[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEjXSOrgoMsfqIx6m8h72CyVGd_W4ugbrLdDS1d9FlVI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":106,"fingerprints":147},"gp-add-gp-profile-to-wp-profile","GP Add GP Profile to WP Profile","0.6","Greg Ross","https:\u002F\u002Fprofiles.wordpress.org\u002Fgregross\u002F","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that adds the GlotPress user profile settings to the WordPress profile page.\u003C\u002Fp>\n\u003Cp>Requires GlotPress V2.0 or above.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress Plugin that adds the GlotPress user profile settings to the WordPress profile page.",10,1898,100,1,"2023-12-03T02:47:00.000Z","6.4.8","4.4","",[20,21],"glotpress","translation","http:\u002F\u002Fglotpress.org\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-add-gp-profile-to-wp-profile.0.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"gregross",34,7510,88,39,80,"2026-04-04T11:13:47.088Z",[38,60,75,86,96],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":58,"download_link":59,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"localize","Localize WordPress","0.4","S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushkov\u002F","\u003Cp>This plugin allows you to switch your WordPress installation to use any of the\u003Cbr \u002F>\nlanguages available on \u003Ca href=\"http:\u002F\u002Ftranslate.wordpress.org\" rel=\"nofollow ugc\">GlotPress\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Some of the features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No gettext compiler required!\u003C\u002Fli>\n\u003Cli>Does all the dirty work from editing \u003Ccode>wp-config.php\u003C\u002Fcode> to downloading the right files\u003C\u002Fli>\n\u003Cli>Can switch between versions. Available: stable and dev\u003C\u002Fli>\n\u003Cli>Uses GlotPress api!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cdiv class=\"embed-vimeo\" style=\"text-align: center;\">\u003Ciframe loading=\"lazy\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F19433386\" width=\"750\" height=\"422\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen>\u003C\u002Fiframe>\u003C\u002Fdiv>\n","Easily switch to any localization from GlotPress",200,23338,90,2,"2011-07-06T00:08:00.000Z","3.2.1","2.9",[20,54,55,56,57],"locale","localization","switch","translations","https:\u002F\u002Fgithub.com\u002Fstas\u002Flocalize","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flocalize.0.4.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":13,"downloaded":68,"rating":25,"num_ratings":25,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":73,"download_link":74,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"wp-translation","WP Translation Status","0.1","Pascal Casier","https:\u002F\u002Fprofiles.wordpress.org\u002Fcasiepa\u002F","\u003Cp>Let admins have a direct way to the translation of a plugin with an action link on the plugins page.\u003C\u002Fp>\n\u003Cp>Current features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>It verifies the local site language and points you to the plugins central translation on GlotPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","Make a link to GlotPress centralised translation so contributor can help translating the plugin that do not have yet a translation in the local site l &hellip;",843,"2016-09-05T07:58:00.000Z","4.6.30","4.0",[20,21],"http:\u002F\u002Fcasier.eu\u002Fwp-dev","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-translation.zip",{"slug":76,"name":77,"version":78,"author":7,"author_profile":8,"description":79,"short_description":80,"active_installs":35,"downloaded":81,"rating":25,"num_ratings":25,"last_updated":82,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":83,"homepage":84,"download_link":85,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"gp-removed-powered-by","GP Remove Powered By","1.0","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that removes the “Powered By” in the footer.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress plugin that removes the \"Powered By\" in the footer.",6393,"2023-12-03T02:50:00.000Z",[20,21],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-remove-powered-by","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-removed-powered-by.1.0.zip",{"slug":87,"name":88,"version":78,"author":7,"author_profile":8,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":93,"homepage":94,"download_link":95,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"gp-additional-links","GP Additional Links","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress-WP\" rel=\"nofollow ugc\">GlotPress as a WordPress plugin\u003C\u002Fa> that adds a link to the WordPress dashboard for admins in the GlotPress page as well as a link to the GlotPress page in the WordPress admin menu.