[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fgEYsUOhvS93NEl2hJCT-fJJ-uZn-tb4fNXW73DXsCqA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":128,"fingerprints":281},"headless","Headless","2.3.1","EdwardBock","https:\u002F\u002Fprofiles.wordpress.org\u002Fedwardbock\u002F","\u003Cp>Adds features to use WordPress as headless CMS\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>BREAKING CHANGE 1.7.0: core\u002Fblock for block references has changed\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds features to use WordPress as headless CMS",20,2438,0,"2025-03-12T17:16:00.000Z","6.7.5","5.0","8.0",[19,20,21,22],"block","developer","gutenberg","utils","https:\u002F\u002Fgithub.com\u002Fpalasthotel\u002Fheadless","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheadless.2.3.1.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"edwardbock",22,2430,90,107,72,"2026-04-04T07:10:56.735Z",[38,52,72,91,109],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":16,"requires_php":48,"tags":49,"homepage":50,"download_link":51,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"blockx","BlockX","1.10.3","\u003Cp>Elevate your Gutenberg Block development experience with BlockX. This powerful plugin bridges the gap between the modern\u003Cbr \u002F>\nGutenberg JavaScript API and the traditional PHP methods WordPress developers know and love. With BlockX,\u003Cbr \u002F>\nyou can effortlessly create custom Gutenberg blocks entirely using PHP, bypassing the need for complex JavaScript coding.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Seamless Integration:\u003C\u002Fstrong> Simplifies the process of building custom Gutenberg blocks using PHP.\u003Cbr \u002F>\n– \u003Cstrong>Developer-Friendly:\u003C\u002Fstrong> Leverages familiar PHP syntax and functions to create and manage blocks.\u003Cbr \u002F>\n– \u003Cstrong>Time-Saving:\u003C\u002Fstrong> Reduces the learning curve and development time by avoiding intricate JavaScript coding.\u003Cbr \u002F>\n– \u003Cstrong>Customizable:\u003C\u002Fstrong> Provides a robust API to create highly customizable blocks tailored to your needs.\u003Cbr \u002F>\n– \u003Cstrong>Efficient Workflow:\u003C\u002Fstrong> Streamlines the block creation process, allowing you to focus on functionality and design.\u003Cbr \u002F>\n– \u003Cstrong>Comprehensive Documentation:\u003C\u002Fstrong> Includes detailed guides and examples to help you get started quickly.\u003Cbr \u002F>\n– \u003Cstrong>Compatibility:\u003C\u002Fstrong> Fully compatible with the latest WordPress versions and Gutenberg updates.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why Choose PHP Block Builder for Gutenberg?\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Cstrong>Enhanced Productivity:\u003C\u002Fstrong> Build and deploy custom blocks faster using familiar PHP code.\u003Cbr \u002F>\n– \u003Cstrong>Reduced Complexity:\u003C\u002Fstrong> No need to delve into JavaScript intricacies; keep your development workflow simple.\u003Cbr \u002F>\n– \u003Cstrong>Versatile:\u003C\u002Fstrong> Perfect for developers looking to extend Gutenberg without abandoning their PHP expertise.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Elevate your Gutenberg Block development experience.",30,3561,"2024-07-01T17:35:00.000Z","6.5.8","8.1",[19,20,21,22],"https:\u002F\u002Fgithub.com\u002Fpalasthotel\u002FblockX","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblockx.1.10.3.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":60,"num_ratings":62,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":70,"download_link":71,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"block-catalog","Block Catalog","1.6.2","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cul>\n\u003Cli>Find which blocks are used across your site.\u003C\u002Fli>\n\u003Cli>Fully Integrated with the WordPress Admin.\u003C\u002Fli>\n\u003Cli>Use filters to see Posts that use a specific block.\u003C\u002Fli>\n\u003Cli>Find Posts that use Reusable Blocks.\u003C\u002Fli>\n\u003Cli>Use the WP CLI to quickly find blocks from the command line.\u003C\u002Fli>\n\u003Cli>Use custom WordPress filters to extend the Block Catalog.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002F10up\u002Fblock-catalog\" rel=\"nofollow ugc\">Fork on GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Getting Started\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>On activation, the plugin will prompt you to index your content. You need to do this first before you will be able to see the various blocks used on your site. You can also go to \u003Cem>WP-Admin > Tools > Block Catalog\u003C\u002Fem> to do this yourself. Alternately, you can run the WP CLI command \u003Ccode>wp block-catalog index\u003C\u002Fcode> to index your content from the command line.