[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvQ4JBfq9OX0mMj0vr5tAGgKnSNdSRdeiLQ3MGKYOq8U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":137,"fingerprints":334},"head-trimmer","Head Trimmer","1.0.4","John Dalesandro","https:\u002F\u002Fprofiles.wordpress.org\u002Fdalesandro\u002F","\u003Cp>The \u003Cstrong>Head Trimmer\u003C\u002Fstrong> plugin for WordPress is a customizable plugin to remove automatically generated information from the HEAD element across a site. These extras add bloat to a website and expose WordPress version information as well as other potential security signatures in the generated source code.\u003C\u002Fp>\n\u003Cp>Removal options include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Version\u003C\u002Fli>\n\u003Cli>WordPress Version from URLs for Scripts and Styles\u003C\u002Fli>\n\u003Cli>Shortlink\u003C\u002Fli>\n\u003Cli>Shortlink from HTTP response headers\u003C\u002Fli>\n\u003Cli>Canonical\u003C\u002Fli>\n\u003Cli>Relational Links for Posts Adjacent to Current Post\u003C\u002Fli>\n\u003Cli>RSS Feeds\u003C\u002Fli>\n\u003Cli>Really Simple Discovery Link for xmlrpc (rsd_link)\u003C\u002Fli>\n\u003Cli>Windows Live Writer Manifest File Link (wlwmanifest_link)\u003C\u002Fli>\n\u003Cli>oEmbed Discovery Links\u003C\u002Fli>\n\u003Cli>REST API Link\u003C\u002Fli>\n\u003Cli>REST API Link Header\u003C\u002Fli>\n\u003Cli>Emoji Support\u003C\u002Fli>\n\u003Cli>Global Styles and SVG Filters (duotone filters)\u003C\u002Fli>\n\u003Cli>Gutenberg Block CSS Styles (or set ‘should_load_separate_core_block_assets’)\u003C\u002Fli>\n\u003Cli>Classic Theme Styles (classic-theme-styles)\u003C\u002Fli>\n\u003Cli>DNS Prefetch for \u002F\u002Fs.w.org\u003C\u002Fli>\n\u003Cli>DNS Prefetch for Google Fonts \u002F\u002Ffonts.googleapis.com\u003C\u002Fli>\n\u003Cli>jQuery\u003C\u002Fli>\n\u003C\u002Ful>\n","Customizable plugin to selectively remove WordPress version information, feeds, shortlinks, xmlrpc, emoji support and other miscellaneous extras from  …",20,3135,0,"2025-12-22T23:42:00.000Z","6.9.4","3.1","5.1",[19,20,21,22,23],"clean","head","meta","remove","security","https:\u002F\u002Fjohndalesandro.com\u002Fprojects\u002Fhead-trimmer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhead-trimmer.1.0.4.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"dalesandro",2,30,94,"2026-04-04T14:40:55.468Z",[37,55,75,97,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":26,"num_ratings":47,"last_updated":48,"tested_up_to":15,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":53,"download_link":54,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-head-cleaner","wp_head() cleaner","2.0.9","jwilsson","https:\u002F\u002Fprofiles.wordpress.org\u002Fjwilsson\u002F","\u003Cp>WordPress adds all kinds of \u003Ccode>\u003Cmeta>\u003C\u002Fcode>-tags to the \u003Ccode>\u003Chead>\u003C\u002Fcode> section of your site.\u003Cbr \u002F>\nSome of these tags are quite good and have real uses, others make sense for some sites and others doesn’t.\u003Cbr \u002F>\nSome tags are even considered a security risk, since they tell the world which version of WordPress you’re currently running.\u003C\u002Fp>\n\u003Cp>This plugin allows you to remove all of the \u003Ccode>\u003Cmeta>\u003C\u002Fcode>-tags that WordPress outputs by default.\u003Cbr \u002F>\nYou decide on a tag-by-tag basis which tags to remove and which to keep. Nothing’s enforced, you’re 100% in charge.\u003C\u002Fp>\n","Remove unused tags from wp_head() output.",2000,68248,6,"2025-11-15T07:24:00.000Z","5.0","7.3",[19,20,21,22,52],"wp_head","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-head-cleaner\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-head-cleaner.2.0.9.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":26,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":73,"download_link":74,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"meta-generator-and-version-info-remover","Meta Generator and Version Info Remover","17.1","Pankaj Mondal","https:\u002F\u002Fprofiles.wordpress.org\u002Fgurudeb\u002F","\u003Cp>This plugin will remove the version information that gets appended to enqueued style and script URLs. It will also remove the Meta Generator tag in the head and in RSS feeds. Adds a bit of obfuscation to hide the WordPress version number and generator tag that many sniffers detect automatically from view source. Option available to selectively exclude any style or script file from version info removal process.