[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ff8y2zhzuQPM5NiitBv8PODMgTmyuxOlp4JU0rmFQrhs":3,"$fXjjKH9T2dO9fdkk3EChxwAtyVVDhQnfN88i-rU6lV1I":514,"$fOLtD1lnNsQO2N2xdNoCZRObSK90iNoGCa0IKp_f3tcg":518},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":15,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":34,"analysis":142,"fingerprints":470},"geo-tools","Geo Tools","1.0.7.1","verturin","https:\u002F\u002Fprofiles.wordpress.org\u002Fverturin\u002F","\u003Cp>Geo tools is a plugin that focuses on GeoCaching utilities such as statistics display, geochecker…\u003C\u002Fp>\n\u003Cp>This extension, allows you to display Owned trackables statistics bar in a widget  of your WordPress theme with your trackable number !\u003C\u002Fp>\n\u003Cp>All you have to do is download the widget, install it in your plug-ins folder, add it to your sidebar and modify the preferences.\u003C\u002Fp>\n\u003Cp>Gecocahing is a free Game and you can have more information on https:\u002F\u002Fwww.geocaching.com\u002F\u003C\u002Fp>\n","Geo tools is a plugin that focuses on GeoCaching utilities such as statistics display, geochecker...",0,1660,"2020-04-03T17:10:00.000Z","5.4.19","",[17,18,19,20,21],"checker","geocache","geocaching","mystery","wherigo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.7.1.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},2,10,30,84,"2026-05-20T03:11:53.954Z",[35,53,73,98,118],{"slug":36,"name":37,"version":38,"author":7,"author_profile":8,"description":39,"short_description":40,"active_installs":30,"downloaded":41,"rating":42,"num_ratings":43,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":15,"tags":47,"homepage":50,"download_link":51,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":52},"geocache-stat-bar","Geocache Stat Bar","2.1.2","\u003Cp>This extension, allows you to display your geocaching statistics bar in a widget of your WordPress theme with your Nickname!\u003C\u002Fp>\n\u003Cp>All you have to do is download the widget, install it in your plug-ins folder, add it to your sidebar and modify the preferences.\u003C\u002Fp>\n\u003Cp>Enter your geocaching nickname, select the image or your logo and enter your message.\u003C\u002Fp>\n\u003Cp>The geocaching statistics bar has a width of 200 pixels, check that the zone of your widget is configured to handle this width.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FSMtetuq_sg8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","GCSTB StatBar Geocaching",2130,100,1,"2017-12-26T18:43:00.000Z","4.9.29","4.4",[48,18,19,49,21],"badge","statbar","http:\u002F\u002Fwww.verturin.fr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeocache-stat-bar.2.1.2.zip","2026-04-16T10:56:18.058Z",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":43,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":15,"tags":67,"homepage":71,"download_link":72,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":52},"osm-categories","OSM Categories","0.1","Guido Handrick","https:\u002F\u002Fprofiles.wordpress.org\u002Fkito76\u002F","\u003Cp>OSM Categories embed an OpenStreetMap map to your page by using the OpenLayer API. For every category in your blog a differnt layer on your map show markers for every article with an geotag.\u003Cbr \u002F>\nYou just have to save the lon and lan parameters in a custom field. It’s possible to use different marker images for every category.\u003C\u002Fp>\n\u003Cp>In your page just insert the shortcode: [osm-cats]\u003C\u002Fp>\n\u003Cp>Open the plugin settings page for basic settings like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>map dimensions\u003C\u002Fli>\n\u003Cli>map center point\u003C\u002Fli>\n\u003Cli>initial zoom faktor\u003C\u002Fli>\n\u003Cli>exclude categories\u003C\u002Fli>\n\u003Cli>article custom field for marker lon and lat parameters\u003C\u002Fli>\n\u003Cli>marker popup content\u003C\u002Fli>\n\u003Cli>marker images path\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It’s still BETA so please send me feedback and your ideas! Thanx a lot.\u003C\u002Fp>\n","OpenStreetMap plugin to embed a map with markers to articles from different categories in different map layers.",20,4662,80,"2012-08-25T17:59:00.000Z","3.4.2","3.0",[18,19,68,69,70],"geolocation","geotag","openstreetmap","http:\u002F\u002Fkito.github.com\u002FOSM-Categories\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fosm-categories.1.0.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":88,"tags":89,"homepage":95,"download_link":96,"security_score":97,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":52},"mysterythemes-demo-importer","Mystery Themes Demo Importer","1.2.0","Mystery Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fmysterythemes\u002F","\u003Cp>Import “Mystery Themes” every official themes by only a single click. Simple installation and activation of all required plugins at occurrence. Import all the customization options, theme setings, widgets of official themes in a simplicity way.\u003C\u002Fp>\n\u003Ch4>Requirements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress 4.7 or later.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmysterythemes.com\u002Fthemes\u002F\" rel=\"nofollow ugc\">Mystery Themes Official Themes\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>You can contribute to the source code in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmysterythemes\u002Fmysterythemes-demo-importer\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> page.