[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fraBhLnEOwpkTLVRwHBjLK-3WTGwfd7p3qtpY9I1zJ0g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":37,"analysis":129,"fingerprints":302},"install-profiles","WP Install Profiles","3.4.1","rockgod100","https:\u002F\u002Fprofiles.wordpress.org\u002Frockgod100\u002F","\u003Cp>Save time setting up new sites by automatically downloading groups of plugins. Add new plugins by adding the slug from the plugin’s url in the WordPress plugin directory. For instance, the plugin “All In One SEO Pack” is listed here: \u003Ccode>https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fall-in-one-seo-pack\u002F\u003C\u002Fcode>. Add “All In One SEO Pack” to an installation profile by adding \u003Ccode>all-in-one-seo-pack\u003C\u002Fcode> in the plugins field (one plugin per line).\u003C\u002Fp>\n\u003Cp>WP Install Profiles (WPIP) allows users to define groups of plugins, called profiles. Once a profile has been entered, WPIP calls to the WordPress Plugin Directory, downloads the plugin files and unzips them to the site’s plugins folder. Additionally, WPIP saves the profile in a downloadable format, so you can upload it to your next site and download the same plugins with a single click.\u003C\u002Fp>\n\u003Cp>Store your profiles online at http:\u002F\u002Fplugins.ancillaryfactory.com and import them easily into all of your WordPress installs. \u003Ca href=\"http:\u002F\u002Fplugins.ancillaryfactory.com\" rel=\"nofollow ugc\">Learn more and create an account\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>See Install Profiles in action: \u003Ca href=\"http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=W-mBhPA1XGA\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=W-mBhPA1XGA\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch4>Required PHP libraries\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>SimpleXML\u003C\u002Fli>\n\u003Cli>ZipArchive\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These libraries are installed by default on most shared hosting accounts, but they may need to be installed manually if your site is hosted by certain providers, including Media Temple.\u003C\u002Fp>\n\u003Ch4>File Permissions\u003C\u002Fh4>\n\u003Cp>If you are unable to save or import profiles, you may need to set \u003Ccode>wp-content\u002Fplugins\u002Finstall-profiles\u002Fprofiles\u003C\u002Fcode> to 777.\u003C\u002Fp>\n","Download custom collections of plugins automatically from the WordPress plugin directory.",400,20134,72,9,"2013-05-22T01:17:00.000Z","3.6.1","3.1","",[20,21,22,23,24],"admin","administration","installation","plugins","wp","http:\u002F\u002Fplugins.ancillaryfactory.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstall-profiles.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},1,30,84,"2026-04-04T15:07:45.134Z",[38,58,76,92,109],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":18,"tags":53,"homepage":55,"download_link":56,"security_score":57,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wpcore","WPCore Plugin Manager","1.9.2","stueynet","https:\u002F\u002Fprofiles.wordpress.org\u002Fstueynet\u002F","\u003Cp>WPCore is a tool that allows you to manage collections of WordPress plugins and then quickly install them on any WordPress site. You can generate your collections at https:\u002F\u002Fwpcore.com and then import them to your WordPress site by copying and pasting your unique collection key in WordPress.\u003C\u002Fp>\n","Create plugin collections and install them in one click on any WordPress site.",10000,168565,96,32,"2025-05-20T17:15:00.000Z","6.8.5","3.5",[20,21,54,22,23],"install","https:\u002F\u002Fwpcore.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcore.1.9.2.zip",100,{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":28,"num_ratings":28,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":74,"download_link":75,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"plugin-commander","Plugin Commander","1.1.6","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>=THIS PLUGIN IS ONLY USEFUL IF YOU’RE USING MULTI-SITE MODE=\u003C\u002Fp>\n\u003Cp>This is the same plugin previously available at \u003Ca href=\"http:\u002F\u002Ffirestats.cc\u002Fwiki\u002FWPMUPluginCommander\" rel=\"nofollow ugc\">http:\u002F\u002Ffirestats.cc\u002Fwiki\u002FWPMUPluginCommander\u003C\u002Fa>, which has been used reliably with wordpress multi-site networks for many years.