\u003C\u002Fp>\n\u003Cp>You can enable\u002Fdisable each removal options from admin dashboard:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove WPML (WordPress Multilingual Plugin) Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove Slider Revolution Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove WPBakery Page Builder Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove Easy Digital Downloads Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove Master Slider Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove LayerSlider Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove Site Kit by Google Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove Divi Theme Meta Generator Tag (By default disabled; if required enable from Settings)\u003C\u002Fli>\n\u003Cli>Remove Elementor Website Builder Meta Generator Tag (By default disabled; if required enable from Settings)\u003C\u002Fli>\n\u003Cli>Remove Image Placeholders Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove Performance Lab Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove Performant Translations Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove WEBP Uploads (Modern Image Formats) Meta Generator Tag\u003C\u002Fli>\n\u003Cli>Remove WP Admin Footer Version & Thank You Note (By default disabled; if required enable from Settings)\u003C\u002Fli>\n\u003Cli>Remove Version from Stylesheet\u003C\u002Fli>\n\u003Cli>Remove Version from Script\u003C\u002Fli>\n\u003Cli>Exclude files from version info removal process (by providing comma separated file names)\u003C\u002Fli>\n\u003Cli>Remove Yoast SEO comments\u003C\u002Fli>\n\u003Cli>Remove WP Rocket comments backlink and mention\u003C\u002Fli>\n\u003Cli>Remove Google Analytics (MonsterInsights) comments\u003C\u002Fli>\n\u003Cli>Remove Admin Bar WordPress Logo\u003C\u002Fli>\n\u003Cli>Remove Admin Login Page Logo\u003C\u002Fli>\n\u003Cli>Remove WordPress Text from Admin Login Page Title\u003C\u002Fli>\n\u003Cli>Remove WordPress Text from Admin Pages’ Titles\u003C\u002Fli>\n\u003Cli>Remove Admin Dashboard Help Tab\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You have any suggestions to make this plugin better? Please share your thoughts in the support thread.\u003C\u002Fp>\n\u003Cp>Dashboard > Settings > Meta Generator and Version Info Remover\u003C\u002Fp>\n\u003Cp>This plugin is trusted since 2013.\u003C\u002Fp>\n\u003Cp>If you like this plugin, please rate and review this plugin. If you want to support development of this plugin, please \u003Ca href=\"https:\u002F\u002Fwww.paypal.me\u002Fpankajkumarmondal\" rel=\"nofollow ugc\">\u003Cstrong>Donate\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n","This plugin will remove the version info appended to enqueued style and script urls along with Meta Generator in the head section and in RSS feeds.",10000,234523,28,"2025-09-23T17:32:00.000Z","6.8.5","3.0","5.3",[21,71,22,23,72],"meta-generator","version","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmeta-generator-and-version-info-remover\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmeta-generator-and-version-info-remover.17.1.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":26,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":94,"download_link":95,"security_score":96,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"remove-wp-overhead","Remove WordPress Overhead","1.6.0","omnisite","https:\u002F\u002Fprofiles.wordpress.org\u002Fomnisite\u002F","\u003Cp>A standard WP installation contains many links in the head of your HTML (which slow down your site) and has standard widgets you might never use. You can now install this plugin and check the items you want to have removed. The saved options are cached for better performance.