[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_wXcldOSveHF38D6BVJNz7cFTdOQwDrB9ryBAoZQozE":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":12,"num_ratings":12,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":126,"fingerprints":185},"host-meta","1.3.2","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>This plugin provides a host-meta – file for WordPress (RFC: http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc6415).\u003C\u002Fp>\n\u003Cp>From the RFC:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Web-based protocols often require the discovery of host policy or metadata, where host is not a single resource but the entity controlling the collection of resources identified by URIs with a common host as defined.  While these protocols have a wide range of metadata needs, they often define metadata that is concise, has simple syntax requirements, and can benefit from storing its metadata in a common location used by other related protocols.\u003C\u002Fp>\n\u003Cp>Because there is no URI or a resource available to describe a host, many of the methods used for associating per-resource metadata (such as HTTP headers) are not available.  This often leads to the overloading of the root HTTP resource (e.g. ‘http:\u002F\u002Fexample.com\u002F’) with host metadata that is not specific to the root resource (e.g. a home page or web application), and which often has nothing to do it.\u003C\u002Fp>\n\u003Cp>This memo registers the “well-known” URI suffix ‘host-meta’ in the Well-Known URI Registry established by, and specifies a simple, general-purpose metadata document for hosts, to be used by multiple Web-based protocols.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Logo by \u003Ca href=\"http:\u002F\u002Fhueniverse.com\u002F2009\u002F11\u002F23\u002Fhost-meta-aka-site-meta-and-well-known-uris\u002F\" rel=\"nofollow ugc\">Eran Hammer\u003C\u002Fa>\u003C\u002Fp>\n","host-meta for WordPress!",80,8283,0,"2025-12-07T18:30:00.000Z","6.9.4","3.0.5","5.2",[18,4,19,20,21],"discovery","jrd","ostatus","xrd","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-host-meta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-meta.1.3.2.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":6,"profile_url":7,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"pfefferle",8,3470,98,321,78,"2026-04-04T05:05:03.898Z",[37,54,75,93,107],{"slug":38,"name":39,"version":40,"author":6,"author_profile":7,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":14,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":52,"download_link":53,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"webfinger","WebFinger","4.0.1","\u003Cp>WebFinger allows you to be discovered on the web using an identifier like \u003Ccode>you@yourdomain.com\u003C\u002Fcode> — similar to how email works, but for your online identity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why is this useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fediverse & Mastodon:\u003C\u002Fstrong> WebFinger is essential for federation. It allows Mastodon and other ActivityPub-powered platforms to find and follow your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Decentralized Identity:\u003C\u002Fstrong> People can look you up using your WordPress domain, making your site the canonical source for your online identity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with other plugins:\u003C\u002Fstrong> This plugin provides the foundation that other plugins (like the ActivityPub plugin) build upon.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How it works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When someone searches for \u003Ccode>@you@yourdomain.com\u003C\u002Fcode> on Mastodon or another federated service, their server asks your WordPress site: “Who is this person?” WebFinger answers that question by providing information about you and links to your profiles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Technical details:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebFinger is an open standard (\u003Ca href=\"http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7033\" rel=\"nofollow ugc\">RFC 7033\u003C\u002Fa>) that enables discovery of information about people and resources on the internet. It works by responding to requests at \u003Ccode>\u002F.well-known\u002Fwebfinger\u003C\u002Fcode> on your domain.\u003C\u002Fp>\n","WebFinger for WordPress",1000,21454,74,3,"2025-12-16T11:02:00.000Z","4.2","",[51,18,19,20,38],"activitypub","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webfinger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebfinger.4.0.1.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":24,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":74,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"nostr-verify","Nostr Verify","1.2.0","Jeremy Herve","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeherve\u002F","\u003Cp>Nostr Verify is a WordPress plugin that allows you to verify yourself with Nostr, using NIP-05, just like described in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnostr-protocol\u002Fnips\u002Fblob\u002Fmaster\u002F05.md\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Verify yourself with Nostr, using NIP-05",60,2694,1,"2024-11-12T07:12:00.000Z","6.7.5","6.2","7.2",[18,19,70,71],"nostr","well-known","https:\u002F\u002Fjeremy.hu\u002Fnostr-verify-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnostr-verify.1.2.0.zip",92,{"slug":76,"name":77,"version":78,"author":77,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":12,"num_ratings":12,"last_updated":84,"tested_up_to":85,"requires_at_least":16,"requires_php":49,"tags":86,"homepage":90,"download_link":91,"security_score":24,"vuln_count":64,"unpatched_count":12,"last_vuln_date":92,"fetched_at":26},"taboola","Taboola","3.0.2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaboolawordpress\u002F","\u003Cp>This plugin provides an easy way to integrate Taboola content into your WordPress pages.