Login","1.1.9","WPHackedHelp","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginsupportwphackedhelp\u002F","\u003Cp>Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility. Built for speed, security, and control.\u003C\u002Fp>\n\u003Ch3>Full Description\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WPHH SECURE\u003C\u002Fstrong> by \u003Ca href=\"https:\u002F\u002Fsecure.wphackedhelp.com\" rel=\"nofollow ugc\">WP Hacked Help\u003C\u002Fa> is a comprehensive WordPress security plugin that integrates advanced file protection and login URL obfuscation. It blocks brute-force attacks, unauthorized access, and file tampering by allowing you to easily lock or unlock your WordPress files and folders with a single click.\u003C\u002Fp>\n\u003Cp>The plugin comes with a user-friendly interface and real-time feedback, ensuring secure operations without any technical knowledge required. WPHH SECURE is built to work seamlessly with the native WordPress functions, ensuring compatibility and safety for all sites, including blogs, business sites, and WooCommerce stores.\u003C\u002Fp>\n\u003Cp>With automatic exclusions for sensitive folders and the ability to manage folder exceptions, WPHH SECURE ensures that critical areas like uploads, cache, and backups are not locked accidentally. It also features login URL hiding to prevent unauthorized access to your site’s backend.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>One-Click Lock\u002FUnlock\u003C\u002Fstrong> – Lock or unlock all WordPress files and folders with a single click.\u003Cbr \u002F>\n✅ \u003Cstrong>Smart Dashboard\u003C\u002Fstrong> – Access real-time status updates and track lock activities in the dashboard.\u003Cbr \u002F>\n✅ \u003Cstrong>Role-Based Access\u003C\u002Fstrong> – Configure permissions to restrict access to the lock\u002Funlock feature based on user roles.\u003Cbr \u002F>\n✅ \u003Cstrong>Login URL Hiding\u003C\u002Fstrong> – Prevent brute-force login attempts by hiding or changing your default WordPress login URL.\u003Cbr \u002F>\n✅ \u003Cstrong>Safe File Handling\u003C\u002Fstrong> – Built on WP_Filesystem for secure file handling using AJAX for smooth background execution.\u003Cbr \u002F>\n✅ \u003Cstrong>Auto Exclusions\u003C\u002Fstrong> – Automatically exclude high-priority folders (e.g., uploads, cache, backups) from being locked.\u003Cbr \u002F>\n✅ \u003Cstrong>Visual Progress Feedback\u003C\u002Fstrong> – Watch real-time updates with progress bars and completion messages.\u003Cbr \u002F>\n✅ \u003Cstrong>Folder Exclusion Manager\u003C\u002Fstrong> – Easily add or remove folders from the exclusion list to keep them safe.\u003C\u002Fp>\n","Secure your WordPress site with one-click file locking, login path hiding, role-based access, and smart dashboard visibility.",70,1870,7,"2026-01-21T13:20:00.000Z",[91,92,93,94,95],"brute-force-protection","file-locking","hide-login-url","wordpress-security","wp-filesystem","https:\u002F\u002Fsecure.wphackedhelp.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwphhsecure.1.1.9.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":32,"downloaded":106,"rating":66,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":14,"tags":111,"homepage":115,"download_link":116,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"autochmod","AutoCHMOD","0.5.2","belinde","https:\u002F\u002Fprofiles.wordpress.org\u002Fbelinde\u002F","\u003Cp>Protect folders and files from unhautorized changes managing filesystem permissions. You can configure the permission mask for file and folders in “protected” and “writeable” status, and with a single click you can switch between them. When you enable writing a cron event is set and the protected status will be applied automatically after 10 minutes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please check carefully the configuration before enabling protection!\u003C\u002Fstrong> If the default permission mask isn’t correct for your server \u003Cstrong>WordPress will stop working\u003C\u002Fstrong>, and you’ll need to restore the correct permission manually.