\u003C\u002Fp>\n\u003Ch4>Video Tutorial\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F1-PQXECGySk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Manual Installation\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the plugin from WordPress.org repository\u003C\u002Fli>\n\u003Cli>On your WordPress admin dashboard, go to ‘Plugins > Add New > Upload Plugin’\u003C\u002Fli>\n\u003Cli>Upload the downloaded plugin file (mysterythemes-demo-importer.zip) and click ‘Install Now’\u003C\u002Fli>\n\u003Cli>Activate ‘Mystery Themes Demo Importer’ from your Plugins page.\u003C\u002Fli>\n\u003Cli>Use Mystery Themes Demo Importer on any themes from mysterythemes to import demo.\u003C\u002Fli>\n\u003C\u002Fol>\n","One Click Demo Importer For Mystery Themes official themes demo content, customization options, widgets and theme settings.",8000,283605,40,4,"2025-04-21T07:42:00.000Z","6.8.5","5.0","7.2",[90,91,92,93,94],"demo","importer","mysterythemes","one-click-demo-import","theme-demos","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmysterythemes-demo-importer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmysterythemes-demo-importer.1.2.0.zip",92,{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":81,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":87,"requires_php":88,"tags":111,"homepage":15,"download_link":117,"security_score":42,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":52},"plugin-compatibility-checker","Plugin Compatibility Checker","7.0.5","compatshield","https:\u002F\u002Fprofiles.wordpress.org\u002Fcompatshield\u002F","\u003Cp>The \u003Cstrong>Plugin Compatibility Checker\u003C\u002Fstrong> helps you keep your WordPress site stable and secure by scanning installed plugins for PHP and WordPress version compatibility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>$1\u002Fmonth License Required (Entry Plan)\u003C\u002Fstrong>\u003Cbr \u002F>\nYou must subscribe to the CompatShield Portal ($1\u002Fmonth recurring) to obtain a \u003Cstrong>license key\u003C\u002Fstrong>. Once activated, you will be able to see plugin compatibility results (up to PHP 8.5) directly inside your WordPress admin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>📺 Video Tutorial\u003C\u002Fstrong>\u003Cbr \u002F>\nWatch step-by-step how to activate your license & run your first scan:\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FPCxhJmO-Tb4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Quick Setup Steps\u003C\u002Fstrong>\u003Cbr \u002F>\n1) Subscribe \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Get your license key from the Portal\u003Cbr \u002F>\n2) Add your domain inside the License tab\u003Cbr \u002F>\n3) Copy your License Key\u003Cbr \u002F>\n4) Paste License Key inside Plugin Settings in WP Admin\u003Cbr \u002F>\n5) Click \u003Cstrong>Validate License\u003C\u002Fstrong>\u003Cbr \u002F>\n6) Click \u003Cstrong>Save Settings\u003C\u002Fstrong>\u003Cbr \u002F>\n7) Go to Plugin Main Page \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Click \u003Cstrong>Rescan\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro Version (Upgrade)\u003C\u002Fstrong>\u003Cbr \u002F>\nUpgrading to Pro unlocks the full CompatShield Portal Dashboard with advanced features — vulnerability summary, detailed scan results, notifications, historic analysis, plugin issues overview, premium ZIP upload scanning, and multi-layer compatibility intelligence.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Subscribe \u002F Upgrade to Pro:\u003C\u002Fstrong> https:\u002F\u002Fwww.compatshield.com\u002F\u003C\u002Fp>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>PHP Compatibility Check\u003C\u002Fstrong> – Scan plugins for PHP compatibility.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>$1\u002Fmonth license: Shows PHP compatibility results directly inside WP Plugin backend (up to PHP 8.5)\u003C\u002Fli>\n\u003Cli>Pro license: Deeper breakdowns, insights, and analysis inside Portal Dashboard\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Rescan\u003C\u002Fstrong> – Quickly rescan whenever you install or update plugins.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Notifications (Pro)\u003C\u002Fstrong> – Get notified when scans complete or risks are detected.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Portal Integration (Pro)\u003C\u002Fstrong> – View full detailed results in the CompatShield Portal Dashboard.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Vulnerability Summary (Pro)\u003C\u002Fstrong> – Basic vulnerability insights available in the Portal.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>“No Data” Plugins Handling\u003C\u002Fstrong> – Easily identify custom\u002Fpremium plugins or removed versions not available on WordPress.org.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔑 Entry Plan vs Pro Plan\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>PHP Compatibility Check\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: WP Admin Results up to PHP 8.5\u003Cbr \u002F>\nPro Plan: Detailed compatibility insights in Portal Dashboard\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Vulnerability Summary\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Available in Portal\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Available\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Portal Dashboard\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Full access (compatibility + vulnerabilities + detailed summaries + site overview)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom\u002FPremium Plugins ZIP Scanning\u003C\u002Fstrong>\u003Cbr \u002F>\n$1 Plan: Not available\u003Cbr \u002F>\nPro Plan: Supported via Portal ZIP uploader\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Scan and check your plugins for PHP and WordPress compatibility. Requires a $1\u002Fmonth Portal subscription to obtain a license key.",90480,76,8,"2026-04-09T16:20:00.000Z","7.0",[112,113,114,115,116],"php-version","plugin-checker","security","tags-compatibility","vulnerabilities","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-compatibility-checker.