[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9I4yUmsLZn9UZtTeXstlqbU4xFzrx2PSJawFjTQybRU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":92,"fingerprints":301},"great-feature-toggle","Great Feature Toggle – Feature Flags for WordPress","6.5.6","Geoff Mulligan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgmulligan\u002F","\u003Cp>Great Feature Toggle is a lightweight feature toggle plugin for WordPress that allows administrators to quickly enable or disable site functionality from a single admin panel.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlights\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Simple Contact Form\u003C\u002Fstrong> shortcode: built-in \u003Cem>CAPTCHA\u003C\u002Fem> and sane validation.\u003Cbr \u002F>\n* \u003Cstrong>SEO Meta\u003C\u002Fstrong>: set site title\u002Fdescription (lightweight, theme-agnostic).\u003Cbr \u002F>\n* \u003Cstrong>Custom Login Logo\u003C\u002Fstrong>: for branded admin\u002Flogin views.\u003Cbr \u002F>\n* \u003Cstrong>Custom Mail-From\u003C\u002Fstrong>: set name\u002Faddress (including envelope) for outgoing emails.\u003Cbr \u002F>\n* \u003Cstrong>Disable Comments\u003C\u002Fstrong>: site-wide for posts\u002Fmedia (fully reversible).\u003Cbr \u002F>\n* \u003Cstrong>Force Login\u003C\u002Fstrong>: limit pages with \u003Cem>allowlist\u003C\u002Fem> of public paths (e.g., \u002Fprivacy-policy, \u002Fcontact).\u003Cbr \u002F>\n* \u003Cstrong>Hide Login\u002FAccount Nav Links\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Hide Admin Screen Options & Help Tabs\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Cstrong>Hide Menu Items\u003C\u002Fstrong>: a limit menu for logged out users.\u003Cbr \u002F>\n* \u003Cstrong>Shortcodes\u003C\u002Fstrong>: \u003Ccode>[grftg_message]\u003C\u002Fcode> to output a message; \u003Ccode>[grftg_reading_time]\u003C\u002Fcode> to show estimated reading time.\u003Cbr \u002F>\n* Built to WordPress coding standards and security best-practices (nonces, capabilities, escaping\u002Fsanitization).\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Performance-optimized compilation system\u003Cbr \u002F>\n* Categorized feature organization\u003Cbr \u002F>\n* Real-time admin interface\u003Cbr \u002F>\n* Robust error handling\u003Cbr \u002F>\n* Translation ready\u003C\u002Fp>\n\u003Ch3>WordPress Feature Toggles\u003C\u002Fh3>\n\u003Cp>Great Feature Toggle adds simple feature toggles so you can enable or disable WordPress features without modifying code.\u003C\u002Fp>\n\u003Ch3>Feature Flag Plugin\u003C\u002Fh3>\n\u003Cp>Great Feature Toggle acts as a feature flag plugin for WordPress administrators who want to enable or disable functionality without modifying code.\u003C\u002Fp>\n","Great Feature Toggle is a WordPress feature toggle and feature flag plugin that lets administrators enable or disable WordPress features such as conta &hellip;",0,299,"2026-03-14T20:51:00.000Z","6.9.4","6.0","7.4",[18,19,20,21,22],"feature-flag","feature-flags","feature-management-plugin","feature-toggle","wordpress-feature-toggle","https:\u002F\u002Fwww.mulligan.com\u002Fgft","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgreat-feature-toggle.6.5.6.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"gmulligan",1,30,94,"2026-04-05T02:45:26.434Z",[36,54,73],{"slug":19,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":11,"num_ratings":11,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"Feature Flags","0.4.1","Mohan Raj","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohanrajp\u002F","\u003Cp>Feature flags allows developers to configure features behind the feature flags on both Server(PHP) and Client(JS\u002FTS) side.\u003C\u002Fp>\n","Feature flags allows developers to configure features behind the feature flags on both Server(PHP) and Client(JS\u002FTS) side.",10,3609,"2025-09-04T19:30:00.000Z","6.8.5","6.4","8.1",[19,50,51],"flags","wp-feature-flags","https:\u002F\u002Fgithub.com\u002Fcodebtech\u002Fwp-feature-flags","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeature-flags.0.4.1.