\u003C\u002Fp>\n\u003Cp>Plugin Commander is a plugin management plugin for multi-site mode, which allows further control on network-activated plugins.\u003C\u002Fp>\n\u003Cp>It allow you to do the following things:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Mark any plugin in the plugins directory to be automatically activated for new blogs.\u003C\u002Fli>\n\u003Cli>Mass activate or deactivate a plugin for all existing blogs\u003C\u002Fli>\n\u003Cli>Choose which plugins users can activate and deactivate through Manage->Plugins, for this to make sense you need to disable the built-in plugins menu (through Site Admin->Options->Menus)\u003C\u002Fli>\n\u003Cli>Activate and deactivate plugins for specific blogs, even if the blog owner is not allowed to control those plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin Commander is a plugin management plugin for multi-site mode, which allows further control on network-activated plugins.",10,5597,"2010-09-01T15:27:00.000Z","3.0.5","2.8",[20,21,72,23,73],"multi-site","wpmu","http:\u002F\u002Ffirestats.cc\u002Fwiki\u002FWPMUPluginCommander","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-commander.1.1.6.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":66,"downloaded":84,"rating":57,"num_ratings":33,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":18,"tags":88,"homepage":90,"download_link":91,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"plugin-installer-speedup","Plugin Installer Speedup","0.2.2","Viktor Szépe","https:\u002F\u002Fprofiles.wordpress.org\u002Fszepeviktor\u002F","\u003Cp>Speed up plugin installation.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Don’t load featured plugins.\u003C\u002Fli>\n\u003Cli>Make Search Plugins button visible.\u003C\u002Fli>\n\u003Cli>Set focus to search field.\u003C\u002Fli>\n\u003Cli>Skip plugin install confirmation.\u003C\u002Fli>\n\u003Cli>Add admin menu items under “Plugins” for Upload Plugin and Favorites.\u003C\u002Fli>\n\u003Cli>Add admin bar menu item under “+ New”.\u003C\u002Fli>\n\u003Cli>Remove “-master” from (mainly GitHub) ZIP archive names.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>No admin page for this plugin. Ready to go right after activation.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fszepeviktor\u002Fplugin-installer-speedup\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The feature of plugin upload from URL has been moved to a\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fszepeviktor\u002Fwordpress-plugin-construction\u002Fblob\u002Fmaster\u002Fmu-plugin-upload-from-url\u002Fplugin-upload-from-url.php\" rel=\"nofollow ugc\">MU plugin\u003C\u002Fa>.\u003C\u002Fp>\n","Make plugin installation faster.",2140,"2017-01-12T18:52:00.000Z","4.7.32","4.0",[21,22,89],"upload-plugins","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-installer-speedup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-installer-speedup.0.2.2.zip",{"slug":93,"name":94,"version":95,"author":18,"author_profile":96,"description":97,"short_description":98,"active_installs":57,"downloaded":99,"rating":28,"num_ratings":28,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":18,"tags":103,"homepage":107,"download_link":108,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"kahis-wp-lite","Kahi's WP Lite","0.9","https:\u002F\u002Fprofiles.wordpress.org\u002Fkahi\u002F","\u003Cp>There are always parts in the WP administration you don’t currently need. This plugin makes it easy to hide them – like unnecessary menu items or any of the boxes on the posting screen (like custom fields or trackback box). Unclutter the administration and work faster.\u003C\u002Fp>\n\u003Cp>You can also input your own CSS code to modify the look of administration.\u003C\u002Fp>\n\u003Cp>For more information, support, giving feedback, reporting problems (thank you for that!) or anything else – see the \u003Ca href=\"http:\u002F\u002Fkahi.cz\u002Fwordpress\u002Fwp-lite-plugin\u002F\" rel=\"nofollow ugc\">official plugin’s page\u003C\u002Fa>.