[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frHlzYjiKsmH75oDXFc1tBsqrNbdGZ04Y9PlForetU7M":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":134,"fingerprints":686},"front-end-theme-preview","Front End Theme Preview","1.2.2","Harvey J","https:\u002F\u002Fprofiles.wordpress.org\u002Fharvey_j\u002F","\u003Cp>This plugin allows you to preview your themes or to allow users to preview a theme on the front end.\u003Cbr \u002F>\nIt renders a different theme for the user on your site without changing the current theme. It also offers a\u003Cbr \u002F>\ndownload link for the previewed theme provided that the theme is in the “wp-content\u002Fthemes” directory of your\u003Cbr \u002F>\nwordpress installation. In version 1.2 a theme shopping cart was added to enable you sell your precious premium\u003Cbr \u002F>\nthemes. After a user buys your theme he\u002Fshe will be redirected back to your site and he’ll will be registered using\u003Cbr \u002F>\nthe email he purchased with. The transaction is saved and client can now download his theme from the sidebar.\u003Cbr \u002F>\nThere’s a catch though, the client must be logged in to download his\u002Fher premium theme(s). If all your themes are\u003Cbr \u002F>\nfree, no login is required. Users can just download whenever…\u003C\u002Fp>\n\u003Cp>Note: this plugins only pulls themes from your \u003Ccode>wp-content\u002Fthemes\u003C\u002Fcode> directory, the same directory where zipped files will be stored.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To manually trigger a theme preview, type \u003Ccode>?fet_preview=theme-folder-name\u003C\u002Fcode> at the end of your site url; like \u003Ccode>http:\u002F\u002Fmyawesomesite.com\u002F?fet_preview=my-theme\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Apply a similar procedure for a theme download:- \u003Ccode>http:\u002F\u002Fmyawesomesite.com\u002F?fet_download=my-theme\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Front-end ANY theme preview. Like the plugin name suggests 🙂\u003C\u002Fli>\n\u003Cli>Theme (zip on the fly) download (optional, of course )\u003C\u002Fli>\n\u003Cli>Premium themes shopping cart\u003C\u002Fli>\n\u003C\u002Ful>\n","Allow users to preview and\u002For download\u002Fbuy themes on the front end",10,5463,74,3,"2014-02-22T11:38:00.000Z","3.7.41","3.0","",[20,21,22],"front-end","preview","theme-preview","http:\u002F\u002Fupthatalley.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffront-end-theme-preview.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"harvey_j",1,30,84,"2026-04-04T21:14:12.053Z",[37,60,80,99,116],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"backstage","Backstage – Customizer Demo Access","1.4.2","pixelgrade","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixelgrade\u002F","\u003Cp>Allow your demo site visitors to easily access the Customizer without logging in. This way you can showcase your product’s customization experience as close to reality as possible.\u003C\u002Fp>\n\u003Ch4>Secure\u003C\u002Fh4>\n\u003Cp>Everything is setup in such a way that people who are up to no good can’t mess with your demo site data. We’ve put a lot of thought into this and we believe things are sound.\u003C\u002Fp>\n\u003Ch4>Customizable\u003C\u002Fh4>\n\u003Cp>We know that each of us has their own design sensibilities and particular technical setup. That is why we’ve made it \u003Cem>easy to integrate\u003C\u002Fem> the plugin in a multitude of scenarios.\u003C\u002Fp>\n\u003Cp>You can change both the \u003Cem>frontend and the Customizer behavior\u003C\u002Fem> of the plugin.\u003C\u002Fp>\n\u003Cp>For the frontend, you have several options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For most the default HTML and CSS styling will be just fine. You can customize the button text.\u003C\u002Fli>\n\u003Cli>You can choose to provide your own button HTML and CSS.\u003C\u002Fli>\n\u003Cli>Or you can go all custom and handle the button yourself.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When it comes to the Customizer guest experience, the plugin will introduce a \u003Cem>Back to Demo\u003C\u002Fem> button (instead of the \u003Cem>Publish\u003C\u002Fem> button) and \u003Cem>a notification\u003C\u002Fem> for setting user expectations. You can customize the button text and the notification content and behavior.