[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_1neElkIr3mDUvf1oH8yFS8MI8w_reY1fiCv9UTZy7Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":131,"fingerprints":217},"gp-toolbox","GP Toolbox","1.0.6","Pedro Mendonça","https:\u002F\u002Fprofiles.wordpress.org\u002Fpedromendonca\u002F","\u003Cp>This set of tools extends the functionality of GlotPress, bringing to light any potential problems hidden under the hood, keeping it clean, fast and trouble-free.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress dashboard:\n\u003Cul>\n\u003Cli>Admin menu link to GlotPress menu item.\u003C\u002Fli>\n\u003Cli>Admin menu link to the Tools page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>GlotPress menu:\n\u003Cul>\n\u003Cli>Menu item for GlotPress Tools.\u003C\u002Fli>\n\u003Cli>Menu item for WordPress dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>GlotPress project page:\n\u003Cul>\n\u003Cli>Adds ‘Old’, ‘Rejected’ and ‘Warnings’ columns to the project table of Translation Sets.\u003C\u002Fli>\n\u003Cli>Button to quickly and permanently delete ‘Old’ and ‘Rejected’ translations.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Tools:\n\u003Cul>\n\u003Cli>Permissions – Overview of Admins and Validators, quick delete, duplicates check.\u003C\u002Fli>\n\u003Cli>Originals – Overview of all Originals for each Project.\u003C\u002Fli>\n\u003Cli>Glossaries – Overview of Global Glossaries, Project Glossaries and Glossary entries.\u003C\u002Fli>\n\u003Cli>Translation Sets – Overview of all Translation Sets.\u003C\u002Fli>\n\u003Cli>Translations – Overview of all Translations, for each Translation Set.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>GlotPress v3.0.\u003C\u002Fli>\n\u003C\u002Ful>\n","Set of tools to help you manage your GlotPress.",0,1796,"2025-04-18T22:34:00.000Z","6.7.5","5.3","7.4",[18,19,20,21],"glotpress","i18n","toolbox","translation","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgp-toolbox\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-toolbox.1.0.6.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"pedromendonca",7,120,98,30,93,"2026-04-04T11:54:10.445Z",[37,50,74,94,111],{"slug":38,"name":39,"version":40,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":11,"num_ratings":11,"last_updated":44,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":45,"homepage":48,"download_link":49,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"gp-project-icon","GP Project Icon","1.0.1","\u003Cp>This GlotPress plugin allows you to add icons to your projects.\u003C\u002Fp>\n\u003Cp>Up to GlotPress v4.0.1 the templates ‘project.php’ and ‘projects.php’ don’t have the necessary hooks to easily add the icons on server side.\u003C\u002Fp>\n\u003Cp>For now the icons are added on the frontend with JavaScript.\u003C\u002Fp>\n\u003Cp>If the PR \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FGlotPress\u002FGlotPress\u002Fpull\u002F1864\" rel=\"nofollow ugc\">Add action hooks and filters to Projects and Project templates\u003C\u002Fa> is merged, then the JS is no longer needed and the template customization will be done the right way.\u003C\u002Fp>\n\u003Cp>The plugin uses \u003Ccode>gp_meta\u003C\u002Fcode> with the meta key \u003Ccode>project_icon\u003C\u002Fcode> to store the ID of the media library attachment, for each object of type \u003Ccode>project\u003C\u002Fcode> with a corresponding ID.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>GlotPress projects page:\n\u003Cul>\n\u003Cli>Icons on the left of the project names.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>GlotPress project page:\n\u003Cul>\n\u003Cli>Header icon above the project title.\u003C\u002Fli>\n\u003Cli>Icons on the left of the sub-project names.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>GlotPress project edit\u002Fnew form:\n\u003Cul>\n\u003Cli>Media file select field to choose an image from the media library.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Known issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Currently, GlotPress still does not delete meta when deleting a project, leading to orphaned meta.\u003C\u002Fli>\n\u003Cli>GlotPress does not clone the meta when branching a project, so any cloned projects do not inherit its icon.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>GlotPress v4.0.