[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fafTMoKUtCq9-9Xk8ethh1D-l_OmGUY2hlXTCPq-C1VU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":135,"fingerprints":337},"integrity-checker","Integrity Checker","0.10.0","Erik Torsner","https:\u002F\u002Fprofiles.wordpress.org\u002Feriktorsner\u002F","\u003Cp>Integrity-checker uses a mix of traditional and new techniques to scan your website for potential issues. First and foremost, it verifies that all installed code is identical to it’s original version. By comparing WordPress core, plugins and themes in your installation with the original versions available at wordpress.org, Integrity-checker can quickly determine if there are any changes you need to be aware of. Integrity-checker also lets you compare your local version to the original to help you determine if you’ve been hacked.\u003C\u002Fp>\n\u003Cp>Additionally, Integrity-checker scans all installed files for permission issues. Ensuring correct permissions is vital for WordPress security, as with any PHP based web application.\u003C\u002Fp>\n\u003Cp>Lastly, Integrity-checker will look through some of the basic WordPress configuration to look for common security problems like user enumeration, directory index weak credentials etc.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Helps you track down hacked WordPress files in core, plugins and themes  \u003C\u002Fli>\n\u003Cli>Makes it easy to find issues with file permissions\u003C\u002Fli>\n\u003Cli>Detects common configuration problems\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3rd party software\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmtdowling\u002Fcron-expression\" rel=\"nofollow ugc\">cron-expression\u003C\u002Fa> copyright Michael Dowling, see \u003Ca href=\"https:\u002F\u002Fraw.githubusercontent.com\u002Fmtdowling\u002Fcron-expression\u002Fv1.1.0\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Cron-expression is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchrisboulton\u002Fphp-diff\" rel=\"nofollow ugc\">php-diff\u003C\u002Fa> copyright Chris Boulton under the \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FBSD-3-Clause\" rel=\"nofollow ugc\">BSD license\u003C\u002Fa>. php-diff is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002F\" rel=\"nofollow ugc\">silexphp\u002FPimple\u003C\u002Fa> copyright Fabien Potencier, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsilexphp\u002FPimple\u002Fblob\u002Fv3.0.2\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>. Pimple is slightly adopted to use the Integrity Checker namespace to avoid potential conflicts.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdatatables.net\" rel=\"nofollow ugc\">DataTables\u003C\u002Fa> 1.10.13 copyright 2008-2016 SpryMedia Ltd. Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fdatatables.net\u002Flicense\" rel=\"nofollow ugc\">datatables.net\u002Flicense\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\" rel=\"nofollow ugc\">jqCron.js\u003C\u002Fa> Licensed under the MIT license, see \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Farnapou\u002Fjqcron\u002Fblob\u002Fmaster\u002FLICENSE\" rel=\"nofollow ugc\">license\u003C\u002Fa>\u003C\u002Fp>\n","The WordPress Integrity Checker checks your WordPress installation by detecting modified files, permissions issues and other common problems.",200,12158,96,6,"2025-10-13T08:49:00.000Z","4.7.32","4.4","",[20,21,22,23],"checksum","secure","security","security-plugin","https:\u002F\u002Fwww.wpessentials.io\u002Fplugins\u002Fintegrity-checker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fintegrity-checker.0.10.0.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"eriktorsner",1,30,94,"2026-04-04T15:31:44.498Z",[38,58,80,95,118],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":56,"download_link":57,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"user-name-security","SX User Name Security","2.4","Daniel Roch","https:\u002F\u002Fprofiles.wordpress.org\u002Fconfridin\u002F","\u003Cp>WordPress show your WordPress login and ID in several places. It’s time to fix this !\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress automaticaly uses “User login” to fill in the “User Display Name”.\u003C\u002Fli>\n\u003Cli>WordPress also allows everyone to use the same value for Nickname, Display Name and Login.\u003C\u002Fli>\n\u003Cli>The body_class function also shows to everyone your User ID and Login on author pages.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A hacker can easily see then use your “NickName” or “Display Name” to find your real login. Once activated, SX User Name Security will prevent WordPress from showing those informations, and will warn you if you need to fix old users.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Cem>Features\u003C\u002Fem>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Body_class function:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Removes User ID from body_class function (front-end users pages)\u003C\u002Fli>\n\u003Cli>Removes User Nicename from body_class function (front-end users pages)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Current User informations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin changes “Display Name” and “Nickname” to a random value (like ‘Ticibe T. Aduvoguripe’, ‘Lagubo N. Agigerovibe’ or ‘Datela N. Orejadavino’) if they are identiqual to user login\u003C\u002Fli>\n\u003Cli>If not, it changes “Display Name” to “Nickname” or “Nickname” to “Display Name” if one of them is identiqual to user login\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>New Registration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Display Name and Nickname are changed to random value during user registration.