[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSus-rQmvSWIhBTwc5YdePcU0-wVaabyLMVrC1r5-n-M":3,"$fTro_6JgjQFnHLZtdeQ45LYkvEi6Mh_5L4d3puoMuZAQ":387,"$f365hnrn7cpzBjTGW5EPekjt2AzRnEIbBNe9uxZc4K0s":392},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":7,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":37,"analysis":125,"fingerprints":357},"hikari-krumo","Hikari Krumo","0.02.04","","https:\u002F\u002Fprofiles.wordpress.org\u002Fshidouhikari\u002F","\u003Cp>\u003Cem>Krumo\u003C\u002Fem> is a debugging tool equivalent to print_r() and var_dump(), with the advantage of collapsing array and object values so that it takes less space and let us see only what we really need from complex data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Fhikari.ws\u002Fkrumo\u002F\" rel=\"nofollow ugc\">Hikari Krumo\u003C\u002Fa>\u003C\u002Fstrong> ports it to a WordPress plugin, so that Krumo becomes easily available in any WordPress page. Original Krumo has a few bugs fixed and has its options available in an admin page instead of requiring krumo.ini file edited directly.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The simplicity of print_r() with the details of var_dump()\u003C\u002Fli>\n\u003Cli>Show any data, including its data type\u003C\u002Fli>\n\u003Cli>For arrays and objects, internal data are collapsed, so that it takes less space and you can expand to see only those values you really wanna see, spending much less space\u003C\u002Fli>\n\u003Cli>Works anywhere in WordPress, backend and frontend\u003C\u002Fli>\n\u003Cli>Hide it from visitors and only those who really need to see dump be able to see it\u003C\u002Fli>\n\u003Cli>Automatically shows PHP file and line where dump happened, a great tool for debugging\u003C\u002Fli>\n\u003C\u002Ful>\n","Krumo is a debug tool able of collapsing array and object values so that it takes less space and let us see only what we really need from complex data",10,2326,0,"2010-10-10T01:31:00.000Z","3.0.5","2.8.0",[18,19,20,21,22],"backtrace","debug","krumo","print_r","var_dump","http:\u002F\u002Fhikari.ws\u002Fkrumo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhikari-krumo.0.02.04.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":31,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"shidouhikari",9,430,30,84,"2026-05-19T16:04:02.206Z",[38,58,75,88,107],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":56,"download_link":57,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"debug-toolkit","Debug Toolkit","1.0.1","Tonya Mork","https:\u002F\u002Fprofiles.wordpress.org\u002Fhellofromtonya\u002F","\u003Cp>Debug Toolkit makes debugging your code easier and more enjoyable.  It provides you with interactive and helpful tools:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Better PHP error interface from (\u003Ca href=\"http:\u002F\u002Ffilp.github.io\u002Fwhoops\u002F\" rel=\"nofollow ugc\">Whoops\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Better variable inspection – no need to use \u003Ccode>var_dump\u003C\u002Fcode>, \u003Ccode>print_r\u003C\u002Fcode>, or X-debug\u003C\u002Fli>\n\u003Cli>An interactive way to back trace the program’s execution order\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Better PHP Error Interface from Whoops\u003C\u002Fh3>\n\u003Cp>The built-in PHP error container is basic and not as helpful as it could be.  On top of that, it’s rather ugly. Wouldn’t you agree?\u003C\u002Fp>\n\u003Cp>Whoops gives you a cool interface that is helpful, interactive, and quite nice to look at.  Some features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Provides the error message and links to search Google, DuckDuckGo, and Stack Overflow.\u003C\u002Fli>\n\u003Cli>Shows the actual code where the error occurred.\u003C\u002Fli>\n\u003Cli>Provides an interactive call stack.  Click each and the actual code appears in the viewer panel.\u003C\u002Fli>\n\u003Cli>Environment and details including GET Data, POST Data, Files, Cookie, Session, Server\u002FRequest Data, Environment Variables, and Registered Handlers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the tools in action in this video\u003C\u002Fp>\n\u003Cp>\u003Ciframe loading=\"lazy\" title=\"Introducing the Debug Toolkit Plugin for WordPress\" src=\"https:\u002F\u002Fplayer.vimeo.com\u002Fvideo\u002F322351688?dnt=1&app_id=122963\" width=\"750\" height=\"422\" frameborder=\"0\" allow=\"autoplay; fullscreen; picture-in-picture; clipboard-write\">\u003C\u002Fiframe>\u003C\u002Fp>\n\u003Ch3>Better Variable Inspection\u003C\u002Fh3>\n\u003Cp>Though X-debug is powerful, it can be difficult to set up and run.  