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add icons to your GlotPress projects.",774,"2025-04-18T22:35:00.000Z",[18,46,47,20,21],"icon","project","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgp-project-icon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgp-project-icon.1.0.1.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":16,"tags":65,"homepage":69,"download_link":70,"security_score":71,"vuln_count":72,"unpatched_count":11,"last_vuln_date":73,"fetched_at":26},"loco-translate","Loco Translate","2.8.3","Tim W","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimwhitlock\u002F","\u003Cp>Loco Translate provides in-browser editing of WordPress translation files and integration with automatic translation services.\u003C\u002Fp>\n\u003Cp>It also provides Gettext\u002Flocalization tools for developers, such as extracting strings and generating templates.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Built-in translation editor within WordPress admin\u003C\u002Fli>\n\u003Cli>Integration with translation APIs including DeepL, Google, Lecto, Microsoft and OpenAI.\u003C\u002Fli>\n\u003Cli>Create and update language files directly in your theme or plugin\u003C\u002Fli>\n\u003Cli>Extraction of translatable strings from your source code\u003C\u002Fli>\n\u003Cli>Native MO file compilation without the need for Gettext on your system\u003C\u002Fli>\n\u003Cli>JSON (Jed) file compilation compatible with WordPress script localization\u003C\u002Fli>\n\u003Cli>Support for standard PO features including comments, references and plural forms\u003C\u002Fli>\n\u003Cli>PO source view with clickable source code references\u003C\u002Fli>\n\u003Cli>Protected language directory for saving custom translations\u003C\u002Fli>\n\u003Cli>Configurable PO file backups with diff and restore capability\u003C\u002Fli>\n\u003Cli>Built-in WordPress locale codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Official \u003Ca href=\"https:\u002F\u002Flocalise.biz\u002F\" rel=\"nofollow ugc\">Loco\u003C\u002Fa> WordPress plugin by Tim Whitlock.\u003Cbr \u002F>\nFor more information please visit our \u003Ca href=\"https:\u002F\u002Flocalise.biz\u002Fwordpress\u002Fplugin\" rel=\"nofollow ugc\">plugin page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Keyboard shortcuts\u003C\u002Fh3>\n\u003Cp>The PO file editor supports the following keyboard shortcuts for faster translating:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Done and Next: \u003Ccode>Ctrl ↵\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Next string: \u003Ccode>Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↓\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Previous string: \u003Ccode>Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↑\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Next untranslated: \u003Ccode>Shift Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↓\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Previous untranslated: \u003Ccode>Shift Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↑\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Copy from source text: \u003Ccode>Ctrl B\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Clear translation: \u003Ccode>Ctrl K\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Toggle Fuzzy: \u003Ccode>Ctrl U\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Save PO \u002F compile MO: \u003Ccode>Ctrl S\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Toggle invisibles: \u003Ccode>Shift Ctrl I\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Suggest translation: \u003Ccode>Ctrl J\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Mac users can use ⌘ Cmd instead of Ctrl.\u003C\u002Fp>\n","Translate WordPress plugins and themes directly in your browser. Versatile PO file editor with integrated AI translation providers.",1000000,34331592,96,447,"2026-03-14T11:53:00.000Z","6.9.4","6.6",[19,66,67,68,21],"l10n","language","multilingual","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Floco-translate\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floco-translate.2.8.3.zip",95,4,"2026-03-30 15:35:09",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":32,"num_ratings":84,"last_updated":85,"tested_up_to":63,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":92,"download_link":93,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"performant-translations","Performant Translations","1.2.0","Pascal Birchler","https:\u002F\u002Fprofiles.wordpress.org\u002Fswissspidy\u002F","\u003Cp>Making internationalization\u002Flocalization in WordPress faster than ever before.