[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdSZFJ0xQo_1DBhhoC7jaB6PmQFczXszgH6IzQJ90WE0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":34,"analysis":138,"fingerprints":305},"files-inspector","Files Inspector","0.1","alexhee","https:\u002F\u002Fprofiles.wordpress.org\u002Falexhee\u002F","\u003Cp>This plugin is used to detect changes based on the dates that you have run an inspection to the files within\u003Cbr \u002F>\nthe wordpress instance. With this, you can see if there is a modification, addition or deletion to the files\u003Cbr \u002F>\nand compare the changes based on the date. Besides that, it can be used as a security tools to point out\u003Cbr \u002F>\nwhich files has been altered ever since there’s a compromised.\u003C\u002Fp>\n\u003Cp>This plugin do not write or change any of your file permission. All it does is just read the information of\u003Cbr \u002F>\neach files and folders under the wordpress instance.\u003C\u002Fp>\n","Compare files changes within wordpress.",10,1532,100,1,"2014-12-16T14:43:00.000Z","4.0.38","3.1","",[20,21,22,4,23],"file","file-changes","file-compare","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffiles-inspector.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},30,84,"2026-04-04T11:45:34.412Z",[35,60,83,101,118],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":58,"unpatched_count":26,"last_vuln_date":59,"fetched_at":28},"website-file-changes-monitor","Melapress File Monitor","2.3.0","Melapress","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelapress\u002F","\u003Ch3>Get notified of file and permission changes on your WordPress sites and boost reliability & security\u003C\u002Fh3>\n\u003Cp>Melapress File Monitor is a WordPress file integrity monitoring plugin that keeps track of file and permission changes on your WordPress websites. It enables you to promptly identify code changes, file and directory permission changes, leftover files, malicious code, and malware injections – and take action.\u003C\u002Fp>\n\u003Cp>Install \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fwordpress-file-monitor\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"nofollow ugc\">Melapress File Monitor\u003C\u002Fa> on your website to:\u003Cbr \u002F>\n*   Detect malware, infected files or files altered by bad actors\u003Cbr \u002F>\n*   Keep track of the last code changes on your website for easier troubleshooting\u003Cbr \u002F>\n*   Identify changes in file and directory permissions\u003Cbr \u002F>\n*   Identify leftover & backup files that can lead to sensitive business & technical data exposure\u003Cbr \u002F>\n*   Spot malware injections early to avoid irreparable site damage\u003Cbr \u002F>\n*   Conduct essential WordPress forensic analysis after a cyberattack.\u003C\u002Fp>\n\u003Cp>The plugin allows you to monitor and log file and permission changes across your WordPress site. You can see changes directly in the WordPress dashboard for easy access. You can also configure the plugin to send you file and permission change alerts through email whenever it detects a change; keeping you informed wherever you are.\u003C\u002Fp>\n\u003Cp>It helps you easily spot leftover and backup files that could leave your website exposed, and detect malware and code changes, so you can remove the files and clean malware infections at the earliest possible.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cp>Melapress File Monitor is a very easy to use plugin with zero admin work.\u003C\u002Fp>\n\u003Ch4>No False Alarms – Just Genuine Alerts!\u003C\u002Fh4>\n\u003Cp>This plugin uses an exclusive smart technology that detects WordPress core updates, plugin & theme installs, uninstalls, and updates.\u003C\u002Fp>\n\u003Cp>When you update the WordPress core, install a new plugin, update a theme, or delete a plugin it won’t flood you with hundreds of alerts prompting a false alarm. You only get alerted of genuine file and permission changes that can have an effect on the functionality and security of your WordPress site!\u003C\u002Fp>\n\u003Ch4>Instant Email Notifications\u003C\u002Fh4>\n\u003Cp>After a scan, the plugin sends an email with the list of file and permission changes it identifies on your WordPress sites and multisite networks.