\u003C\u002Fp>\n","A plugin for GlotPress as a WordPress plugin that adds a link to the WordPress dashboard for admins in the GlotPress page as well as a link to the Glo &hellip;",20,2044,[20,21],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-additional-links","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-additional-links.1.0.zip",{"slug":97,"name":98,"version":6,"author":7,"author_profile":8,"description":99,"short_description":100,"active_installs":91,"downloaded":101,"rating":13,"num_ratings":14,"last_updated":102,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":103,"homepage":104,"download_link":105,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"gp-download-name","GP Download Name","\u003Cp>A plugin for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fglotpress\" rel=\"ugc\">GlotPress\u003C\u002Fa> that uses a customizable template for the download file name.\u003C\u002Fp>\n\u003Cp>Simply install, activate and configure via the WordPress settings menu.\u003C\u002Fp>\n\u003Cp>Note: this plugin requires GlotPress 2.3 or above.\u003C\u002Fp>\n","A plugin for GlotPress that uses a customizable template for the download file name.",1869,"2023-12-03T02:48:00.000Z",[20,21],"http:\u002F\u002Fglot-o-matic.com\u002Fgp-download-name","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-download-name.0.6.zip",{"attackSurface":107,"codeSignals":132,"taintFlows":139,"riskAssessment":140,"analyzedAt":146},{"hooks":108,"ajaxHandlers":128,"restRoutes":129,"shortcodes":130,"cronEvents":131,"entryPointCount":25,"unprotectedCount":25},[109,115,118,121,124],{"type":110,"name":111,"callback":112,"priority":11,"file":113,"line":114},"action","show_user_profile","gp_wp_profile","gp-add-gp-profile-to-wp-profile.php",18,{"type":110,"name":116,"callback":112,"priority":11,"file":113,"line":117},"edit_user_profile",19,{"type":110,"name":119,"callback":120,"priority":11,"file":113,"line":91},"personal_options_update","gp_wp_profile_update",{"type":110,"name":122,"callback":120,"priority":11,"file":113,"line":123},"edit_user_profile_update",21,{"type":110,"name":125,"callback":126,"file":113,"line":127},"gp_init","gp_add_gp_profile_to_wp_profile_init",59,[],[],[],[],{"dangerousFunctions":133,"sqlUsage":134,"outputEscaping":136,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":49,"bundledLibraries":138},[],{"prepared":25,"raw":25,"locations":135},[],{"escaped":25,"rawEcho":25,"locations":137},[],[],[],{"summary":141,"deductions":142},"The static analysis of gp-add-gp-profile-to-wp-profile v0.6 reveals a strong adherence to WordPress security best practices. The absence of any identified attack surface points, dangerous functions, raw SQL queries, unescaped output, file operations, external HTTP requests, or taint flows with unsanitized paths is highly commendable. The plugin also correctly utilizes capability checks, indicating a good understanding of WordPress's role-based access control system. The vulnerability history being clean further reinforces a positive security posture.  \n\nHowever, the lack of any nonces is a notable concern. While the current analysis doesn't reveal immediate exploitable vulnerabilities, nonce checks are a fundamental security layer against Cross-Site Request Forgery (CSRF) attacks. The absence of any AJAX handlers or REST API routes without auth checks is a strength, but the plugin's overall limited entry points mean that any future additions could introduce new risks if not properly secured. \n\nIn conclusion, this plugin exhibits excellent security hygiene in its current state, with no critical or high-risk issues detected. The primary area for improvement is the implementation of nonce checks, which would further strengthen its defenses against a common class of web vulnerabilities. The clean vulnerability history suggests a well-maintained codebase, but ongoing vigilance and the addition of nonce checks are recommended.",[143],{"reason":144,"points":145},"Missing nonce checks",5,"2026-03-16T23:45:22.162Z",{"wat":148,"direct":153},{"assetPaths":149,"generatorPatterns":150,"scriptPaths":151,"versionParams":152},[],[],[],[],{"cssClasses":154,"htmlComments":156,"htmlAttributes":157,"restEndpoints":158,"jsGlobals":159,"shortcodeOutput":160},[155],"gp-profile",[],[],[],[],[]]