[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDuh0CqMU4zH-c2efXl_XiqAdd_hBZ9y1QPVNRe3VzNE":3,"$fcu4OmDcIBshkpyzxdRJ8bsIpnFsA_TPuUwFsxyaXc6M":268,"$fvc1dCG2qGZ2E2nITNERjBdZgu3ttxUtGyoZTl25rJlk":273},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":35,"analysis":134,"fingerprints":235},"get-user-info","Get User Info","1.2","graphical_force","https:\u002F\u002Fprofiles.wordpress.org\u002Fgraphical_force\u002F","\u003Cp>Choose to display any of the following for any user: user name, first and last name, avatar, description or website. A title can be added along with a css class to allow styling if needed. Is available as a widget or shortcode. Use [userinfo user=”User Name” class=”CssClass” title=”My Title” username=”true” name=”true” avatar=”true” description=”true” website=”true”].\u003C\u002Fp>\n","Display's username, first and last name, avatar, description, or website of any user via widget or shortcode.",10,2718,0,"2013-11-19T23:07:00.000Z","3.7.41","3.0","",[19,20,21],"shortcode","user","users","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fget-user-info\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fget-user-info.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},2,80,30,84,"2026-05-20T09:01:57.974Z",[36,58,79,97,115],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":17,"tags":51,"homepage":55,"download_link":56,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"user-access-shortcodes","User Access Shortcodes","2.3","WP Darko","https:\u002F\u002Fprofiles.wordpress.org\u002Fspwebguy\u002F","\u003Cp>This is the simplest way of controlling who sees what in your posts\u002Fpages. This plugin allows you to restrict content to logged in users only (or guests, or by roles) with simple shortcodes. What you see is what you get, and it’s totally free.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>Show content only for Guests\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[UAS_guest]\nThis content can only be seen by guests.\n[\u002FUAS_guest]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Show content only for Registered\u002FLogged in users\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[UAS_loggedin]\nThis content can only be seen by logged in users.\n[\u002FUAS_loggedin]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Show content ony for specific roles\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[UAS_role roles=\"administrator, editor\"]\nThis content can only be seen by administrators and editors.\n[\u002FUAS_role]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Show content ony for specific users\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[UAS_specific ids=\"23, 127\"]\nThis content can only be seen by users with IDs 23 and 127.\n[\u002FUAS_specific]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Several extra parameters are available, please go to \u003Ca href=\"https:\u002F\u002Fwpdarko.com\u002Fsupport\u002Fget-started-with-the-user-access-shortcodes-plugin\u002F\" rel=\"nofollow ugc\">the plugin’s documentation\u003C\u002Fa> if you need more information on how to use this plugin.\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>Find help on \u003Ca href=\"https:\u002F\u002Fwpdarko.com\u002Fsupport\" rel=\"nofollow ugc\">our support platform\u003C\u002Fa> for this plugin (we’ll answer you fast, promise).\u003C\u002Fp>\n","The simplest way of controlling who sees what in your posts\u002Fpages. Restrict content to logged in users only (or guests, or by roles) with simple short &hellip;",1000,23529,98,13,"2026-01-29T19:32:00.000Z","6.9.4","3.6",[52,53,54,20,21],"access-shortcodes","logged","logged-in","https:\u002F\u002Fwpdarko.com\u002Fsupport\u002Fget-started-with-the-user-access-shortcodes-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-access-shortcodes.2.3.zip",100,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":77,"download_link":78,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"bp-xprofile-shortcode","BP XProfile Shortcode","1.0.1","TylerDigital","https:\u002F\u002Fprofiles.wordpress.org\u002Ftylerdigital\u002F","\u003Cp>Adds Shortcode for BuddyPress XProfile data\u003C\u002Fp>\n\u003Cp>For quick reference, here is a list of example shortcodes:\u003C\u002Fp>\n\u003Cp>Reference field by ID in case name changes:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=12]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city using default user detection (currently displayed BP profile, fallback to author of current page\u002Fpost, fallback to currently logged in user):\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City”]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city