\u003C\u002Fp>\n\u003Ch4>Compatible\u003C\u002Fh4>\n\u003Cp>Backstage should work with \u003Cem>any type of Customizer options\u003C\u002Fem> you have on your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress core controls;\u003C\u002Fli>\n\u003Cli>Colors and fonts controls;\u003C\u002Fli>\n\u003Cli>Layout and behavioral controls like content width or blog layout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin is compatible with any type of WordPress installation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Works with \u003Cstrong>regular, single installations;\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Works with \u003Cstrong>Multisite setups;\u003C\u002Fstrong> you can activate the plugin \u003Cstrong>network-wide or per-blog.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The following \u003Cstrong>limitations\u003C\u002Fstrong> are inherent to the reality of having a sandboxed Customizer:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>File uploads are not allowed; due to this, any controls that need file upload will not be allowed to be modified;\u003C\u002Fli>\n\u003Cli>Any time a visitor leaves the Customizer, any customization is lost and when he or she enters again, all will start clean;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For theme authors by theme authors\u003C\u002Fh4>\n\u003Cp>The main audience of this plugin are \u003Cstrong>theme and plugin authors\u003C\u002Fstrong> that wish to showcase to potential customers the awesome customization possibilities provided by their product.\u003C\u002Fp>\n\u003Cp>Earn that extra confidence needed for your next sale by being fully open and letting your work speak for itself.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Made with love by \u003Ca href=\"https:\u002F\u002Fpixelgrade.com\" rel=\"nofollow ugc\">Pixelgrade\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>You can translate Backstage on \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fbackstage\" rel=\"nofollow ugc\">\u003Cstrong>translate.wordpress.org\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Issues\u003C\u002Fh3>\n\u003Cp>If you identify any errors or have an idea for improving the plugin, please open an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpixelgrade\u002Fbackstage\u002Fissues?stage=open\" rel=\"nofollow ugc\">issue\u003C\u002Fa>. We’re more than excited to see what the community thinks of this little plugin, and we welcome your input!\u003C\u002Fp>\n\u003Cp>If Github is not your thing but you are passionate about Backstage and want to help us make it better, don’t hesitate to \u003Ca href=\"https:\u002F\u002Fpixelgrade.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">reach us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FCMB2\u002FCMB2\" rel=\"nofollow ugc\">CMB2\u003C\u002Fa> Metaboxes, custom fields library – License: GPLv2 or later\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjcchavezs\u002Fcmb2-conditionals\u002F\" rel=\"nofollow ugc\">CMB2 Conditionals\u003C\u002Fa> plugin for CMB2 – License: GPLv2 or later\u003C\u002Fli>\n\u003C\u002Ful>\n","Showcase your product's flexibility the same way users will harness it, in the Customizer. All elegant and secure.",100,3160,60,2,"2019-11-08T09:28:00.000Z","5.3.0","4.9.0","5.4.0",[54,55,56,57,22],"customizer","demo","guest-access","site-customization","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackstage\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbackstage.1.4.2.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":11,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":78,"download_link":79,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"mdc-theme-switcher","MDC Theme Switcher","3.1.0","Nazmul Ahsan","https:\u002F\u002Fprofiles.wordpress.org\u002Fmukto90\u002F","\u003Ch4>BIG UPDATE\u003C\u002Fh4>\n\u003Cp>[new] Since 3.0.0, each of the visitors can set his own theme that won’t effect others’! We mean, there will be different themes for different visitors at the same time!