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":11,"downloaded":62,"rating":11,"num_ratings":11,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":70,"download_link":71,"security_score":72,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"beta-flags","Beta Flags … now with A\u002FB Testing!","1.3.0","Charles Jaimet","https:\u002F\u002Fprofiles.wordpress.org\u002Fcmjaimet\u002F","\u003Cp>Beta Flags allow developers to manage the release of new features. Instead of having code execute as soon as it is deployed to the production environment. You can now wrap it in a beta flag conditional and activate it from the back end.\u003C\u002Fp>\n\u003Cp>A\u002FB Testing works very similarly, except that instead of turning a code block on or off, they allow you to turn it on 50% of the time. This uses a slight variant on the URL used to display a post or term page, which can then be tracked in an analytics service (e.g. Adobe Omniture, Google 360).\u003C\u002Fp>\n\u003Ch3>The Basics of Beta Flags\u003C\u002Fh3>\n\u003Cp>To create a new beta flag, open the configuration JSON file. A copy of this file is provided with this plugin and is stored at \u003Ccode>data\u002Fbeta-flags.json\u003C\u002Fcode>. You may prefer to create a copy in the root of your theme, the same folder that contains functions.php (\u003Ccode>[theme]\u002Fbeta-flags.json\u003C\u002Fcode>).\u003C\u002Fp>\n\u003Cp>The JSON file follows the format below:\u003Cbr \u002F>\n    \u003Ccode>{\u003Cbr \u002F>\n    \"flags\": {\u003Cbr \u002F>\n        \"sidebar_web\": {\u003Cbr \u002F>\n            \"title\": \"Beta Flags IN THEME\",\u003Cbr \u002F>\n            \"description\": \"Add a sidebar to the post page\",\u003Cbr \u002F>\n            \"author\": \"Charles Jaimet\"\u003Cbr \u002F>\n        },\u003Cbr \u002F>\n        \"library_admin\": {\u003Cbr \u002F>\n            \"title\": \"Beta Flags QA: Plugin Admin Test\",\u003Cbr \u002F>\n            \"description\": \"For Beta Flag testing in admin interface\",\u003Cbr \u002F>\n            \"author\": \"Charles Jaimet\"\u003Cbr \u002F>\n        }\u003Cbr \u002F>\n    }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Each flag is defined by a key (e.g. sidebar_web, library_admin), representing an object with a title, description, and author. The key must be unique, and is used throughout to identify the given flag.\u003C\u002Fp>\n\u003Cp>Once you have activated the plugin (there are no special instructions for this), navigate to Tools > Beta Flags in the admin interface (\u003Ccode>\u002Fwp-admin\u002Ftools.php?page=beta-flags\u003C\u002Fcode>). Here you will find the flags from your JSON file if you have created it correctly.\u003C\u002Fp>\n\u003Cp>A note about JSON, the easiest mistake to make is to put a comma after the last element in an array or object. This will break the JSON but is easy enough to fix when you know what to look for. Kinda like forgetting a semi-colon in PHP. Stupid semi-colons…\u003C\u002Fp>\n\u003Cp>When you first load the plugin, and any time after you update the JSON file, you should return to this admin screen. New flags are disabled by default, and can only be enabled here. Check the box in the Enabled column beside each flag you want to turn on. Click Save Changes when done.\u003C\u002Fp>\n\u003Cp>In your theme or other plugins, you can use these beta flag keys to control feature execution by wrapping a conditional around the relevant code. Try to group your wrapped code into a single function, method, or class to avoid littering your theme with beta flag conditionals.\u003C\u002Fp>\n\u003Cp>The public function \u003Ccode>beta_flag_enabled( $key )\u003C\u002Fcode> will return a true|false value if the beta flag is enabled.\u003C\u002Fp>\n\u003Cp>Some examples:\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'sidebar_web' ) ) {\u003Cbr \u002F>\n    get_sidebar();\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'new_design' ) ) {\u003Cbr \u002F>\n    wp_register_style( 'my_styles', '\u002Fassets\u002Fmy_styles.css', array(), '1.0.0', false );\u003Cbr \u002F>\n    wp_enqueue_style( 'my_styles' );\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'popup_offer' ) ) {\u003Cbr \u002F>\n    new PopupOffer( '10% Off', 0.1 );\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>I suggest using beta flag keys that make sense and convey their purpose. Adding a version number never hurt, either. There is no character limit, so go nuts.