for a specific user by ID or username:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=20]\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=”someusername”]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Override the default user detection by specifying method:\u003Cbr \u002F>\nOutput city for the currently logged in user (blank if no user is logged in):\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=current]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city for the author of the current page\u002Fpost being viewed:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=author]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Output city for the currently displayed BuddyPress profile:\u003Cbr \u002F>\n\u003Cstrong>[xprofile field=”City” user=displayed]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ftylerdigital.com\u002Fproducts\u002Fbp-xprofile-shortcode-plugin\u002F\" rel=\"nofollow ugc\">Learn more about BP XProfile Shortcode\u003C\u002Fa>\u003C\u002Fp>\n","Adds Shortcode for BuddyPress XProfile data",50,9141,60,4,"2015-04-25T00:24:00.000Z","3.9.40","3.5",[74,19,75,21,76],"buddypress","user-meta","xprofile","http:\u002F\u002Ftylerdigital.com\u002Flabs\u002Fbp-xprofile-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-xprofile-shortcode.1.0.1.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":11,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":17,"tags":91,"homepage":95,"download_link":96,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"faces-of-users","Faces of Users","0.0.3","Matt McInvale","https:\u002F\u002Fprofiles.wordpress.org\u002Fmcinvale\u002F","\u003Cp>\u003Cstrong>Faces of Users\u003C\u002Fstrong> gives you a shortcode to display all of your registered users Gravatars. Current options include; sizing, displaying user names and default Gravatar.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install plugin\u003C\u002Fli>\n\u003Cli>Add [facesofusers] shortcode to your content\u003C\u002Fli>\n\u003Cli>Done!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fbinarym.com\u002F2010\u002Ffaces-of-users-plugin\u002F\" rel=\"nofollow ugc\">Some examples and feature requests for Faces of Users on BinaryM.com\u003C\u002Fa>\u003C\u002Fp>\n","Display registered users Gravatars on a single page with shortcode.",2954,"2010-05-25T00:45:00.000Z","2.9.2","2.7",[92,93,19,94,21],"fun","gravatars","tacos","http:\u002F\u002Fbinarym.com\u002F2010\u002Ffaces-of-users-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffaces-of-users.zip",{"slug":98,"name":99,"version":61,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":13,"downloaded":104,"rating":57,"num_ratings":105,"last_updated":106,"tested_up_to":49,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":101,"download_link":114,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"karma-contenuto-protetto","Karma Protected Content","Ermanno Devitofrancesco","https:\u002F\u002Fprofiles.wordpress.org\u002Fermannaro\u002F","\u003Cp>This plugin is a minimal, lightweight solution that lets you protect specific parts of your WordPress post content, making them visible only to registered users.\u003C\u002Fp>\n\u003Cp>Visitors who are not logged in will see a customizable colored banner with a button that links to the registration page.\u003C\u002Fp>\n\u003Ch4>Main features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple shortcode: \u003Ccode>[contenuto_protetto]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Customizable banner for non-registered users\u003C\u002Fli>\n\u003Cli>Default messages configurable in settings\u003C\u002Fli>\n\u003Cli>Custom link for the registration page\u003C\u002Fli>\n\u003Cli>Meta box in the editor sidebar with usage instructions\u003C\u002Fli>\n\u003Cli>Responsive, modern design\u003C\u002Fli>\n\u003Cli>Lightweight and performant\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How it works:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Wrap the content you want to protect with the \u003Ccode>[contenuto_protetto]\u003C\u002Fcode> shortcode\u003C\u002Fli>\n\u003Cli>Registered users will see the content as usual\u003C\u002Fli>\n\u003Cli>Non-registered visitors will see a banner with a registration button\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Customization:\u003C\u002Fh4>\n\u003Cp>You can customize:\u003Cbr \u002F>\n* Banner title\u003Cbr \u002F>\n* Banner text\u003Cbr \u002F>\n* Banner background color\u003Cbr \u002F>\n* Button text\u003Cbr \u002F>\n* Registration page link\u003C\u002Fp>\n\u003Cp>All settings are available under \u003Cstrong>Settings > Protected Content\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Usage examples:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Basic example:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>[contenuto_protetto]\u003Cbr \u002F>\nThis text is for registered users only.