[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjh4TA0soy_uF5oI0C7V6n0WvP9CwAASixHY1UoNorxY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":145,"fingerprints":241},"fullestop-lock-down-admin","Lock Down Admin","1.2","Fullestop","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullestop\u002F","\u003Cp>Lock Down Admin plugin secure your WordPress admin panel. It locks the wp-admin url and if this plugin is activated then user can’t login in the admin panel using wp-admin\u002Fwp-login default URL’s.\u003C\u002Fp>\n","Lock Down Admin plugin secure your WordPress admin panel. It locks the wp-admin url and if this plugin is activated then user can't login in the  &hellip;",3000,26183,60,5,"2019-05-11T08:29:00.000Z","5.2.24","4.2","",[20,21,22,23,24],"lockdown","login","rename-login","secure","security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffullestop-lock-down-admin.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"fullestop",1,30,84,"2026-04-04T20:33:14.749Z",[38,63,86,106,126],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":27,"last_vuln_date":62,"fetched_at":29},"bulletproof-security","BulletProof Security","7.1","AITpro","https:\u002F\u002Fprofiles.wordpress.org\u002Faitpro\u002F","\u003Cp>WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam… View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BulletProof Security is a proactive security plugin that automatically fixes 100+ known issues\u002Fconflicts with other plugins\u003C\u002Fstrong>.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fsetup-wizard-autofix\u002F\" title=\"BPS Setup Wizard AutoFix\" rel=\"nofollow ugc\">BPS Setup Wizard AutoFix\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Installation and Setup Video Tutorial\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FRZ1ARaEE0_I?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>BulletProof Security Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring\u003C\u002Fli>\n\u003Cli>JTC-Lite (Limited version of BPS Pro JTC Anti-Spam|Anti-Hacker)\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Pro Feature Highlights\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Setup Wizard\u003C\u002Fli>\n\u003Cli>Setup Wizard AutoFix (AutoWhitelist|AutoSetup|AutoCleanup)\u003C\u002Fli>\n\u003Cli>AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Quarantine Intrusion Detection & Prevention System (ARQ IDPS)\u003C\u002Fli>\n\u003Cli>Real-time File Monitor (IDPS)\u003C\u002Fli>\n\u003Cli>MScan Malware Scanner\u003C\u002Fli>\n\u003Cli>DB Monitor Intrusion Detection System (IDS)\u003C\u002Fli>\n\u003Cli>DB Diff Tool: data comparison tool\u003C\u002Fli>\n\u003Cli>DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups\u003C\u002Fli>\n\u003Cli>DB Status & Info: extensive database status & info\u003C\u002Fli>\n\u003Cli>Plugin Firewall (IP Firewall): Automated Whitelisting & IP Address Updated in Real-time\u003C\u002Fli>\n\u003Cli>JTC Anti-Spam|Anti-Hacker\u003C\u002Fli>\n\u003Cli>Uploads Folder Anti-Exploit Guard (UAEG)\u003C\u002Fli>\n\u003Cli>.htaccess Website Security Protection (Firewalls)\u003C\u002Fli>\n\u003Cli>Hidden Plugin Folders|Files Cron (HPF)\u003C\u002Fli>\n\u003Cli>Custom php.ini Website Security\u003C\u002Fli>\n\u003Cli>Login Security & Monitoring w\u002FDashboard Alerting|Status Display & additional options\u002Ffeatures\u003C\u002Fli>\n\u003Cli>Idle Session Logout (ISL)\u003C\u002Fli>\n\u003Cli>Auth Cookie Expiration (ACE)\u003C\u002Fli>\n\u003Cli>File|Folder Lock: File Locking | Detect & Lock Folders that were not created by you\u003C\u002Fli>\n\u003Cli>FrontEnd|BackEnd Maintenance Mode\u003C\u002Fli>\n\u003Cli>Security Logging\u003C\u002Fli>\n\u003Cli>HTTP Error Logging\u003C\u002Fli>\n\u003Cli>PHP Error Logging\u003C\u002Fli>\n\u003Cli>DB Table Prefix Changer\u003C\u002Fli>\n\u003Cli>Pro-Tools: 16 mini-plugins\u003C\u002Fli>\n\u003Cli>Heads Up Dashboard Status Display\u003C\u002Fli>\n\u003Cli>Extensive System Info (System Info page)\u003C\u002Fli>\n\u003Cli>WordPress Automatic Update Options\u003C\u002Fli>\n\u003Cli>Force Strong Passwords (FSP)\u003C\u002Fli>\n\u003Cli>Send email alerts when new Plugin & Theme updates are available\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.ait-pro.com\u002Fbps-features\u002F\" title=\"BulletProof Security Features\" rel=\"nofollow ugc\">View All BulletProof Security Pro Feature Details\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>BulletProof Security Recommended Video Tutorials\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#custom-code\" title=\"BulletProof Security Custom Code Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Custom