\u003C\u002Fp>\n\u003Cp>MDC Theme Switcher allows to choose and preview from available themes of a WordPress from front-end. Different themes for different visitors simultaneously!\u003C\u002Fp>\n\u003Cp>Upon activation, it adds a sricky bar to front-end with a dropdown list of availabe themes. Admin can select which of the installed themes should be available in this list.\u003C\u002Fp>\n\u003Cp>It also enables a shortcode \u003Ccode>[mdc_theme_swicher]\u003C\u002Fcode>, that can be added anywhere of the WordPress. In a post, page or widget. Even in template files!\u003C\u002Fp>\n\u003Ch4>Video\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FtqUAlUd6IGE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Allow visitors to choose and preview from available themes from front-end. Different themes for different visitors simultaneously!",6084,70,13,"2016-04-11T07:44:00.000Z","4.4.34","3.0.1",[75,76,20,21,77],"activate","change","theme","http:\u002F\u002Fmedhabi.com\u002Fitems\u002Fmdc-theme-switcher\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmdc-theme-switcher.3.1.0.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":45,"num_ratings":32,"last_updated":18,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":96,"download_link":97,"security_score":45,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":98},"parallels-themes-switcher","Parallels Themes Switcher","1.0","xhtmlweaver","https:\u002F\u002Fprofiles.wordpress.org\u002Fxhtmlweaver\u002F","\u003Cp>In short, this plugin allows you to modify\u002Fswitch the current theme with live site on the fly without messing up with your current visitors.\u003Cbr \u002F>\nThis plugin is perfect for WordPress theme developers, freelancers as it allows you to edit the live theme without interfering the current visitors.\u003Cbr \u002F>\nIt offers following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Ability to duplicate any current themes to the new theme for editing purpose.\u003C\u002Fli>\n\u003Cli>Selectively enabling the theme switcher on the frontend by enabling extra settings in the backend. (By role or by IP Addresses)\u003C\u002Fli>\n\u003Cli>Provides an Ajax theme switcher on the right top which selectively allows the visitor (by role or IP Addresses) to switch the theme.\u003C\u002Fli>\n\u003Cli>A transparent banner on the top to display current theme.\u003C\u002Fli>\n\u003Cli>Full Support is available at http:\u002F\u002Fwww.xhtmlweaver.com or wp-support@xhtmlweaver.com\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to modify\u002Fswitch the current theme on the live site without interfering the current visitors.",6150,"3.1.4","2.7",[92,93,94,95],"ajax-theme-switcher","theme-editing","theme-previewer","theme-switcher","http:\u002F\u002Fwww.xhtmlweaver.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fparallels-themes-switcher.zip","2026-03-15T10:48:56.248Z",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":11,"downloaded":107,"rating":26,"num_ratings":26,"last_updated":108,"tested_up_to":89,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":114,"download_link":115,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"preview-themes","Preview Themes","0.1","Abinav Thakuri","https:\u002F\u002Fprofiles.wordpress.org\u002Fabinav\u002F","\u003Cp>The Preview Themes plugin allows wordpress users to preview all installed themes without having to activate and deactivate them simultaneously.An updated version is likely to come up soon as this is the initial development release.\u003C\u002Fp>\n\u003Cp>Note:The docs will be available at http:\u002F\u002Fdreamsdeveloped.com pretty soon.\u003C\u002Fp>\n","The Preview Themes plugin allows wordpress users to preview all installed themes without having to activate and deactivate them simultaneously.",4103,"2011-06-24T11:52:00.000Z","2.5.1",[111,112,22,113],"layout","preview-theme","themes","http:\u002F\u002Fabinavsblog.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreview-themes.