\u003Cbr \u002F>\n[\u002Fcontenuto_protetto]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With custom options:\u003C\u002Fstrong>\u003Cbr \u002F>\n    \u003Ccode>[contenuto_protetto titolo=\"Premium Content\" testo=\"Register to read\" colore=\"#ff0000\"]\u003Cbr \u002F>\nProtected content here\u003Cbr \u002F>\n[\u002Fcontenuto_protetto]\u003C\u002Fcode>\u003C\u002Fp>\n","Protect parts of your post content with a simple shortcode, visible only to registered users.",221,1,"2026-03-16T16:42:00.000Z","5.0","7.4",[110,111,112,113,19],"content-restriction","content-protection","membership","registered-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkarma-contenuto-protetto.1.0.1.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":46,"num_ratings":125,"last_updated":126,"tested_up_to":49,"requires_at_least":127,"requires_php":108,"tags":128,"homepage":132,"download_link":133,"security_score":57,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"user-switching","User Switching","1.11.2","John Blackbourn","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnbillion\u002F","\u003Cp>This plugin allows you to quickly swap between user accounts in WordPress at the click of a button. You’ll be instantly logged out and logged in as your desired user. This is handy for helping customers on WooCommerce sites, membership sites, testing environments, or for any site where administrators need to switch between multiple accounts.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Switch user: Instantly switch to any user account from the \u003Cem>Users\u003C\u002Fem> screen.\u003C\u002Fli>\n\u003Cli>Switch back: Instantly switch back to your originating account.\u003C\u002Fli>\n\u003Cli>Switch off: Log out of your account but retain the ability to instantly switch back in again.\u003C\u002Fli>\n\u003Cli>Compatible with Multisite, WooCommerce, BuddyPress, and bbPress.\u003C\u002Fli>\n\u003Cli>Compatible with most membership and user management plugins.\u003C\u002Fli>\n\u003Cli>Compatible with most two-factor authentication solutions (see the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more info).\u003C\u002Fli>\n\u003Cli>Approved for use on enterprise-grade WordPress platforms such as \u003Ca href=\"https:\u002F\u002Fwww.altis-dxp.com\u002F\" rel=\"nofollow ugc\">Altis\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwpvip.com\u002F\" rel=\"nofollow ugc\">WordPress VIP\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note: User Switching supports versions of WordPress up to three years old, and PHP version 7.4 or higher.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Only users with the ability to edit other users can switch user accounts. By default this is only Administrators on single site installations, and Super Admins on Multisite installations.\u003C\u002Fli>\n\u003Cli>Passwords are not (and cannot be) revealed.\u003C\u002Fli>\n\u003Cli>Uses the cookie authentication system in WordPress when remembering the account(s) you’ve switched from and when switching back.\u003C\u002Fli>\n\u003Cli>Implements the nonce security system in WordPress, meaning only those who intend to switch users can switch.\u003C\u002Fli>\n\u003Cli>Full support for user session validation where appropriate.\u003C\u002Fli>\n\u003Cli>Full support for HTTPS.\u003C\u002Fli>\n\u003Cli>Backed by \u003Ca href=\"https:\u002F\u002Fpatchstack.com\u002Fdatabase\u002Fvdp\u002Fuser-switching\" rel=\"nofollow ugc\">the Patchstack Vulnerability Disclosure Program\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Visit the \u003Cem>Users\u003C\u002Fem> menu in WordPress and you’ll see a \u003Cem>Switch To\u003C\u002Fem> link in the list of action links for each user.\u003C\u002Fli>\n\u003Cli>Click this and you will immediately switch into that user account.\u003C\u002Fli>\n\u003Cli>You can switch back to your originating account via the \u003Cem>Switch back\u003C\u002Fem> link on each dashboard screen or in your profile menu in the WordPress toolbar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for information about the \u003Cem>Switch Off\u003C\u002Fem> feature.