Code Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fvideo-tutorials\u002F#security-log-firewall\" title=\"BulletProof Security Security Log Video Tutorial\" rel=\"nofollow ugc\">BulletProof Security Security Log Video Tutorial\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Help Info\u003C\u002Fh3>\n\u003Cp>For details about BulletProof Security plugin features and frequently asked questions see the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fbulletproof-security-plugin-frequently-asked-questions\u002F\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">BulletProof Security Plugin Frequently Asked Questions\u003C\u002Fa> forum topic. Extensive Help Info can be found on the \u003Ca href=\"https:\u002F\u002Fforum.ait-pro.com\u002Fforums\u002Ftopic\u002Fread-me-first-free\u002F#bps-free-general-troubleshooting\" title=\"AIT-pro.com Forum\" rel=\"nofollow ugc\">AIT-pro.com Forum\u003C\u002Fa> website and by clicking the Question Mark Help buttons on BulletProof Security plugin pages.\u003C\u002Fp>\n","WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...",30000,4509595,96,674,"2025-12-08T15:11:00.000Z","6.9.4","5.0","7.0",[55,56,57,23,24],"firewall","login-security","malware-scanner","https:\u002F\u002Fforum.ait-pro.com\u002Fread-me-first\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulletproof-security.7.1.zip",89,12,"2026-01-06 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":73,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":78,"tags":79,"homepage":81,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":27,"last_vuln_date":85,"fetched_at":29},"login-rebuilder","Login rebuilder","2.8.8","tmatsuur","https:\u002F\u002Fprofiles.wordpress.org\u002Ftmatsuur\u002F","\u003Cp>Have not you experienced unjust access to wp-login.php? If this plug-in is used, a unique login page will be arranged to your site, and unlawful access will be reduced.\u003C\u002Fp>\n\u003Ch4>Some features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin allows you to change wp-login.php to a login page with a unique name (multisite sub-directory type is supported).\u003C\u002Fli>\n\u003Cli>Create a login page for administrators only, and separate it from the login page for users with other roles.\u003C\u002Fli>\n\u003Cli>Disables login by email address.\u003C\u002Fli>\n\u003Cli>When an administrator logs in, the site administrator is notified by email.\u003C\u002Fli>\n\u003Cli>Selects the response when the wp-login.php page is requested.\u003C\u002Fli>\n\u003Cli>Restrict the functions that can be used, such as login via XML-RPC.\u003C\u002Fli>\n\u003Cli>Restrict REST APIs related to users.\u003C\u002Fli>\n\u003Cli>Disable the author archive page.\u003C\u002Fli>\n\u003Cli>Controls the author information of oEmbed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Japanese – https:\u002F\u002Felearn.jp\u002Fwpman\u002Fcolumn\u002Flogin-rebuilder.html\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translators\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Japanese(ja) – \u003Ca href=\"https:\u002F\u002F12net.jp\u002F\" rel=\"nofollow ugc\">Takenori Matsuura\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can send your own language pack to me.\u003C\u002Fp>\n\u003Cp>Please contact to me.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>https:\u002F\u002F12net.jp\u002F (ja)\u003C\u002Fli>\n\u003Cli>email to takenori.matsuura[at]gmail.com\u003C\u002Fli>\n\u003Cli>@tmatsuur on twitter.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002F12net.jp\u002F\" rel=\"nofollow ugc\">Takenori Matsuura\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plug-in is not guaranteed though the user of WordPress can freely use this plug-in free of charge regardless of the purpose.\u003Cbr \u002F>\nThe author must acknowledge the thing that the operation guarantee and the support in this plug-in use are not done at all beforehand.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>email to takenori.matsuura[at]gmail.com\u003Cbr \u002F>\ntwitter @tmatsuur\u003C\u002Fp>\n","This plugin will create a new login page for your site. You can also create separate login pages for administrators and for other users.",20000,259264,100,7,"2026-01-19T07:36:00.000Z","6.9.0","3.2.0","5.6",[80],"login-secure-security","https:\u002F\u002Felearn.jp\u002Fwpman\u002Fcolumn\u002Flogin-rebuilder.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-rebuilder.2.8.8.zip",99,2,"2023-05-02 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":18,"tags":101,"homepage":104,"download_link":105,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"lockdown-wp-admin","Lockdown WP Admin","2.3.2","Sean Fisher","https:\u002F\u002Fprofiles.wordpress.org\u002Fsean212\u002F","\u003Cp>This plugin will hide WordPress Admin (\u002Fwp-admin\u002F) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.