\u003Cbr \u002F>\n    \u003Ccode>if ( beta_flag_enabled( 'revised_sticky_video_for_youtube_widgets_v.1.0.5' ) ) {\u003Cbr \u002F>\n    get_sidebar();\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch3>A\u002FB Testing\u003C\u002Fh3>\n\u003Cp>Now you have your beta flags and you’ve embedded them in your code. The feature works as expected and you have it running on production. Is it better than what it replaced?\u003C\u002Fp>\n\u003Cp>Enter A\u002FB testing.\u003C\u002Fp>\n\u003Cp>Check the A\u002FB Test box beside the flag you want to test in the admin interface (see screen shot below), and check the “Enable beta testing” box at the bottom of the flag list, then click “Save Changes”.\u003C\u002Fp>\n\u003Cp>Go to your website and refresh a few times. You will start to see some term and post links appearing with \u003Ccode>?ab=1\u003C\u002Fcode> appended to their URLs. (e.g. \u003Ccode>http:\u002F\u002Flocal.wordpress.test\u002Fhello-world\u002F?ab=1\u003C\u002Fcode>).\u003C\u002Fp>\n\u003Cp>When a visitor follows one of these links they will see your page with the beta flag disabled. When they follow the normal URL without the query string (e.g. \u003Ccode>http:\u002F\u002Flocal.wordpress.test\u002Fhello-world\u002F\u003C\u002Fcode>) they will see the page with the beta flag enabled.\u003C\u002Fp>\n\u003Cp>The query string is randomly appended 50% of time, so two visitors may follow the same link in the sidebar or menu, and one will get the flag turned on and one will get it turned off.\u003C\u002Fp>\n\u003Cp>Because the URL matches the state of the beta flag, you will be able to see in your analytics service which experience visitors engaged with more. Implementing an effective A\u002FB testing campaign is outside the scope of a README file but there are plenty of good reference books and sites.\u003C\u002Fp>\n\u003Cp>As long as the “Enable beta testing” box is checked, post and term URLs on your site will get this query string treatment. Only beta flags that have the A\u002FB Test box checked will be affected. Those with it unchecked will be controlled strictly by their Enabled box. Note also that checking A\u002FB Test on a flag that is disabled will have no effect. Off is off.\u003C\u002Fp>\n","Thanks to: James Williams, whose plugin inspired this one (https:\u002F\u002Fgithub.com\u002Fjamesrwilliams\u002Ffeature-flags)",1123,"2018-11-02T13:34:00.000Z","4.9.29","3.0","",[68,55,69,19],"ab-testing","developers","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbeta-flags\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeta-flags.zip",85,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":11,"downloaded":81,"rating":11,"num_ratings":11,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":89,"download_link":90,"security_score":91,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"switcheroo","Switcheroo","1.0.2","John Thompson","https:\u002F\u002Fprofiles.wordpress.org\u002Fufmedia\u002F","\u003Cp>Feature flags are a powerful tool for controlling the availability of features on your site. By enabling or disabling flags, you can control what is active on your site without needing to deploy new code.\u003C\u002Fp>\n\u003Cp>Features are defined in the \u003Ccode>switcheroo.json\u003C\u002Fcode> file located in the root of your project.\u003Cbr \u002F>\nEach feature has:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Unique ID\u003C\u002Fstrong>: An identifier for the feature.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Title\u003C\u002Fstrong>: A human-readable name.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Description\u003C\u002Fstrong>: Explains the feature’s purpose.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status\u003C\u002Fstrong>: Indicates whether the feature is active, experimental, deprecated, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Link\u003C\u002Fstrong>: An optional link to further information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can toggle each feature within the Switcheroo Settings in the WP Admin (Settings -> Switcheroo).