For that reason, it’s common to dump or print out the variable to browser.  But the built-in display for the PHP \u003Ccode>var_dump\u003C\u002Fcode> and \u003Ccode>print_r\u003C\u002Fcode> is basic.\u003C\u002Fp>\n\u003Cp>This plugin includes both two very popular variable dumper tools:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsymfony.com\u002Fdoc\u002Fcurrent\u002Fcomponents\u002Fvar_dumper.html\" rel=\"nofollow ugc\">VarDumper from Symfony\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fkint-php.github.io\u002Fkint\u002F\" rel=\"nofollow ugc\">Kint – a modern and powerful PHP debugging helper\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>VarDumper provides a simple container that displays where you place it.\u003C\u002Fp>\n\u003Cp>On the other hand, Kint provides a more powerful interface that gives you more information such as printing out the expression that was passed into it, the data type, memory size, and the value.\u003C\u002Fp>\n\u003Cp>To make it even easier, the following utility functions are available for you to use in your code:\u003C\u002Fp>\n\u003Ch4>Available Functions for Inspecting Variable Values\u003C\u002Fh4>\n\u003Cp>Let’s explore the functions that are available for you through this plugin.  We’ll use the variable inspectors to dump \u003Ccode>global $post\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cp>Note: You can pass in any variable or function that returns a value.\u003C\u002Fp>\n\u003Cp>Dumps the given variable(s):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>global $post;\n\n\u002F\u002F VarDumper\nvdump( $post );\n\n\u002F\u002F Kint\ndump( $post );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Dumps the given variable(s) and then exits the program’s execution:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>global $post;\n\n\u002F\u002F VarDumper\nvdump_and_die( $post );\n\n\u002F\u002F Kint\ndump_and_die( $post );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In addition, there are alias (shorthand) functions available for you if you prefer shorter function names:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>vd()\u003C\u002Fcode> is an alias for \u003Ccode>vdump()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>vdd()\u003C\u002Fcode> and \u003Ccode>vdd()\u003C\u002Fcode> are aliases for \u003Ccode>vdump_and_die()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>d()\u003C\u002Fcode> is an alias for \u003Ccode>dump()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>dd()\u003C\u002Fcode> and \u003Ccode>ddd()\u003C\u002Fcode> are aliases for \u003Ccode>dump_and_die()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Tracing Call Stack\u003C\u002Fh3>\n\u003Cp>When debugging, there are times when you need to see the order in which functions were called that lead to a certain point in the program.  PHP offers a backtrace that traces back the execution order from the point when the function is invoked.\u003C\u002Fp>\n\u003Cp>To make backtracing easier, this plugin provides you with a \u003Ccode>trace()\u003C\u002Fcode> function and combines it with the variable inspect functions.\u003C\u002Fp>\n\u003Cp>For example, if you wanted to trace the call stack to the start of the loop in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file, you could use this code:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action( 'loop_start', function() {\n    trace();\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Available Trace Functions\u003C\u002Fh4>\n\u003Cp>Place these functions at the point where you want to trace the call stack.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>trace();\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>trace_vdump();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>vdump()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>trace_dump();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>dump()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>trace_vdump_and_die();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>vdump_and_die()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>trace_dump_and_die();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>dump_and_die()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition, there are alias (shorthand) functions available for you if you prefer shorter function names:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>tracevd();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>vd()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>traced();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>d()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tracevdd();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>vdd()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tracedd();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>dd()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>tracevddd();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>vddd()\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>traceddd();\u003C\u002Fcode> – Combines \u003Ccode>trace()\u003C\u002Fcode> and \u003Ccode>ddd()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Admin Bar\u003C\u002Fh3>\n\u003Cp>“DEBUG ACTIVE” indicator displays in the WordPress admin bar to alert you when the plugin is active.\u003C\u002Fp>\n","Code debug made easier and more enjoyable.",20,8862,100,13,"2019-03-11T15:34:00.000Z","5.1.22","4.9","5.6",[18,19,55,21,22],"debugger","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-toolkit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-toolkit.1.0.1.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":48,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":7,"tags":71,"homepage":73,"download_link":74,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"pco-kint","PCo Kint","1.0.10","Compute","https:\u002F\u002Fprofiles.wordpress.org\u002Fcompute\u002F","\u003Cp>PCo-Kint is a simple WordPress plugin wrapper for \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fraveren\u002Fkint\u002F\" rel=\"nofollow ugc\">kint\u003C\u002Fa>, a pretty replacement for \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.var-dump.php\" rel=\"nofollow ugc\">var_dump()\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.print-r.php]\" rel=\"nofollow ugc\">print_r()\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.debug-backtrace.php]\" rel=\"nofollow ugc\">debug_backtrace()\u003C\u002Fa>. Kint is also a great replacement to Krumo!\u003C\u002Fp>\n\u003Cp>Simply use the \u003Ccode>d()\u003C\u002Fcode> function to output your objects or arrays, or use \u003Ccode>ddd()\u003C\u002Fcode> if you want to terminate the current script.\u003C\u002Fp>\n\u003Cp>A great alternative to \u003Ccode>echo'\u003Cpre>';var_dump($var);die;\u003C\u002Fcode>!\u003C\u002Fp>\n\u003Cp>A full list of features can be found on the project page:\u003C\u002Fp>\n\u003Cp>http:\u002F\u002Fraveren.github.io\u002Fkint\u002F\u003C\u002Fp>\n\u003Cp>Contribute to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPeytz-WordPress\u002Fpco-kint\" rel=\"nofollow ugc\">this project\u003C\u002Fa> on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPeytz-WordPress\" rel=\"nofollow ugc\">github\u003C\u002Fa> or find \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fpeytzco\u002F\" rel=\"nofollow ugc\">all of our favorite and custom made plugins\u003C\u002Fa>\u003C\u002Fp>\n","Kint debugger for WordPress - a powerful and modern PHP debugging tool.",2016,1,"2015-10-28T13:13:00.000Z","4.3.34","3.5",[19,72,20,21,22],"kint","https:\u002F\u002Fgithub.com\u002FPeytz-WordPress\u002Fpco-kint","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpco-kint.1.0.10.zip",{"slug":76,"name":77,"version":78,"author":42,"author_profile":43,"description":79,"short_description":80,"active_installs":48,"downloaded":81,"rating":48,"num_ratings":82,"last_updated":83,"tested_up_to":51,"requires_at_least":70,"requires_php":84,"tags":85,"homepage":86,"download_link":87,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"kint-php-debugger","Kint PHP Debugger","2.0.2","\u003Cp>This WordPress plugin is a wrapper for the \u003Ca href=\"https:\u002F\u002Fkint-php.github.io\u002Fkint\u002F\" rel=\"nofollow ugc\">Kint\u003C\u002Fa> PHP Debugger utility version 1.x.  Now instead of using var_dump() or print_r(), you simply use d() with zero, nadda, no formatting required.\u003C\u002Fp>\n\u003Cp>Use this tool when you are debugging your website, in place of \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.var-dump.php\" rel=\"nofollow ugc\">var_dump()\u003C\u002Fa>\u003C\u002Fstrong>, \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.print-r.php\" rel=\"nofollow ugc\">print_r()\u003C\u002Fa>\u003C\u002Fstrong> and \u003Cstrong>\u003Ca href=\"http:\u002F\u002Fphp.net\u002Fmanual\u002Fen\u002Ffunction.debug-backtrace.php\" rel=\"nofollow ugc\">debug_backtrace()\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Handy Tools\u003C\u002Fh4>\n\u003Cp>Some handy tools just for the PHP Developer:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>d( $var );\u003C\u002Fcode> to render a collapsible UI container which displays your variable data in “the most informative way”\u003C\u002Fli>\n\u003Cli>\u003Ccode>ddd( $var );\u003C\u002Fcode> same as d() except that it also executes \u003Ccode>die()\u003C\u002Fcode> to halt execution.