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Once indexed, you will be able to see the different blocks used on your site in the Block Catalog Taxonomy.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Navigating to any Block Editor post type will also show you the list of blocks present in a post.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can also filter the listing to only show Posts that have a specific block.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Keep track of which Gutenberg Blocks are used across your site.",100,148543,1,"2025-04-23T11:31:00.000Z","6.8.5","6.5","7.4",[68,69,20,21],"blocks","custom-blocks","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-catalog.1.6.2.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":11,"downloaded":80,"rating":60,"num_ratings":81,"last_updated":82,"tested_up_to":83,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":89,"download_link":90,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"block-xray-attributes","Block X-ray Attributes","1.2.1","Sal Ferrarello","https:\u002F\u002Fprofiles.wordpress.org\u002Fsalcode\u002F","\u003Cp>This plugin adds a section called “Block X-ray” to the Document sidebar in the editor. This “Block X-ray” section displays the attributes for the currently selected block.\u003C\u002Fp>\n","This plugin adds a section called \"Block X-ray\" to the Document sidebar in the editor. This \"Block X-ray\" section displays the att &hellip;",6894,4,"2026-01-13T02:27:00.000Z","6.9.4","5.5","7.2",[19,87,20,88,21],"block-attributes","editor","https:\u002F\u002Fgithub.com\u002Fsalcode\u002Fblock-xray-attributes","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-xray-attributes.1.2.1.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":60,"num_ratings":101,"last_updated":102,"tested_up_to":64,"requires_at_least":103,"requires_php":66,"tags":104,"homepage":107,"download_link":108,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wicked-block-builder","Wicked Block Builder","1.4.6","wickedplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fwickedplugins\u002F","\u003Cp>Create your own custom blocks with Wicked Block Builder!  There’s no setup required and you can build blocks in as little as a few minutes.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FxZ18r-w7C9k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Ch4>Native Blocks\u003C\u002Fh4>\n\u003Cp>Blocks created with Wicked Block Builder are truly native blocks that don’t use server-side rendering.\u003C\u002Fp>\n\u003Ch4>Build Custom Blocks\u003C\u002Fh4>\n\u003Cp>Build blocks using your own semantic markup.  Simply drag-and-drop HTML elements and components to build your block in minutes.\u003C\u002Fp>\n\u003Ch4>Make Your Block Editable\u003C\u002Fh4>\n\u003Cp>Add interactive components such as rich text and images so you can edit your block’s content directly in the editor.\u003C\u002Fp>\n\u003Ch4>Customize Your Block’s Sidebar\u003C\u002Fh4>\n\u003Cp>Add text boxes, checkboxes, radio buttons, color palettes, and more to your block’s sidebar.  Add panels or HTML elements to organize the sidebar.\u003C\u002Fp>\n\u003Ch4>Dynamic Blocks\u003C\u002Fh4>\n\u003Cp>Optionally make your blocks dynamic and use PHP to output your block.  Easily access your block’s data via an argument containing your block’s attributes.\u003C\u002Fp>\n\u003Ch4>Flexible Front-end View\u003C\u002Fh4>\n\u003Cp>Save time and skip the step of creating a similar (but slightly different) view for the front-end of your block (i.e. the “save” function if you’re a developer).\u003C\u002Fp>\n\u003Ch4>Style Editor\u003C\u002Fh4>\n\u003Cp>Add your block’s styles in a convenient CSS editor.\u003C\u002Fp>\n\u003Ch4>Block Patterns\u003C\u002Fh4>\n\u003Cp>Create block patterns with no code and easily update them as needed.\u003C\u002Fp>\n\u003Ch3>🚀 Get More With Wicked Block Builder Pro\u003C\u002Fh3>\n\u003Cp>Take your blocks to the next level with these additional features in Wicked Block Builder Pro.  \u003Ca href=\"https:\u002F\u002Fwickedplugins.com\u002Fplugins\u002Fwicked-block-builder\u002F?utm_source=readme&utm_campaign=wicked_block_builder&utm_content=pro_learn_more_link\" rel=\"nofollow ugc\">Learn more about Wicked Block Builder Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Repeater\u003C\u002Fh4>\n\u003Cp>Add repeaters to your block.  Add, sort, and delete any number of items in your block.  Nest repeaters for even greater functionality.\u003C\u002Fp>\n\u003Ch4>Conditional Logic\u003C\u002Fh4>\n\u003Cp>Use conditions to do incredible things with your block.  Conditionally add classes, inline styles, and HTML attributes.  Even change the output of your block based on conditional logic.\u003C\u002Fp>\n\u003Ch4>PostSelect\u003C\u002Fh4>\n\u003Cp>Add a PostSelect component to your block to let people select one or more posts and sort them.