\u003C\u002Fli>\n\u003Cli>Nicename is also changed (it’s used to generate the user permalink on the front-end). For previous user, a notice has been added to use another plugin to safely change old nicenames.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Other information:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All functions are translated into french and english.\u003C\u002Fp>\n\u003Cp>You can find me here on \u003Ca href=\"https:\u002F\u002Fwww.seomix.fr\" rel=\"nofollow ugc\">SeoMix\u003C\u002Fa>, and here is the official french post about this plugin \u003Ca href=\"https:\u002F\u002Fwww.seomix.fr\u002Fuser-name-security\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.seomix.fr\u002Fuser-name-security\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Find here our other plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fseo-key\u002F\" rel=\"nofollow ugc\">SEOKEY WordPress SEO plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fsecupress\u002F\" rel=\"nofollow ugc\">SecuPress Security plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","SX User Name Security prevents WordPress from showing your real Login everywhere. It ovverides the body_class function, User Nicename, Nickname and Di &hellip;",1000,19435,80,13,"2025-04-24T15:26:00.000Z","6.8.5","4.6","5.2.4",[21,22,23,55],"wordpress-security","https:\u002F\u002Fwww.seomix.fr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-name-security.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":35,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":76,"download_link":77,"security_score":78,"vuln_count":33,"unpatched_count":27,"last_vuln_date":79,"fetched_at":29},"block-wp-login","Block wp-login","1.5.5","Oliver Campion","https:\u002F\u002Fprofiles.wordpress.org\u002Fdomainsupport\u002F","\u003Ch4>Block Access to wp-login.php\u003C\u002Fh4>\n\u003Cp>This plugin does the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Locates wp-login.php in your WordPress installation and duplicates it\u003C\u002Fli>\n\u003Cli>Locates .htaccess and inserts lines to block the default wp-login.php and creates a new secret address to use for legitimate login\u003C\u002Fli>\n\u003Cli>Will email the site admin if an administrator signs in with an un-recognised IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When installed your server will return “403 Forbidden“ when attempts are made to access the default wp-login.php file. This has two benefits; it prevents hackers from using brute force methods to hack your website and it reduces the load on the server when such brute force attacks are launched on your site as WordPress isn’t run at all.\u003C\u002Fp>\n\u003Cp>Please note, this plugin uses .htaccess so is only compatible with Apache web servers, it is not compatible with Nginx web servers.\u003C\u002Fp>\n","This plugin completely blocks access to wp-login.php and creates a new secret login URL",600,19911,9,"2025-12-04T12:47:00.000Z","6.9.4","3.5.0","5.6",[74,75,21,22,23],"block-hackers","login-security","https:\u002F\u002Fwebd.uk\u002Fsupport\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-wp-login.1.5.5.zip",99,"2019-06-27 00:00:00",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":26,"downloaded":88,"rating":27,"num_ratings":27,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":93,"download_link":94,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"virus-finder","Virus Finder","1.0.36","wphospital.hu","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressvirusremoval\u002F","\u003Cp>Find viruses in your website with wphospital.hu. The plugin analyze all files, and shows the suspicious and virus files.\u003Cbr \u002F>\nAfter you can check it manually, and you can solve the problem!\u003C\u002Fp>\n","Find viruses in your WordPress easily. Virus scan, malware finder.",12182,"2026-01-16T09:17:00.000Z","7.0","2.8",[75,21,22,23,55],"http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvirus-finder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirus-finder.1.0.36.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":26,"num_ratings":33,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":108,"tags":109,"homepage":115,"download_link":116,"security_score":117,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"reset-password-removed","Reset Password Removed","1.2","Md Taufiqur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmartshovon\u002F","\u003Cp>Easily enhance the security of your WordPress site by removing the ability for non-admin users to change or reset their passwords. The “Reset Password Removed” plugin ensures that only administrators have the power to modify password settings, reducing the risk of unauthorized access.