\u003C\u002Fp>\n\u003Cp>The email includes all the details you require to track WordPress file changes, such as:\u003Cbr \u002F>\n* The filename and the path of the file\u003Cbr \u002F>\n* A count of how many files were added, modified or deleted\u003Cbr \u002F>\n* A highlight of the site admin changes that caused the file changes, such as the plugins or themes installs, uninstalls, and updates.\u003C\u002Fp>\n\u003Ch4>Scans ALL Your Files, Including Custom Code\u003C\u002Fh4>\n\u003Cp>Melapress File Monitor can scan any type of file and it is not limited to WordPress and PHP files. Apart from the WordPress core files, plugins and themes files, it will also scan any other custom code files that you might have on your WordPress site.\u003C\u002Fp>\n\u003Cp>It also compares the WordPress core files of your website to the list of files on the official WordPress repository, so it will also alert you if a WordPress core file has been tampered with, or changed. You can also choose to exclude specific files, directories, and extensions for complete control.\u003C\u002Fp>\n\u003Cp>To learn more on both the file integrity monitoring technologies the plugin uses refer to \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002Fkb\u002Fwebsite-file-changes-monitor-how-plugin-detects-file-changes\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"nofollow ugc\">how the plugin detects file changes on WordPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>WordPress Multisite Networks Support\u003C\u002Fh4>\n\u003Cp>The Melapress File Monitor plugin can also detect file changes on WordPress multisite networks. When installed on a network, the plugin configuration and alerts are only available to the super administrators, preventing possible disclosure of sensitive information that could jeopardize the security of the sites on the network.\u003C\u002Fp>\n\u003Ch4>Other Notable Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Optimized scanning technology that does not affect the performance of your site\u003C\u002Fli>\n\u003Cli>Fully configurable file scan frequency (hourly, daily, weekly, time of the day)\u003C\u002Fli>\n\u003Cli>Instant file integrity scans with just a click of a button\u003C\u002Fli>\n\u003Cli>Ability to exclude directories, files, and file types from the scan\u003C\u002Fli>\n\u003Cli>Configurable maximum file size to scan\u003C\u002Fli>\n\u003Cli>File changes data only available to administrators for better security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Free Plugin Support\u003C\u002Fh3>\n\u003Cp>Support is available for free via:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fadmin-notices-manager\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"ugc\">forums\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fsupport\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=anm\" rel=\"nofollow ugc\">email\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>MAINTAINED & SUPPORTED BY MELAPRESS\u003C\u002Fh3>\n\u003Cp>Melapress builds high-quality niche WordPress security & management plugins, including WP Activity Log, Melapress Login Security, and others.\u003C\u002Fp>\n\u003Cp>Visit the \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=anm\" rel=\"nofollow ugc\">Melapress website\u003C\u002Fa> for more information about the company and the plugins it develops.\u003C\u002Fp>\n\u003Ch3>Install the plugin from within WordPress\u003C\u002Fh3>\n\u003Cp>WordPress security is easy with Melapress File Monitor. Simply:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Navigate to Plugins > Add New, from your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Search for Melapress File Monitor\u003C\u002Fli>\n\u003Cli>Install & activate the plugin from your Plugins page\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Install the plugin manually (via file upload)\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from the WordPress plugins repository\u003C\u002Fli>\n\u003Cli>Unzip the zip file and upload the folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the Melapress File Monitor plugin through the Plugins page in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Translate the plugin in your own language\u003C\u002Fh3>\n\u003Cp>If you want to help us translate this plugin in your own language please \u003Ca href=\"https:\u002F\u002Fmelapress.com\u002Fcontact\u002F?utm_source=wp+repo&utm_medium=repo+link&utm_campaign=wordpress_org&utm_content=mfm\" rel=\"nofollow ugc\">contact us\u003C\u002Fa>. We will credit all translators.