\u003C\u002Fp>\n\u003Ch4>TermSelect\u003C\u002Fh4>\n\u003Cp>Add a TermSelect component to your block to let people choose one or more terms.  Choose from different display types like checkboxes, radios, or dropdown.\u003C\u002Fp>\n\u003Ch4>InnerBlocks\u003C\u002Fh4>\n\u003Cp>Add an InnerBlocks component to nest blocks within your block.\u003C\u002Fp>\n\u003Ch4>Export Blocks to Plugin\u003C\u002Fh4>\n\u003Cp>Export your blocks to a stand-alone plugin.  Install the plugin on any WordPress site to use your blocks without needing to have Wicked Block Builder installed.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwickedplugins.com\u002Fplugins\u002Fwicked-block-builder\u002F?utm_source=readme&utm_campaign=wicked_block_builder&utm_content=pro_get_link\" rel=\"nofollow ugc\">Get Wicked Block Builder Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Who is Wicked Block Builder for?\u003C\u002Fh3>\n\u003Cp>Wicked Block Builder is for anyone who wants to create blocks that can be used in the WordPress editor.  This includes non-technical people (there’s no programming required) but also developers.\u003C\u002Fp>\n\u003Cp>Non-technical people will appreciate the intuitive drag-and-drop interface.  For developers, complete control over the block’s output, conditional logic (pro version only), automatic deprecations, dynamic blocks, and more make it a powerful must-have time-saving development tool.\u003C\u002Fp>\n","Create your own custom blocks and patterns in as little as a few minutes!",10,5497,5,"2025-04-22T04:30:00.000Z","6.7",[105,106,68,20,21],"administration","block-builder","https:\u002F\u002Fwickedplugins.com\u002Fwicked-block-builder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwicked-block-builder.1.4.6.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":83,"requires_at_least":122,"requires_php":123,"tags":124,"homepage":126,"download_link":127,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"classic-editor","Classic Editor","1.6.7","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>Classic Editor is an official plugin maintained by the WordPress team that restores the previous (“classic”) WordPress editor and the “Edit Post” screen. It makes it possible to use plugins that extend that screen, add old-style meta boxes, or otherwise depend on the previous editor.\u003C\u002Fp>\n\u003Cp>Classic Editor is an official WordPress plugin, and will be fully supported and maintained until 2024, or as long as is necessary.\u003C\u002Fp>\n\u003Cp>At a glance, this plugin adds the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Administrators can select the default editor for all users.\u003C\u002Fli>\n\u003Cli>Administrators can allow users to change their default editor.\u003C\u002Fli>\n\u003Cli>When allowed, the users can choose which editor to use for each post.\u003C\u002Fli>\n\u003Cli>Each post opens in the last editor used regardless of who edited it last. This is important for maintaining a consistent experience when editing content.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition, the Classic Editor plugin includes several filters that let other plugins control the settings, and the editor choice per post and per post type.\u003C\u002Fp>\n\u003Cp>By default, this plugin hides all functionality available in the new block editor (“Gutenberg”).\u003C\u002Fp>\n","Enables the previous \"classic\" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.",9000000,85599606,98,1223,"2025-12-08T10:40:00.000Z","4.9","5.2.4",[125,110,88,21],"block-editor","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclassic-editor.1.6.7.zip",{"attackSurface":129,"codeSignals":213,"taintFlows":244,"riskAssessment":271,"analyzedAt":280},{"hooks":130,"ajaxHandlers":200,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":212,"unprotectedCount":62},[131,137,142,146,152,155,158,161,165,169,172,176,179,184,187,190,193,195],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","init","closure","classes\\Components\\Plugin.php",74,{"type":132,"name":138,"callback":139,"file":140,"line":141},"wp_dashboard_setup","setup","classes\\Dashboard.php",8,{"type":132,"name":143,"callback":143,"file":144,"line":145},"rest_api_init","classes\\Extensions.php",58,{"type":147,"name":148,"callback":149,"priority":150,"file":144,"line":151},"filter","rest_prepare_revision","response",99,108,{"type":147,"name":153,"callback":149,"priority":150,"file":144,"line":154},"rest_prepare_comment",111,{"type":147,"name":156,"callback":149,"priority":150,"file":144,"line":157},"rest_prepare_user",114,{"type":147,"name":159,"callback":159,"file":160,"line":141},"rest_post_dispatch","classes\\Headers.php",{"type":132,"name":162,"callback":134,"file":163,"line":164},"cron_logger_init","classes\\Log.php",13,{"type":132,"name":166,"callback":166,"priority":13,"file":167,"line":168},"admin_init","classes\\PluginAssets.php