[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFGMoIh4RLgk5pKrAt-fP_7MOj357iB5iSO1y_ZjomhA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":142,"fingerprints":183},"happy-ordering","Happy Ordering","1.0.1","Combustion Group","https:\u002F\u002Fprofiles.wordpress.org\u002Fcombustiongroup\u002F","\u003Cp>Happy Ordering is a comprehensive WordPress plugin developed by Combustion Group that provides essential tools for monitoring your ordering system and reporting issues.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>System Status Check\u003C\u002Fstrong>: Monitor the health of your WordPress installation, PHP, database, server environment, and Happy Ordering API connectivity\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bug Reporting\u003C\u002Fstrong>: Easy-to-use interface for reporting bugs and issues with detailed system information\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Notifications\u003C\u002Fstrong>: Bug reports are automatically sent to Happy Ordering support for prompt assistance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure\u003C\u002Fstrong>: Built with WordPress security best practices including nonce verification and capability checks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-Friendly\u003C\u002Fstrong>: Clean, intuitive interface that follows WordPress design standards\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>System Status Check\u003C\u002Fh4>\n\u003Cp>The system status check provides real-time information about:\u003Cbr \u002F>\n* Happy Ordering system connectivity and status\u003Cbr \u002F>\n* WordPress version and status\u003Cbr \u002F>\n* PHP version and compatibility\u003Cbr \u002F>\n* Database version\u003Cbr \u002F>\n* Plugin version\u003Cbr \u002F>\n* Server software information\u003Cbr \u002F>\n* Memory usage and limits\u003C\u002Fp>\n\u003Ch4>Bug Reporting\u003C\u002Fh4>\n\u003Cp>The bug reporting feature allows you to:\u003Cbr \u002F>\n* Submit detailed bug reports with title and description\u003Cbr \u002F>\n* Specify bug severity (Low, Medium, High, Critical)\u003Cbr \u002F>\n* Include contact email for follow-up\u003Cbr \u002F>\n* Automatically include system information in reports\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Happy Ordering API to check the operational status of the service. This functionality is used in the “System Status” screen to inform the administrator if the external ordering system is working correctly.\u003C\u002Fp>\n\u003Cp>The plugin sends a request to \u003Ccode>https:\u002F\u002Fhappyordering.com\u002F\u003C\u002Fcode> when an administrator clicks the “Check System Status” button in the plugin’s admin interface. No personal or user data is sent in this request, only the plugin version number as part of the User-Agent header (e.g., “Happy-Ordering-Plugin\u002F1.0.0”).\u003C\u002Fp>\n\u003Cp>This service is provided by Happy Ordering.\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fhappyordering.com\u002Ftos\u002F\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please visit \u003Ca href=\"https:\u002F\u002Fcombustion.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fcombustion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by Combustion Group\u003C\u002Fp>\n","Check Happy Ordering system status and report bugs to improve your ordering experience.",0,129,"2026-02-03T18:52:00.000Z","6.9.4","5.0","7.4",[18,19,20,21,22],"bug-report","diagnostics","ordering","support","system-status","https:\u002F\u002Fhappyordering.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhappy-ordering.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":25,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"combustiongroup",2,30,94,"2026-04-04T09:21:37.587Z",[36,57,74,99,123],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":25,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":50,"download_link":56,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"gleap","Gleap","13.0.10","Lukas Böhler","https:\u002F\u002Fprofiles.wordpress.org\u002Fgleap\u002F","\u003Cp>Gleap helps developers build the best software faster. It is your affordable in-app bug reporting tool for apps, websites and industrial applications.\u003C\u002Fp>\n\u003Cp>No more wasting time trying to reproduce a bug. Gleap reports automatically contain a replay video, session data, logs and more. Even better: You can add custom data to your bug details.\u003C\u002Fp>\n","All-in-one customer feedback tool for websites. Learn more at https:\u002F\u002Fwww.gleap.io",300,10152,8,"2025-08-26T16:47:00.000Z","6.8.5","5.0.0","",[52,53,54,21,55],"bug-reporting","bug-tracking","feedback","user-feedback","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgleap.13.0.10.