\u003C\u002Fp>\n\u003Cp>Header items you can remove:\u003Cbr \u002F>\n* Remove dashicons CSS from frontend\u003Cbr \u002F>\n* Remove RSD \u002F EditURI Link\u003Cbr \u002F>\n* Remove WLW Manifest Link\u003Cbr \u002F>\n* Remove RSS Feed Links\u003Cbr \u002F>\n* Remove Next & Prev Post Links\u003Cbr \u002F>\n* Remove Shortlink URL (also from http headers)\u003Cbr \u002F>\n* Remove WP Generator Meta\u003Cbr \u002F>\n* Remove Version Numbers from Style and Script Links\u003Cbr \u002F>\n* Disable WP Emoji \u002F emoticons\u003Cbr \u002F>\n* Disable JSON API\u003Cbr \u002F>\n* Disable Canonical URL\u003Cbr \u002F>\n* Remove WooCommerce Generator Meta\u003Cbr \u002F>\n* Remove jQuery Migrate script\u003Cbr \u002F>\n* Disable XML-RPC methods that require authentication\u003Cbr \u002F>\n* Remove all scripts and styles added by Gutenberg (in case you still use the classic editor)\u003C\u002Fp>\n\u003Cp>You can disable the following widgets:\u003Cbr \u002F>\n* Archives\u003Cbr \u002F>\n* Calendar\u003Cbr \u002F>\n* Categories\u003Cbr \u002F>\n* Links\u003Cbr \u002F>\n* Meta\u003Cbr \u002F>\n* Nav Menu\u003Cbr \u002F>\n* Pages\u003Cbr \u002F>\n* Recent Comments\u003Cbr \u002F>\n* Recent Posts\u003Cbr \u002F>\n* RSS\u003Cbr \u002F>\n* Search\u003Cbr \u002F>\n* Tag Cloud\u003Cbr \u002F>\n* Text\u003C\u002Fp>\n","Remove overhead from the  HTML, speed up your website and disable widgets you don't use",1000,28758,5,"2024-08-04T11:10:00.000Z","6.6.5","6.0","",[19,91,92,22,93],"disable-widgets","header","remove-widgets","https:\u002F\u002Fgithub.com\u002Fomnisite\u002FWP-Plugin-Remove-Wordpress-Overhead","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-wp-overhead.1.6.0.zip",92,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":26,"num_ratings":85,"last_updated":107,"tested_up_to":108,"requires_at_least":109,"requires_php":89,"tags":110,"homepage":115,"download_link":116,"security_score":117,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-head-optimizer","WP Head Optimizer","1.0.0","gr8nilay","https:\u002F\u002Fprofiles.wordpress.org\u002Fgr8nilay\u002F","\u003Cp>WordPress always add many meta tags as well as links, urls scripts and many additional things to WordPress head section and this plugin helps to remove that additional added code stuff and that will increase site performance, security and reduce the HTTP requests of the page and that definitely helps to the site.\u003C\u002Fp>\n\u003Cp>For backwards compatibility, if this section is missing, the full length of the short description will be used, and\u003Cbr \u002F>\nMarkdown parsed.\u003C\u002Fp>\n\u003Cp>Using this plugin you can enable \u002F disable below things that can surely helps your site to load faster and provide some security as well.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable WP Emoji CSS & Script\u003C\u002Fli>\n\u003Cli>Remove Canonical URL\u003C\u002Fli>\n\u003Cli>Remove WordPress Version for security purpose\u003C\u002Fli>\n\u003Cli>Remove Shortlink\u003C\u002Fli>\n\u003Cli>Remove RSS Feed URL\u003C\u002Fli>\n\u003Cli>Remove EditURI Link\u003C\u002Fli>\n\u003Cli>Disable JSON API\u003C\u002Fli>\n\u003Cli>Remove Style and Script Versions\u003C\u002Fli>\n\u003Cli>Remove WLW Manifest\u003C\u002Fli>\n\u003Cli>Remove Next\u002FPrevious Post URLs Links\u003C\u002Fli>\n\u003Cli>Remove REST API link tag\u003C\u002Fli>\n\u003Cli>Remove oEmbed Discovery Links\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allow you to remove unnecessary tags, links, urls, scrips and many additional things from your WordPress header to speed up site loading t …",300,6010,"2024-02-10T20:21:00.000Z","6.4.8","3.0.1",[111,112,22,113,114],"clean-head","optimization","wphead","wphead-clean","http:\u002F\u002Fstore.wphound.com\u002Fwp-head-optimizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-head-optimizer.zip",85,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":26,"num_ratings":32,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":89,"tags":131,"homepage":89,"download_link":136,"security_score":117,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"native-wp-cleaner","Native WP Cleaner","1.0","Oleg Komarovskyi","https:\u002F\u002Fprofiles.wordpress.org\u002Fkomarovski\u002F","\u003Cp>With help of this plugin you can easily disable native wordpress widgets, cleanup your HTML code from such native features as:\u003Cbr \u002F>\n– Embeds script;\u003Cbr \u002F>\n– EMOJI script and styles;\u003Cbr \u002F>\n– RSD link;\u003Cbr \u002F>\n– WLW Manifest link;\u003Cbr \u002F>\n– Generator meta tag;\u003Cbr \u002F>\nAlso, you can disable XML-RPC functionality, self ping, enable Honeypot on login page, prevent access to such files as: readme.html, license.txt, xmlrpc.php, wlwmanifest.xml, changelog.txt, etc.