\u003C\u002Fp>\n\u003Ch3>Other Plugins\u003C\u002Fh3>\n\u003Cp>I maintain several other plugins for developers. Check them out:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> is the developer tools panel for WordPress\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-crontrol\u002F\" rel=\"ugc\">WP Crontrol\u003C\u002Fa> lets you view and control what’s happening in the WP-Cron system\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>User Switching does not send data to any third party, nor does it include any third party resources, nor will it ever do so.\u003C\u002Fp>\n\u003Cp>User Switching makes use of browser cookies in order to allow users to switch to another account. Its cookies operate using the same mechanism as the authentication cookies in WordPress core, which means their values contain the user’s \u003Ccode>user_login\u003C\u002Fcode> field in plain text which should be treated as potentially personally identifiable information (PII) for privacy and regulatory reasons (GDPR, CCPA, etc). The names of the cookies are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wordpress_user_sw_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wordpress_user_sw_secure_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>wordpress_user_sw_olduser_{COOKIEHASH}\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See also the FAQ for some questions relating to privacy and safety when switching between users.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>User Switching aims to be fully accessible to all of its users. It implements best practices for web accessibility, outputs semantic and structured markup, adheres to the default styles and accessibility guidelines of WordPress, uses the accessibility APIs provided by WordPress and web browsers where appropriate, and is fully accessible via keyboard.\u003C\u002Fp>\n\u003Cp>User Switching should adhere to Web Content Accessibility Guidelines (WCAG) 2.0 at level AA when used with a recent version of WordPress where its admin area itself adheres to these guidelines. If you’ve experienced or identified an accessibility issue in User Switching, please open a thread in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fuser-switching\u002F\" rel=\"ugc\">the User Switching plugin support forum\u003C\u002Fa> and I’ll address it swiftly.\u003C\u002Fp>\n","Instant switching between user accounts in WordPress and WooCommerce.",200000,5569897,238,"2026-02-27T00:17:00.000Z","6.1",[129,130,116,21,131],"fast-user-switching","multisite","woocommerce","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fuser-switching\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-switching.1.11.2.zip",{"attackSurface":135,"codeSignals":151,"taintFlows":220,"riskAssessment":221,"analyzedAt":234},{"hooks":136,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":150,"entryPointCount":105,"unprotectedCount":13},[137],{"type":138,"name":139,"callback":140,"file":141,"line":142},"action","widgets_init","anonymous","getUserInfo.php",210,[],[],[146],{"tag":147,"callback":148,"file":141,"line":149},"userinfo","getUserInfo",269,[],{"dangerousFunctions":152,"sqlUsage":156,"outputEscaping":158,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":219},[153],{"fn":154,"file":141,"line":142,"context":155},"create_function","add_action( 'widgets_init', create_function( '', 'register_widget( \"featured_widget\" );' ) );",{"prepared":13,"raw":13,"locations":157},[],{"escaped":159,"rawEcho":160,"locations":161},6,33,[162,165,167,169,171,172,174,176,178,179,181,183,184,186,188,189,191,193,194,196,198,199,201,203,204,206,208,209,211,213,214,216,218],{"file":141,"line":163,"context":164},75,"raw output",{"file":141,"line":166,"context":164},77,{"file":141,"line":168,"context":164},78,{"file":141,"line":170,"context":164},79,{"file":141,"line":31,"context":164},{"file":141,"line":173,"context":164},81,{"file":141,"line":175,"context":164},82,{"file":141,"line":177,"context":164},83,{"file":141,"line":33,"context":164},{"file":141,"line":180,"context":164},149,{"file":141,"line":182,"context":164},150,{"file":141,"line":182,"context":164},{"file":141,"line":185,"context":164},152,{"file":141,"line":187,"context":164},153,{"file":141,"line":187,"context":164},{"file":141,"line":190,"context":164},156,{"file":141,"line":192,"context":164},157,{"file":141,"line":192,"context":164},{"file":141,"line":195,"context":164},164,{"file":141,"line":197,"context":164},167,{"file":141,"line":197,"context":164},{"file":141,"line":200,"context":164},172,{"file":141,"line":202,"context":164},175,{"file":141,"line":202,"context":164},{"file":141,"line":205,"context":164},180,{"file":141,"line":207,"context":164},183,{"file":141,"line":207,"context":164},{"file":141,"line":210,"context":164},188,{"file":141,"line":212,"context":164},191,{"file":141,"line":212,"context":164},{"file":141,"line":215,"context":164},196,{"file":141,"line":217,"context":164},199,{"file":141,"line":217,"context":164},[],[],{"summary":222,"deductions":223},"The \"get-user-info\" plugin version 1.2 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and has no recorded vulnerability history, indicating a potentially stable and well-maintained codebase. The attack surface is minimal, with only one shortcode identified as an entry point, and crucially, no unauthenticated entry points were found. This suggests a deliberate effort to limit exposure. \n\nHowever, there are significant concerns within the static analysis. The presence of the `create_function` dangerous function is a critical red flag, as it is a known source of security vulnerabilities, particularly when user input is involved, although taint analysis currently shows no unsanitized flows. Furthermore, the output escaping is very poor, with only 15% of outputs properly escaped, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks, even for the identified shortcode, is a major oversight that leaves the plugin susceptible to various attacks if any part of its functionality can be triggered by external input.",[224,227,230,232],{"reason":225,"points":226},"Dangerous function create_function used",15,{"reason":228,"points":229},"Poor output escaping (15% properly escaped)",8,{"reason":231,"points":11},"Missing nonce checks",{"reason":233,"points":11},"Missing capability checks","2026-03-17T01:31:22.214Z",{"wat":236,"direct":242},{"assetPaths":237,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[238],"\u002Fwp-content\u002Fplugins\u002Fget-user-info\u002Fget-user-info.php",[],[],[],{"cssClasses":243,"htmlComments":245,"htmlAttributes":246,"restEndpoints":264,"jsGlobals":265,"shortcodeOutput":266},[244],"widget-title",[],[247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263],"id=\"featured_widget\"","for=\"get_user_info_title\"","name=\"get_user_info_title\"","id=\"get_user_info_cssClass\"","name=\"get_user_info_cssClass\"","id=\"get_user_info_userName\"","name=\"get_user_info_userName\"","id=\"get_user_info_userNameDisplay\"","name=\"get_user_info_userNameDisplay\"","id=\"get_user_info_firstLast\"","name=\"get_user_info_firstLast\"","id=\"get_user_info_avatar\"","name=\"get_user_info_avatar\"","id=\"get_user_info_description\"","name=\"get_user_info_description\"","id=\"get_user_info_website\"","name=\"get_user_info_website\"",[],[],[267],"[userinfo user=\"User Name\" class=\"CssClass\" title=\"My Title\" username=\"true\" name=\"true\" avatar=\"true\" description=\"true\" website=\"true\"]",{"error":269,"url":270,"statusCode":271,"statusMessage":272,"message":272},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fget-user-info\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":69,"versions":274},[275,283,290,297],{"version":276,"download_url":277,"svn_tag_url":278,"released_at":25,"has_diff":279,"diff_files_changed":280,"diff_lines":25,"trac_diff_url":281,"vulnerabilities":282,"is_current":279},"1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fget-user-info.1.1.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fget-user-info\u002Ftags\u002F1.1\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fget-user-info%2Ftags%2F1.0.9&new_path=%2Fget-user-info%2Ftags%2F1.1",[],{"version":284,"download_url":285,"svn_tag_url":286,"released_at":25,"has_diff":279,"diff_files_changed":287,"diff_lines":25,"trac_diff_url":288,"vulnerabilities":289,"is_current":279},"1.0.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fget-user-info.1.0.9.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fget-user-info\u002Ftags\u002F1.0.9\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fget-user-info%2Ftags%2F1.0.8&new_path=%2Fget-user-info%2Ftags%2F1.0.9",[],{"version":291,"download_url":292,"svn_tag_url":293,"released_at":25,"has_diff":279,"diff_files_changed":294,"diff_lines":25,"trac_diff_url":295,"vulnerabilities":296,"is_current":279},"1.0.8","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fget-user-info.1.0.8.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fget-user-info\u002Ftags\u002F1.0.8\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fget-user-info%2Ftags%2F1.0.7&new_path=%2Fget-user-info%2Ftags%2F1.0.8",[],{"version":298,"download_url":299,"svn_tag_url":300,"released_at":25,"has_diff":279,"diff_files_changed":301,"diff_lines":25,"trac_diff_url":25,"vulnerabilities":302,"is_current":279},"1.0.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fget-user-info.1.0.7.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fget-user-info\u002Ftags\u002F1.0.7\u002F",[],[]]