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":128,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":140,"download_link":141,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":52},"toolkit-for-envato","Envato Toolkit","1.4","KestutisIT","https:\u002F\u002Fprofiles.wordpress.org\u002Fkestutisit\u002F","\u003Cp>It is a 3 files library + Visual UI, to validate the purchase codes of your customers, get details about specific Envato user (country, city, total followers, total sales, avatar), get his license purchase and support expiration dates, license type he bought, check for updates of purchased plugins and themes and get the download links for them.\u003C\u002Fp>\n\u003Cp>Plus – this library has Envato Item Id search feature by providing plugin’s or theme’s name and author. So – yes, this is a tool you, as a developer \u002F author, have been looking for months.\u003C\u002Fp>\n\u003Cp>If you are looking for the library-only version to integrate into your plugin \u002F theme, it’s on GitHub:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKestutisIT\u002FEnvatoToolkit\" title=\"Envato Toolkit (Standalone)\" rel=\"nofollow ugc\">Envato Toolkit (Standalone)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The main purpose of this plugin is to help you to start much easier without having a headache trying to understand \u003Ccode>WordPress - Envato Market\u003C\u002Fcode> plugins code, that is the only one built by Envato, and has so complicated and unclear code, that you never get how it works (see example below).\u003C\u002Fp>\n\u003Cp>When I tried to create plugin’s \u003Ccode>[Check for Update]\u003C\u002Fcode> and \u003Ccode>[Validate Purchase Code]\u003C\u002Fcode> feature-buttons in the plugin myself, and I saw the code of the \u003Ccode>WordPress - Envato Market\u003C\u002Fcode> plugin, I was shocked how badly it is written and how you should not to code.\u003C\u002Fp>\n\u003Cp>For example – you would like to give an error message, if Envato user token is empty, which is a required string, i.e. – \u003Ccode>pAA0aBCdeFGhiJKlmNOpqRStuVWxyZ44\u003C\u002Fcode>. If you like K.I.S.S., PSR-2, D.R.Y., clean code coding standards and paradigms, you’d probably just have these five lines of code, so that every developer would get it:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = get_user_meta(get_current_user_id(), 'envato_token', TRUE);\nif($token == \"\")\n{\n    return new \\WP_Error('api_token_error', __('An API token is required.', 'envato-toolkit'));\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Now lets see how the same task traceback looks like in \u003Ccode>WordPress - Envato Market\u003C\u002Fcode> plugin:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> request(..)]\u003C\u002Fcode> Check if the token is empty:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>if ( empty( $token ) )\n{\n    return new WP_Error( 'api_token_error', __( 'An API token is required.', 'envato-market' ) );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> request(..)]\u003C\u002Fcode> Parse it from another string:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$token = trim( str_replace( 'Bearer', '', $args['headers']['Authorization'] ) );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> request(..)]\u003C\u002Fcode> Parse it one more time – this time from arguments array:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>public function request( $url, $args = array() ) {\n    $defaults = array(\n        'timeout' => 20,\n    );\n    $args = wp_parse_args( $args, $defaults );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[Api.php -> download(..)]\u003C\u002Fcode> Transfer the token variable one more time – this time via params:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>class Envato_Market_API {\n    public function download( $id, $args = array() ) {\n        $url = 'https:\u002F\u002Fapi.envato.com\u002Fv2\u002Fmarket\u002Fbuyer\u002Fdownload?item_id=' . $id . '&shorten_url=true';\n        return $this->request( $url, $args );\n    }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> maybe_deferred_download(..)]\u003C\u002Fcode> Pass it again – this time get it to args array from another method call:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function maybe_deferred_download( $options ) {\n    $args = $this->set_bearer_args();\n    $options['package'] = envato_market()->api()->download( $vars['item_id'], $args );\n    return $options;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> set_bearer_args(..)]\u003C\u002Fcode> Wrap the token into multi-dimensional string array:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$args = array(\n    'headers' => array(\n        'Authorization' => 'Bearer ' . $token,\n    ),\n);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> set_bearer_args(..)]\u003C\u002Fcode> Pass the wrapped token one more time – this time get it from get_option:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>foreach ( envato_market()->get_option( 'items', array() ) as $item ) {\n    if ( $item['id'] === $id ) {\n        $token = $item['token'];\n        break;\n    }\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> get_option(..)]