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":11,"downloaded":65,"rating":11,"num_ratings":11,"last_updated":50,"tested_up_to":48,"requires_at_least":66,"requires_php":16,"tags":67,"homepage":71,"download_link":72,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":73},"fullworks-support-diagnostics","Fullworks Support Diagnostics","1.0.0","fullworks","https:\u002F\u002Fprofiles.wordpress.org\u002Ffullworks\u002F","\u003Cp>Fullworks Support Diagnostics makes it easier for plugin developers to troubleshoot issues by automatically collecting diagnostic information and providing powerful debugging tools. It discovers installed plugins and provides a framework for plugin-specific diagnostic data collection.\u003C\u002Fp>\n\u003Cp>This plugin should only be activated when instructed by plugin support personnel for diagnostic purposes.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic plugin discovery\u003C\u002Fstrong> – Detects compatible plugins with support-config.json files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>System information collection\u003C\u002Fstrong> – Gathers essential WordPress environment data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>wp-config.php debug management\u003C\u002Fstrong> – Safely modify debug constants with automatic backups\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode scanning\u003C\u002Fstrong> – Identifies shortcodes used across your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Freemius integration\u003C\u002Fstrong> – Collects license status and Freemius state for premium plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API endpoints\u003C\u002Fstrong> – Allows secure remote diagnostics with temporary access links\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sensitive data protection\u003C\u002Fstrong> – Masks API keys and other confidential information\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Debug log monitoring\u003C\u002Fstrong> – Checks and displays the most recent log entries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Debug Management\u003C\u002Fh4>\n\u003Cp>The plugin can safely manage debug constants in wp-config.php:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable\u002Fdisable WordPress debugging with a single click\u003C\u002Fli>\n\u003Cli>Automatically creates backups of wp-config.php before any modifications\u003C\u002Fli>\n\u003Cli>Clearly marks all changes with comment blocks for easy identification\u003C\u002Fli>\n\u003Cli>Safely removes all modifications when the feature is disabled\u003C\u002Fli>\n\u003Cli>Monitors debug log files for recent entries\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Considerations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All wp-config.php modifications require explicit admin confirmation\u003C\u002Fli>\n\u003Cli>Access keys can be regenerated at any time\u003C\u002Fli>\n\u003Cli>Temporary access links expire after 24 hours\u003C\u002Fli>\n\u003Cli>API keys and sensitive data are masked in diagnostic reports\u003C\u002Fli>\n\u003Cli>REST API endpoint can be disabled if not needed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage Instructions\u003C\u002Fh3>\n\u003Ch4>For Site Owners\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Only install when directed by support personnel\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Go to Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Plugin Support Diagnostics in your WordPress admin\u003C\u002Fli>\n\u003Cli>If instructed, enable debug management and select appropriate debug constants\u003C\u002Fli>\n\u003Cli>Click “Generate Diagnostic Data”\u003C\u002Fli>\n\u003Cli>Share the diagnostic information with support using one of these methods:\n\u003Cul>\n\u003Cli>Copy to clipboard\u003C\u002Fli>\n\u003Cli>Download as JSON\u003C\u002Fli>\n\u003Cli>Use the temporary direct access link (valid for 24 hours)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>When troubleshooting is complete, disable any debug options and consider deactivating the plugin\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>For Plugin Developers\u003C\u002Fh4>\n\u003Cp>To make your plugin compatible with Support Diagnostics, create a \u003Ccode>support-config.json\u003C\u002Fcode> file in your plugin’s root directory. See the example-support-config.json file included in the plugin for reference.