\u003C\u002Fp>\n\u003Cp>Also, you can add HTTP authentication directly from WP Admin and add custom username\u002Fpassword combinations for the HTTP auth or use the WordPress credentials.\u003C\u002Fp>\n\u003Cp>This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS\u002FImages under \u002Fwp-admin\u002F are still accessible, just not the .php ones.\u003C\u002Fp>\n\u003Cp>If you enable HTTP authentication, it will add HTTP authentication to the PHP files in \u002Fwp-admin\u002F.\u003C\u002Fp>\n\u003Cp>To contribute to the development, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsrtfisher\u002FLockdown-WPAdmin\" rel=\"nofollow ugc\">the GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (\u002Fwp-admin\u002F) and and login (\u002Fwp-login.",10000,340310,78,54,"2017-11-28T06:00:00.000Z","4.3.34","3.6",[20,23,24,102,103],"vulnerability","website-security","http:\u002F\u002Fseanfisher.co\u002Flockdown-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flockdown-wp-admin.2.3.2.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":51,"requires_at_least":119,"requires_php":78,"tags":120,"homepage":123,"download_link":124,"security_score":83,"vuln_count":33,"unpatched_count":27,"last_vuln_date":125,"fetched_at":29},"block-wp-login","Block wp-login","1.5.5","Oliver Campion","https:\u002F\u002Fprofiles.wordpress.org\u002Fdomainsupport\u002F","\u003Ch4>Block Access to wp-login.php\u003C\u002Fh4>\n\u003Cp>This plugin does the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Locates wp-login.php in your WordPress installation and duplicates it\u003C\u002Fli>\n\u003Cli>Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login\u003C\u002Fli>\n\u003Cli>Will email the site admin if an administrator signs in with an un-recognised IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all.\u003C\u002Fp>\n\u003Cp>Please note, this plugin uses .htaccess so is only compatible with Apache web servers, it is not compatible with Nginx web servers.\u003C\u002Fp>\n","This plugin completely blocks access to wp-login.php and creates a new secret login URL",600,19911,94,9,"2025-12-04T12:47:00.000Z","3.5.0",[121,56,23,24,122],"block-hackers","security-plugin","https:\u002F\u002Fwebd.uk\u002Fsupport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-wp-login.1.5.5.zip","2019-06-27 00:00:00",{"slug":127,"name":128,"version":129,"author":130,"author_profile":131,"description":132,"short_description":133,"active_installs":73,"downloaded":134,"rating":27,"num_ratings":27,"last_updated":135,"tested_up_to":136,"requires_at_least":137,"requires_php":18,"tags":138,"homepage":143,"download_link":144,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"admin-ssl-secure-admin","Admin SSL","2.0-b2","blenjee","https:\u002F\u002Fprofiles.wordpress.org\u002Fblenjee\u002F","\u003Cp>Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private SSL.\u003Cbr \u002F>\nOnce you have activated the plugin please go to the Admin SSL config page to enable SSL, and\u003Cbr \u002F>\nread the \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Fsetup\u002F\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Each time you update Admin SSL, please read the \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa>\u003Cbr \u002F>\nand \u003Ca href=\"http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002Fsetup\u002F\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa> in\u003Cbr \u002F>\ncase there is some important information relating to the update.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Forces SSL on all pages where passwords can be entered.\u003C\u002Fli>\n\u003Cli>Works with Private SSL.\u003C\u002Fli>\n\u003Cli>Custom additional URLS (e.g. wp-admin\u002F) can be secured through the config page.\u003C\u002Fli>\n\u003Cli>You can choose where you want the Admin SSL config page to appear!\u003C\u002Fli>\n\u003Cli>Works on WordPress 3.0 – 3.1.1; for previous versions of WordPress please use version 1.4.1,\u003Cbr \u002F>\nbut note it is no longer supported – you should upgrade to the latest WordPress version.