\u003C\u002Fp>\n","Get email alerts for file and permission changes on your WordPress sites. No false positives!",5000,127993,82,31,"2026-02-26T09:10:00.000Z","6.9.4","5.0","8.0",[52,53,21,54,23],"file-monitor","file-security","malware-detection","http:\u002F\u002Fmelapress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebsite-file-changes-monitor.2.3.0.zip",95,4,"2025-07-03 00:00:00",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":13,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":81,"download_link":82,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"blob-mimes","Lord of the Files: Enhanced Upload Security","1.4.2","Blobfolio","https:\u002F\u002Fprofiles.wordpress.org\u002Fblobfolio\u002F","\u003Cp>WordPress relies mostly on name-based validation when deciding whether or not to allow a particular file, leaving the door open for various kinds of attacks.\u003C\u002Fp>\n\u003Cp>Lord of the Files adds to this content-based validation and sanitizing, making sure that files are what they say they are and safe for inclusion on your site.\u003C\u002Fp>\n\u003Cp>The main features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Robust \u003Cem>real\u003C\u002Fem> filetype detection;\u003C\u002Fli>\n\u003Cli>Full MIME alias mapping;\u003C\u002Fli>\n\u003Cli>SVG sanitization (if SVG uploads have been independently allowed);\u003C\u002Fli>\n\u003Cli>File upload validation debugger;\u003C\u002Fli>\n\u003Cli>Fixes issues related to \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40175\" rel=\"nofollow ugc\">#40175\u003C\u002Fa> that have been present since WordPress \u003Ccode>4.7.1\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Fixes ambiguous media extensions \u003Ca href=\"https:\u002F\u002Fcore.trac.wordpress.org\u002Fticket\u002F40921\" rel=\"nofollow ugc\">#40921\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.2 or later.\u003C\u002Fli>\n\u003Cli>PHP 7.4 or later.\u003C\u002Fli>\n\u003Cli>\u003Ccode>dom\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>fileinfo\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>mbstring\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003Cli>\u003Ccode>xml\u003C\u002Fcode> PHP extension.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please note: it is \u003Cstrong>not safe\u003C\u002Fstrong> to run WordPress atop a version of PHP that has reached its \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fsupported-versions.php\" rel=\"nofollow ugc\">End of Life\u003C\u002Fa>. Future releases of this plugin might, out of necessity, drop support for old, unmaintained versions of PHP. To ensure you continue to receive plugin updates, bug fixes, and new features, just make sure PHP is kept up-to-date. 🙂\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin does not make use of or collect any “Personal Data”.\u003C\u002Fp>\n","This plugin expands file-related security and sanity around the upload process.",1000,95238,11,"2025-09-17T03:38:00.000Z","6.8.5","5.2","7.4",[76,77,78,79,80],"file-validation","mime","security-plugin","svg","upload-security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblob-mimes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblob-mimes.1.4.2.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":13,"num_ratings":14,"last_updated":93,"tested_up_to":72,"requires_at_least":94,"requires_php":18,"tags":95,"homepage":99,"download_link":100,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"disable-file-editor","Disable File Editor","1.7","Nikunj Soni","https:\u002F\u002Fprofiles.wordpress.org\u002Fnikunjsoni\u002F","\u003Cp>This plugin will disable file editing tool in your WordPress admin panel.\u003C\u002Fp>\n","This plugin will disable file editing tool in your WordPress admin panel.",600,6011,"2025-10-08T15:25:00.000Z","3.7",[96,20,97,23,98],"editor","file-editor","wp-admin","http:\u002F\u002Fwww.nikunjsoni.co.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-file-editor.1.7.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":13,"num_ratings":58,"last_updated":111,"tested_up_to":48,"requires_at_least":49,"requires_php":74,"tags":112,"homepage":18,"download_link":117,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"folder-auditor","Guard Dog Security & Site Lock","6.6","WP Fix It - WordPress Experts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfixit\u002F","\u003Cp>\u003Cstrong>Guard Dog Security & Site Lock\u003C\u002Fstrong> helps WordPress administrators keep their installations clean and secure.