\u003C\u002Fp>\n","A diagnostic tool that helps plugin developers provide better support by collecting relevant system information and managing debug constants.",345,"5.8",[68,19,21,69,70],"debug","troubleshooting","wp-config","https:\u002F\u002Ffullworksplugins.com\u002Fproducts\u002Fsupport-diagnostics\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffullworks-support-diagnostics.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":95,"download_link":96,"security_score":25,"vuln_count":97,"unpatched_count":11,"last_vuln_date":98,"fetched_at":27},"performance-lab","Performance Lab","4.1.0","WordPress Performance Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fperformanceteam\u002F","\u003Cp>The Performance Lab plugin is a collection of features focused on enhancing the performance of your site, most of which should eventually be merged into WordPress core. The plugin facilitates the discovery and activation of the individual performance feature plugins which the performance team is developing. In this way you can test the features to get their benefits before they become available in WordPress core. You can also play an important role by providing feedback to further improve the solutions.\u003C\u002Fp>\n\u003Cp>The feature plugins which are currently featured by this plugin are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fembed-optimizer\u002F\" rel=\"ugc\">Embed Optimizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-sizes\u002F\" rel=\"ugc\">Enhanced Responsive Images\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdominant-color-images\u002F\" rel=\"ugc\">Image Placeholders\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-prioritizer\u002F\" rel=\"ugc\">Image Prioritizer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnocache-bfcache\u002F\" rel=\"ugc\">Instant Back\u002FForward\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwebp-uploads\u002F\" rel=\"ugc\">Modern Image Formats\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foptimization-detective\u002F\" rel=\"ugc\">Optimization Detective\u003C\u002Fa> (dependency for Embed Optimizer and Image Prioritizer)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fperformant-translations\u002F\" rel=\"ugc\">Performant Translations\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fspeculation-rules\u002F\" rel=\"ugc\">Speculative Loading\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fview-transitions\u002F\" rel=\"ugc\">View Transitions\u003C\u002Fa> \u003Cem>(experimental)\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These plugins can also be installed separately from installing Performance Lab, but having the Performance Lab plugin also active will ensure you find out about new performance features as they are developed.\u003C\u002Fp>\n","Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.",200000,3452248,86,50,"2026-02-27T20:19:00.000Z","7.0","6.6","7.2",[19,91,92,93,94],"measurement","optimization","performance","site-health","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fperformance-lab.4.1.0.zip",1,"2023-05-18 00:00:00",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":14,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":118,"download_link":119,"security_score":120,"vuln_count":121,"unpatched_count":11,"last_vuln_date":122,"fetched_at":27},"bbpress","bbPress","2.6.14","John James Jacoby","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnjamesjacoby\u002F","\u003Cp>Are you looking for a timeless, elegant, and streamlined discussion board? bbPress is easy to integrate, easy to use, and is built to scale with your growing community.\u003C\u002Fp>\n\u003Cp>bbPress is intentionally simple yet infinitely powerful forum software, built by contributors to WordPress.\u003C\u002Fp>\n","bbPress is forum software for WordPress.",100000,9266210,78,343,"2025-07-02T15:44:00.000Z","6.0","5.6.20",[115,116,117,21],"discussion","forum","forums","https:\u002F\u002Fbbpress.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbbpress.2.6.14.zip",91,6,"2025-03-04 00:00:00",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":107,"downloaded":131,"rating":33,"num_ratings":132,"last_updated":133,"tested_up_to":48,"requires_at_least":88,"requires_php":16,"tags":134,"homepage":139,"download_link":140,"security_score":25,"vuln_count":97,"unpatched_count":11,"last_vuln_date":141,"fetched_at":27},"simple-page-ordering","Simple Page Ordering","2.7.4","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Order your pages, hierarchical custom post types, or custom post types with “page-attributes” with drag and drop right from the built in page list.\u003C\u002Fp>\n\u003Cp>Drag and drop the page into the desired position. No new admin menus pages, no clunky, bolted on user interfaces. Drag and drop on the page or post-type screen.