",21,{"type":132,"name":170,"callback":171,"file":167,"line":31},"enqueue_block_editor_assets","enqueue",{"type":147,"name":173,"callback":173,"priority":99,"file":174,"line":175},"preview_post_link","classes\\Preview.php",15,{"type":132,"name":177,"callback":177,"file":174,"line":178},"plugins_loaded",18,{"type":132,"name":180,"callback":181,"file":182,"line":183},"save_post","on_post_change","classes\\Revalidate.php",12,{"type":132,"name":185,"callback":186,"file":182,"line":164},"edit_comment","on_comment_change",{"type":132,"name":188,"callback":186,"file":182,"line":189},"wp_insert_comment",14,{"type":132,"name":143,"callback":143,"file":191,"line":192},"classes\\Routes.php",16,{"type":132,"name":166,"callback":133,"file":194,"line":183},"classes\\Schedule.php",{"type":147,"name":196,"callback":197,"file":198,"line":199},"wp_is_application_passwords_available","__return_true","classes\\Security.php",11,[201,206],{"action":202,"nopriv":203,"callback":204,"hasNonce":203,"hasCapCheck":205,"file":174,"line":192},"headless_preview",false,"admin_preview",true,{"action":202,"nopriv":205,"callback":207,"hasNonce":203,"hasCapCheck":203,"file":174,"line":208},"no_permission",17,[],[],[],2,{"dangerousFunctions":214,"sqlUsage":215,"outputEscaping":222,"fileOperations":13,"externalRequests":62,"nonceChecks":13,"capabilityChecks":101,"bundledLibraries":243},[],{"prepared":216,"raw":62,"locations":217},7,[218],{"file":219,"line":220,"context":221},"classes\\Migration.php",23,"$wpdb->query() with variable interpolation",{"escaped":178,"rawEcho":223,"locations":224},9,[225,228,230,232,234,236,238,240,242],{"file":140,"line":226,"context":227},34,"raw output",{"file":140,"line":229,"context":227},35,{"file":140,"line":231,"context":227},38,{"file":140,"line":233,"context":227},42,{"file":140,"line":235,"context":227},43,{"file":140,"line":237,"context":227},62,{"file":140,"line":239,"context":227},79,{"file":140,"line":241,"context":227},80,{"file":140,"line":119,"context":227},[],[245,263],{"entryPoint":246,"graph":247,"unsanitizedCount":13,"severity":262},"admin_preview (classes\\Preview.php:62)",{"nodes":248,"edges":260},[249,254],{"id":250,"type":251,"label":252,"file":174,"line":253},"n0","source","$_GET",63,{"id":255,"type":256,"label":257,"file":174,"line":258,"wp_function":259},"n1","sink","wp_redirect() [Open Redirect]",75,"wp_redirect",[261],{"from":250,"to":255,"sanitized":205},"low",{"entryPoint":264,"graph":265,"unsanitizedCount":13,"severity":262},"\u003CPreview> (classes\\Preview.php:0)",{"nodes":266,"edges":269},[267,268],{"id":250,"type":251,"label":252,"file":174,"line":253},{"id":255,"type":256,"label":257,"file":174,"line":258,"wp_function":259},[270],{"from":250,"to":255,"sanitized":205},{"summary":272,"deductions":273},"The \"headless\" v2.3.1 plugin exhibits a generally good security posture with a small attack surface and a healthy proportion of SQL queries utilizing prepared statements. The absence of known vulnerabilities in its history is a positive indicator. However, there are significant areas of concern that warrant attention.  Specifically, the presence of an unprotected AJAX handler creates a direct entry point that could be exploited without proper authentication.  Furthermore, a notable portion of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is present in these outputs.\n\nThe lack of nonce checks on the identified AJAX handler is a critical oversight, as it removes a standard WordPress security mechanism designed to prevent Cross-Site Request Forgery (CSRF) attacks.  While taint analysis shows no critical or high severity unsanitized paths, the combination of an unprotected AJAX endpoint and unescaped output presents a tangible risk. The plugin's strengths lie in its limited attack surface and lack of historical vulnerabilities, but the immediate risks from the unprotected AJAX handler and potential XSS are substantial enough to necessitate careful review and remediation.",[274,276,278],{"reason":275,"points":99},"AJAX handler without authentication",{"reason":277,"points":101},"Outputs not properly escaped",{"reason":279,"points":216},"No nonce checks on AJAX","2026-03-16T22:43:56.735Z",{"wat":282,"direct":290},{"assetPaths":283,"generatorPatterns":287,"scriptPaths":288,"versionParams":289},[284,285,286],"\u002Fwp-content\u002Fplugins\u002Fheadless\u002Fdist\u002Fgutenberg.js","\u002Fwp-content\u002Fplugins\u002Fheadless\u002Fdist\u002Fgutenberg.css","\u002Fwp-content\u002Fplugins\u002Fheadless\u002Fdist\u002Fadmin.js",[],[284,286],[],{"cssClasses":291,"htmlComments":292,"htmlAttributes":293,"restEndpoints":294,"jsGlobals":297,"shortcodeOutput":300},[],[],[],[295,296],"\u002Fwp-json\u002Fheadless\u002Fv1\u002Fmenus","\u002Fwp-json\u002Fheadless\u002Fv1\u002Fmenus\u002F(?P\u003Cmenu>[\\S]+)",[298,299],"window.Headless","window.HeadlessAdmin",[]]