\u003C\u002Fp>\n\u003Cp>Over time, it’s common for orphaned plugin or theme folders to build up in your wp-content directory. These stray folders may be the result of incomplete uninstallations, leftover files from updates, or abandoned code that was never fully removed. While they might seem harmless at first glance, they can create confusion, waste storage space, and in some cases pose a serious security risk.\u003C\u002Fp>\n\u003Cp>Hackers often exploit these forgotten folders by hiding backdoors or malicious scripts inside them, knowing that site owners rarely check for or even notice such files. An orphaned folder can act as an open invitation for unauthorized access, giving attackers a quiet place to operate undetected.\u003Cbr \u002F>\nBy identifying and removing these unused folders, you not only keep your WordPress installation clean and organized but also close off potential entry points that could otherwise be used to compromise your site. The Guard Dog Security plugin makes this process simple, scanning your directories to uncover anything that doesn’t belong and highlighting it for review before it becomes a problem.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SITE LOCK – Only found here!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>One of the easiest ways for a hacked user to damage your site is by adding or changing the physical files that WordPress relies on. If attackers can place hidden scripts, modify plugin or theme files, or inject malicious code, they gain the power to compromise your entire site.\u003C\u002Fp>\n\u003Cp>The Site Lock feature in Guard Dog Security protects against this by allowing you to lock all folders and files in your installation and make them read-only. Once locked, no new files can be added, no existing files can be changed, and nothing can be removed. This ensures that the foundation of your WordPress site remains untouched, even if someone attempts to exploit vulnerabilities or gain access.\u003C\u002Fp>\n\u003Cp>When updates or changes are needed, you can unlock the system with a single action, perform your updates, and then reapply the lock. This simple but powerful safeguard gives you complete control over your site’s file structure and adds a layer of security that goes beyond what most WordPress plugins offer.\u003C\u002Fp>\n\u003Cp>This plugin scans the following directories:\u003Cbr \u002F>\n– WordPress Root (main installation folder)\u003Cbr \u002F>\n– wp-content Folder (wp-content\u002F)\u003Cbr \u002F>\n– Plugins Folder (wp-content\u002Fplugins\u002F)\u003Cbr \u002F>\n– Themes Folder (wp-content\u002Fthemes\u002F)\u003Cbr \u002F>\n– Uploads Folder (wp-content\u002Fuploads\u002F)\u003Cbr \u002F>\n– htaccess files\u003Cbr \u002F>\n– Database tables\u003C\u002Fp>\n\u003Cp>Guard Dog Security takes a disk-first approach. It crawls your entire WordPress installation and inventories every single file and folder, not just plugins and themes. Everything is presented in a clear interface where you can open items to view their contents, mark them to ignore, delete them if they are not needed, or download a copy for backup or investigation.\u003C\u002Fp>\n\u003Cp>Because it works directly from what is actually on disk, you are never limited by what WordPress shows in the admin. You can quickly spot unfamiliar files, tidy up leftovers from old plugins or themes, and pull down suspicious items for review, all without leaving the dashboard. It provides a fast and transparent way to see exactly what is on your server and take action immediately.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003Cbr \u002F>\n– Finds plugin folders not listed on the Plugins screen (hidden or orphaned)\u003Cbr \u002F>\nScans for plugin folders that exist in your WordPress installation but aren’t showing on the Plugins screen.\u003Cbr \u002F>\n– Detects missing plugin folders referenced by active or installed plugins\u003Cbr \u002F>\nIdentifies when active or installed plugins are missing their associated folders.\u003Cbr \u002F>\n– Lists top-level folders and files in key WordPress directories\u003Cbr \u002F>\nDisplays top-level files and folders within critical WordPress directories for easy auditing.\u003Cbr \u002F>\n– Fully lock all folders and files to make them read only\u003Cbr \u002F>\nLets you make all folders and files read-only for maximum protection.