\u003Cbr \u002F>\nMoreover, you can hide different metaboxes, columns, menu pages, express bar items from administration panel.\u003Cbr \u002F>\nNative WP Cleaner – is a handy, lightweight, clean code plugin that will be useful not only for simple blog and website owners, but also for theme developers\u003C\u002Fp>\n","Disable native widgets, clean head tag from RSS, RSD, WLW Manifest links, disable XML-RPC, cleanup admin panel from columns, metaboxes, menu items.",70,2022,"2017-06-10T09:52:00.000Z","4.8.28","4.0",[91,132,133,134,135],"remove-generator-meta","remove-rsd","remove-tags-from-head","xmlrpc","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnative-wp-cleaner.1.0.zip",{"attackSurface":138,"codeSignals":243,"taintFlows":327,"riskAssessment":328,"analyzedAt":333},{"hooks":139,"ajaxHandlers":239,"restRoutes":240,"shortcodes":241,"cronEvents":242,"entryPointCount":13,"unprotectedCount":13},[140,145,149,153,156,160,163,168,172,175,178,180,184,187,192,195,198,201,204,207,210,214,219,222,225,229,233,236],{"type":141,"name":142,"callback":142,"file":143,"line":144},"action","init","classes\\class-head-trimmer-settings.php",12,{"type":141,"name":146,"callback":147,"file":143,"line":148},"admin_menu","add_plugin_page",16,{"type":141,"name":150,"callback":151,"file":143,"line":152},"admin_init","page_init",17,{"type":141,"name":142,"callback":142,"file":154,"line":155},"classes\\class-head-trimmer.php",11,{"type":141,"name":157,"callback":158,"file":154,"line":159},"plugins_loaded","load_textdomain_handler",15,{"type":141,"name":161,"callback":162,"file":154,"line":148},"wp_loaded","optimize",{"type":164,"name":165,"callback":166,"file":154,"line":167},"filter","the_generator","remove_wordpress_version",131,{"type":164,"name":169,"callback":170,"file":154,"line":171},"style_loader_src","remove_wordpress_version_from_scripts_and_styles",135,{"type":164,"name":173,"callback":170,"file":154,"line":174},"script_loader_src",136,{"type":164,"name":169,"callback":176,"file":154,"line":177},"remove_all_other_versions_from_scripts_and_styles",140,{"type":164,"name":173,"callback":176,"file":154,"line":179},141,{"type":141,"name":181,"callback":182,"file":154,"line":183},"feed_links_show_posts_feed","__return_false",167,{"type":141,"name":185,"callback":182,"file":154,"line":186},"feed_links_show_comments_feed",168,{"type":141,"name":188,"callback":189,"priority":190,"file":154,"line":191},"do_feed","disable_feeds",1,170,{"type":141,"name":193,"callback":189,"priority":190,"file":154,"line":194},"do_feed_rdf",171,{"type":141,"name":196,"callback":189,"priority":190,"file":154,"line":197},"do_feed_rss",172,{"type":141,"name":199,"callback":189,"priority":190,"file":154,"line":200},"do_feed_rss2",173,{"type":141,"name":202,"callback":189,"priority":190,"file":154,"line":203},"do_feed_atom",174,{"type":141,"name":205,"callback":189,"priority":190,"file":154,"line":206},"do_feed_rss2_comments",175,{"type":141,"name":208,"callback":189,"priority":190,"file":154,"line":209},"do_feed_atom_comments",176,{"type":164,"name":211,"callback":212,"file":154,"line":213},"tiny_mce_plugins","disable_emojis_tinymce",205,{"type":141,"name":215,"callback":216,"priority":217,"file":154,"line":218},"wp_enqueue_scripts","remove_global_styles",99,214,{"type":141,"name":215,"callback":220,"priority":217,"file":154,"line":221},"remove_gutenberg_block_styles",220,{"type":141,"name":215,"callback":223,"priority":217,"file":154,"line":224},"remove_classic_theme_styles",226,{"type":164,"name":226,"callback":227,"file":154,"line":228},"should_load_separate_core_block_assets","__return_true",232,{"type":164,"name":230,"callback":231,"priority":217,"file":154,"line":232},"wp_resource_hints","remove_dns_prefetch_sworg",237,{"type":164,"name":230,"callback":234,"priority":217,"file":154,"line":235},"remove_dns_prefetch_gfonts",241,{"type":164,"name":215,"callback":237,"priority":217,"file":154,"line":238},"remove_jquery",246,[],[],[],[],{"dangerousFunctions":244,"sqlUsage":245,"outputEscaping":247,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":326},[],{"prepared":13,"raw":13,"locations":246},[],{"escaped":248,"rawEcho":249,"locations":250},40,41,[251,253,255,257,259,261,263,265,267,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,297,299,300,302,303,305,307,309,311,313,315,317,319,321,323,324,325],{"file":143,"line":65,"context":252},"raw