\u003C\u002Fp>\n\u003Ch3>Disclaimer about WordPress 6.5\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Attention:\u003C\u002Fstrong> most functionality of this plugin has been merged into WordPress 6.5! You might not need it anymore.\u003C\u002Fp>\n\u003Cp>\u003Cem>However\u003C\u002Fem>, this plugin is still relevant for cases where language packs are not downloaded from WordPress.org but somewhere else, for example if you are developing your own plugins or using commercial plugins.\u003C\u002Fp>\n\u003Cp>The Performant Translations plugin converts the translation files of those plugins to the new file format introduced in WordPress 6.5, to really optimize them for speed.\u003C\u002Fp>\n\u003Ch3>What this plugin does\u003C\u002Fh3>\n\u003Cp>This project uses a new approach to handle translation files in WordPress, making localization blazing fast.\u003C\u002Fp>\n\u003Cp>An \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2023\u002F07\u002F24\u002Fi18n-performance-analysis\u002F\" rel=\"nofollow ugc\">in-depth i18n performance analysis\u003C\u002Fa> showed that localized WordPress sites load significantly slower than a site without translations.\u003C\u002Fp>\n\u003Cp>With this plugin’s new approach to localization, this overhead is massively reduced, making your site fast again. It does so by converting \u003Ccode>.mo\u003C\u002Fcode> translation files to \u003Ccode>.php\u003C\u002Fcode> files.\u003C\u002Fp>\n\u003Cp>If your site is using a language other than English (US), you should see immediate speed improvements simply by activating this plugin.\u003C\u002Fp>\n","Making internationalization\u002Flocalization in WordPress faster than ever before.",40000,192704,16,"2025-12-05T10:38:00.000Z","6.5","7.0",[19,89,90,91,21],"internationalization","localization","performance","https:\u002F\u002Fgithub.com\u002Fswissspidy\u002Fperformant-translations","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fperformant-translations.1.2.0.zip",{"slug":95,"name":96,"version":97,"author":78,"author_profile":79,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":24,"num_ratings":102,"last_updated":103,"tested_up_to":63,"requires_at_least":64,"requires_php":104,"tags":105,"homepage":106,"download_link":107,"security_score":108,"vuln_count":109,"unpatched_count":11,"last_vuln_date":110,"fetched_at":26},"preferred-languages","Preferred Languages","2.4.1","\u003Cp>Thanks to language packs it’s easier than ever before to change the main language of your site.\u003Cbr \u002F>\nHowever, in some cases a single locale is not enough. When WordPress can’t find a translation for the active locale, it falls back to the original English strings.\u003Cbr \u002F>\nThat’s a poor user experience for many non-English speakers.\u003C\u002Fp>\n\u003Cp>This feature project aims to change that by letting users choose multiple languages for displaying WordPress in.\u003Cbr \u002F>\nThat way you can set some sort of “fallback chain” where WordPress tries to load translations in your preferred order.\u003C\u002Fp>\n\u003Cp>Please help us test this plugin and let us know if something is not working as you think it should.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Keyboard Shortcuts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>Arrow Up\u003C\u002Fcode>: Move selected locale one position up.\u003C\u002Fli>\n\u003Cli>\u003Ccode>Arrow Down\u003C\u002Fcode>: Move selected locale one position down.\u003C\u002Fli>\n\u003Cli>\u003Ccode>Home\u003C\u002Fcode>: Select first locale in the list.\u003C\u002Fli>\n\u003Cli>\u003Ccode>End\u003C\u002Fcode>: Select last locale in the list.\u003C\u002Fli>\n\u003Cli>\u003Ccode>Backspace\u003C\u002Fcode>\u002F\u003Ccode>Delete\u003C\u002Fcode>: remove the selected locale from the list.\u003C\u002Fli>\n\u003Cli>\u003Ccode>Alt+A\u003C\u002Fcode>: Add the current locale from the dropdown to the list.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>: the Preferred Languages UI needs to be focused in order for the keyboard shortcuts to work.