\u003Cbr \u002F>\nUsing Taboola’s mix of sponsored and editorial content, you can generate revenue and drive engagement.\u003Cbr \u002F>\n(Requires an account with Taboola. For more detail, see the \u003Ca href=\"https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin\u002F\" rel=\"nofollow ugc\">Taboola Dev Center\u003C\u002Fa>.)\u003C\u002Fp>\n","Use the Taboola plugin to generate revenue from native ads and drive engagement with editorial content.",3000,51300,"2025-10-29T11:42:00.000Z","6.8.0",[87,88,89,18,76],"ad-networks","ads","content-recommendations","https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaboola.zip","2023-07-24 00:00:00",{"slug":94,"name":95,"version":96,"author":6,"author_profile":7,"description":97,"short_description":98,"active_installs":43,"downloaded":99,"rating":10,"num_ratings":64,"last_updated":100,"tested_up_to":14,"requires_at_least":101,"requires_php":68,"tags":102,"homepage":105,"download_link":106,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"nodeinfo","NodeInfo(2)","3.1.0","\u003Cp>\u003Ca href=\"http:\u002F\u002Fnodeinfo.diaspora.software\u002F\" rel=\"nofollow ugc\">NodeInfo\u003C\u002Fa> is an effort to create a standardized way of exposing metadata about a server running one of the distributed social networks. The two key goals are being able to get better insights into the user base of distributed social networking and the ability to build tools that allow users to choose the best fitting software and server for their needs.\u003C\u002Fp>\n\u003Cp>This plugin provides a barebone JSON file with basic “node”-informations. The file can be extended by other WordPress plugins, like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fostatus-for-wordpress\u002F\" rel=\"ugc\">OStatus\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-dandelion\" rel=\"nofollow ugc\">Diaspora\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Factivitypub\u002F\" rel=\"ugc\">ActivityPub\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpterotype\u002F\" rel=\"ugc\">Pterotype\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>What information does this plugin share?\u003C\u002Fh3>\n\u003Cp>The plugin exposes the following public information about your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Software\u003C\u002Fstrong>: WordPress version (major version only for privacy)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Usage statistics\u003C\u002Fstrong>: Number of users, posts, and comments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site info\u003C\u002Fstrong>: Your site name and description\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protocols\u003C\u002Fstrong>: Which federation protocols your site supports (e.g., ActivityPub)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Services\u003C\u002Fstrong>: Which external services your site can connect to (e.g., RSS feeds)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This information helps other servers in the Fediverse discover and interact with your site.\u003C\u002Fp>\n\u003Ch3>Supported NodeInfo versions\u003C\u002Fh3>\n\u003Cp>This plugin supports all major NodeInfo specification versions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>NodeInfo 1.0\u003C\u002Fstrong> and \u003Cstrong>1.1\u003C\u002Fstrong> – Original specifications\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NodeInfo 2.0\u003C\u002Fstrong>, \u003Cstrong>2.1\u003C\u002Fstrong>, and \u003Cstrong>2.2\u003C\u002Fstrong> – Current specifications with extended metadata\u003C\u002Fli>\n\u003Cli>\u003Cstrong>NodeInfo2\u003C\u002Fstrong> – Alternative single-endpoint format\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Endpoints\u003C\u002Fh3>\n\u003Cp>After activation, the following endpoints become available:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002F.well-known\u002Fnodeinfo\u003C\u002Fcode> – Discovery document (start here)\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F2.2\u003C\u002Fcode> – NodeInfo 2.2 (recommended)\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F2.1\u003C\u002Fcode> – NodeInfo 2.1\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F2.0\u003C\u002Fcode> – NodeInfo 2.0\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F1.1\u003C\u002Fcode> – NodeInfo 1.1\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fwp-json\u002Fnodeinfo\u002F1.0\u003C\u002Fcode> – NodeInfo 1.0\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002F.well-known\u002Fx-nodeinfo2\u003C\u002Fcode> – NodeInfo2 format\u003C\u002Fli>\n\u003C\u002Ful>\n","NodeInfo and NodeInfo2 for WordPress!",18204,"2025-12-30T16:58:00.000Z","6.6",[51,103,104,94,20],"diaspora","fediverse","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-nodeinfo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnodeinfo.3.1.0.