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":26,"num_ratings":26,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":132,"download_link":133,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"random-theme","Random Theme","1.0.1","wpamanuke","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpamanuke\u002F","\u003Cp>Auto Random WordPress Theme located in wp-content\u002Fthemes . This random theme plugin will load different theme every time your visitor come to your website \u002F refresh your website. Just make sure , you have installed some perfect themes. At least you must have 2 WordPress Theme in wp-content\u002Fthemes to show different everytime website load.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress Theme Showcase Plugin https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwordpress-theme-showcase-plugin\u002F , Brad Williams , GNU GPL v2 or later\u003C\u002Fli>\n\u003C\u002Ful>\n","Random WordPree Theme Plugin load random themes located in wp-content\u002Fthemes automatically everytime visitor open the website.",1882,"2018-05-14T10:08:00.000Z","4.9.29","4.9","5.3",[21,117,130,77,131],"showcase","wordpress-theme-preview","http:\u002F\u002Fwpamanuke.com\u002Frandom-theme-wordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frandom-theme.1.0.1.zip",{"attackSurface":135,"codeSignals":264,"taintFlows":439,"riskAssessment":671,"analyzedAt":685},{"hooks":136,"ajaxHandlers":241,"restRoutes":242,"shortcodes":243,"cronEvents":262,"entryPointCount":263,"unprotectedCount":26},[137,143,147,151,154,159,164,168,172,176,182,186,191,196,199,202,206,210,215,219,222,226,230,233,237],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","admin_menu","add_page","class-fetp-admin.php",50,{"type":138,"name":144,"callback":145,"file":141,"line":146},"admin_post_save_fetp_form","update_options",53,{"type":138,"name":148,"callback":149,"file":141,"line":150},"add_meta_boxes","meta_boxes",56,{"type":138,"name":148,"callback":152,"file":141,"line":153},"my_meta_box",687,{"type":155,"name":156,"callback":157,"file":141,"line":158},"filter","fetp_submit_form_metabox","my_submit_box_filter",690,{"type":155,"name":160,"callback":161,"file":162,"line":163},"widget_text","do_shortcode","class.fetp.php",344,{"type":138,"name":139,"callback":165,"file":166,"line":167},"fetp_admin_menu","fetp-admin.php",8,{"type":138,"name":169,"callback":170,"file":166,"line":171},"admin_enqueue_scripts","fetp_options_js",477,{"type":138,"name":173,"callback":174,"file":166,"line":175},"admin_footer","fetp_tabs_js",562,{"type":138,"name":177,"callback":178,"priority":179,"file":180,"line":181},"wp_head","transaction_complete",99,"fetp-transact.php",531,{"type":155,"name":183,"callback":184,"file":180,"line":185},"wp_mail_content_type","__set_html_content_type",713,{"type":138,"name":187,"callback":188,"file":189,"line":190},"widgets_init","fetp_widgets","fetp-widgets.php",217,{"type":155,"name":192,"callback":193,"file":194,"line":195},"stylesheet","fetp_get_theme","fetp.php",177,{"type":155,"name":197,"callback":193,"file":194,"line":198},"template",178,{"type":138,"name":177,"callback":200,"file":194,"line":201},"fetp_bar",181,{"type":138,"name":203,"callback":204,"file":194,"line":205},"setup_theme","fetp_setup_theme",184,{"type":155,"name":207,"callback":208,"file":194,"line":209},"show_admin_bar","__return_false",253,{"type":138,"name":211,"callback":212,"priority":213,"file":194,"line":214},"wp","fetp_hide_admin_bar",999,259,{"type":138,"name":216,"callback":217,"file":194,"line":218},"fetp_action","fetp_add_download_link",336,{"type":138,"name":216,"callback":220,"priority":32,"file":194,"line":221},"fetp_toolbar_select",359,{"type":138,"name":223,"callback":224,"file":194,"line":225},"wp_enqueue_scripts","fetp_scripts",373,{"type":138,"name":177,"callback":227,"priority":228,"file":194,"line":229},"transaction_complete_css",98,376,{"type":138,"name":211,"callback":231,"file":194,"line":232},"fetp_exit_preview",473,{"type":155,"name":234,"callback":235,"priority":11,"file":194,"line":236},"plugin_action_links","fetp_plugin_action_links",504,{"type":155,"name":238,"callback":239,"priority":11,"file":194,"line":240},"plugin_row_meta","fetp_plugin_meta",515,[],[],[244,247,251,254,258],{"tag":245,"callback":21,"file":162,"line":246