\u003C\u002Fp>\n\u003Cp>The plug-in is “capabilities aware” – only users with the ability to edit others’ pages (editors and administrators) will be able to reorder content.\u003C\u002Fp>\n\u003Cp>Integrated help is included: click the “help” tab at the top right of the screen.\u003C\u002Fp>\n\u003Cp>Please note that the plug-in is not compatible with Internet Explorer 7 and earlier, due to limitations within those browsers.\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>We’d love to have you join in on development over on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002F10up\u002Fsimple-page-ordering\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Order your pages and other custom post types that support \"page-attributes\" with drag and drop right from the standard page list.",4173221,131,"2025-05-19T15:00:00.000Z",[135,136,20,137,138],"menu-order","order","page","re-order","http:\u002F\u002F10up.com\u002Fplugins\u002Fsimple-page-ordering-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-page-ordering.2.7.4.zip","2023-05-16 00:00:00",{"attackSurface":143,"codeSignals":167,"taintFlows":175,"riskAssessment":176,"analyzedAt":182},{"hooks":144,"ajaxHandlers":156,"restRoutes":164,"shortcodes":165,"cronEvents":166,"entryPointCount":31,"unprotectedCount":31},[145,151,154],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_menu","anonymous","includes\\class-happy-ordering.php",66,{"type":146,"name":152,"callback":148,"file":149,"line":153},"admin_enqueue_scripts",67,{"type":146,"name":152,"callback":148,"file":149,"line":155},68,[157,161],{"action":158,"nopriv":159,"callback":148,"hasNonce":159,"hasCapCheck":159,"file":149,"line":160},"happy_ordering_check_status",false,69,{"action":162,"nopriv":159,"callback":148,"hasNonce":159,"hasCapCheck":159,"file":149,"line":163},"happy_ordering_report_bug",70,[],[],[],{"dangerousFunctions":168,"sqlUsage":169,"outputEscaping":171,"fileOperations":11,"externalRequests":97,"nonceChecks":31,"capabilityChecks":31,"bundledLibraries":174},[],{"prepared":11,"raw":11,"locations":170},[],{"escaped":172,"rawEcho":11,"locations":173},18,[],[],[],{"summary":177,"deductions":178},"The \"happy-ordering\" plugin version 1.0.1 presents a mixed security posture.  On the positive side, the plugin demonstrates good security practices by utilizing prepared statements for all SQL queries and ensuring 100% of its output is properly escaped. It also correctly implements nonce and capability checks for its identified entry points and has no recorded history of vulnerabilities, which suggests a generally stable and well-maintained codebase.  However, a significant concern is the presence of two AJAX handlers that lack authentication checks. This creates a direct attack surface where unauthenticated users could potentially interact with sensitive functionalities, leading to unintended consequences.\n\nThe static analysis reveals a small attack surface with two entry points, both of which are unprotected. While taint analysis found no critical or high-severity issues, the lack of authentication on AJAX handlers is a notable weakness. The absence of vulnerability history is a good sign, but it does not entirely mitigate the risk posed by the unprotected AJAX endpoints.  In conclusion, while the plugin employs good practices in data handling and output sanitization, the unprotected AJAX functionality is a critical oversight that needs immediate attention to strengthen its overall security.",[179],{"reason":180,"points":181},"AJAX handlers without auth checks",10,"2026-03-17T06:27:23.619Z",{"wat":184,"direct":193},{"assetPaths":185,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[186,187],"\u002Fwp-content\u002Fplugins\u002Fhappy-ordering\u002Fassets\u002Fcss\u002Fhappy-ordering-admin.css","\u002Fwp-content\u002Fplugins\u002Fhappy-ordering\u002Fassets\u002Fjs\u002Fhappy-ordering-admin.js",[],[187],[191,192],"happy-ordering\u002Fassets\u002Fcss\u002Fhappy-ordering-admin.css?ver=","happy-ordering\u002Fassets\u002Fjs\u002Fhappy-ordering-admin.js?ver=",{"cssClasses":194,"htmlComments":196,"htmlAttributes":199,"restEndpoints":202,"jsGlobals":205,"shortcodeOutput":207},[195],"happy-ordering-admin-page",[197,198],"\u003C!-- System Status -->","\u003C!-- Report a Bug -->",[200,201],"data-screen-id=\"toplevel_page_happy-ordering\"","data-screen-id=\"happy-ordering_page_happy-ordering-report-bug\"",[203,204],"\u002Fwp-json\u002Fhappy-ordering\u002Fv1\u002Fstatus","\u002Fwp-json\u002Fhappy-ordering\u002Fv1\u002Fbug",[206],"happyOrderingAjax",[]]