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":24,"downloaded":115,"rating":12,"num_ratings":12,"last_updated":116,"tested_up_to":14,"requires_at_least":117,"requires_php":68,"tags":118,"homepage":124,"download_link":125,"security_score":24,"vuln_count":12,"unpatched_count":12,"last_vuln_date":25,"fetched_at":26},"jumpsuitai-llms-txt","JumpsuitAI – llms.txt + Markdown Endpoints","1.1.4","Brad Phillips","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradphillips\u002F","\u003Cp>JumpsuitAI – llms.txt + Markdown Endpoints automatically publishes:\u003C\u002Fp>\n\u003Cp>Plugin website: https:\u002F\u002Fjumpsuitai.com\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u002Fllms.txt\u003C\u002Fstrong> — a structured list of links to your public content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u002Fllms-full.txt\u003C\u002Fstrong> — the entire documentation in a single file (optional, enable in settings)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>.md endpoints\u003C\u002Fstrong> — request a public URL with \u003Cstrong>.md\u003C\u002Fstrong> appended to get a lightweight Markdown representation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It also includes a simple \u003Cstrong>Groups & Content\u003C\u002Fstrong> screen to keep your output organized with sensible defaults (Pages and Posts), plus per-item controls like \u003Cstrong>Hide from LLMs\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Pro (separate plugin)\u003C\u002Fh4>\n\u003Cp>JumpsuitAI – llms.txt + Markdown Endpoints Pro adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom groups and manual ordering\u003C\u002Fli>\n\u003Cli>Per-item short descriptions\u003C\u002Fli>\n\u003Cli>Optional section support\u003C\u002Fli>\n\u003Cli>Custom intro text and blockquote customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses Freemius for plugin updates and (optional) usage analytics. Any data collection is opt-in.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service: Freemius\u003C\u002Fli>\n\u003Cli>Terms: https:\u002F\u002Ffreemius.com\u002Fterms\u002F\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Ffreemius.com\u002Fprivacy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Generate \u002Fllms.txt, \u002Fllms-full.txt & .md endpoints for AI\u002FLLMs in WordPress. Works with Yoast SEO, Rank Math, SEOPress & All in One SEO.",653,"2026-02-17T01:43:00.000Z","5.0",[119,120,121,122,123],"ai","content-discovery","llms-txt","markdown","seo","https:\u002F\u002Fjumpsuitai.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjumpsuitai-llms-txt.1.1.4.zip",{"attackSurface":127,"codeSignals":164,"taintFlows":178,"riskAssessment":179,"analyzedAt":184},{"hooks":128,"ajaxHandlers":160,"restRoutes":161,"shortcodes":162,"cronEvents":163,"entryPointCount":12,"unprotectedCount":12},[129,134,138,142,147,151,156],{"type":130,"name":131,"callback":131,"file":132,"line":133},"action","query_vars","host-meta.php",24,{"type":130,"name":135,"callback":135,"priority":136,"file":132,"line":137},"parse_request",2,25,{"type":130,"name":139,"callback":140,"priority":64,"file":132,"line":141},"init","rewrite_rules",26,{"type":130,"name":143,"callback":144,"priority":145,"file":132,"line":146},"host_meta_render_jrd","render_jrd",42,28,{"type":130,"name":148,"callback":149,"priority":145,"file":132,"line":150},"host_meta_render_xrd","render_xrd",29,{"type":152,"name":153,"callback":154,"priority":12,"file":132,"line":155},"filter","host_meta","generate_default_content",31,{"type":130,"name":157,"callback":158,"file":132,"line":159},"plugins_loaded","host_meta_init",33,[],[],[],[],{"dangerousFunctions":165,"sqlUsage":166,"outputEscaping":168,"fileOperations":12,"externalRequests":12,"nonceChecks":12,"capabilityChecks":12,"bundledLibraries":177},[],{"prepared":12,"raw":12,"locations":167},[],{"escaped":169,"rawEcho":136,"locations":170},11,[171,175],{"file":172,"line":173,"context":174},"includes\\class-host-meta.php",66,"raw output",{"file":172,"line":176,"context":174},83,[],[],{"summary":180,"deductions":181},"The \"host-meta\" plugin v1.3.2 exhibits a strong security posture based on the provided static analysis.  The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the attack surface. Furthermore, the code demonstrates good practices by having no dangerous functions, all SQL queries utilizing prepared statements, and no file operations or external HTTP requests.  The output escaping rate of 85% is generally acceptable, though the remaining 15% warrants minor attention.\n\nThe taint analysis shows no identified flows, which is a positive sign, indicating no obvious ways for user input to be maliciously processed. The vulnerability history is also completely clear, with zero recorded CVEs of any severity. This suggests a history of stable and secure development for this plugin.\n\nOverall, \"host-meta\" v1.3.2 appears to be a very secure plugin. The limited attack surface, absence of critical code signals like dangerous functions or raw SQL, and clean vulnerability history are significant strengths. The only minor point of concern is the small percentage of unescaped output, which could theoretically lead to minor XSS issues if specific, unusual conditions are met, but this is highly unlikely given the plugin's apparent function and lack of entry points.",[182],{"reason":183,"points":46},"Unescaped output present","2026-03-16T21:30:37.871Z",{"wat":186,"direct":191},{"assetPaths":187,"generatorPatterns":188,"scriptPaths":189,"versionParams":190},[],[],[],[],{"cssClasses":192,"htmlComments":193,"htmlAttributes":194,"restEndpoints":195,"jsGlobals":198,"shortcodeOutput":199},[],[],[],[196,197],"\u002F.well-known\u002Fhost-meta.json","\u002F.well-known\u002Fhost-meta",[],[]]