\u003Cbr \u002F>\n– Configure security headers\u003Cbr \u002F>\nAdds and manages HTTP security headers to harden your site against common threats.\u003Cbr \u002F>\n– Configure user security\u003Cbr \u002F>\nProvides settings to strengthen account and login security for WordPress users.\u003Cbr \u002F>\n– Infection scanner\u003Cbr \u002F>\nScan all site files to find any suspicious files\u003Cbr \u002F>\n– Zero configuration setup\u003Cbr \u002F>\nEnable scheduled scans to find any suspicious files and send you an email report\u003Cbr \u002F>\n– As many emails receipts as you like\u003Cbr \u002F>\nWorks right after install and activation—no complex setup required.\u003C\u002Fp>\n","Audit your site to keep WordPress clean and secure. Enable our one-of-a-kind SITE LOCK to give your site the ultimate security.",200,5148,"2026-02-25T13:08:00.000Z",[113,114,115,116],"easy-security","file-permissions","folder-permissions","site-lock","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffolder-auditor.6.6.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":13,"downloaded":126,"rating":26,"num_ratings":26,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":136,"download_link":137,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"random-file-upload-names","Random File Upload Names","1.0.0","wpza","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpza\u002F","\u003Ch3>Randomise file upload names in WordPress\u003C\u002Fh3>\n\u003Cp>This plugin from WPZA provides your website randomised file names when you upload files into WordPress automatically. Helping with encrypting file names using MD5-encryption, making them harder to be guessed by visitors.\u003C\u002Fp>\n","This plugin from WPZA provides your website randomised file names when you upload files into WordPress.",3579,"2020-01-21T18:36:00.000Z","5.3.21","3.0.0","5.0.0",[132,133,134,135,23],"change-file-upload-names","encypt","md5","random-file-names","https:\u002F\u002Fwpza.net\u002Fencrypting-file-upload-names-in-wordpress-automatically\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-file-upload-names.zip",{"attackSurface":139,"codeSignals":179,"taintFlows":252,"riskAssessment":285,"analyzedAt":304},{"hooks":140,"ajaxHandlers":163,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":178,"unprotectedCount":178},[141,147,151,154,159],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","init","init_files_inspector","filesinespector.php",50,{"type":142,"name":148,"callback":149,"file":145,"line":150},"admin_menu","register_menu",86,{"type":142,"name":143,"callback":152,"file":145,"line":153},"action_callback_method_name",87,{"type":155,"name":156,"callback":157,"file":145,"line":158},"filter","your_filter_here","filter_callback_method_name",88,{"type":142,"name":160,"callback":161,"file":145,"line":162},"wp_enqueue_scripts","my_scripts_method",221,[164,169,172],{"action":165,"nopriv":166,"callback":167,"hasNonce":166,"hasCapCheck":166,"file":145,"line":168},"filesinspector_delete_record",false,"closure",90,{"action":170,"nopriv":166,"callback":167,"hasNonce":166,"hasCapCheck":166,"file":145,"line":171},"filesinspector_compare_record",96,{"action":173,"nopriv":166,"callback":167,"hasNonce":166,"hasCapCheck":166,"file":145,"line":174},"filesinspector_run_action",112,[],[],[],3,{"dangerousFunctions":180,"sqlUsage":196,"outputEscaping":212,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":251},[181,186,189,193],{"fn":182,"file":183,"line":184,"context":185},"unserialize","model\\general.php",47,"$thisRecord = unserialize($thisRecord[0]->data);",{"fn":182,"file":183,"line":187,"context":188},48,"$targetRecord = unserialize($targetRecord[0]->data);",{"fn":182,"file":190,"line":191,"context":192},"template\\config.php",25,"\u003C?php $data = unserialize($latestRecord[0]->summary); ?>",{"fn":182,"file":190,"line":194,"context":195},80,"\u003C?php $summary = unserialize($record->summary); ?