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Merging Translations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Previously, only the first available translation for a given locale and domain will be loaded.\u003Cbr \u002F>\nHowever, when translations are incomplete, some strings might still be displayed in English.\u003Cbr \u002F>\nThat’s a poor user experience as well.\u003C\u002Fp>\n\u003Cp>To prevent this, Preferred Languages now automatically merges all incomplete translations in the list.\u003C\u002Fp>\n\u003Cp>the \u003Ccode>preferred_languages_merge_translations\u003C\u002Fcode> filter can be used to opt out of this behavior.\u003Cbr \u002F>\nIt provides three parameters:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ccode>$merge\u003C\u002Fcode> – Whether translations should be merged. Defaults to \u003Ccode>true\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>$domain\u003C\u002Fcode> – The text domain\u003C\u002Fli>\n\u003Cli>\u003Ccode>$current_locale\u003C\u002Fcode> – The current locale.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>Active development is taking place on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fswissspidy\u002Fpreferred-languages\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you want to get involved, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fswissspidy\u002Fpreferred-languages\u002Fissues\" rel=\"nofollow ugc\">open issues\u003C\u002Fa> and join the \u003Ca href=\"https:\u002F\u002Fwordpress.slack.com\u002Fmessages\u002Fcore-i18n\" rel=\"nofollow ugc\">#core-i18n\u003C\u002Fa> channel on \u003Ca href=\"https:\u002F\u002Fwordpress.slack.com\u002F\" rel=\"nofollow ugc\">Slack\u003C\u002Fa>. If you don’t have a Slack account yet, you can sign up at \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fchat\u002F\" rel=\"nofollow ugc\">make.wordpress.org\u002Fchat\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","Choose languages for displaying WordPress in, in order of preference.",2000,108228,17,"2025-11-28T15:06:00.000Z","7.2.24",[19,89,67,90,21],"https:\u002F\u002Fgithub.com\u002Fswissspidy\u002Fpreferred-languages\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpreferred-languages.2.4.1.zip",99,1,"2024-05-30 00:00:00",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":119,"downloaded":120,"rating":60,"num_ratings":33,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":128,"download_link":129,"security_score":130,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"admin-in-english","Admin in English","1.2.1","Nikolay Bachiyski","https:\u002F\u002Fprofiles.wordpress.org\u002Fnbachiyski\u002F","\u003Cp>Sometimes we want the front end of our blog to be translated for the users, but keep the backend admin panel in English. Admin in English does just that.\u003C\u002Fp>\n","Admin in English lets you have your administration panel in English, even if the rest of your blog is translated into another language.",1000,41439,"2017-11-28T20:39:00.000Z","3.6.1","3.2","",[126,19,90,21,127],"admin","translations","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadmin-in-english\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-in-english.1.2.1.zip",85,{"attackSurface":132,"codeSignals":197,"taintFlows":210,"riskAssessment":211,"analyzedAt":216},{"hooks":133,"ajaxHandlers":193,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":11,"unprotectedCount":11},[134,140,145,150,155,159,162,167,172,176,180,183,185,187,189,191],{"type":135,"name":136,"callback":137,"file":138,"line":139},"action","gp_init","anonymous","gp-toolbox.php",81,{"type":135,"name":141,"callback":142,"file":143,"line":144},"rest_api_init","register_routes","includes\\class-rest-api.php",34,{"type":135,"name":146,"callback":147,"file":148,"line":149},"wp_enqueue_scripts","register_plugin_styles","includes\\class-toolbox.php",48,{"type":135,"name":151,"callback":152,"priority":153,"file":148,"line":154},"gp_pre_tmpl_load","pre_template_load",10,51,{"type":135,"name":156,"callback":157,"priority":153,"file":148,"line":158},"gp_post_tmpl_load","post_template_load",54,{"type":135,"name":160,"callback":160,"priority":153,"file":148,"line":161},"admin_menu",57,{"type":163,"name":164,"callback":165,"priority":153,"file":148,"line":166},"filter","gp_nav_menu_items","nav_menu_items",60,{"type":135,"name":168,"callback":169,"priority":170,"file":148,"line":171},"template_redirect","register_gp_routes",5,63,{"type":163,"name":173,"callback":174,"priority":153,"file":148,"line":175},"gp_tmpl_load_locations","template_load_locations",66,{"type":135,"name":177,"callback":178,"file":148,"line":179},"admin_notices","notice_gp_not_found",229,{"type":135,"name":146,"callback":181,"file":148,"line":182},"closure",278,{"type":135,"name":146,"callback":181,"file":148,"line":184},298,{"type":135,"name":146,"callback":181,"file":148,"line":186},319,{"type":135,"name":146,"callback":181,"file":148,"line":188},340,{"type":135,"name":146,"callback":181,"file":148,"line":190},361,{"type":135,"name":146,"callback":181,"file":148,"line":192},382,[],[],[],[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":201,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":208,"bundledLibraries":209},[],{"prepared":11,"raw":11,"locations":200},[],{"escaped":202,"rawEcho":109,"locations":203},203,[204],{"file":205,"line":206,"context":207},"gp-templates\\gptoolbox-permissions.php",383,"raw output",2,[],[],{"summary":212,"deductions":213},"The static analysis of \"gp-toolbox\" v1.0.6 reveals a strong security posture regarding code hygiene. The plugin demonstrates excellent practices by having 100% of its output properly escaped and 100% of its SQL queries utilizing prepared statements, eliminating common vulnerabilities related to cross-site scripting (XSS) and SQL injection. Furthermore, the absence of file operations and external HTTP requests reduces the potential attack surface. The plugin also exhibits a commendable lack of dangerous functions and unsanitized taint flows.\n\nHowever, a significant concern is the complete absence of nonce checks across all entry points. While the static analysis indicates a total of 0 unprotected entry points, the lack of nonces means that even if capability checks are in place, there's no defense against Cross-Site Request Forgery (CSRF) attacks if these entry points were ever exposed or misused. The plugin's vulnerability history is also clean, with no recorded CVEs, which is a positive indicator of past development quality. Nevertheless, the absence of direct security checks like nonces presents a potential weakness that could be exploited if an attack vector is discovered or introduced in future updates.\n\nIn conclusion, \"gp-toolbox\" v1.0.6 shows a very clean codebase with respect to common vulnerability types like XSS and SQL injection. Its adherence to secure coding practices for output escaping and SQL queries is highly commendable. The primary weakness lies in the lack of nonce checks, which, despite the current clean slate, leaves it susceptible to CSRF attacks. The absence of historical vulnerabilities is a good sign, but it doesn't negate the need for comprehensive security measures like nonce validation.",[214],{"reason":215,"points":153},"Missing nonce checks on entry points","2026-03-17T06:21:52.959Z",{"wat":218,"direct":231},{"assetPaths":219,"generatorPatterns":224,"scriptPaths":225,"versionParams":226},[220,221,222,223],"\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fcss\u002Fbackend.css","\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fcss\u002Ffrontend.css","\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fjs\u002Fbackend.js","\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fjs\u002Ffrontend.js",[],[222,223],[227,228,229,230],"\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fcss\u002Fbackend.css?ver=","\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fcss\u002Ffrontend.css?ver=","\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fjs\u002Fbackend.js?ver=","\u002Fwp-content\u002Fplugins\u002Fgp-toolbox\u002Fassets\u002Fjs\u002Ffrontend.js?ver=",{"cssClasses":232,"htmlComments":234,"htmlAttributes":236,"restEndpoints":241,"jsGlobals":245,"shortcodeOutput":247},[233],"gp-toolbox-menu-item",[235],"\u003C!-- GP Toolbox -->",[237,238,239,240],"data-gp-toolbox-id","data-gp-toolbox-project","data-gp-toolbox-locale","data-gp-toolbox-translation-set",[242,243,244],"\u002Fwp-json\u002Fgp-toolbox\u002Fv1\u002Fprojects","\u002Fwp-json\u002Fgp-toolbox\u002Fv1\u002Flocales","\u002Fwp-json\u002Fgp-toolbox\u002Fv1\u002Ftranslation-sets",[246],"gp_toolbox_params",[]]