[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffo4-bHGWB6TkLGGpie6nipwl4WqYQYfmXunUu8gGjek":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":57,"fingerprints":255},"hiweb-plugins-server","hiWeb Plugins Server","2.2.0.0","Den Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fden-media\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FphuSL_DXSzM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>If you are creating multiple sites on WordPress, and every time you need to download the same plug-ins, including paid versions – then this plugin is for you!\u003Cbr \u002F>\nThis plugin allows you to organize storage of archived plugins current site.\u003C\u002Fp>\n\u003Ch4>How to organize the archive server plug-ins for their other sites:\u003C\u002Fh4>\n\u003Ch4>Setting up the client sites for download plugins from you’r own server\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to \u003Ccode>\"Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> hiWeb Plugins Server\"\u003C\u002Fcode> \u003Ca href=\"https:\u002F\u002Fs.w.org\u002Fplugins\u002Fhiweb-plugins-server\u002Fscreenshot-1.png?r=1502472\" rel=\"nofollow ugc\">(screenshot)\u003C\u002Fa>\u003Cbr \u002F>\n1.1. Enter the address of a site on WordPress, where you installed the plugin \u003Ccode>\"hiWeb Plugins Server\"\u003C\u002Fcode>, working in the “server” mod.\u003Cbr \u002F>\n1.2. Click on the \u003Ccode>\"Update\"\u003C\u002Fcode> button.\u003Cbr \u002F>\n1.3. If the server is running and you are connected to it, the left will see a message about the status of the connection.\u003C\u002Fli>\n\u003Cli>After a successful connection, you can go to the list of remote plugins, where you can download them on the current site. Go to \u003Ccode>\"Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> hiWeb Remote plugins\"\u003C\u002Fcode> \u003Ca href=\"https:\u002F\u002Fs.w.org\u002Fplugins\u002Fhiweb-plugins-server\u002Fscreenshot-2.png?r=1502472\" rel=\"nofollow ugc\">(screenshot)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Create a archive server\u003C\u002Fh4>\n\u003Col>\n\u003Cli>To start the server, go to \u003Ccode>\"Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> hiWeb Plugins Server\"\u003C\u002Fcode> and click on the button \u003Ccode>\"Start Local Server\"\u003C\u002Fcode>. \u003Ca href=\"https:\u002F\u002Fs.w.org\u002Fplugins\u002Fhiweb-plugins-server\u002Fscreenshot-3.png?r=1502472\" rel=\"nofollow ugc\">(screenshot)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>After starting the server, go to “Plugins Server” in the admin panel. Here you can place on your server with the required plug-ins to client sites. \u003Ca href=\"https:\u002F\u002Fs.w.org\u002Fplugins\u002Fhiweb-plugins-server\u002Fscreenshot-4.png?r=1502472\" rel=\"nofollow ugc\">(screenshot)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Done! Now all the site with WordPress plugin “hiWeb Plugins Server” in “client” mode, connected to the server will be able to download featured plugins.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Git Hub\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fgithub.com\u002Fhiweb-moscow\u002Fhiweb-plugins-server\u003C\u002Fp>\n","Create your own plugins repository and downloading them to their sites faster and easier than with the WordPress repository",10,1587,100,1,"2016-11-27T13:34:00.000Z","4.7.32","4.1","",[20,21,22,23,24],"admin-client","admin-plugins","admin-repository","admin-server","easy-server","http:\u002F\u002Fhiweb.moscow\u002Fplugins-server","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhiweb-plugins-server.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":13,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"den-media",9,83,30,82,"2026-04-05T09:19:38.550Z",[40],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":28,"downloaded":48,"rating":28,"num_ratings":28,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":55,"download_link":56,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"feature-status-check","Feature Status Check","1.4","Greg Ross","https:\u002F\u002Fprofiles.wordpress.org\u002Fgregross\u002F","\u003Cp>Feature status can be a hard thing to manage in your WordPress installation, sometimes plugins or themes get abandoned, or closed for security reasons and you have no way of knowing without visiting the WordPress feature page.