\u003C\u002Fp>\n","To hide unused functions from the administration. Make it clear.",5029,"2011-01-06T15:08:00.000Z","3.1.4","2.7",[20,21,104,105,106],"lite","usability","wplite","http:\u002F\u002Fkahi.cz\u002Fwordpress\u002Fwp-lite-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkahis-wp-lite.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":57,"num_ratings":119,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":18,"tags":123,"homepage":127,"download_link":128,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"treedbox-admin-menu","Treedbox Admin Menu","1.0.5","treedbox","https:\u002F\u002Fprofiles.wordpress.org\u002Ftreedbox\u002F","\u003Cp>Simple reposition of your Admin Menu on top. Compatible with Gutenberg 🙂\u003C\u002Fp>\n","Repositioning your Admin Menu on top",40,3088,4,"2019-02-02T14:20:00.000Z","5.0.25","3.9.1",[20,21,124,125,126],"menu","top-menu","wp-admin","http:\u002F\u002Ftreedbox.com.br\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftreedbox-admin-menu.zip",{"attackSurface":130,"codeSignals":169,"taintFlows":199,"riskAssessment":289,"analyzedAt":301},{"hooks":131,"ajaxHandlers":165,"restRoutes":166,"shortcodes":167,"cronEvents":168,"entryPointCount":28,"unprotectedCount":28},[132,138,142,146,150,153,156,159,162],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","after_setup_theme","wpip_custom_plugin_setup","wpip.php",67,{"type":133,"name":139,"callback":140,"file":136,"line":141},"admin_init","wpip_installation_profile_admin_init",152,{"type":133,"name":143,"callback":144,"file":136,"line":145},"admin_menu","wpip_installation_profile_admin_actions",154,{"type":133,"name":147,"callback":148,"file":136,"line":149},"admin_notices","wpip_save_profile",161,{"type":133,"name":139,"callback":151,"file":136,"line":152},"wpip_download_profile",169,{"type":133,"name":139,"callback":154,"file":136,"line":155},"wpip_build_custom_profile",177,{"type":133,"name":147,"callback":157,"file":136,"line":158},"wpip_import_profile",183,{"type":133,"name":147,"callback":160,"file":136,"line":161},"wpip_fetch_plugins",189,{"type":133,"name":147,"callback":163,"file":136,"line":164},"wpip_import_from_wpip_api",195,[],[],[],[],{"dangerousFunctions":170,"sqlUsage":171,"outputEscaping":173,"fileOperations":196,"externalRequests":33,"nonceChecks":197,"capabilityChecks":33,"bundledLibraries":198},[],{"prepared":28,"raw":28,"locations":172},[],{"escaped":174,"rawEcho":14,"locations":175},26,[176,180,182,184,186,188,190,192,194],{"file":177,"line":178,"context":179},"includes\\process-profiles.php",63,"raw output",{"file":177,"line":181,"context":179},93,{"file":177,"line":183,"context":179},216,{"file":177,"line":185,"context":179},317,{"file":177,"line":187,"context":179},389,{"file":177,"line":189,"context":179},411,{"file":136,"line":191,"context":179},282,{"file":136,"line":193,"context":179},360,{"file":136,"line":195,"context":179},381,6,5,[],[200,220,235,246,255,265],{"entryPoint":201,"graph":202,"unsanitizedCount":218,"severity":219},"wpip_download_profile (includes\\process-profiles.php:118)",{"nodes":203,"edges":215},[204,209],{"id":205,"type":206,"label":207,"file":177,"line":208},"n0","source","$_GET (x2)",122,{"id":210,"type":211,"label":212,"file":177,"line":213,"wp_function":214},"n1","sink","header() [Header Injection]",147,"header",[216],{"from":205,"to":210,"sanitized":217},false,2,"medium",{"entryPoint":221,"graph":222,"unsanitizedCount":28,"severity":234},"wpip_save_profile (includes\\process-profiles.php:5)",{"nodes":223,"edges":231},[224,227],{"id":205,"type":206,"label":225,"file":177,"line":226},"$_POST (x2)",29,{"id":210,"type":211,"label":228,"file":177,"line":229,"wp_function":230},"echo() [XSS]",62,"echo",[232],{"from":205,"to":210,"sanitized":233},true,"low",{"entryPoint":236,"graph":237,"unsanitizedCount":28,"severity":234},"wpip_import_profile (includes\\process-profiles.php:177)",{"nodes":238,"edges":244},[239,242],{"id":205,"type":206,"label":240,"file":177,"line":241},"$_FILES (x2)",182,{"id":210,"type":211,"label":228,"file":177,"line":243,"wp_function":230},208,[245],{"from":205,"to":210,"sanitized":233},{"entryPoint":247,"graph":248,"unsanitizedCount":28,"severity":234},"wpip_import_from_wpip_api (includes\\process-profiles.php:329)",{"nodes":249,"edges":253},[250,252],{"id":205,"type":206,"label":225,"file":177,"line":251},331,{"id":210,"type":211,"label":228,"file":177,"line":187,"wp_function":230},[254],{"from":205,"to":210,"sanitized":233},{"entryPoint":256,"graph":257,"unsanitizedCount":28,"severity":234},"wpip_build_custom_profile (includes\\process-profiles.php:481)",{"nodes":258,"edges":263},[259,261],{"id":205,"type":206,"label":225,"file":177,"line":260},483,{"id":210,"type":211,"label":212,"file":177,"line":262,"wp_function":214},538,[264],{"from":205,"to":210,"sanitized":233},{"entryPoint":266,"graph":267,"unsanitizedCount":28,"severity":234},"\u003Cprocess-profiles> (includes\\process-profiles.php:0)",{"nodes":268,"edges":284},[269,271,272,274,276,278,280,282],{"id":205,"type":206,"label":270,"file":177,"line":226},"$_POST (x4)",{"id":210,"type":211,"label":228,"file":177,"line":229,"wp_function":230},{"id":273,"type":206,"label":207,"file":177,"line":208},"n2",{"id":275,"type":211,"label":212,"file":177,"line":213,"wp_function":214},"n3",{"id":277,"type":206,"label":240,"file":177,"line":241},"n4",{"id":279,"type":211,"label":228,"file":177,"line":243,"wp_function":230},"n5",{"id":281,"type":206,"label":225,"file":177,"line":260},"n6",{"id":283,"type":211,"label":212,"file":177,"line":262,"wp_function":214},"n7",[285,286,287,288],{"from":205,"to":210,"sanitized":233},{"from":273,"to":275,"sanitized":233},{"from":277,"to":279,"sanitized":233},{"from":281,"to":283,"sanitized":233},{"summary":290,"deductions":291},"The \"install-profiles\" v3.4.1 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events, particularly those without authentication checks, indicates a very limited attack surface. The code also demonstrates good practices with 100% of SQL queries using prepared statements and a significant percentage of output being properly escaped. The presence of nonce and capability checks further reinforces this positive outlook.\n\nHowever, there are a couple of areas that warrant attention. The taint analysis revealed one flow with unsanitized paths, which, while not classified as critical or high severity in this report, represents a potential risk for path traversal or file manipulation vulnerabilities if not handled with utmost care. Additionally, the plugin performs file operations and external HTTP requests, which can introduce vulnerabilities if not implemented securely. The complete lack of recorded vulnerabilities in its history is a very positive sign, suggesting a well-maintained codebase that has not historically been a target or source of significant security flaws.\n\nOverall, \"install-profiles\" v3.4.1 appears to be a secure plugin, characterized by a minimal attack surface and good coding practices regarding data handling and authentication. The single unsanitized path flow is the primary concern, highlighting a potential weakness that should be investigated further. The absence of historical vulnerabilities is a strong indicator of its reliability.",[292,294,297,299],{"reason":293,"points":66},"Flow with unsanitized paths found",{"reason":295,"points":296},"File operations performed",3,{"reason":298,"points":296},"External HTTP requests made",{"reason":300,"points":218},"Output escaping is not 100%","2026-03-16T19:41:43.791Z",{"wat":303,"direct":311},{"assetPaths":304,"generatorPatterns":308,"scriptPaths":309,"versionParams":310},[305,306,307],"\u002Fwp-content\u002Fplugins\u002Finstall-profiles\u002Fcss\u002Fwpip.css","\u002Fwp-content\u002Fplugins\u002Finstall-profiles\u002Fjs\u002Fwpip.js","\u002Fwp-content\u002Fplugins\u002Finstall-profiles\u002Fjs\u002Fjquery.simplemodal.1.4.1.min.js",[],[306,307],[],{"cssClasses":312,"htmlComments":316,"htmlAttributes":319,"restEndpoints":322,"jsGlobals":323,"shortcodeOutput":325},[313,314,315],"tabs","nav-tab-wrapper","tabs-content",[317,318],"\u003C!-- tabs -->","\u003C!-- end tabs -->",[320,321],"data-plugin-name","data-plugin-slug",[],[324],"wpip",[]]