\u003C\u002Fcode> So what’s in this \u003Ccode>get_option\u003C\u002Fcode>? – Correct, another call to another method – \u003Ccode>get_options()\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>public function get_option( $name, $default = '' ) {\n    $options = self::get_options();\n    $name = self::sanitize_key( $name );\n    return isset( $options[ $name ] ) ? $options[ $name ] : $default;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[admin.php -> get_options()]\u003C\u002Fcode> Finally, after almost 10 steps in the tree, we are finally getting the original\u003Cbr \u002F>\nWordPress method call, but now I’m getting confused again – what is that \u003Ccode>option_name\u003C\u002Fcode> variable here:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>public function get_options() {\n    return get_option( $this->option_name, array() );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[envato-market.php -> init_globals()]\u003C\u002Fcode> Here is it is – the \u003Ccode>option name\u003C\u002Fcode> key name is… Oh wait…\u003Cbr \u002F>\nNo it is not here it. It is equals to another variable, who is is put\u003Cbr \u002F>\nin another clean-up function – look like I’m keep seeing this for the 2 time in the tree – the sanitization of sanitization:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$this->option_name = self::sanitize_key( $this->slug );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>[envato-market.php -> init_globals()]\u003C\u002Fcode> So the \u003Ccode>option name\u003C\u002Fcode> key name is the name of \u003Ccode>$this->slug\u003C\u002Fcode>.\u003Cbr \u002F>\nNow lets see what is the value of \u003Ccode>$this->slug\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$this->slug        = 'envato-market';\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>So it takes \u003Cstrong>eleven (!)\u003C\u002Fstrong> steps to understand one variable. And the whole code of that plugin is like that. The example above was the headache I had, until I realized that I must write a new Envato API Management Toolkit, instead of trying to use what Envato is giving, because otherwise I won’t get anything working ever.\u003C\u002Fp>\n\u003Cp>And, I believe, that many other developers had the same issue when tried to create update check feature for their plugins or themes.\u003C\u002Fp>\n\u003Cp>So instead of using that library for myself, I decided that I want to help all these developers to save their time, and I’m sharing this code with you. I’m releasing it under MIT license, which allows you to use this code in your plugin without any restrictions for both – free and commercial use.\u003C\u002Fp>\n\u003Cp>Plus – I’m giving a promise to you, that this plugin is and will always be 100% free, without any ads, ‘Subscribe’, ‘Follow us’, ‘Check our page’, ‘Get Pro Version’ or similar links.\u003C\u002Fp>\n\u003Cp>If you created in hi-quality code a valuable additional functionality to the library and you want to share it with everyone – I’m open here to support your efforts, and add your code to the plugin’s library, so that we all together make this plugin better for authors – the better is the plugin, the better plugins authors will make for their customers. The better quality products we will have on the internet, the happier people will be all over the world.\u003C\u002Fp>\n\u003Cp>Finally – the code is poetry – \u003Cstrong>the better is the plugin, the happier is the world\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The pseudo-code of example output of the plugin is this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Details about you:\n----------------------------------------------------------\nList of all different plugins you bought:\n\u003C?php foreach($plugins AS $pluginId => $plugin): ?>\n    \u003C?='Plugin Id: '.$pluginId.', Name: '.$plugin['name'];?>, Licenses:\n    \u003C?php foreach($plugin['licenses'] AS $license): ?>\n        Code: \u003C?=$license['purchase_code'];?>,\n        License: \u003C?=$license['license'];?>,\n        Purchased: \u003C?=$license['license_purchase_date'];?> \u003C?=$license['license_purchase_time'];?>,\n        Expires: \u003C?=$license['support_expiration_date'];?> \u003C?=$license['support_expiration_time'];?>,\n        Support Status: \u003C?=$license['support_active'];?>\n    \u003C?php endforeach; ?>\n\u003C?php endforeach; ?>\n\nList of all different themes you bought:\n\u003C?php foreach($themes AS $themeId => $theme): ?>\n    \u003C?='Theme Id: '.$themeId.', Name: '.$theme['name'];?>, Licenses:\n    \u003C?php foreach($theme['licenses'] AS $license): ?>\n        Code: \u003C?=$license['purchase_code'];?>,\n        License: \u003C?=$license['license'];?>,\n        Purchased: \u003C?=$license['license_purchase_date'];?> \u003C?=$license['license_purchase_time'];?>,\n        Expires: \u003C?=$license['support_expiration_date'];?> \u003C?=$license['support_expiration_time'];?>,\n        Status: \u003C?=$license['support_active'] == 1 ? \"Supported\" : \"Support Expired\";?>\n    \u003C?php endforeach; ?>\n\u003C?php endforeach; ?>\n\nYour summary:\nYour location is \u003C?=$authorCity;?>, \u003C?=$authorCountry;?>.\nYou've sold your items \u003C?=$authorSales;?> times and you have \u003C?=$authorFollowers;?> followers on Envato.\n\n1. Your Customer's License Details\n----------------------------------------------------------\nPurchase Code: \u003C?=$targetPurchaseCode;?>\nIs Valid License: \u003C?=$isValidTargetLicense ? 'Yes' : 'No';?>\nBuyer Username: \u003C?=$targetLicenseBuyer;?>\nLicense Type: \u003C?=$targetLicenseType;?>\nPurchased At: \u003C?=$targetLicensePurchasedAt;?>\nSupported Until: \u003C?=$targetLicenseSupportedUntil;?>\nSupport Status: \u003C?=$targetLicenseSupportActive == 1 ? \"Supported\" : \"Support Expired\";?>\n\n2. Details About Target Envato User - \u003C?=$targetUsername;?