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Here are some variations of \u003Ccode>d()\u003C\u002Fcode> to give you the display you want:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>~d( $var );\u003C\u002Fcode> outputs in plain text format.\u003C\u002Fli>\n\u003Cli>\u003Ccode>+d( $var );\u003C\u002Fcode> disregards depth level limits and outputs everything\u003C\u002Fli>\n\u003Cli>\u003Ccode>!d( $var );\u003C\u002Fcode> shows expanded rich output\u003C\u002Fli>\n\u003Cli>\u003Ccode>-d( $var );\u003C\u002Fcode> attempts to ob_clean() the previous output (dump something inside of HTML)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Profiler\u003C\u002Fh4>\n\u003Cp>Kint even includes a naïve profiler, which can help you analyze which blocks of code take longer than others:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Kint::dump( microtime() ); \u002F\u002F just pass microtime()\nsleep( 1 );\nKint::dump( microtime(), 'after sleep(1)' );\nsleep( 2 );\nddd( microtime(), 'final call, after sleep(2)' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fkint-php-debugger\u002Fscreenshots\u002F\" rel=\"ugc\">screenshot 2\u003C\u002Fa> for what is rendered out in your browser.\u003C\u002Fp>\n\u003Ch3>Admin Bar\u003C\u002Fh3>\n\u003Cp>“KINT ACTIVE” indicator displays in the WordPress admin bar to alert you when the plugin is active.\u003C\u002Fp>\n","Kint is a modern and powerful PHP debugging helper, which requires zero-setup and replaces var_dump(), print_r() and debug_backtrace().",13140,12,"2019-03-11T17:29:00.000Z","5.3",[19,55,72,21,22],"https:\u002F\u002Fgithub.com\u002FKnowTheCode\u002Fkint-php-debugger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkint-php-debugger.2.0.2.zip",{"slug":89,"name":90,"version":41,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":48,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":100,"requires_php":7,"tags":101,"homepage":7,"download_link":106,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"laravel-dd","Laravel DD for WordPress","phegman","https:\u002F\u002Fprofiles.wordpress.org\u002Fphegman\u002F","\u003Cp>Use Laravel’s \u003Ca href=\"https:\u002F\u002Flaravel.com\u002Fdocs\u002F5.4\u002Fhelpers#method-dd\" rel=\"nofollow ugc\">\u003Ccode>dd()\u003C\u002Fcode>\u003C\u002Fa> (die dump) function in your WordPress projects. Perfect for debuging custom queries! Laravel’s \u003Ccode>dd()\u003C\u002Fcode> function is built on top of the \u003Ca href=\"http:\u002F\u002Fsymfony.com\u002Fdoc\u002Fcurrent\u002Fcomponents\u002Fvar_dumper.html\" rel=\"nofollow ugc\">Symfony VarDumper component\u003C\u002Fa> \u003Cstrong>Please note in order for this plugin to work correctly WordPress Emojis will be disabled\u003C\u002Fstrong>\u003C\u002Fp>\n","Use Laravel's dd() (die dump) function in your Wordpress projects. Perfect for debuging custom queries!",1000,15259,7,"2018-03-02T22:32:00.000Z","4.8.28","3.0.1",[19,102,103,104,105],"die","dump","laravel","var-dumper","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flaravel-dd.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":48,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":7,"tags":121,"homepage":123,"download_link":124,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-dbug","wp-dBug","0.2","vhauri","https:\u002F\u002Fprofiles.wordpress.org\u002Fvhauri\u002F","\u003Cp>This plugin is basically a wrapper for the excellent dBug (http:\u002F\u002Fdbug.ospinto.com) class for PHP debugging, written by Kwaku Otchere..\u003C\u002Fp>\n\u003Cp>Instead of var_dump or echo, you can call wp_dbug( $variable ) to get clear, dynamic debug output of strings, arrays, or objects.\u003C\u002Fp>\n\u003Cp>Thanks to @borkweb, the plugin is now compatible with the WP Debug Bar plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fdebug-bar\u002F) for extra debugging goodness!