output",{"file":143,"line":254,"context":252},76,{"file":143,"line":256,"context":252},77,{"file":143,"line":258,"context":252},81,{"file":143,"line":260,"context":252},82,{"file":143,"line":262,"context":252},86,{"file":143,"line":264,"context":252},87,{"file":143,"line":266,"context":252},91,{"file":143,"line":96,"context":252},{"file":143,"line":269,"context":252},96,{"file":143,"line":271,"context":252},97,{"file":143,"line":273,"context":252},101,{"file":143,"line":275,"context":252},102,{"file":143,"line":277,"context":252},106,{"file":143,"line":279,"context":252},107,{"file":143,"line":281,"context":252},111,{"file":143,"line":283,"context":252},112,{"file":143,"line":285,"context":252},116,{"file":143,"line":287,"context":252},117,{"file":143,"line":289,"context":252},121,{"file":143,"line":291,"context":252},122,{"file":143,"line":293,"context":252},126,{"file":143,"line":295,"context":252},127,{"file":143,"line":167,"context":252},{"file":143,"line":298,"context":252},132,{"file":143,"line":174,"context":252},{"file":143,"line":301,"context":252},137,{"file":143,"line":179,"context":252},{"file":143,"line":304,"context":252},142,{"file":143,"line":306,"context":252},146,{"file":143,"line":308,"context":252},147,{"file":143,"line":310,"context":252},151,{"file":143,"line":312,"context":252},152,{"file":143,"line":314,"context":252},156,{"file":143,"line":316,"context":252},157,{"file":143,"line":318,"context":252},161,{"file":143,"line":320,"context":252},162,{"file":143,"line":322,"context":252},166,{"file":143,"line":183,"context":252},{"file":143,"line":194,"context":252},{"file":143,"line":197,"context":252},[],[],{"summary":329,"deductions":330},"The \"head-trimmer\" plugin version 1.0.4 exhibits a strong overall security posture based on the provided static analysis and vulnerability history. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface, and critically, all identified entry points appear to be protected. The code also demonstrates good practices by utilizing prepared statements for all SQL queries and avoiding file operations and external HTTP requests.\n\nHowever, a notable concern arises from the output escaping. With nearly half of the output functions not being properly escaped, there is a potential risk of Cross-Site Scripting (XSS) vulnerabilities. While the taint analysis did not reveal any immediate exploitable flows, the high percentage of unescaped output represents a latent risk that could be triggered by future code changes or specific user-supplied input that is not currently being sanitized. The plugin's clean vulnerability history is a positive indicator, suggesting a commitment to secure development. Nevertheless, the unaddressed output escaping issue warrants attention to fully solidify its security.\n\nIn conclusion, \"head-trimmer\" v1.0.4 is generally well-secured, particularly in its limited attack surface and database interaction. The lack of known vulnerabilities and no critical issues in taint analysis are strong positives. The primary area for improvement and potential risk lies in the substantial proportion of unescaped output, which should be addressed to prevent potential XSS vulnerabilities. The plugin's strengths lie in its minimal attack surface and secure data handling.",[331],{"reason":332,"points":47},"High percentage of unescaped output","2026-03-16T23:09:29.381Z",{"wat":335,"direct":342},{"assetPaths":336,"generatorPatterns":337,"scriptPaths":338,"versionParams":339},[],[],[],[340,341],"\u002Fwp-content\u002Fplugins\u002Fhead-trimmer\u002Fclasses\u002Fclass-head-trimmer.php?ver=","\u002Fwp-content\u002Fplugins\u002Fhead-trimmer\u002Fclasses\u002Fclass-head-trimmer-settings.php?ver=",{"cssClasses":343,"htmlComments":344,"htmlAttributes":345,"restEndpoints":346,"jsGlobals":347,"shortcodeOutput":348},[],[],[],[],[],[]]