>\n----------------------------------------------------------\n\u003C?=$targetUsername;?> is located in \u003C?=$targetUserCity;?>, \u003C?=$targetUserCountry;?>.\nHe sold his items \u003C?=$targetUserSales;?> times and has \u003C?=$targetUserFollowers;?> followers on Envato.\n\n3. Status of Purchased Plugin ID - \u003C?=$targetPluginId;?>\n----------------------------------------------------------\nPlugin Name: \u003C?=$nameOfTargetPluginId;?>\nPlugin Update Available: \u003C?=$pluginUpdateAvailable ? 'Yes' : 'No';?>\nInstalled Plugin Version: \u003C?=$installedPluginVersion;?>\nAvailable Plugin Version: \u003C?=$availablePluginVersion;?>\nPlugin Update Download URL:\n\u003Ca href=\"\u003C?=$pluginUpdateDownloadUrl;?>\" target=\"_blank\" title=\"Download newest version\">Download newest version\u003C\u002Fa>\n\n4. Status of Purchased Theme ID - \u003C?=$targetThemeId;?>:\n----------------------------------------------------------\nTheme Name: \u003C?=$nameOfTargetThemeId;?>\nTheme Update Available: \u003C?=$themeUpdateAvailable ? 'Yes' : 'No';?>\nInstalled Theme Version: \u003C?=$installedThemeVersion;?>\nAvailable Theme Version: \u003C?=$availableThemeVersion;?>\nTheme Update Download URL:\n\u003Ca href=\"\u003C?=$themeUpdateDownloadUrl;?>\" target=\"_blank\" title=\"Download newest version\">Download newest version\u003C\u002Fa>\n\n5. Envato Item Id of Purchased Plugin\n----------------------------------------------------------\nSearched for Name: \u003C?=$targetPluginName;?>\nSearched for Author: \u003C?=$targetPluginAuthor;?>\nFound Plugin Id: \u003C?=$foundPluginId;?>\n\n6. Envato Item Id of Purchased Theme\n----------------------------------------------------------\nSearched for Name: \u003C?=$targetThemeName;?>\nSearched for Author: \u003C?=$targetThemeAuthor;?>\nFound Theme Id: \u003C?=$foundThemeId;?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>And the example input of the output above, it this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$objToolkit = new EnvatoAPIManager($toolkitSettings);\n\n\u002F\u002F Details about you\n$purchasedPlugins = $objToolkit->getPurchasedPluginsWithDetails();\n$plugins = array();\nforeach($purchasedPlugins AS $pluginId => $purchasedPlugin)\n{\n    $purchasedPlugin['licenses'] = $objToolkit->getLicensesByItemId($pluginId);\n    $plugins[$pluginId] = $purchasedPlugin;\n}\n\n$purchasedThemes = $objToolkit->getPurchasedThemesWithDetails();\n$themes = array();\nforeach($purchasedThemes AS $themeId => $purchasedTheme)\n{\n    $purchasedTheme['licenses'] = $objToolkit->getLicensesByItemId($themeId);\n    $themes[$themeId] = $purchasedTheme;\n}\n\n$authorDetails = $objToolkit->getUserDetails($sanitizedEnvatoUsername);\n\u002F\u002F View vars\n$view->plugins = $plugins;\n$view->themes = $themes;\nif($authorDetails != FALSE)\n{\n    $view->authorCity = $authorDetails['city'];\n    $view->authorCountry = $authorDetails['country'];\n    $view->authorSales = $authorDetails['sales'];\n    $view->authorFollowers = $authorDetails['followers'];\n} else\n{\n    $view->authorCity = '';\n    $view->authorCountry = '';\n    $view->authorSales = 0;\n    $view->authorFollowers = 0;\n}\n\n\u002F\u002F 1. Details About Target Purchase Code\n$targetLicenseDetails = $objToolkit->getLicenseDetails($sanitizedTargetPurchaseCode);\n\u002F\u002F View vars\n$view->targetPurchaseCode = esc_html($sanitizedTargetPurchaseCode); \u002F\u002F Ready for print\n$view->isValidTargetLicense = $objToolkit->isValidLicense($sanitizedTargetPurchaseCode);\n$view->targetLicenseBuyer = $targetLicenseDetails['buyer_username'];\n$view->targetLicense = $targetLicenseDetails['license'];\n$view->targetLicensePurchasedAt = $targetLicenseDetails['license_purchase_date'].' '.$targetLicenseDetails['license_purchase_time'];\n$view->targetLicenseSupportedUntil = $targetLicenseDetails['support_expiration_date'].' '.$targetLicenseDetails['support_expiration_time'];\n$view->targetLicenseSupportActive = $targetLicenseDetails['support_active'];\n\n\u002F\u002F 2. Details About Target Envato User\n$targetUserDetails = $objToolkit->getUserDetails($sanitizedTargetUsername);\n\u002F\u002F View vars\n$view->targetUsername = esc_html($sanitizedTargetUsername); \u002F\u002F Ready for print\n$view->targetUserCity = $targetUserDetails['city'];\n$view->targetUserCountry = $targetUserDetails['country'];\n$view->targetUserSales = $targetUserDetails['sales'];\n$view->targetUserFollowers = $targetUserDetails['followers'];\n\n\u002F\u002F 3. Status of Purchased Plugin ID\n$availablePluginVersion = $objToolkit->getAvailableVersion($sanitizedTargetPluginId);\n$pluginUpdateAvailable = version_compare($sanitizedInstalledPluginVersion, $availablePluginVersion, '\u003C');\n\u002F\u002F View vars\n$view->targetPluginId = intval($sanitizedTargetPluginId); \u002F\u002F Ready for print\n$view->installedPluginVersion = esc_html($sanitizedInstalledPluginVersion); \u002F\u002F Ready for print\n$view->nameOfTargetPluginId = esc_html($objToolkit->getItemName($sanitizedTargetPluginId));\n$view->availablePluginVersion = $availablePluginVersion;\n$view->pluginUpdateAvailable = $pluginUpdateAvailable;\n$view->pluginUpdateDownloadUrl = $pluginUpdateAvailable ? $objToolkit->getDownloadUrlIfPurchased($sanitizedTargetPluginId) : '';\n\n\u002F\u002F 4. Status of Purchased Theme ID\n$availableThemeVersion = $objToolkit->getAvailableVersion($sanitizedTargetThemeId);\n$themeUpdateAvailable = version_compare($sanitizedInstalledThemeVersion, $availableThemeVersion, '\u003C');\n\u002F\u002F View vars\n$view->targetThemeId = intval($sanitizedTargetThemeId); \u002F\u002F Ready for print\n$view->installedThemeVersion = esc_html($sanitizedInstalledThemeVersion); \u002F\u002F