},"fetpreview",339,{"tag":248,"callback":249,"file":162,"line":250},"fetpdownload","download",340,{"tag":252,"callback":252,"file":162,"line":253},"fetp",341,{"tag":255,"callback":256,"file":162,"line":257},"fetpselect","select_preview",342,{"tag":259,"callback":260,"file":162,"line":261},"fetplistpremium","list_premium_themes",343,[],5,{"dangerousFunctions":265,"sqlUsage":276,"outputEscaping":279,"fileOperations":437,"externalRequests":26,"nonceChecks":32,"capabilityChecks":14,"bundledLibraries":438},[266,270,271,273],{"fn":267,"file":180,"line":268,"context":269},"unserialize",102,"'items' => ( isset( $_COOKIE['fetp_items'] ) && is_array( unserialize( $_COOKIE['fetp_items'] ) ) ) ",{"fn":267,"file":180,"line":268,"context":269},{"fn":267,"file":180,"line":190,"context":272},"$session_items = unserialize( $_COOKIE['fetp_items'] );",{"fn":267,"file":180,"line":274,"context":275},313,"$this->items = unserialize( $_COOKIE['fetp_items'] );",{"prepared":277,"raw":26,"locations":278},12,[],{"escaped":280,"rawEcho":281,"locations":282},6,86,[283,286,288,290,292,294,295,297,298,300,301,303,304,305,307,309,311,313,315,317,319,321,323,325,327,328,330,332,334,335,336,338,339,341,343,345,347,349,351,353,355,357,359,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,389,391,392,394,396,398,400,402,404,405,406,408,410,412,414,416,417,419,421,422,423,425,427,428,430,432,434,435],{"file":141,"line":284,"context":285},168,"raw output",{"file":141,"line":287,"context":285},478,{"file":141,"line":289,"context":285},502,{"file":141,"line":291,"context":285},503,{"file":141,"line":293,"context":285},505,{"file":141,"line":293,"context":285},{"file":141,"line":296,"context":285},508,{"file":141,"line":296,"context":285},{"file":141,"line":299,"context":285},511,{"file":141,"line":299,"context":285},{"file":141,"line":302,"context":285},512,{"file":141,"line":302,"context":285},{"file":141,"line":302,"context":285},{"file":141,"line":306,"context":285},534,{"file":141,"line":308,"context":285},541,{"file":141,"line":310,"context":285},551,{"file":141,"line":312,"context":285},559,{"file":141,"line":314,"context":285},567,{"file":141,"line":316,"context":285},585,{"file":141,"line":318,"context":285},590,{"file":141,"line":320,"context":285},627,{"file":141,"line":322,"context":285},644,{"file":141,"line":324,"context":285},728,{"file":141,"line":326,"context":285},735,{"file":166,"line":209,"context":285},{"file":166,"line":329,"context":285},276,{"file":166,"line":331,"context":285},317,{"file":166,"line":333,"context":285},333,{"file":166,"line":333,"context":285},{"file":166,"line":333,"context":285},{"file":166,"line":337,"context":285},334,{"file":166,"line":337,"context":285},{"file":166,"line":340,"context":285},362,{"file":166,"line":342,"context":285},370,{"file":166,"line":344,"context":285},380,{"file":166,"line":346,"context":285},387,{"file":166,"line":348,"context":285},394,{"file":166,"line":350,"context":285},406,{"file":166,"line":352,"context":285},416,{"file":166,"line":354,"context":285},421,{"file":166,"line":356,"context":285},442,{"file":166,"line":358,"context":285},443,{"file":166,"line":358,"context":285},{"file":166,"line":361,"context":285},461,{"file":166,"line":363,"context":285},544,{"file":166,"line":365,"context":285},619,{"file":180,"line":367,"context":285},273,{"file":180,"line":369,"context":285},285,{"file":180,"line":371,"context":285},303,{"file":180,"line":373,"context":285},572,{"file":189,"line":375,"context":285},23,{"file":189,"line":377,"context":285},26,{"file":189,"line":379,"context":285},29,{"file":189,"line":381,"context":285},31,{"file":189,"line":383,"context":285},34,{"file":189,"line":385,"context":285},46,{"file":189,"line":387,"context":285},47,{"file":189,"line":387,"context":285},{"file":189,"line":390,"context":285},97,{"file":189,"line":179,"context":285},{"file":189,"line":393,"context":285},130,{"file":189,"line":395,"context":285},133,{"file":189,"line":397,"context":285},135,{"file":189,"line":399,"context":285},137,{"file":189,"line":401,"context":285},149,{"file":189,"line":403,"context":285},150,{"file":189,"line":403,"context":285},{"file":189,"line