[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fU_IxVyuqvFW_jU7Y9HoCRG_MfWg4u43IkpMmphFqDAw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":136,"fingerprints":292},"hierarchical-documentation","Hierarchical Documentation","1.1","tombenner","https:\u002F\u002Fprofiles.wordpress.org\u002Ftombenner\u002F","\u003Cp>Hierarchical Documentation allows admins to create public pages of documentation and organize them hierarchically using a tree listing the pages where each page can be dragged to its desired position. It supports syntax highlighting for blocks of code and \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002F\" rel=\"nofollow ugc\">Markdown\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>For an example of Hierarchical Documentation in action, see \u003Ca href=\"http:\u002F\u002Fwpmvc.org\u002F\" rel=\"nofollow ugc\">wpmvc.org\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please note that the default behavior is to display the documentation page that has an ID of 1 as the site’s homepage. This can be changed by editing the first line of \u003Ccode>hierarchical-documentation\u002Fapp\u002Fconfig\u002Froutes.php\u003C\u002Fcode>. (See the \u003Ca href=\"http:\u002F\u002Fwpmvc.org\u002Fdocumentation\u002F62\u002Frouting\u002F\" rel=\"nofollow ugc\">WP MVC documentation page on routing\u003C\u002Fa> for details.)\u003C\u002Fp>\n\u003Cp>This plugin depends on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-mvc\u002F\" rel=\"ugc\">WP MVC\u003C\u002Fa>, so that plugin needs to be installed and activated before this one is activated.\u003C\u002Fp>\n\u003Cp>If you’d like to grab development releases, see what new features are being added, or browse the source code please visit the \u003Ca href=\"http:\u002F\u002Fgithub.com\u002Ftombenner\u002Fhierarchical-documentation\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>.\u003C\u002Fp>\n","Lets admins create searchable, hierarchically-organized documentation. Supports Markdown and syntax highlighting for code. Requires WP MVC.",10,3254,0,"2012-03-02T22:21:00.000Z","3.2.1","3.0","",[19,20,21,22,23],"code","codex","documentation","hierarchical","reference","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fhierarchical-documentation\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhierarchical-documentation.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},5,70,30,84,"2026-04-04T20:59:30.418Z",[37,59,79,101,121],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":17,"tags":52,"homepage":57,"download_link":58,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-footnotes","Simple Footnotes","0.3","Andrew Nacin","https:\u002F\u002Fprofiles.wordpress.org\u002Fnacin\u002F","\u003Cp>Create simple, elegant footnotes on your site. Use the \u003Ccode>[ref]\u003C\u002Fcode> shortcode and the plugin takes care of the rest.\u003C\u002Fp>\n\u003Cp>Example usage: \u003Ccode>Lorem ipsum. [ref]My note.[\u002Fref]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>If you paginate your posts, you can optionally move your footnotes below your page links. Look under Settings > Reading. Footnotes will still appear as normal for posts that are unpaginated.\u003C\u002Fp>\n","Create simple, elegant footnotes on your site. Use the [ref] shortcode and the plugin takes care of the rest.",600,22505,94,15,"2014-11-19T07:42:00.000Z","4.1.42","2.5",[53,54,55,56],"endnotes","footnotes","references","shortcode","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-footnotes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-footnotes.0.3.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":16,"requires_php":17,"tags":73,"homepage":77,"download_link":78,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"shortcode-reference","Shortcode Reference","1.0.0","Bart Stroeken","https:\u002F\u002Fprofiles.wordpress.org\u002Fbartee\u002F","\u003Cp>One of the fancy things within WordPress-plugins, is the availability of shortcodes.\u003Cbr \u002F>\nThese codes will provide access to plugin-specific things, like displaying a gallery, or a Google-Map.\u003Cbr \u002F>\nThe downside about this, is that there’s no generic overview of all available shortcodes within your environment.\u003C\u002Fp>\n\u003Cp>This plugin will provide a list of all available shortcodes, right where the action is. When you’re editing your content. And it won’t skip the details: it’ll show you what its origin is.