>",{"prepared":26,"raw":197,"locations":198},5,[199,203,206,208,210],{"file":200,"line":201,"context":202},"admin-configuration.php",53,"$wpdb->get_var() with variable interpolation",{"file":183,"line":204,"context":205},18,"$wpdb->get_results() with variable interpolation",{"file":183,"line":207,"context":205},23,{"file":183,"line":209,"context":205},28,{"file":183,"line":211,"context":205},33,{"escaped":58,"rawEcho":207,"locations":213},[214,216,218,220,221,223,225,226,228,229,231,233,234,236,237,239,241,242,243,245,247,248,250],{"file":200,"line":191,"context":215},"raw output",{"file":145,"line":217,"context":215},108,{"file":219,"line":70,"context":215},"template\\compare-result.php",{"file":219,"line":70,"context":215},{"file":219,"line":222,"context":215},13,{"file":219,"line":224,"context":215},24,{"file":219,"line":211,"context":215},{"file":219,"line":227,"context":215},44,{"file":219,"line":201,"context":215},{"file":219,"line":230,"context":215},63,{"file":190,"line":232,"context":215},27,{"file":190,"line":209,"context":215},{"file":190,"line":235,"context":215},29,{"file":190,"line":211,"context":215},{"file":190,"line":238,"context":215},59,{"file":190,"line":240,"context":215},61,{"file":190,"line":240,"context":215},{"file":190,"line":230,"context":215},{"file":190,"line":244,"context":215},69,{"file":190,"line":246,"context":215},73,{"file":190,"line":246,"context":215},{"file":190,"line":249,"context":215},81,{"file":190,"line":45,"context":215},[],[253,275],{"entryPoint":254,"graph":255,"unsanitizedCount":273,"severity":274},"addAction (filesinespector.php:84)",{"nodes":256,"edges":270},[257,262,266],{"id":258,"type":259,"label":260,"file":145,"line":261},"n0","source","$_POST (x2)",103,{"id":263,"type":264,"label":265,"file":145,"line":261},"n1","transform","→ compareRecord()",{"id":267,"type":268,"label":269,"file":183,"line":184,"wp_function":182},"n2","sink","unserialize() [Object Injection]",[271,272],{"from":258,"to":263,"sanitized":166},{"from":263,"to":267,"sanitized":166},2,"high",{"entryPoint":276,"graph":277,"unsanitizedCount":273,"severity":274},"\u003Cfilesinespector> (filesinespector.php:0)",{"nodes":278,"edges":282},[279,280,281],{"id":258,"type":259,"label":260,"file":145,"line":261},{"id":263,"type":264,"label":265,"file":145,"line":261},{"id":267,"type":268,"label":269,"file":183,"line":184,"wp_function":182},[283,284],{"from":258,"to":263,"sanitized":166},{"from":263,"to":267,"sanitized":166},{"summary":286,"deductions":287},"The \"files-inspector\" v0.1 plugin exhibits significant security concerns primarily due to its unprotected entry points and lack of robust input sanitization. The static analysis reveals three AJAX handlers, all of which lack authentication checks, presenting a direct attack vector. Furthermore, the plugin utilizes the dangerous `unserialize` function and performs all SQL queries without prepared statements, increasing the risk of deserialization vulnerabilities and SQL injection. The taint analysis highlights two flows with unsanitized paths, indicating potential for path traversal or other file system manipulation vulnerabilities.  Although the plugin has no recorded vulnerability history, this does not negate the immediate risks identified in the code. The absence of capability checks and nonce verifications on AJAX actions further exacerbates these vulnerabilities, making it highly susceptible to unauthorized actions and potential compromise. While the plugin has a small attack surface and no external HTTP requests, these strengths are overshadowed by the critical security flaws.",[288,291,293,295,297,298,300,302],{"reason":289,"points":290},"AJAX handlers without auth checks",15,{"reason":292,"points":11},"Dangerous function: unserialize",{"reason":294,"points":11},"SQL queries without prepared statements",{"reason":296,"points":290},"Taint flow with unsanitized path (critical)",{"reason":296,"points":290},{"reason":299,"points":197},"Output escaping is poorly implemented",{"reason":301,"points":11},"No nonce checks on AJAX",{"reason":303,"points":11},"No capability checks on AJAX","2026-03-17T00:06:16.321Z",{"wat":306,"direct":317},{"assetPaths":307,"generatorPatterns":312,"scriptPaths":313,"versionParams":314},[308,309,310,311],"\u002Fwp-content\u002Fplugins\u002Ffiles-inspector\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Ffiles-inspector\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Ffiles-inspector\u002Fassets\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Ffiles-inspector\u002Fassets\u002Fjs\u002Fscript.js",[],[311],[315,316],"files-inspector\u002Fassets\u002Fcss\u002Fstyle.css?ver=","files-inspector\u002Fassets\u002Fjs\u002Fscript.js?ver=",{"cssClasses":318,"htmlComments":322,"htmlAttributes":324,"restEndpoints":326,"jsGlobals":327,"shortcodeOutput":329},[319,320,321],"filesinspector-content","filesinspector-compare-record","filesinspector-main-content",[323],"\u003C!-- Files Inspector Plugin -->",[325],"data-ajax-url",[],[328],"filesInspectorSettings",[]]