":205,"context":285},{"file":189,"line":407,"context":285},187,{"file":189,"line":409,"context":285},189,{"file":189,"line":411,"context":285},191,{"file":189,"line":413,"context":285},203,{"file":189,"line":415,"context":285},204,{"file":189,"line":415,"context":285},{"file":194,"line":418,"context":285},17,{"file":194,"line":420,"context":285},199,{"file":194,"line":413,"context":285},{"file":194,"line":413,"context":285},{"file":194,"line":424,"context":285},210,{"file":194,"line":426,"context":285},211,{"file":194,"line":426,"context":285},{"file":194,"line":429,"context":285},212,{"file":194,"line":431,"context":285},215,{"file":194,"line":433,"context":285},226,{"file":194,"line":337,"context":285},{"file":194,"line":436,"context":285},357,22,[],[440,464,474,485,495,508,562,588,596,613,624,633,641,657],{"entryPoint":441,"graph":442,"unsanitizedCount":48,"severity":463},"premium_download (class.fetp.php:140)",{"nodes":443,"edges":459},[444,449,453],{"id":445,"type":446,"label":447,"file":162,"line":448},"n0","source","$_GET (x2)",183,{"id":450,"type":451,"label":452,"file":162,"line":448},"n1","transform","→ download_headers()",{"id":454,"type":455,"label":456,"file":162,"line":457,"wp_function":458},"n2","sink","header() [Header Injection]",82,"header",[460,462],{"from":445,"to":450,"sanitized":461},false,{"from":450,"to":454,"sanitized":461},"medium",{"entryPoint":465,"graph":466,"unsanitizedCount":48,"severity":463},"\u003Cclass.fetp> (class.fetp.php:0)",{"nodes":467,"edges":471},[468,469,470],{"id":445,"type":446,"label":447,"file":162,"line":448},{"id":450,"type":451,"label":452,"file":162,"line":448},{"id":454,"type":455,"label":456,"file":162,"line":457,"wp_function":458},[472,473],{"from":445,"to":450,"sanitized":461},{"from":450,"to":454,"sanitized":461},{"entryPoint":475,"graph":476,"unsanitizedCount":32,"severity":463},"widget (fetp-widgets.php:18)",{"nodes":477,"edges":483},[478,480],{"id":445,"type":446,"label":479,"file":189,"line":379},"$_SERVER['REQUEST_URI']",{"id":450,"type":455,"label":481,"file":189,"line":379,"wp_function":482},"echo() [XSS]","echo",[484],{"from":445,"to":450,"sanitized":461},{"entryPoint":486,"graph":487,"unsanitizedCount":32,"severity":463},"fetp_access_denied (fetp.php:16)",{"nodes":488,"edges":493},[489,492],{"id":445,"type":446,"label":490,"file":194,"line":491},"$_SERVER['HTTP_HOST']",20,{"id":450,"type":455,"label":481,"file":194,"line":418,"wp_function":482},[494],{"from":445,"to":450,"sanitized":461},{"entryPoint":496,"graph":497,"unsanitizedCount":32,"severity":463},"fetp_exit_preview (fetp.php:464)",{"nodes":498,"edges":506},[499,502],{"id":445,"type":446,"label":500,"file":194,"line":501},"$_SERVER",465,{"id":450,"type":455,"label":503,"file":194,"line":504,"wp_function":505},"wp_redirect() [Open Redirect]",469,"wp_redirect",[507],{"from":445,"to":450,"sanitized":461},{"entryPoint":509,"graph":510,"unsanitizedCount":560,"severity":561},"fetp_options (fetp-admin.php:103)",{"nodes":511,"edges":552},[512,515,518,521,523,527,529,532,534,538,540,544,546,550],{"id":445,"type":446,"label":513,"file":166,"line":514},"$_POST['fetp_cookie']",112,{"id":450,"type":455,"label":516,"file":166,"line":514,"wp_function":517},"update_option() [Settings Manipulation]","update_option",{"id":454,"type":446,"label":519,"file":166,"line":520},"$_POST['fetp_select']",118,{"id":522,"type":455,"label":516,"file":166,"line":520,"wp_function":517},"n3",{"id":524,"type":446,"label":525,"file":166,"line":526},"n4","$_POST['fetp_themes']",124,{"id":528,"type":455,"label":516,"file":166,"line":526,"wp_function":517},"n5",{"id":530,"type":446,"label":531,"file":166,"line":393},"n6","$_POST['fetp_enable_download']",{"id":533,"type":455,"label":516,"file":166,"line":393,"wp_function":517},"n7",{"id":535,"type":446,"label":536,"file":166,"line":537},"n8","$_POST['fetp_enable_default_theme_download']",136,{"id":539,"type":455,"label":516,"file":166,"line":537,"wp_function":517},"n9",{"id":541,"type":446,"label":542,"file":166,"line":543},"n10","$_POST['fetp_delete_data']",142,{"id":545,"type":455,"label":516,"file":166,"line":543,"wp_function":517},"n11",{"id":547,"type":446,"label