\u003Cbr \u002F>\nMost of all, if it’s available in the sourcecode, the documentation will be shown.\u003C\u002Fp>\n\u003Cp>The plugin is largely based on \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Fbook.reflection.php\" rel=\"nofollow ugc\">PHP’s Reflection functionality\u003C\u002Fa>, and therefore only available from PHP version 5.0.0.\u003C\u002Fp>\n","This plugin will provide a list and details about available shortcodes in your current installment. All when you need it most - when editing content.",100,12206,68,7,"2022-01-25T07:03:00.000Z","5.8.13",[74,75,76,23,56],"links","page","post","http:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fbartstroeken","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcode-reference.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":67,"downloaded":87,"rating":67,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":17,"tags":92,"homepage":97,"download_link":98,"security_score":99,"vuln_count":88,"unpatched_count":13,"last_vuln_date":100,"fetched_at":28},"wh-tweaks","WH Tweaks","1.0.3","webheadcoder","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebheadllc\u002F","\u003Cp>Often times, ideas from WordPress Ideas (https:\u002F\u002Fwordpress.org\u002Fideas\u002F) or bugs from WordPress Trac (https:\u002F\u002Fcore.trac.wordpress.org\u002F) take years to make it into WordPress Core.  Sometimes even if everyone agrees on the fix it still doesn’t get in.  This plugin is the temporary patch you’ve been waiting for.  Activate any feature you want and disable any you don’t want.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Allow excerpts to show links.\u003C\u002Fli>\n\u003Cli>Obscure login errors so an attacker will not know if a username exists.\u003C\u002Fli>\n\u003Cli>Hide WordPress version in both meta tags and script inclusions.\u003C\u002Fli>\n\u003Cli>Make category children highlighted with a subtle gray background.\u003C\u002Fli>\n\u003Cli>Some added shortcodes.\u003C\u002Fli>\n\u003Cli>Customize login.\u003C\u002Fli>\n\u003Cli>Remove emoji scripts and styles.\u003C\u002Fli>\n\u003Cli>Automatically set the Return-Path to the From address if it’s not already set (Trac #22837).\u003C\u002Fli>\n\u003Cli>Show private pages in parent dropdowns (Trac #8592).\u003C\u002Fli>\n\u003Cli>Allow commas in category terms (Trac #14691).\u003C\u002Fli>\n\u003Cli>Show sidebar from main site in Multisite (Trac #22370).\u003C\u002Fli>\n\u003Cli>Disable default WordPress REST API endpoints.\u003C\u002Fli>\n\u003Cli>Remove author pages from public viewing.\u003C\u002Fli>\n\u003Cli>Redirect user enumeration to 403 Forbidden page.\u003C\u002Fli>\n\u003Cli>Resolve PHP notices about “ob_end_flush()” (Trac #18525 and #22430).  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each of these options can be turned on or off on the Settings -> WH Tweaks page.\u003C\u002Fp>\n","Common functionality WordPress core should have but maybe shouldn't.",4149,1,"2026-01-07T06:39:00.000Z","6.9.4","4.0",[93,20,94,95,96],"bugs","fix","problems","trac","https:\u002F\u002Fwebheadcoder.com\u002Fwh-tweaks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwh-tweaks.1.0.3.zip",99,"2025-12-21 00:00:00",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":13,"num_ratings":13,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"citepress-automatic-citation-generator","CitePress – Automatic Citation Generator","1.7","nusagates","https:\u002F\u002Fprofiles.wordpress.org\u002Fnusagates\u002F","\u003Cp>\u003Cstrong>CitePress\u003C\u002Fstrong> lets you generate a properly formatted bibliography (reference) for any post using simple shortcodes.\u003C\u002Fp>\n\u003Cp>Built for academic blogs, research documentation, online journals, and educational websites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Citation styles supported: APA, MLA, Chicago, IEEE, Harvard, Vancouver, ASA, ACS, ACM\u003C\u002Fli>\n\u003Cli>Customizable citation label and access date format\u003C\u002Fli>\n\u003Cli>Outputs a styled, collapsible citation box\u003C\u002Fli>\n\u003Cli>Uses clean shortcodes: \u003Ccode>[citepress style=\"apa\"]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>No custom tables, no frontend scripts, lightweight\u003C\u002Fli>\n\u003C\u002Ful>\n","Generate and display a clean citation box for any WordPress post using customizable academic citation