\u003C\u002Fp>\n\u003Cp>Feature Status Check gives you a unified dashboard to view the status of all your installed plugins and themes, and highlights those that might have issues.\u003C\u002Fp>\n\u003Cp>Feature Status Check also integrates with the WordPress Site Health feature and highlights those features with possible issues.\u003C\u002Fp>\n\u003Cp>Finally, Feature Status Check also send out a change report to the site admin during the daily update via e-mail.\u003C\u002Fp>\n\u003Cp>This code is released under the GPL v2, see license.txt for details.\u003C\u002Fp>\n\u003Ch3>Roadmap\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>None at this time.\u003C\u002Fli>\n\u003C\u002Ful>\n","Checks to see if the plugins and themes you have on your site are still supported in the WordPress directories.",1357,"2023-12-03T02:47:00.000Z","6.4.8","5.2","7.0",[54],"admin-plugins-themes-status","http:\u002F\u002Ftoolstack.com\u002Ffeature-status-check","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeature-status-check.1.4.zip",{"attackSurface":58,"codeSignals":118,"taintFlows":198,"riskAssessment":239,"analyzedAt":254},{"hooks":59,"ajaxHandlers":87,"restRoutes":114,"shortcodes":115,"cronEvents":116,"entryPointCount":117,"unprotectedCount":117},[60,65,68,72,75,79,84],{"type":61,"name":62,"callback":62,"priority":63,"file":64,"line":34},"filter","plugin_action_links",99999,"inc\\hooks.php",{"type":61,"name":66,"callback":67,"file":64,"line":11},"plugin_action_links_hiweb-plugins-server\u002Fhiweb-plugins-server.php","plugin_action_links_settings",{"type":69,"name":70,"callback":70,"file":64,"line":71},"action","admin_notices",11,{"type":69,"name":73,"callback":73,"file":64,"line":74},"pre_current_active_plugins",12,{"type":69,"name":76,"callback":77,"file":78,"line":71},"admin_menu","_hw_ps_options","inc\\options.php",{"type":69,"name":80,"callback":81,"file":82,"line":83},"wp_enqueue_scripts","_hw_plugins_server_wp_enqueue_scripts","inc\\script-styles.php",36,{"type":69,"name":85,"callback":81,"file":82,"line":86},"admin_enqueue_scripts",37,[88,93,97,101,105,109],{"action":89,"nopriv":90,"callback":91,"hasNonce":90,"hasCapCheck":90,"file":64,"line":92},"hw_plugins_server_status_toggle",false,"ajax_host_toggle_status",15,{"action":94,"nopriv":90,"callback":95,"hasNonce":90,"hasCapCheck":90,"file":64,"line":96},"hw_plugins_server_kickback_status_toggle","ajax_host_toggle_kickback_status",16,{"action":98,"nopriv":90,"callback":99,"hasNonce":90,"hasCapCheck":90,"file":64,"line":100},"hw_plugins_server_host_action","ajax_host_plugin_action",17,{"action":102,"nopriv":90,"callback":103,"hasNonce":90,"hasCapCheck":90,"file":64,"line":104},"hw_plugins_server_remote","ajax_remote_plugin_action",18,{"action":106,"nopriv":90,"callback":107,"hasNonce":90,"hasCapCheck":90,"file":64,"line":108},"hw_plugins_server_remote_url_update","ajax_remote_url_update",19,{"action":110,"nopriv":111,"callback":112,"hasNonce":90,"hasCapCheck":90,"file":64,"line":113},"hw_plugins_server",true,"ajax_server_get",20,[],[],[],6,{"dangerousFunctions":119,"sqlUsage":120,"outputEscaping":122,"fileOperations":74,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":197},[],{"prepared":28,"raw":28,"locations":121},[],{"escaped":14,"rawEcho":123,"locations":124},43,[125,129,131,133,135,137,139,141,142,145,146,147,149,150,152,153,155,156,158,160,162,163,164,165,168,169,170,171,172,174,176,177,179,181,182,183,185,186,188,189,191,193,195],{"file":126,"line":127,"context":128},"inc\\class-hooks.php",51,"raw output",{"file":126,"line":130,"context":128},77,{"file":126,"line":132,"context":128},89,{"file":126,"line":134,"context":128},108,{"file":126,"line":136,"context":128},140,{"file":138,"line":11,"context":128},"templates\\options-page.php",{"file":138,"line":140,"context":128},14,{"file":138,"line":100,"context":128},{"file":143,"line":144,"context":128},"templates\\remote-plugins.php",38,{"file":143,"line":144,"context":128},{"file":143,"line":144,"context":128},{"file":143,"line":148,"context":128},39,{"file":143,"line":148,"context":128},{"file":143,"line":151,"context":128},40,{"file":143,"line":151,"context":128},{"file":143,"line":154,"context":128},42,{"file":143,"line":123,"context":128},{"file":143,"line":157,"context":128},74,{"file":143,"line":159,"context":128},78,{"file":143,"line":161,"context":128},81,{"file":143,"line":161,"context":128},{"file":143,"line":161,"context