Ready for print\n$view->nameOfTargetThemeId = esc_html($objToolkit->getItemName($sanitizedTargetThemeId));\n$view->availableThemeVersion = $availableThemeVersion;\n$view->themeUpdateAvailable = $themeUpdateAvailable;\n$view->themeUpdateDownloadUrl = $themeUpdateAvailable ? $objToolkit->getDownloadUrlIfPurchased($sanitizedTargetThemeId) : '';\n\n\u002F\u002F 5. Envato Item Id of Purchased Plugin\n$view->targetPluginName = esc_html($sanitizedTargetPluginName); \u002F\u002F Ready for print\n$view->targetPluginAuthor = esc_html($sanitizedTargetPluginAuthor); \u002F\u002F Ready for print\n$view->foundPluginId = $objToolkit->getItemIdByPluginAndAuthorIfPurchased($sanitizedTargetPluginName, $sanitizedTargetPluginAuthor);\n\n\u002F\u002F 6. Envato Item Id of Purchased Theme\n$view->targetThemeName = esc_html($sanitizedTargetThemeName); \u002F\u002F Ready for print\n$view->targetThemeAuthor = esc_html($sanitizedTargetThemeAuthor); \u002F\u002F Ready for print\n$view->foundThemeId = $objToolkit->getItemIdByThemeAndAuthorIfPurchased($sanitizedTargetThemeName, $sanitizedTargetThemeAuthor);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Validate purchase code, check for item update & support expiration, download newest version, lookup for user details, search for Envato item id & more",6000,126268,56,9,"2021-04-26T18:00:00.000Z","5.7.15","4.6","5.4",[135,136,137,138,139],"api","envato","license","purchase-validator","update-checker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoolkit-for-envato\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoolkit-for-envato.zip",{"attackSurface":143,"codeSignals":174,"taintFlows":443,"riskAssessment":461,"analyzedAt":469},{"hooks":144,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":11,"unprotectedCount":11},[145,151,155,158,161,166],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","plugins_loaded","geo_tools_textdomain","geo-tools.php",77,{"type":146,"name":152,"callback":153,"file":149,"line":154},"admin_enqueue_scripts","geo_tools_style",79,{"type":146,"name":152,"callback":156,"file":149,"line":157},"geo_tools_style_color_picker",81,{"type":146,"name":152,"callback":159,"file":149,"line":160},"geo_tools_script_color_picker",83,{"type":146,"name":162,"callback":163,"file":164,"line":165},"widgets_init","geotools_register_statbar_widget","includes\u002Fgeotools-statbar-widget-init.php",280,{"type":146,"name":162,"callback":167,"file":168,"line":169},"geotools_register_trackable_widget","includes\u002Fgeotools-trackable-widget-init.php",195,[],[],[],[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":441,"externalRequests":11,"nonceChecks":43,"capabilityChecks":84,"bundledLibraries":442},[],{"prepared":11,"raw":11,"locations":177},[],{"escaped":84,"rawEcho":179,"locations":180},145,[181,185,186,189,191,193,195,197,199,200,201,203,205,207,209,211,213,215,217,219,221,223,225,227,229,231,233,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,268,270,272,275,277,279,281,283,285,287,289,291,293,295,297,298,300,301,303,305,307,308,310,311,313,315,317,319,321,323,324,325,326,328,330,332,334,335,337,339,341,343,345,347,349,351,353,355,357,359,361,363,365,367,368,370,372,374,376,378,380,382,384,385,386,387,388,389,390,391,392,394,395,397,399,401,403,404,406,407,408,410,412,413,414,415,417,418,420,421,424,425,426,427,428,430,431,433,434,435,437,439],{"file":182,"line":183,"context":184},"includes\u002Fgeotools-about.php",27,"raw output",{"file":182,"line":31,"context":184},{"file":187,"line":188,"context":184},"includes\u002Fgeotools-principal.php",36,{"file":187,"line":190,"context":184},45,{"file":187,"line":192,"context":184},51,{"file":187,"line":194,"context":184},59,{"file":187,"line":196,"context":184},65,{"file":187,"line":198,"context":184},69,{"file":187,"line":107,"context":184},{"file":187,"line":63,"context":184},{"file":202,"line":188,"context":184},"includes\u002Fgeotools-settings.php",{"file":202,"line":204,"context":184},52,{"file":202,"line":206,"context":184},54,{"file":202,"line":208,"context":184},58,{"file":202,"line":210,"context":184},60,{"file":202,"line":212,"context":184},104,{"file":202,"line":214,"context":184},110,{"file":202,"line":216,"context":184},119,{"file":202,"line":218,"context":184},125,{"file":202,"line":220,"context":184},135,{"file":202,"line":222,"context":184},141,{"file":202,"line":224,"context":184},150,{"file":202,"line":226,"context":184},156,{"file":202,"line":228,"context":184},166,{"file":202,"line":230,"context":184},172,{"file":202,"line":232,"context":184},181,{"file":202,"line":234,"context":184},187,{"file":202,"line":236,"context":184},212,{"file":202,"line":238,"context":184},226,{"file":202,"line":240,"context":184},265,{"file":202,"line":242,"context":184},268,{"file":202,"line":244,"context":184},273,{"file":202,"line":246,"context":184},276,{"file":202,"line":248,"context":184},282,{"file":202,"line":250,"context":184},285,{"file":202,"line":252,"context":184},290,{"file":202,"line":254,"context":184},293,{"file":202,"line":256,"context":184},299,{"file":202,"line":258,"context":184},302,{"file":202,"line":260,"context":184},307,{"file":202,"line":262,"context":184},310,{"file":202,"line":264,"context":184},340,{"file":266,"line":267,"context":184},"includes\u002Fgeotools-sidebar.php",15,{"file":266,"line":269,"context":184},16,{"file":266,"line":271,"context":184},21,{"file":273,"line":274,"context":184},"includes\u002Fgeotools-statbar-principal.php",37,{"file":273,"line":276,"context":184},46,{"file":273,"line":278,"context":184},53,{"file":273,"line":280,"context":184},66,{"file":273,"line":282,"context":184},73,{"file":273,"line":284,"context":184},75,{"file":273,