\u003C\u002Fp>\n","Plugin implements the awesome dBug class created by Kwaku Otchere for use in WordPress plugin debugging",60,6192,2,"2013-01-19T00:07:00.000Z","3.5.2","2.7",[122,19,55,22],"dbug","http:\u002F\u002Fneverblog.net\u002Fwp-dbug","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-dbug.zip",{"attackSurface":126,"codeSignals":151,"taintFlows":307,"riskAssessment":341,"analyzedAt":356},{"hooks":127,"ajaxHandlers":147,"restRoutes":148,"shortcodes":149,"cronEvents":150,"entryPointCount":13,"unprotectedCount":13},[128,134,139,143],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","plugins_loaded","HkKrumo_instance","hikari-krumo-options.php",101,{"type":129,"name":135,"callback":136,"file":137,"line":138},"init","startup","hikari-tools.php",34,{"type":129,"name":140,"callback":141,"file":137,"line":142},"admin_init","options_init",449,{"type":129,"name":144,"callback":145,"file":137,"line":146},"admin_menu","menuPrepare",450,[],[],[],[],{"dangerousFunctions":152,"sqlUsage":153,"outputEscaping":155,"fileOperations":117,"externalRequests":13,"nonceChecks":13,"capabilityChecks":67,"bundledLibraries":306},[],{"prepared":13,"raw":13,"locations":154},[],{"escaped":13,"rawEcho":35,"locations":156},[157,160,162,164,166,168,170,172,174,175,176,177,178,180,182,184,185,186,187,188,190,192,194,196,197,199,201,203,204,205,207,208,210,212,214,215,216,218,219,221,222,224,226,228,230,232,234,235,237,239,241,243,245,246,248,250,251,252,254,257,259,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304],{"file":137,"line":158,"context":159},126,"raw output",{"file":137,"line":161,"context":159},134,{"file":137,"line":163,"context":159},135,{"file":137,"line":165,"context":159},140,{"file":137,"line":167,"context":159},147,{"file":137,"line":169,"context":159},156,{"file":137,"line":171,"context":159},588,{"file":137,"line":173,"context":159},590,{"file":137,"line":173,"context":159},{"file":137,"line":173,"context":159},{"file":137,"line":173,"context":159},{"file":137,"line":173,"context":159},{"file":137,"line":179,"context":159},592,{"file":137,"line":181,"context":159},609,{"file":137,"line":183,"context":159},611,{"file":137,"line":183,"context":159},{"file":137,"line":183,"context":159},{"file":137,"line":183,"context":159},{"file":137,"line":183,"context":159},{"file":137,"line":189,"context":159},613,{"file":137,"line":191,"context":159},622,{"file":137,"line":193,"context":159},624,{"file":137,"line":195,"context":159},630,{"file":137,"line":195,"context":159},{"file":137,"line":198,"context":159},635,{"file":137,"line":200,"context":159},644,{"file":137,"line":202,"context":159},659,{"file":137,"line":202,"context":159},{"file":137,"line":202,"context":159},{"file":137,"line":206,"context":159},660,{"file":137,"line":206,"context":159},{"file":137,"line":209,"context":159},664,{"file":137,"line":211,"context":159},673,{"file":137,"line":213,"context":159},693,{"file":137,"line":213,"context":159},{"file":137,"line":213,"context":159},{"file":137,"line":217,"context":159},694,{"file":137,"line":217,"context":159},{"file":137,"line":220,"context":159},698,{"file":137,"line":220,"context":159},{"file":137,"line":223,"context":159},700,{"file":137,"line":225,"context":159},765,{"file":137,"line":227,"context":159},766,{"file":137,"line":229,"context":159},767,{"file":137,"line":231,"context":159},798,{"file":137,"line":233,"context":159},823,{"file":137,"line":233,"context":159},{"file":137,"line":236,"context":159},833,{"file":137,"line":238,"context":159},848,{"file":137,"line":240,"context":159},850,{"file":137,"line":242,"context":159},900,{"file":137,"line":244,"context":159},972,{"file":137,"line":244,"context":159},{"file":137,"line":247,"context":159},1012,{"file":137,"line":249,"context":159},1014,{"file":137,"line":249,"context":159},{"file":137,"line":249,"context":159},{"file":137,"line":253,"context":159},1066,{"file":255,"line":256,"context":159},"krumo\u002Fclass.krumo.php",285,{"file":255,"line":258,"context":159},587,{"file":255,"line":173,"context":159},{"file":255,"line":261,"context":159},600,{"file":255,"line":263,"context":159},601,{"file":255,"line":265,"context":159},722,{"file":255,"line":267,"context":159},725,{"file":255,"line":269,"context":159},735,{"file":255,"line":271,"context":159},892,{"file":255,"line":273,"context":159},1069,{"file":255,"line":275,"context":159},1091,{"file":255,"line":277,"context":159},1092,{"file":255,"line":279,"context":159},1125,{"file":255,"line":281,"context":159},1127,{"file":255,"line":283,"context":159},1155,{"file":255,"line":285,"context":159},1157,{"file":255,"line":287,"context":159},1182,{"file":255,"line":289,"context":159},1209,{"file":255,"line":291,"context":159},1211,{"file":255,"line":293,"context":159},1236,{"file":255,"line":295,"context":159},1238,{"file":255,"line":297,"context":159},1273,{"file":255,"line":299,"context":159},1276,{"file":255,"line":301,"context":159},1277,{"file":255,"line":303,"context":159},1286,{"file":255,"line":305,"context":159},1299,[],[308,331],{"entryPoint":309,"graph":310,"unsanitizedCount":67,"severity":330},"debugRequestParameters (hikari-tools.php:928)",{"nodes":311,"edges":326},[312,317,321],{"id":313,"type":314,"label":315,"file":137,"line":316},"n0","source","$_REQUEST",932,{"id":318,"type":319,"label":320,"file":137,"line":316},"n1","transform","→ dump()",{"id":322,"type":323,"label":324,"file":255,"line":258,"wp_function":325},"n2","sink","echo() [XSS]","echo",[327,329],{"from":313,"to":318,"sanitized":328},false,{"from":318,"to":322,"sanitized":328},"medium",{"entryPoint":332,"graph":333,"unsanitizedCount":67,"severity":330},"\u003Chikari-tools> (hikari-tools.php:0)",{"nodes":334,"edges":338},[335,336,337],{"id":313,"type":314,"label":315,"file":137,"line":316},{"id":318,"type":319,"label":320,"file":137,"line":316},{"id":322,"type":323,"label":324,"file":255,"line":258,"wp_function":325},[339,340],{"from":313,"to":318,"sanitized":328},{"from":318,"to":322,"sanitized":328},{"summary":342,"deductions":343},"The 'hikari-krumo' plugin v0.02.04 exhibits a mixed security posture. On the positive side, it demonstrates good practices by having zero known CVEs and no recorded vulnerability history, suggesting a low likelihood of publicly known exploits. Furthermore, the plugin utilizes prepared statements for all its SQL queries and includes a capability check, which are strong security fundamentals. However, significant concerns arise from the static analysis. The most alarming finding is that 100% of its outputs are not properly escaped, posing a high risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, while the attack surface appears minimal with zero entry points reported, the taint analysis indicates two flows with unsanitized paths, even though they are not classified as critical or high severity. These unsanitized paths, coupled with the complete lack of output escaping, strongly suggest potential for XSS or other injection attacks if these flows are ever exposed to user input. The absence of nonce checks and the limited capability checks are also points of concern, especially if any of the file operations or other code paths could be triggered in an unintended way. The plugin's strengths lie in its lack of known vulnerabilities and secure SQL handling, but the critical lack of output escaping and potential unsanitized paths create significant risks that require immediate attention.",[344,347,350,353],{"reason":345,"points":346},"0% of outputs properly escaped",15,{"reason":348,"points":349},"2 flows with unsanitized paths",6,{"reason":351,"points":352},"No nonce checks implemented",5,{"reason":354,"points":355},"Limited capability checks (1 total)",3,"2026-04-16T12:27:46.315Z",{"wat":358,"direct":367},{"assetPaths":359,"generatorPatterns":362,"scriptPaths":363,"versionParams":364},[360,361],"\u002Fwp-content\u002Fplugins\u002Fhikari-krumo\u002Fkrumo\u002Fkrumo.css","\u002Fwp-content\u002Fplugins\u002Fhikari-krumo\u002Fkrumo\u002Fkrumo.js",[],[361],[365,366],"hikari-krumo\u002Fkrumo\u002Fkrumo.css?ver=","hikari-krumo\u002Fkrumo\u002Fkrumo.js?ver=",{"cssClasses":368,"htmlComments":369,"htmlAttributes":378,"restEndpoints":383,"jsGlobals":384,"shortcodeOutput":385},[20],[370,371,372,373,374,375,376,377],"Copyright Hikari (http:\u002F\u002Fwordpress.Hikari.ws), 2010","If you want to redistribute this script, please leave a link to","http:\u002F\u002Fhikari.WS","Krumo: http:\u002F\u002Fkrumo.sourceforge.net","IMPORTANT CONTRIBUTIONS TO THIS SCRIPT (listed in alphabetical order):","Translations to different languages are provided by users of this script","Other contributors' (nick)names may be provided in the header of (or inside) the functions","SPECIAL THANKS to all contributors and translators of this script !",[379,380,381,382],"data-krumo-id","data-krumo-index","data-krumo-open","data-krumo-parent",[],[20],[386],"\u003Cdiv class='HkTools'>",{"error":388,"url":389,"statusCode":390,"statusMessage":391,"message":391},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fhikari-krumo\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":67,"versions":393},[394],{"version":6,"download_url":24,"svn_tag_url":395,"released_at":26,"has_diff":328,"diff_files_changed":396,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":397,"is_current":388},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fhikari-krumo\u002Ftags\u002F0.02.04\u002F",[],[]]