\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Ch3>Managing Feature Flags in Code\u003C\u002Fh3>\n\u003Cp>You can wrap your feature-specific code in a conditional statement to check if a flag is enabled.\u003C\u002Fp>\n\u003Cp>For example, use the \u003Ccode>switcheroo_flag_status('my_feature')\u003C\u002Fcode> function to determine whether a feature is active and include its logic conditionally.\u003C\u002Fp>\n\u003Ch3>Suggested Feature Flag Statuses\u003C\u002Fh3>\n\u003Cp>Each feature flag can be assigned a status, allowing for better organisation and understanding of the feature’s state:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Draft\u003C\u002Fstrong>: The feature is still in development and not ready for use.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Experimental\u003C\u002Fstrong>: The feature is available for testing but may have known issues.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Active\u003C\u002Fstrong>: The feature is live and functional on the site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deprecated\u003C\u002Fstrong>: The feature is being phased out and may be removed in the future.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Breaking\u003C\u002Fstrong>: The feature introduces significant changes; enabling or disabling it may cause issues.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Archived\u003C\u002Fstrong>: The feature has been permanently removed or is no longer supported.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Risk\u003C\u002Fstrong>: The feature introduces significant changes or is under scrutiny for potential issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Command Line Management\u003C\u002Fh3>\n\u003Cp>You can also manage your feature flags via the command line using WP-CLI. The \u003Ccode>wp switcheroo\u003C\u002Fcode> command allows you to view and modify feature flags.\u003C\u002Fp>\n\u003Cp>Examples:\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo\u003C\u002Fcode>: List all flags and their statuses.\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo my_feature\u003C\u002Fcode>: Check the status of the \u003Ccode>my_feature\u003C\u002Fcode> flag.\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo my_feature on\u003C\u002Fcode>: Enable the \u003Ccode>my_feature\u003C\u002Fcode> flag.\u003Cbr \u002F>\n– \u003Ccode>wp switcheroo my_feature off\u003C\u002Fcode>: Disable the \u003Ccode>my_feature\u003C\u002Fcode> flag.\u003C\u002Fp>\n","Easily manage feature flags to control the availability of features on your WordPress site without deploying new code.",1593,"2025-03-12T12:29:00.000Z","6.7.5","5.0","8.0",[87,19,88],"development","site-management","https:\u002F\u002Fufmedia.co.uk","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fswitcheroo.1.0.2.zip",92,{"attackSurface":93,"codeSignals":221,"taintFlows":246,"riskAssessment":297,"analyzedAt":300},{"hooks":94,"ajaxHandlers":210,"restRoutes":211,"shortcodes":212,"cronEvents":219,"entryPointCount":220,"unprotectedCount":11},[95,101,105,109,113,115,119,122,125,131,134,138,140,143,147,150,153,156,160,162,166,168,171,174,178,182,186,189,192,196,200,202,205,208],{"type":96,"name":97,"callback":98,"priority":31,"file":99,"line":100},"action","admin_init","closure","features\\block-admin-panel.php",54,{"type":96,"name":102,"callback":98,"priority":31,"file":103,"line":104},"wp_head","features\\custom-head-meta.php",38,{"type":96,"name":106,"callback":98,"file":107,"line":108},"login_head","features\\custom-login-logo.php",57,{"type":110,"name":111,"callback":98,"file":107,"line":112},"filter","login_headerurl",89,{"type":110,"name":114,"callback":98,"file":107,"line":33},"login_headertext",{"type":110,"name":116,"callback":98,"file":117,"line":118},"wp_mail_from","features\\custom-mail-from.php",63,{"type":110,"name":120,"callback":98,"file":117,"line":121},"wp_mail_from_name",80,{"type":96,"name":123,"callback":98,"file":117,"line":124},"phpmailer_init",95,{"type":110,"name":126,"callback