":548,"file":166,"line":549},"n12","$_POST[?]",173,{"id":551,"type":455,"label":516,"file":166,"line":549,"wp_function":517},"n13",[553,554,555,556,557,558,559],{"from":445,"to":450,"sanitized":461},{"from":454,"to":522,"sanitized":461},{"from":524,"to":528,"sanitized":461},{"from":530,"to":533,"sanitized":461},{"from":535,"to":539,"sanitized":461},{"from":541,"to":545,"sanitized":461},{"from":547,"to":551,"sanitized":461},7,"low",{"entryPoint":563,"graph":564,"unsanitizedCount":560,"severity":561},"\u003Cfetp-admin> (fetp-admin.php:0)",{"nodes":565,"edges":580},[566,567,568,569,570,571,572,573,574,575,576,577,578,579],{"id":445,"type":446,"label":513,"file":166,"line":514},{"id":450,"type":455,"label":516,"file":166,"line":514,"wp_function":517},{"id":454,"type":446,"label":519,"file":166,"line":520},{"id":522,"type":455,"label":516,"file":166,"line":520,"wp_function":517},{"id":524,"type":446,"label":525,"file":166,"line":526},{"id":528,"type":455,"label":516,"file":166,"line":526,"wp_function":517},{"id":530,"type":446,"label":531,"file":166,"line":393},{"id":533,"type":455,"label":516,"file":166,"line":393,"wp_function":517},{"id":535,"type":446,"label":536,"file":166,"line":537},{"id":539,"type":455,"label":516,"file":166,"line":537,"wp_function":517},{"id":541,"type":446,"label":542,"file":166,"line":543},{"id":545,"type":455,"label":516,"file":166,"line":543,"wp_function":517},{"id":547,"type":446,"label":548,"file":166,"line":549},{"id":551,"type":455,"label":516,"file":166,"line":549,"wp_function":517},[581,582,583,584,585,586,587],{"from":445,"to":450,"sanitized":461},{"from":454,"to":522,"sanitized":461},{"from":524,"to":528,"sanitized":461},{"from":530,"to":533,"sanitized":461},{"from":535,"to":539,"sanitized":461},{"from":541,"to":545,"sanitized":461},{"from":547,"to":551,"sanitized":461},{"entryPoint":589,"graph":590,"unsanitizedCount":32,"severity":561},"\u003Cfetp-widgets> (fetp-widgets.php:0)",{"nodes":591,"edges":594},[592,593],{"id":445,"type":446,"label":479,"file":189,"line":379},{"id":450,"type":455,"label":481,"file":189,"line":379,"wp_function":482},[595],{"from":445,"to":450,"sanitized":461},{"entryPoint":597,"graph":598,"unsanitizedCount":26,"severity":561},"\u003Cfetp> (fetp.php:0)",{"nodes":599,"edges":608},[600,601,602,605,606,607],{"id":445,"type":446,"label":490,"file":194,"line":491},{"id":450,"type":455,"label":481,"file":194,"line":418,"wp_function":482},{"id":454,"type":446,"label":603,"file":194,"line":604},"$_GET",72,{"id":522,"type":455,"label":481,"file":194,"line":337,"wp_function":482},{"id":524,"type":446,"label":500,"file":194,"line":501},{"id":528,"type":455,"label":503,"file":194,"line":504,"wp_function":505},[609,611,612],{"from":445,"to":450,"sanitized":610},true,{"from":454,"to":522,"sanitized":610},{"from":524,"to":528,"sanitized":610},{"entryPoint":614,"graph":615,"unsanitizedCount":48,"severity":623},"__construct (fetp-transact.php:83)",{"nodes":616,"edges":621},[617,619],{"id":445,"type":446,"label":618,"file":180,"line":268},"$_COOKIE['fetp_items'] (x2)",{"id":450,"type":455,"label":620,"file":180,"line":268,"wp_function":267},"unserialize() [Object Injection]",[622],{"from":445,"to":450,"sanitized":461},"high",{"entryPoint":625,"graph":626,"unsanitizedCount":32,"severity":623},"removeitem (fetp-transact.php:202)",{"nodes":627,"edges":631},[628,630],{"id":445,"type":446,"label":629,"file":180,"line":190},"$_COOKIE['fetp_items']",{"id":450,"type":455,"label":620,"file":180,"line":190,"wp_function":267},[632],{"from":445,"to":450,"sanitized":461},{"entryPoint":634,"graph":635,"unsanitizedCount":32,"severity":623},"getCart (fetp-transact.php:311)",{"nodes":636,"edges":639},[637,638],{"id":445,"type":446,"label":629,"file":180,"line":274},{"id":450,"type":455,"label":620,"file":180,"line":274,"wp_function":267},[640],{"from":445,"to":450,"sanitized":461},{"entryPoint":642,"graph":643,"unsanitizedCount":32,"severity":623},"verify (fetp-transact.php:472)",{"nodes":644,"edges":654},[645,648,650],{"id":445,"type":446,"label":646,"file":180,"line":647},"$_POST",528,{"id":450,"type":451,"label":649,"file":180,"line":647},"→ save_transaction()",{"id":454,"type":455,"label":651,"file":180,"line":652,"wp_function":653},"get_row() [SQLi]",606,"get_row",[655,656],{"from":445,"to":450,"sanitized":461},{"from":450,"to":454,"sanitized":461},{"entryPoint":658,"graph":659,"unsanitizedCount":263,"severity":623},"\u003Cfetp-transact> (fetp-transact.php:0)",{"nodes":660,"edges":667},[661,663,664,665,666],{"id":445,"type":446,"label":662,"file":180,"line":268},"$_COOKIE['fetp_items'] (x4)",{"id":450,"type":455,"label":620,"file":180,"line":268,"wp_function":267},{"id":454,"type":446,"label":646,"file":180,"line":647},{"id":522,"type":451,"label":649,"file":180,"line":647},{"id":524,"type":455,"label":651,"file":180,"line":652,"wp_function":653},[668,669,670],{"from":445,"to":450,"sanitized":461},{"from":454,"to":522,"sanitized":461},{"from":522,"to":524,"sanitized":461},{"summary":672,"deductions":673},"The \"front-end-theme-preview\" plugin v1.2.2 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and the absence of external HTTP requests, several concerning signals emerge from the static analysis. The presence of the `unserialize` function four times, combined with 13 out of 14 analyzed taint flows having unsanitized paths, and 5 high-severity taint flows, indicates a significant potential for serious vulnerabilities if user-supplied data is processed by these functions without rigorous sanitization.\n\nThe vulnerability history is currently clean, with no known CVEs recorded, which is a positive indicator. However, this does not negate the risks identified in the code analysis. The lack of documented past vulnerabilities could be due to the plugin's limited adoption, infrequent security auditing, or simply good fortune, rather than inherent robust security. The plugin has a limited attack surface with no unprotected entry points, but the internal code signals about data handling are worrisome.\n\nIn conclusion, while the plugin benefits from a lack of public vulnerabilities and secure SQL practices, the heavy reliance on `unserialize` with unsanitized data inputs presents a substantial risk. The high number of unsanitized taint flows, particularly those flagged as high severity, should be a primary focus for developers to address.",[674,677,679,681,683],{"reason":675,"points":676},"Multiple high severity taint flows",15,{"reason":678,"points":277},"Many unsanitized path taint flows",{"reason":680,"points":11},"Dangerous unserialize function used multiple times",{"reason":682,"points":560},"Low percentage of properly escaped output",{"reason":684,"points":263},"Limited nonce checks for entry points","2026-03-17T01:28:36.650Z",{"wat":687,"direct":697},{"assetPaths":688,"generatorPatterns":691,"scriptPaths":692,"versionParams":694},[689,690],"\u002Fwp-content\u002Fplugins\u002Ffront-end-theme-preview\u002Ffetp.css","\u002Fwp-content\u002Fplugins\u002Ffront-end-theme-preview\u002Ffetp-admin.css",[],[693],"\u002Fwp-content\u002Fplugins\u002Ffront-end-theme-preview\u002Ffetp.js",[695,696],"front-end-theme-preview\u002Ffetp.css?ver=","front-end-theme-preview\u002Ffetp.js?ver=",{"cssClasses":698,"htmlComments":712,"htmlAttributes":718,"restEndpoints":720,"jsGlobals":721,"shortcodeOutput":722},[699,700,701,702,703,704,705,706,707,708,709,710,711],"fetp-bar","fetp-bar-wrap","fetp-control","fetp-button","fetp-title","fetp-arrow","details-tab","fetp-hidden","fetp-collapse-wrap","fetp-collapse","fetp-collapse-label","fetp-loading","fetp-add-to-cart",[713,714,715,716,717],"\u002F* \n* Plugin Name: Front End Theme Preview\n* Plugin URI: http:\u002F\u002Fupthatalley.com\u002F\n* Description: This plugins allows you to preview your themes or to allow users to preview a theme on the front end (before they can download it). It renders a different theme for the user on your site without changing the 'default' theme.\n* Version: 1.2.2\n* Author: Harvey J\n* Author URI: http:\u002F\u002Fupthatalley.wordpress.com\u002Fabout\n*\u002F","\u003C!-- Preview Toolbar -->","\u003C!-- Check if we're in preview -->","\u003C!-- Hide the admin bar when in preview -->","\u003C!-- Some themes have lengthy descriptions. We don't want that. Overflow issu -->",[719],"fetp-preview-session",[],[252],[]]