\u003C\u002Fp>\n\u003Cp>Pay attention: the suggested configuration is, obviously, only a suggestion: depending on various system configuration the detection could be suboptimal or erroneous.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New in 0.5:\u003C\u002Fstrong> automatic updates should work regularly; the protection will disabled and re-enabled, hopefully without pain. But this feature is still experimental and I can’t debug it untill next minor release of WP.\u003C\u002Fp>\n","Protect folders and files from unhautorized changes managing filesystem permissions.",4696,3,"2014-04-17T08:20:00.000Z","3.9.40","3.1.0",[112,113,114,52,22],"chmod","filesystem","folders","http:\u002F\u002Fe2net.it?autochmod","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautochmod.0.5.2.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":32,"downloaded":125,"rating":24,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":14,"tags":130,"homepage":134,"download_link":135,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"ttc-tripwire-plugin","TTC WordPress Tripwire Tool","2.0","ljmacphee","https:\u002F\u002Fprofiles.wordpress.org\u002Fljmacphee\u002F","\u003Cp>This is part 2 of a 3 part security suite for WordPress.  This plugin acts as a tripwire, flagging all files that have been changed in the last 1 to 99 days.  Simply choose how many days back in time you wish to go and and it will list all files changed in that time frame for you.\u003C\u002Fp>\n","This plugin acts as a tripwire for you.  It will give you a list of all files changed on your WordPress site in the last 1-99 days.",3164,1,"2011-08-12T13:21:00.000Z","3.2.1","2.5",[131,132,133,22],"changed-files","file","file-list","http:\u002F\u002Fherselfswebtools.com\u002F2008\u002F06\u002Fwordpress-plugin-tripwire-3rd-of-three-part-security-plugin-set.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fttc-tripwire-plugin.zip",{"attackSurface":137,"codeSignals":164,"taintFlows":194,"riskAssessment":260,"analyzedAt":271},{"hooks":138,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[139,145,149,153],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","register_admin_menu","src\\App.php",17,{"type":146,"name":147,"callback":147,"file":143,"line":148},"filter","cron_schedules",18,{"type":140,"name":150,"callback":151,"file":143,"line":152},"filesfence_cron","check_files",19,{"type":140,"name":154,"callback":155,"file":143,"line":156},"admin_init","process_post",20,[],[],[],[161],{"hook":150,"callback":150,"file":162,"line":163},"src\\Installation.php",26,{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":184,"fileOperations":13,"externalRequests":126,"nonceChecks":13,"capabilityChecks":126,"bundledLibraries":193},[],{"prepared":167,"raw":168,"locations":169},28,6,[170,174,176,178,180,182],{"file":171,"line":172,"context":173},"src\\DB.php",204,"$wpdb->query() with variable interpolation",{"file":171,"line":175,"context":173},210,{"file":171,"line":177,"context":173},287,{"file":171,"line":179,"context":173},290,{"file":171,"line":181,"context":173},293,{"file":171,"line":183,"context":173},296,{"escaped":185,"rawEcho":45,"locations":186},22,[187,191],{"file":188,"line":189,"context":190},"src\\Admin.php",34,"raw output",{"file":188,"line":192,"context":190},35,[],[195,240],{"entryPoint":196,"graph":197,"unsanitizedCount":67,"severity":239},"process_post (src\\Route.php:6)",{"nodes":198,"edges":231},[199,205,209,215,218,221,223,225,228],{"id":200,"type":201,"label":202,"file":203,"line":204},"n0","source","$_POST (x2)","src\\Route.php",14,{"id":206,"type":207,"label":208,"file":203,"line":204},"n1","transform","→ get_unknown_checksums_by_id()",{"id":210,"type":211,"label":212,"file":171,"line":213,"wp_function":214},"n2","sink","get_row() [SQLi]",92,"get_row",{"id":216,"type":201,"label":217,"file":203,"line":148},"n3","$_POST",{"id":219,"type":207,"label":220,"file":203,"line":148},"n4","→ get_known_checksums_by_name()",{"id":222,"type":211,"label":212,"file":171,"line":33,"wp_function":214},"n5",{"id":224,"type":201,"label":217,"file":203,"line":192},"n6",{"id":226,"type":207,"label":227,"file":203,"line":192},"n7","→ get_ignored_checksums_by_name()",{"id":229,"type":211,"label":212,"file":171,"line":230,"wp_function":214},"n8",98,[232,234,235,236,237,238],{"from":200,"to":206,"sanitized":233},false,{"from":206,"to":210,"sanitized":233},{"from":216,"to":219,"sanitized":233},{"from":219,"to":222,"sanitized":233},{"from":224,"to":226,"sanitized":233},{"from":226,"to":229,"sanitized":233},"high",{"entryPoint":241,"graph":242,"unsanitizedCount":67,"severity":239},"\u003CRoute> (src\\Route.php:0)",{"nodes":243,"edges":253},[244,245,246,247,248,249,250,251,252],{"id":200,"type":201,"label":202,"file":203,"line":204},{"id":206,"type":207,"label":208,"file":203,"line":204},{"id":210,"type":211,"label":212,"file":171,"line":213,"wp_function":214},{"id":216,"type":201,"label":217,"file":203,"line":148},{"id":219,"type":207,"label":220,"file":203,"line":148},{"id":222,"type":211,"label":212,"file":171,"line":33,"wp_function":214},{"id":224,"type":201,"label":217,"file":203,"line":192},{"id":226,"type":207,"label":227,"file":203,"line":192},{"id":229,"type":211,"label":212,"file":171,"line":230,"wp_function":214},[254,255,256,257,258,259],{"from":200,"to":206,"sanitized":233},{"from":206,"to":210,"sanitized":233},{"from":216,"to":219,"sanitized":233},{"from":219,"to":222,"sanitized":233},{"from":224,"to":226,"sanitized":233},{"from":226,"to":229,"sanitized":233},{"summary":261,"deductions":262},"The 'files-fence' plugin v0.1.3 exhibits a generally good security posture with several positive indicators. The absence of known CVEs and a clean vulnerability history suggest a commitment to security or a lack of past exploitable issues. The code also demonstrates strong practices in SQL query preparation (82% prepared) and output escaping (92% properly escaped), significantly mitigating risks related to common web vulnerabilities like SQL injection and cross-site scripting. Furthermore, the limited attack surface with no AJAX handlers, REST API routes, or shortcodes, and only one cron event, reduces the potential entry points for attackers.  \n\nHowever, there are specific areas of concern that warrant attention. The taint analysis reveals two flows with unsanitized paths, indicating a potential for path traversal vulnerabilities. While no critical or high severity taint flows were found, the presence of these unsanitized paths is a notable weakness. The plugin also lacks nonce checks on its entry points, which, while currently limited in number, could be exploited if an attack vector is discovered that leverages these handlers. Additionally, only one capability check was identified, suggesting that not all actions within the plugin are adequately protected by WordPress role-based access control.\n\nIn conclusion, 'files-fence' v0.1.3 has several strong security practices in place, particularly regarding SQL and output handling. The lack of historical vulnerabilities is a positive sign. Nevertheless, the identified unsanitized paths and the absence of comprehensive nonce and capability checks present clear security risks that should be addressed to further harden the plugin.",[263,266,269],{"reason":264,"points":265},"Taint flows with unsanitized paths (2)",15,{"reason":267,"points":268},"No nonce checks on entry points",10,{"reason":270,"points":29},"Only 1 capability check found","2026-03-16T21:51:49.837Z",{"wat":273,"direct":282},{"assetPaths":274,"generatorPatterns":277,"scriptPaths":278,"versionParams":279},[275,276],"\u002Fwp-content\u002Fplugins\u002Ffiles-fence\u002Fbuild\u002Fcss\u002Fapp.css","\u002Fwp-content\u002Fplugins\u002Ffiles-fence\u002Fbuild\u002Fjs\u002Fapp.js",[],[276],[280,281],"files-fence\u002Fbuild\u002Fcss\u002Fapp.css?ver=","files-fence\u002Fbuild\u002Fjs\u002Fapp.js?ver=",{"cssClasses":283,"htmlComments":284,"htmlAttributes":285,"restEndpoints":286,"jsGlobals":288,"shortcodeOutput":290},[],[],[],[287],"\u002Fwp-json\u002Ffilesfence\u002Fv1\u002Fsettings",[289],"filesFence",[]]