\u003C\u002Fli>\n\u003C\u002Fol>\n","Admin SSL secures login page, admin area, posts, pages - whatever you want - using Private SSL.",53005,"2011-04-24T15:21:00.000Z","3.1.4","3.0",[139,140,24,141,142],"private-ssl","secure-login","shared-ssl","ssl","http:\u002F\u002Fwww.kerrins.co.uk\u002Fblog\u002Fadmin-ssl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-ssl-secure-admin.2.0.zip",{"attackSurface":146,"codeSignals":173,"taintFlows":192,"riskAssessment":232,"analyzedAt":240},{"hooks":147,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":27,"unprotectedCount":27},[148,154,159,163,166],{"type":149,"name":150,"callback":151,"file":152,"line":153},"action","admin_menu","flda_fullestop_lock_down_action","fullestop-lock-down-admin.php",29,{"type":155,"name":156,"callback":157,"file":152,"line":158},"filter","init","flda_fullestop_fornt_pannel_management",106,{"type":155,"name":160,"callback":161,"file":152,"line":162},"wp_redirect","flda_fullestop_filterWpLogin",123,{"type":155,"name":164,"callback":161,"file":152,"line":165},"network_site_url",124,{"type":155,"name":167,"callback":161,"file":152,"line":168},"site_url",125,[],[],[],[],{"dangerousFunctions":174,"sqlUsage":175,"outputEscaping":177,"fileOperations":27,"externalRequests":27,"nonceChecks":84,"capabilityChecks":27,"bundledLibraries":191},[],{"prepared":27,"raw":27,"locations":176},[],{"escaped":33,"rawEcho":178,"locations":179},6,[180,184,186,187,188,190],{"file":181,"line":182,"context":183},"include\\fullestop_lock_down_options.php",69,"raw output",{"file":181,"line":185,"context":183},70,{"file":181,"line":185,"context":183},{"file":181,"line":185,"context":183},{"file":181,"line":189,"context":183},73,{"file":181,"line":189,"context":183},[],[193,221],{"entryPoint":194,"graph":195,"unsanitizedCount":27,"severity":220},"flda_fullestop_lock_admin_options (include\\fullestop_lock_down_options.php:3)",{"nodes":196,"edges":216},[197,202,208,212],{"id":198,"type":199,"label":200,"file":181,"line":201},"n0","source","$_POST (x2)",17,{"id":203,"type":204,"label":205,"file":181,"line":206,"wp_function":207},"n1","sink","update_option() [Settings Manipulation]",42,"update_option",{"id":209,"type":199,"label":210,"file":181,"line":211},"n2","$_POST (x3)",21,{"id":213,"type":204,"label":214,"file":181,"line":185,"wp_function":215},"n3","echo() [XSS]","echo",[217,219],{"from":198,"to":203,"sanitized":218},true,{"from":209,"to":213,"sanitized":218},"low",{"entryPoint":222,"graph":223,"unsanitizedCount":27,"severity":220},"\u003Cfullestop_lock_down_options> (include\\fullestop_lock_down_options.php:0)",{"nodes":224,"edges":229},[225,226,227,228],{"id":198,"type":199,"label":200,"file":181,"line":201},{"id":203,"type":204,"label":205,"file":181,"line":206,"wp_function":207},{"id":209,"type":199,"label":210,"file":181,"line":211},{"id":213,"type":204,"label":214,"file":181,"line":185,"wp_function":215},[230,231],{"from":198,"to":203,"sanitized":218},{"from":209,"to":213,"sanitized":218},{"summary":233,"deductions":234},"The \"fullestop-lock-down-admin\" v1.2 plugin exhibits a generally good security posture based on the provided static analysis. The absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface.  Furthermore, the code signals indicate no dangerous functions used, all SQL queries are prepared, and there are no file operations or external HTTP requests, which are all positive indicators.  The presence of nonce checks, even if limited, is also a good practice.\n\nHowever, there are areas for improvement. The low percentage of properly escaped output (14%) is a significant concern. This suggests that data displayed to users might not be adequately sanitized, potentially leading to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is echoed directly without proper escaping. While the taint analysis shows no unsanitized paths, this might be due to the limited number of flows analyzed or the absence of complex data interactions that would expose such issues.  The lack of capability checks, while not immediately indicating a vulnerability given the limited attack surface, means that if any entry points were to be discovered in the future, authorization checks would be entirely absent.\n\nWith a clean vulnerability history, the plugin appears to have been stable. This, combined with the strong foundation of avoiding dangerous functions and using prepared statements, is positive.  However, the unescaped output is a critical weakness that needs addressing.  A balanced conclusion is that while the plugin has a solid core, the high potential for XSS due to insufficient output escaping presents a tangible risk that should be remediated.",[235,237],{"reason":236,"points":74},"Low percentage of properly escaped output",{"reason":238,"points":239},"No capability checks on entry points",3,"2026-03-16T18:23:12.307Z",{"wat":242,"direct":247},{"assetPaths":243,"generatorPatterns":244,"scriptPaths":245,"versionParams":246},[],[],[],[],{"cssClasses":248,"htmlComments":249,"htmlAttributes":250,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":253},[],[],[],[],[],[]]