":128},{"file":143,"line":13,"context":128},{"file":166,"line":167,"context":128},"templates\\server-page.php",32,{"file":166,"line":144,"context":128},{"file":166,"line":148,"context":128},{"file":166,"line":154,"context":128},{"file":166,"line":123,"context":128},{"file":166,"line":173,"context":128},46,{"file":166,"line":175,"context":128},47,{"file":166,"line":127,"context":128},{"file":166,"line":178,"context":128},52,{"file":166,"line":180,"context":128},116,{"file":166,"line":180,"context":128},{"file":166,"line":180,"context":128},{"file":166,"line":184,"context":128},117,{"file":166,"line":184,"context":128},{"file":166,"line":187,"context":128},118,{"file":166,"line":187,"context":128},{"file":166,"line":190,"context":128},120,{"file":166,"line":192,"context":128},122,{"file":166,"line":194,"context":128},124,{"file":166,"line":196,"context":128},157,[],[199,225],{"entryPoint":200,"graph":201,"unsanitizedCount":223,"severity":224},"ajax_remote_url_update (inc\\class-hooks.php:82)",{"nodes":202,"edges":220},[203,207,212,216],{"id":204,"type":205,"label":206,"file":126,"line":35},"n0","source","$_POST['url']",{"id":208,"type":209,"label":210,"file":126,"line":35,"wp_function":211},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":213,"type":205,"label":214,"file":126,"line":215},"n2","$_POST",87,{"id":217,"type":209,"label":218,"file":126,"line":132,"wp_function":219},"n3","echo() [XSS]","echo",[221,222],{"from":204,"to":208,"sanitized":90},{"from":213,"to":217,"sanitized":90},2,"medium",{"entryPoint":226,"graph":227,"unsanitizedCount":237,"severity":238},"\u003Cclass-hooks> (inc\\class-hooks.php:0)",{"nodes":228,"edges":234},[229,230,231,233],{"id":204,"type":205,"label":206,"file":126,"line":35},{"id":208,"type":209,"label":210,"file":126,"line":35,"wp_function":211},{"id":213,"type":205,"label":232,"file":126,"line":215},"$_POST (x2)",{"id":217,"type":209,"label":218,"file":126,"line":132,"wp_function":219},[235,236],{"from":204,"to":208,"sanitized":90},{"from":213,"to":217,"sanitized":90},3,"low",{"summary":240,"deductions":241},"The 'hiweb-plugins-server' v2.2.0.0 plugin exhibits a concerning security posture due to a significant number of unprotected AJAX handlers. With 6 AJAX handlers identified, and all of them lacking authentication checks, this represents a substantial attack surface that could be exploited by unauthenticated users.  While the plugin demonstrates good practices in other areas, such as using prepared statements for all SQL queries and not bundling external libraries, the unprotected AJAX endpoints are a critical weakness.\n\nThe taint analysis revealed flows with unsanitized paths, indicating a potential for path traversal vulnerabilities. Although no critical or high-severity taint flows were found, the presence of any unsanitized paths is a red flag. The lack of nonce checks and capability checks on these AJAX handlers further exacerbates the risk, as it allows for potential Cross-Site Request Forgery (CSRF) attacks or unauthorized actions.\n\nThe plugin's vulnerability history shows no recorded CVEs, which is a positive sign. However, this does not negate the risks identified in the static analysis. The absence of past vulnerabilities could be due to a lack of focused security auditing or that the vulnerabilities present have simply not been discovered or exploited yet. The overall conclusion is that while the plugin has some strengths in its SQL handling, the unprotected AJAX endpoints and unsanitized path flows present significant security risks that need immediate attention.",[242,244,247,250,252],{"reason":243,"points":11},"All AJAX handlers lack authentication checks",{"reason":245,"points":246},"Flows with unsanitized paths found",8,{"reason":248,"points":249},"No nonce checks on AJAX handlers",5,{"reason":251,"points":249},"No capability checks on AJAX handlers",{"reason":253,"points":237},"Low percentage of properly escaped output","2026-03-17T01:15:27.120Z",{"wat":256,"direct":263},{"assetPaths":257,"generatorPatterns":260,"scriptPaths":261,"versionParams":262},[258,259],"\u002Fwp-content\u002Fplugins\u002Fhiweb-plugins-server\u002Fcss\u002F","\u002Fwp-content\u002Fplugins\u002Fhiweb-plugins-server\u002Fjs\u002F",[],[259,258],[],{"cssClasses":264,"htmlComments":265,"htmlAttributes":266,"restEndpoints":267,"jsGlobals":268,"shortcodeOutput":269},[],[],[],[],[],[]]