styles.",50,442,"2025-05-28T06:48:00.000Z","6.8.5","5.0","7.2",[116,117,118,23,56],"academic","bibliography","citation","https:\u002F\u002Fnusagates.co.id","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcitepress-automatic-citation-generator.1.7.zip",{"slug":122,"name":123,"version":62,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":33,"downloaded":128,"rating":67,"num_ratings":129,"last_updated":130,"tested_up_to":112,"requires_at_least":131,"requires_php":17,"tags":132,"homepage":134,"download_link":135,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"shortcode-shortcode","Shortcode Shortcode","cubecolour","https:\u002F\u002Fprofiles.wordpress.org\u002Fnumeeja\u002F","\u003Cp>This plugin might be useful to you if you write about WordPress plugins and want to be able to show examples of shortcodes usage, but without the shortcodes being processed. The resultant display will be the same whether the plugin or theme providing the shortcode you are writing about is active or not.\u003C\u002Fp>\n\u003Ch4>The Shortcode Shortcode:\u003C\u002Fh4>\n\u003Cp>Add a [shortcode] shortcode in the format:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[shortcode]gallery[\u002Fshortcode]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will display on the page as [gallery] instead of actually showing a gallery of the attached images\u003C\u002Fp>\n","Provides a [shortcode] shortcode to allow you to show shortcode usage examples without the shortcodes being processed",3972,3,"2025-06-23T10:06:00.000Z","3.5",[21,133,56],"example","http:\u002F\u002Fcubecolour.co.uk\u002Fshortcode-shortcode","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshortcode-shortcode.1.0.0.zip",{"attackSurface":137,"codeSignals":164,"taintFlows":251,"riskAssessment":278,"analyzedAt":291},{"hooks":138,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":163,"entryPointCount":13,"unprotectedCount":13},[139,144,149,152,156],{"type":140,"name":141,"callback":142,"file":143,"line":109},"filter","mvc_before_public_url","documentation_before_public_url","app\\config\\bootstrap.php",{"type":145,"name":146,"callback":147,"priority":11,"file":143,"line":148},"action","mvc_admin_init","documentation_admin_init",71,{"type":145,"name":150,"callback":151,"priority":11,"file":143,"line":26},"mvc_public_init","documentation_public_init",{"type":140,"name":153,"callback":154,"file":143,"line":155},"mvc_page_title","documentation_page_title",96,{"type":145,"name":157,"callback":158,"file":143,"line":159},"plugins_loaded","download_export",106,[],[],[],[],{"dangerousFunctions":165,"sqlUsage":170,"outputEscaping":173,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":250},[166],{"fn":167,"file":143,"line":168,"context":169},"system",117,"system($command, $sql);",{"prepared":171,"raw":13,"locations":172},2,[],{"escaped":129,"rawEcho":174,"locations":175},43,[176,179,182,184,186,187,189,190,192,193,195,196,197,198,199,201,203,205,208,210,212,214,216,218,219,220,222,223,224,226,227,228,230,232,233,235,236,238,240,242,244,246,248],{"file":143,"line":177,"context":178},118,"raw output",{"file":180,"line":181,"context":178},"app\\controllers\\admin\\admin_documentation_nodes_controller.php",79,{"file":183,"line":129,"context":178},"app\\views\\admin\\documentation_nodes\\add.php",{"file":183,"line":185,"context":178},4,{"file":183,"line":31,"context":178},{"file":183,"line":188,"context":178},6,{"file":183,"line":70,"context":178},{"file":183,"line":191,"context":178},8,{"file":183,"line":11,"context":178},{"file":194,"line":129,"context":178},"app\\views\\admin\\documentation_nodes\\edit.php",{"file":194,"line":31,"context":178},{"file":194,"line":188,"context":178},{"file":194,"line":70,"context":178},{"file":194,"line":191,"context":178},{"file":194,"line":200,"context":178},9,{"file":194,"line":202,"context":178},11,{"file":204,"line":31,"context":178},"app\\views\\admin\\documentation_nodes\\export.php",{"file":206,"line":207,"context":178},"app\\views\\admin\\documentation_nodes\\tree.php",26,{"file":206,"line":209,"context":178},31,{"file":206,"line":211,"context":178},32,{"file":213,"line":109,"context":178},"app\\views\\admin\\documentation_nodes\\_preview_and_help.php",{"file":213,"line":215,"context":178},57,{"file":217,"line":171,"context":178},"app\\views\\admin\\documentation_nodes\\_tree_item.php",{"file":217,"line":129,"context":178},{"file":217,"line":31,"context":178},{"file":221,"line":129,"context":178},"app\\views\\admin\\documentation_versions\\add.php",{"file":221,"line":185,"context":