"line":286,"context":184},87,{"file":273,"line":288,"context":184},94,{"file":273,"line":290,"context":184},95,{"file":273,"line":292,"context":184},97,{"file":273,"line":294,"context":184},98,{"file":273,"line":296,"context":184},99,{"file":273,"line":42,"context":184},{"file":273,"line":299,"context":184},112,{"file":273,"line":216,"context":184},{"file":273,"line":302,"context":184},120,{"file":273,"line":304,"context":184},121,{"file":273,"line":306,"context":184},123,{"file":273,"line":220,"context":184},{"file":273,"line":309,"context":184},142,{"file":164,"line":212,"context":184},{"file":164,"line":312,"context":184},105,{"file":164,"line":314,"context":184},108,{"file":164,"line":316,"context":184},109,{"file":164,"line":318,"context":184},115,{"file":164,"line":320,"context":184},116,{"file":164,"line":322,"context":184},118,{"file":164,"line":216,"context":184},{"file":164,"line":302,"context":184},{"file":164,"line":218,"context":184},{"file":164,"line":327,"context":184},126,{"file":164,"line":329,"context":184},128,{"file":164,"line":331,"context":184},129,{"file":164,"line":333,"context":184},130,{"file":164,"line":220,"context":184},{"file":164,"line":336,"context":184},136,{"file":164,"line":338,"context":184},138,{"file":164,"line":340,"context":184},139,{"file":164,"line":342,"context":184},140,{"file":164,"line":344,"context":184},146,{"file":164,"line":346,"context":184},147,{"file":164,"line":348,"context":184},148,{"file":164,"line":350,"context":184},149,{"file":164,"line":352,"context":184},153,{"file":164,"line":354,"context":184},157,{"file":164,"line":356,"context":184},161,{"file":164,"line":358,"context":184},165,{"file":164,"line":360,"context":184},169,{"file":164,"line":362,"context":184},177,{"file":164,"line":364,"context":184},178,{"file":164,"line":366,"context":184},180,{"file":164,"line":232,"context":184},{"file":164,"line":369,"context":184},182,{"file":164,"line":371,"context":184},191,{"file":164,"line":373,"context":184},194,{"file":164,"line":375,"context":184},230,{"file":164,"line":377,"context":184},232,{"file":164,"line":379,"context":184},234,{"file":164,"line":381,"context":184},236,{"file":383,"line":188,"context":184},"includes\u002Fgeotools-trackable-principal.php",{"file":383,"line":190,"context":184},{"file":383,"line":192,"context":184},{"file":383,"line":194,"context":184},{"file":383,"line":196,"context":184},{"file":383,"line":198,"context":184},{"file":383,"line":107,"context":184},{"file":383,"line":63,"context":184},{"file":168,"line":150,"context":184},{"file":168,"line":393,"context":184},78,{"file":168,"line":157,"context":184},{"file":168,"line":396,"context":184},82,{"file":168,"line":398,"context":184},88,{"file":168,"line":400,"context":184},89,{"file":168,"line":402,"context":184},91,{"file":168,"line":97,"context":184},{"file":168,"line":405,"context":184},93,{"file":168,"line":296,"context":184},{"file":168,"line":42,"context":184},{"file":168,"line":409,"context":184},102,{"file":168,"line":411,"context":184},103,{"file":168,"line":212,"context":184},{"file":168,"line":299,"context":184},{"file":168,"line":318,"context":184},{"file":168,"line":416,"context":184},151,{"file":168,"line":352,"context":184},{"file":168,"line":419,"context":184},155,{"file":168,"line":354,"context":184},{"file":422,"line":423,"context":184},"options.php",71,{"file":422,"line":150,"context":184},{"file":422,"line":160,"context":184},{"file":422,"line":400,"context":184},{"file":422,"line":290,"context":184},{"file":422,"line":429,"context":184},101,{"file":422,"line":329,"context":184},{"file":422,"line":432,"context":184},134,{"file":422,"line":342,"context":184},{"file":422,"line":344,"context":184},{"file":422,"line":436,"context":184},152,{"file":422,"line":438,"context":184},158,{"file":422,"line":440,"context":184},173,26,[],[444],{"entryPoint":445,"graph":446,"unsanitizedCount":11,"severity":460},"\u003Coptions> (options.php:0)",{"nodes":447,"edges":457},[448,452],{"id":449,"type":450,"label":451,"file":422,"line":61},"n0","source","$_POST (x4)",{"id":453,"type":454,"label":455,"file":422,"line":271,"wp_function":456},"n1","sink","update_option() [Settings Manipulation]","update_option",[458],{"from":449,"to":453,"sanitized":459},true,"low",{"summary":462,"deductions":463},"The \"geo-tools\" plugin v1.0.7.2 exhibits a strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface, with zero identified entry points. The code also demonstrates good practices by utilizing prepared statements for all SQL queries, which is a critical defense against SQL injection vulnerabilities. Nonce and capability checks are present, indicating an awareness of WordPress security mechanisms for protecting actions. The lack of reported CVEs and historical vulnerabilities further suggests a generally secure development history. \n\nHowever, a notable concern arises from the output escaping. With only 3% of 149 total outputs properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. Any user-supplied data that is displayed to other users without proper sanitization could be exploited. The 26 file operations also represent potential points of concern if not handled with strict input validation and sanitization, especially if these operations involve user-controlled paths.