[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fL7TC-iNUEVrkmYLMJys_gsJ5X4doLnll9LZZAN29wIw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":13,"tags":16,"homepage":19,"download_link":20,"security_score":21,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":30,"analysis":56,"fingerprints":111},"hidereferrer","The Official HideReferrer.com WP Plugin","1.0.0","simonstax","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimonstax\u002F","\u003Cp>No. This plugin does not modify the source of your post or page. Links are modified in the user’s browser.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n","No. This plugin does not modify the source of your post or page. Links are modified in the user's browser.",0,1040,"","4.8.28","3.5",[17,18],"hide-referrer","null-referrer","https:\u002F\u002Fhidereferrer.com\u002Fplugin.php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhidereferrer.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":26,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":27,"trust_score":28,"computed_at":29},1,30,94,"2026-04-03T21:28:00.818Z",[31],{"slug":32,"name":33,"version":34,"author":35,"author_profile":36,"description":37,"short_description":38,"active_installs":39,"downloaded":40,"rating":41,"num_ratings":42,"last_updated":43,"tested_up_to":44,"requires_at_least":45,"requires_php":46,"tags":47,"homepage":52,"download_link":53,"security_score":54,"vuln_count":11,"unpatched_count":11,"last_vuln_date":22,"fetched_at":55},"wp-hiderefer","WP-HideRefer","1.12","ulfben","https:\u002F\u002Fprofiles.wordpress.org\u002Fulfben\u002F","\u003Cp>When your readers follow links from your blog, the linked site can see where they come from. Thus; your blog is known by every site you’ve ever linked to.\u003C\u002Fp>\n\u003Cp>WP-HideRefer adds proxies to your outgoing links, keeping your site private!\u003C\u002Fp>\n\u003Cp>There are many plugins to anonymize links. What makes WP-HideRefer better is:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>it’s 100% WordPress API compliant\u003C\u002Fli>\n\u003Cli>it’s entirely server-side (= cacheable & no JavaScript!)\u003C\u002Fli>\n\u003Cli>therefore; supports \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Finfinite-scroll\u002F\" rel=\"ugc\">infinite-scroll\u003C\u002Fa> (AJAX \u002F streaming)\u003C\u002Fli>\n\u003Cli>it correctly filters your feeds and comments\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-hiderefer\u002Ffaq\u002F\" rel=\"ugc\">it can handle your manually anonymized links\u003C\u002Fa>!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u002F\u002F\u003Cem>\u003Ca href=\"http:\u002F\u002Fwww.ulfbenjaminsson.com\" rel=\"nofollow ugc\">Ulf Benjaminsson\u003C\u002Fa>\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>(Please note that WP-HideRefer requires PHP 5 or newer.)\u003C\u002Fp>\n\u003Ch3>Additional Notes\u003C\u002Fh3>\n\u003Cp>Copyright (C) 2012-2019 Ulf Benjaminsson (hello at my full name dot com)\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation; either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\nalong with this program; if not, write to the Free Software\u003Cbr \u002F>\nFoundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA\u003C\u002Fp>\n","WP-HideRefer adds proxies to your outgoing links, keeping your site private!",10,3114,80,4,"2019-03-24T20:43:00.000Z","5.1.22","3.9","5.2",[48,49,50,17,51],"anonymise","anonymize","blank-referrer","mask","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-hiderefer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-hiderefer.1.12.zip",85,"2026-03-15T15:16:48.613Z",{"attackSurface":57,"codeSignals":84,"taintFlows":104,"riskAssessment":105,"analyzedAt":110},{"hooks":58,"ajaxHandlers":80,"restRoutes":81,"shortcodes":82,"cronEvents":83,"entryPointCount":11,"unprotectedCount":11},[59,64,69,72,76],{"type":60,"name":61,"callback":62,"file":63,"line":39},"filter","plugin_action_links_hidereferrer\u002Fhidereferrer.php","synpro_hr_plugin_action_links","hidereferrer.php",{"type":65,"name":66,"callback":67,"file":63,"line":68},"action","wp_enqueue_scripts","synpro_hr_load_my_script",17,{"type":65,"name":70,"callback":67,"file":63,"line":71},"admin_enqueue_scripts",18,{"type":65,"name":73,"callback":74,"file":63,"line":75},"admin_init","synpro_settings_init",63,{"type":65,"name":77,"callback":78,"file":63,"line":79},"admin_menu","synpro_hr_options_page",113,[],[],[],[],{"dangerousFunctions":85,"sqlUsage":86,"outputEscaping":88,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":26,"bundledLibraries":103},[],{"prepared":11,"raw":11,"locations":87},[],{"escaped":89,"rawEcho":90,"locations":91},2,5,[92,95,97,99,101],{"file":63,"line":93,"context":94},32,"raw output",{"file":63,"line":96,"context":94},72,{"file":63,"line":98,"context":94},77,{"file":63,"line":100,"context":94},82,{"file":63,"line":102,"context":94},87,[],[],{"summary":106,"deductions":107},"The \"hidereferrer\" plugin version 1.0.0 exhibits a strong security posture based on the provided static analysis. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code signals indicate good practices in crucial areas like SQL query handling, with all queries utilizing prepared statements, and a capability check present. The lack of file operations and external HTTP requests also reduces potential exposure points.\n\nHowever, a significant concern arises from the low percentage of properly escaped output (29%). This suggests that data processed and outputted by the plugin may not be adequately sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities if user-supplied data is echoed directly. The absence of nonces on any potential entry points (though there are none listed) would also be a concern in a more complex plugin, but given the zero attack surface here, it's less of an immediate threat. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. This, combined with the limited attack surface and secure SQL handling, suggests a generally well-developed plugin. The primary weakness lies in the output escaping, which should be addressed to achieve a more robust security profile.",[108],{"reason":109,"points":90},"Low percentage of properly escaped output","2026-03-17T05:58:10.060Z",{"wat":112,"direct":118},{"assetPaths":113,"generatorPatterns":115,"scriptPaths":116,"versionParams":117},[114],"\u002Fwp-content\u002Fplugins\u002Fhidereferrer\u002Fassets\u002Fapp.js",[],[114],[],{"cssClasses":119,"htmlComments":120,"htmlAttributes":121,"restEndpoints":122,"jsGlobals":123,"shortcodeOutput":130},[],[],[],[],[124,125,126,127,128,129],"referrer_link","hide_mode_all","hide_mode_post_page","hide_mode_comments","hide_mode_all_comments_admin","exceptions",[]]