":127,"priority":128,"file":129,"line":130},"comments_open","__return_false",20,"features\\disable-comments.php",17,{"type":110,"name":132,"callback":127,"priority":128,"file":129,"line":133},"pings_open",18,{"type":110,"name":135,"callback":136,"priority":43,"file":129,"line":137},"comments_array","__return_empty_array",19,{"type":110,"name":139,"callback":127,"file":129,"line":128},"feed_links_show_comments_feed",{"type":110,"name":141,"callback":98,"file":129,"line":142},"xmlrpc_methods",23,{"type":96,"name":144,"callback":98,"priority":145,"file":129,"line":146},"init",15,33,{"type":110,"name":148,"callback":98,"file":129,"line":149},"comments_template",41,{"type":110,"name":151,"callback":136,"file":129,"line":152},"comment_form_defaults",45,{"type":96,"name":154,"callback":98,"file":129,"line":155},"admin_menu",49,{"type":96,"name":157,"callback":98,"priority":158,"file":129,"line":159},"admin_bar_menu",999,53,{"type":96,"name":161,"callback":98,"file":129,"line":108},"wp_dashboard_setup",{"type":96,"name":163,"callback":98,"priority":164,"file":129,"line":165},"widgets_init",11,61,{"type":96,"name":97,"callback":98,"file":129,"line":167},65,{"type":110,"name":169,"callback":98,"file":129,"line":170},"manage_posts_columns",73,{"type":110,"name":172,"callback":98,"file":129,"line":173},"manage_pages_columns",78,{"type":96,"name":175,"callback":98,"file":176,"line":177},"login_enqueue_scripts","features\\hide-login-nav.php",74,{"type":110,"name":179,"callback":98,"priority":158,"file":180,"line":181},"login_errors","features\\login-error-message.php",47,{"type":110,"name":183,"callback":98,"priority":43,"file":184,"line":185},"media_row_actions","features\\media-copy.php",26,{"type":96,"name":187,"callback":98,"file":184,"line":188},"admin_post_grftg_copy_media_action",62,{"type":96,"name":190,"callback":98,"file":184,"line":191},"admin_notices",248,{"type":110,"name":193,"callback":98,"priority":128,"file":194,"line":195},"wp_nav_menu_objects","features\\menu-items-logged-in-only.php",32,{"type":110,"name":197,"callback":98,"file":198,"line":199},"get_the_excerpt","features\\reading-time-shortcode.php",66,{"type":96,"name":97,"callback":98,"file":201,"line":100},"features\\remove-welcome-panel.php",{"type":96,"name":203,"callback":98,"file":201,"line":204},"welcome_panel",77,{"type":96,"name":154,"callback":98,"file":206,"line":207},"gft-admin.php",13,{"type":96,"name":97,"callback":98,"file":206,"line":209},24,[],[],[213,217],{"tag":214,"callback":98,"file":215,"line":216},"grftg_contact_form","features\\contact-form-shortcode.php",34,{"tag":218,"callback":98,"file":198,"line":181},"grtfg_reading_time",[],2,{"dangerousFunctions":222,"sqlUsage":223,"outputEscaping":225,"fileOperations":244,"externalRequests":11,"nonceChecks":244,"capabilityChecks":227,"bundledLibraries":245},[],{"prepared":11,"raw":11,"locations":224},[],{"escaped":226,"rawEcho":227,"locations":228},132,7,[229,232,234,236,238,240,242],{"file":206,"line":230,"context":231},288,"raw output",{"file":206,"line":233,"context":231},303,{"file":206,"line":235,"context":231},310,{"file":206,"line":237,"context":231},314,{"file":206,"line":239,"context":231},332,{"file":206,"line":241,"context":231},396,{"file":206,"line":243,"context":231},558,6,[],[247,266,277,289],{"entryPoint":248,"graph":249,"unsanitizedCount":11,"severity":265},"\u003Ccontact-form-shortcode> (features\\contact-form-shortcode.php:0)",{"nodes":250,"edges":262},[251,256],{"id":252,"type":253,"label":254,"file":215,"line":255},"n0","source","$_POST",59,{"id":257,"type":258,"label":259,"file":215,"line":260,"wp_function":261},"n1","sink","echo() [XSS]",169,"echo",[263],{"from":252,"to":257,"sanitized":264},true,"low",{"entryPoint":267,"graph":268,"unsanitizedCount":11,"severity":265},"\u003Cmedia-copy> (features\\media-copy.php:0)",{"nodes":269,"edges":275},[270,273],{"id":252,"type":253,"label":271,"file":184,"line":272},"$_GET",260,{"id":257,"type":258,"label":259,"file":184,"line":274,"wp_function":261},269,[276],{"from":252,"to":257,"sanitized":264},{"entryPoint":278,"graph":279,"unsanitizedCount":11,"severity":265},"grftg_render_settings_page (gft-admin.php:264)",{"nodes":280,"edges":287},[281,283],{"id":252,"type":253,"label":254,"file":206,"line":282},280,{"id":257,"type":258,"label":284,"file":206,"line":285,"wp_function":286},"update_option() [Settings Manipulation]",281,"update_option",[288],{"from":252,"to":257,"sanitized":264},{"entryPoint":290,"graph":291,"unsanitizedCount":11,"severity":265},"\u003Cgft-admin> (gft-admin.php:0)",{"nodes":292,"edges":295},[293,294],{"id":252,"type":253,"label":254,"file":206,"line":282},{"id":257,"type":258,"label":284,"file":206,"line":285,"wp_function":286},[296],{"from":252,"to":257,"sanitized":264},{"summary":298,"deductions":299},"The \"great-feature-toggle\" v6.5.6 plugin exhibits a strong security posture based on the provided static analysis.  The absence of any detected dangerous functions, SQL queries that are not prepared, and a high percentage of properly escaped output are excellent indicators of secure coding practices.  Furthermore, the plugin demonstrates a commitment to security by implementing nonce and capability checks on its entry points, and the taint analysis revealed no critical or high-severity vulnerabilities, suggesting that user-supplied data is handled with appropriate sanitization.\n\nThe plugin's vulnerability history is also remarkably clean, with zero recorded CVEs. This lack of historical vulnerabilities, coupled with the current static analysis findings, strongly suggests a well-maintained and security-conscious development process.  The plugin appears to have a limited attack surface, with only two shortcodes as entry points and no unprotected handlers or routes.  The presence of file operations and external HTTP requests, while present, do not appear to be directly linked to any identified security risks in this analysis.\n\nOverall, this plugin presents a very low-risk profile. Its strengths lie in its robust security implementations within the code, such as proper escaping and robust checking mechanisms, and its clean historical record.  While no security concerns are directly flagged in this analysis, vigilance is always recommended for any software. The absence of concerns here should be viewed as a positive sign, but future updates should continue to adhere to these high security standards.",[],"2026-03-17T06:15:10.886Z",{"wat":302,"direct":313},{"assetPaths":303,"generatorPatterns":307,"scriptPaths":308,"versionParams":309},[304,305,306],"\u002Fwp-content\u002Fplugins\u002Fgreat-feature-toggle\u002Fgft-admin.css","\u002Fwp-content\u002Fplugins\u002Fgreat-feature-toggle\u002Fgft-admin.js","\u002Fwp-content\u002Fplugins\u002Fgreat-feature-toggle\u002Fgft-core.js",[],[305,306],[310,311,312],"great-feature-toggle\u002Fgft-admin.css?ver=","great-feature-toggle\u002Fgft-admin.js?ver=","great-feature-toggle\u002Fgft-core.js?ver=",{"cssClasses":314,"htmlComments":321,"htmlAttributes":328,"restEndpoints":332,"jsGlobals":333,"shortcodeOutput":336},[315,316,317,318,319,320],"gft-admin-wrap","gft-settings-section","gft-feature-toggle","cf-message","cf-message-error","cf-message-success",[322,323,324,325,326,327],"\u003C!-- Silence is golden. -->","\u003C!-- GFT Debug Start -->","\u003C!-- GFT Debug End -->","\u003C!-- GFT Settings Form -->","\u003C!-- GFT Feature Toggles -->","\u003C!-- GFT Contact Form -->",[329,330,331],"data-gft-feature","data-gft-setting-name","data-gft-setting-value",[],[334,335],"window.gftSettings","window.gftAdmin",[337,338,339,340,341,342,343,344,345,346,347,348],"\u003Cform method='post' class='grftg-contact-form'>","\u003Cinput type='hidden' name='cf_submitted' value='1'>","\u003Cinput type='hidden' name='grftg_cfs_nonce' value='","\u003Clabel for='cf_name'>Name:\u003C\u002Flabel>","\u003Cinput type='text' name='cf_name' id='cf_name' required>","\u003Clabel for='cf_email'>Email:\u003C\u002Flabel>","\u003Cinput type='email' name='cf_email' id='cf_email' required>","\u003Clabel for='cf_message'>Message:\u003C\u002Flabel>","\u003Ctextarea name='cf_message' id='cf_message' required>\u003C\u002Ftextarea>","\u003Cbutton type='submit'>Send Message\u003C\u002Fbutton>","\u003Cdiv class='cf-message error'>","\u003Cdiv class='cf-message success'>"]