\n\nIn conclusion, while the plugin has a minimal attack surface and uses secure database practices, the significant deficit in output escaping presents a serious and widespread potential for XSS vulnerabilities. This weakness, if exploited, could have severe consequences for users of the plugin.",[464,466],{"reason":465,"points":267},"Low percentage of properly escaped output",{"reason":467,"points":468},"Potential risk with file operations",5,"2026-04-16T13:34:52.601Z",{"wat":471,"direct":480},{"assetPaths":472,"generatorPatterns":475,"scriptPaths":476,"versionParams":477},[473,474],"\u002Fwp-content\u002Fplugins\u002Fgeo-tools\u002Fcss\u002Fgeotools-menus-style.css","\u002Fwp-content\u002Fplugins\u002Fgeo-tools\u002Fjs\u002Fgeotools-color-picker.js",[],[474],[478,479],"geo-tools-style","geo-tools-color-picker",{"cssClasses":481,"htmlComments":482,"htmlAttributes":509,"restEndpoints":510,"jsGlobals":511,"shortcodeOutput":513},[],[483,484,485,485,486,487,488,489,489,490,491,492,493,494,492,493,495,496,497,498,499,500,501,502,503,504,505,506,507,508]," Debut du Plugin "," Debuter le Plugin "," Definitions des Variables Fixes "," Chargement des Fichiers Externes Commun à tous les Widgets "," Ajoute le fichier des variables fixes "," Ajoute le Menu dans le BackOffice "," Ajoute le fichier des styles "," Ajoute le fichier des scripts "," Chargement des Fichiers Externes Widget Trackable "," Ajoute le fichier du widget de la trackable "," Ajoute le fichier de generation du trackable "," Chargement des Fichiers Externes Widget Statbar "," Base de donnees "," Chargement de dbDelta Library "," Charge les Traductions du Plugin "," Active le multilangue "," Ajoute les styles du Menu "," Ajoute les styles Color Picker "," Ajoute les scipts "," Empeche la lecture directe du fichier "," Mise en place des styles "," Style pour les Menus "," Mise en place du Color Picker "," Style pour les Colors Pickers "," Mise en place des scripts "," Script pour les Colors Pickers ",[],[],[512],"wpColorPicker",[],{"error":459,"url":515,"statusCode":516,"statusMessage":517,"message":517},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fgeo-tools\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":30,"versions":519},[520,526,533,540,547,554,561,568,575,582],{"version":6,"download_url":22,"svn_tag_url":521,"released_at":24,"has_diff":522,"diff_files_changed":523,"diff_lines":24,"trac_diff_url":524,"vulnerabilities":525,"is_current":459},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.7.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.7&new_path=%2Fgeo-tools%2Ftags%2F1.0.7.1",[],{"version":527,"download_url":528,"svn_tag_url":529,"released_at":24,"has_diff":522,"diff_files_changed":530,"diff_lines":24,"trac_diff_url":531,"vulnerabilities":532,"is_current":522},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.7\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.6.3&new_path=%2Fgeo-tools%2Ftags%2F1.0.7",[],{"version":534,"download_url":535,"svn_tag_url":536,"released_at":24,"has_diff":522,"diff_files_changed":537,"diff_lines":24,"trac_diff_url":538,"vulnerabilities":539,"is_current":522},"1.0.6.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.6.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.6.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.6.2&new_path=%2Fgeo-tools%2Ftags%2F1.0.6.3",[],{"version":541,"download_url":542,"svn_tag_url":543,"released_at":24,"has_diff":522,"diff_files_changed":544,"diff_lines":24,"trac_diff_url":545,"vulnerabilities":546,"is_current":522},"1.0.6.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.6.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.6.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.5&new_path=%2Fgeo-tools%2Ftags%2F1.0.6.2",[],{"version":548,"download_url":549,"svn_tag_url":550,"released_at":24,"has_diff":522,"diff_files_changed":551,"diff_lines":24,"trac_diff_url":552,"vulnerabilities":553,"is_current":522},"1.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.5\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.4.2&new_path=%2Fgeo-tools%2Ftags%2F1.0.5",[],{"version":555,"download_url":556,"svn_tag_url":557,"released_at":24,"has_diff":522,"diff_files_changed":558,"diff_lines":24,"trac_diff_url":559,"vulnerabilities":560,"is_current":522},"1.0.4.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.4.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.4.2\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.4.1&new_path=%2Fgeo-tools%2Ftags%2F1.0.4.2",[],{"version":562,"download_url":563,"svn_tag_url":564,"released_at":24,"has_diff":522,"diff_files_changed":565,"diff_lines":24,"trac_diff_url":566,"vulnerabilities":567,"is_current":522},"1.0.4.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.4.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.4.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.4&new_path=%2Fgeo-tools%2Ftags%2F1.0.4.1",[],{"version":569,"download_url":570,"svn_tag_url":571,"released_at":24,"has_diff":522,"diff_files_changed":572,"diff_lines":24,"trac_diff_url":573,"vulnerabilities":574,"is_current":522},"1.0.4","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.4.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.4\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.3&new_path=%2Fgeo-tools%2Ftags%2F1.0.4",[],{"version":576,"download_url":577,"svn_tag_url":578,"released_at":24,"has_diff":522,"diff_files_changed":579,"diff_lines":24,"trac_diff_url":580,"vulnerabilities":581,"is_current":522},"1.0.3","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.3.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.3\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fgeo-tools%2Ftags%2F1.0.2&new_path=%2Fgeo-tools%2Ftags%2F1.0.3",[],{"version":583,"download_url":584,"svn_tag_url":585,"released_at":24,"has_diff":522,"diff_files_changed":586,"diff_lines":24,"trac_diff_url":24,"vulnerabilities":587,"is_current":522},"1.0.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgeo-tools.1.0.2.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fgeo-tools\u002Ftags\u002F1.0.2\u002F",[],[]]