178},{"file":221,"line":31,"context":178},{"file":225,"line":129,"context":178},"app\\views\\admin\\documentation_versions\\edit.php",{"file":225,"line":185,"context":178},{"file":225,"line":31,"context":178},{"file":229,"line":48,"context":178},"app\\views\\documentation_nodes\\search.php",{"file":231,"line":88,"context":178},"app\\views\\documentation_nodes\\show.php",{"file":231,"line":129,"context":178},{"file":234,"line":129,"context":178},"app\\views\\documentation_nodes\\_item.php",{"file":234,"line":188,"context":178},{"file":237,"line":31,"context":178},"app\\views\\documentation_nodes\\_search_form.php",{"file":239,"line":202,"context":178},"app\\views\\documentation_nodes\\_tree.php",{"file":239,"line":241,"context":178},13,{"file":239,"line":243,"context":178},14,{"file":245,"line":88,"context":178},"app\\views\\documentation_nodes\\_tree_item.php",{"file":247,"line":171,"context":178},"app\\views\\documentation_nodes\\_version_list.php",{"file":247,"line":249,"context":178},12,[],[252,269],{"entryPoint":253,"graph":254,"unsanitizedCount":88,"severity":268},"preview_content (app\\controllers\\admin\\admin_documentation_nodes_controller.php:75)",{"nodes":255,"edges":265},[256,260],{"id":257,"type":258,"label":259,"file":180,"line":181},"n0","source","$_POST['content']",{"id":261,"type":262,"label":263,"file":180,"line":181,"wp_function":264},"n1","sink","echo() [XSS]","echo",[266],{"from":257,"to":261,"sanitized":267},false,"medium",{"entryPoint":270,"graph":271,"unsanitizedCount":88,"severity":277},"\u003Cadmin_documentation_nodes_controller> (app\\controllers\\admin\\admin_documentation_nodes_controller.php:0)",{"nodes":272,"edges":275},[273,274],{"id":257,"type":258,"label":259,"file":180,"line":181},{"id":261,"type":262,"label":263,"file":180,"line":181,"wp_function":264},[276],{"from":257,"to":261,"sanitized":267},"low",{"summary":279,"deductions":280},"The hierarchical-documentation plugin version 1.1 presents a mixed security posture.  On the positive side, it boasts a clean vulnerability history with no recorded CVEs, suggesting a generally well-maintained codebase. The static analysis also indicates all SQL queries use prepared statements, a strong practice for preventing SQL injection.  However, significant concerns arise from the code signals. The presence of a 'system' dangerous function is a red flag, as this function can execute arbitrary commands on the server, posing a critical risk if not properly controlled. Furthermore, the low percentage of properly escaped output (7%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the plugin's output. The taint analysis showing two flows with unsanitized paths reinforces these concerns, indicating potential for data to be processed in an unsafe manner.",[281,283,285,287,289],{"reason":282,"points":48},"Dangerous function 'system' found",{"reason":284,"points":249},"Low percentage of properly escaped output (7%)",{"reason":286,"points":11},"Taint analysis shows unsanitized paths",{"reason":288,"points":31},"No nonce checks implemented",{"reason":290,"points":31},"No capability checks implemented","2026-03-17T00:06:55.552Z",{"wat":293,"direct":308},{"assetPaths":294,"generatorPatterns":300,"scriptPaths":301,"versionParams":302},[295,296,297,298,299],"\u002Fwp-content\u002Fplugins\u002Fhierarchical-documentation\u002Fnest_sortable.js","\u002Fwp-content\u002Fplugins\u002Fhierarchical-documentation\u002Fpreview_markdown.js","\u002Fwp-content\u002Fplugins\u002Fhierarchical-documentation\u002Fedit_documentation.css","\u002Fwp-content\u002Fplugins\u002Fhierarchical-documentation\u002Fpublic_documentation_tree.js","\u002Fwp-content\u002Fplugins\u002Fhierarchical-documentation\u002Fpublic_documentation.css",[],[295,296,298],[303,304,305,306,307],"hierarchical-documentation\u002Fnest_sortable.js?ver=","hierarchical-documentation\u002Fpreview_markdown.js?ver=","hierarchical-documentation\u002Fedit_documentation.css?ver=","hierarchical-documentation\u002Fpublic_documentation_tree.js?ver=","hierarchical-documentation\u002Fpublic_documentation.css?ver=",{"cssClasses":309,"htmlComments":311,"htmlAttributes":312,"restEndpoints":318,"jsGlobals":319,"shortcodeOutput":324},[310],"documentation-tree",[],[313,314,315,316,317],"data-id","data-parent-id","data-depth","data-left","data-right",[],[320,321,322,323],"mvc_js_url","current_documentation_version","url_documentation_version_name","displayed_documentation_version",[]]