\u003C\u002Fp>\n\u003Ch3>Key Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Restrict Password Resets:\u003C\u002Fstrong> Prevents non-admin users from resetting their passwords, adding an extra layer of security to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Control:\u003C\u002Fstrong> Keeps password management accessible only to site administrators, ensuring critical access remains in trusted hands.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Streamlined User Experience:\u003C\u002Fstrong> Automatically removes the “Lost your password?” link from the login page for non-admin users.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight & Efficient:\u003C\u002Fstrong> The plugin is built to be lightweight, ensuring it doesn’t slow down your website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Choose Reset Password Removed?\u003C\u002Fh3>\n\u003Cp>If you’re looking to enhance your WordPress security without complicating user management, this plugin is the perfect solution. Ideal for websites where password security is paramount, it simplifies control and prevents potential vulnerabilities from password resets.\u003C\u002Fp>\n\u003Cp>Compatible with: WordPress 6.x and PHP 7.4+\u003C\u002Fp>\n","Enhance the security of your blogs by preventing password reset over email function.",20,2924,"2024-11-03T13:58:00.000Z","6.6.5","5.0","7.4",[110,111,112,113,114],"admin-only-password-control","disable-password-reset","secure-login-management","wordpress-password-security","wordpress-user-security-plugin","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freset-password-removed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-password-removed.1.2.zip",92,{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":27,"num_ratings":27,"last_updated":18,"tested_up_to":128,"requires_at_least":129,"requires_php":90,"tags":130,"homepage":132,"download_link":133,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":134},"wp-security-by-made-it","WP Security By Made I.T.","1.8.3","Made I.T.","https:\u002F\u002Fprofiles.wordpress.org\u002Fmadeit\u002F","\u003Cp>‘WP Security by Made I.T.’ is one of the fastest WordPress security plugins. The plugin daily scan your complete website to check for malware, viruses and files changes.\u003C\u002Fp>\n\u003Cp>This plugin relies on a third party service to functionally work. This plugin automatically generates a connection with our server on ‘www.madeit.be’ to create an API key to update scan listings, malware and virus databases. For more info, you can also have a look at our [plugin homepage].(https:\u002F\u002Fmadeit.be\u002Fwordpress-onderhoud\u002Fwp-plugin).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Scan your WordPress website to file changes.\u003C\u002Fli>\n\u003Cli>Compare the changed files with its original.\u003C\u002Fli>\n\u003Cli>Backup your Website.\u003C\u002Fli>\n\u003Cli>Made I.T. WordPress Maintenance integration.\u003C\u002Fli>\n\u003Cli>Security Alerts\u003C\u002Fli>\n\u003Cli>Vulnerability scanning thanks to wpvulndb.com\u003C\u002Fli>\n\u003Cli>Firewall (Experimental)\u003C\u002Fli>\n\u003Cli>Login prevention (Experimental)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Comming Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Check for malware and viruses. [1.8]\u003C\u002Fli>\n\u003C\u002Ful>\n","Secure your WordPress Website.",10,2282,"5.5.18","4.0",[131,21,22,23,55],"maintenance","https:\u002F\u002Fwww.madeit.be\u002Fwordpress-onderhoud","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-security-by-made-it.1.8.3.zip","2026-03-15T10:48:56.248Z",{"attackSurface":136,"codeSignals":220,"taintFlows":323,"riskAssessment":324,"analyzedAt":336},{"hooks":137,"ajaxHandlers":183,"restRoutes":184,"shortcodes":217,"cronEvents":218,"entryPointCount":219,"unprotectedCount":33},[138,143,147,151,155,159,164,169,173,177,179],{"type":139,"name":140,"callback":140,"file":141,"line":142},"action","init","integrity-checker.php",53,{"type":139,"name":144,"callback":140,"file":145,"line":146},"admin_init","src\\Admin\\AdminPage.php",45,{"type":139,"name":148,"callback":149,"file":145,"line":150},"admin_menu","adminMenu",46,{"type":139,"name":152,"callback":153,"priority":126,"file":145,"line":154},"admin_enqueue_scripts","enqueueAdminScripts",55,{"type":139,"name":156,"callback":157,"file":158,"line":146},"load-plugins.php","loadPlugins","src\\AdminUIHooks.php",{"type":160,"name":161,"callback":162,"priority":78,"file":158,"line":163},"filter","site_transient_update_plugins","modifyPluginsTransient",51,{"type":139,"name":165,"callback":166,"file":167,"line":168},"shutdown","onShutdown","src\\BackgroundProcess.php",126,{"type":160,"name":170,"callback":171,"file":167,"line":172},"cron_schedules","scheduleCronHealthCheck",130,{"type":139,"name":174,"callback":175,"file":167,"line":176},"rest_api_init","registerRestEndpoints",133,{"type":139,"name":174,"callback":175,"file":178,"line":172},"src\\integrityChecker.php",{"type":139,"name":180,"callback":181,"priority":126,"file":178,"line":182},"upgrader_process_complete","upgradeProcessComplete",147,[],[185,192,198,201,205,209,213],{"namespace":186,"route":187,"methods":188,"callback":190,"permissionCallback":28,"file":167,"line":191},"integrity-checker\u002Fv1","background\u002F(?P\u003Csession>[a-zA-Z0-9-]+)",[189],"GET","closure",85,{"namespace":186,"route":193,"methods":194,"callback":190,"permissionCallback":195,"file":196,"line":197},"quota",[189],"checkPermissions","src\\Rest.php",68,{"namespace":186,"route":199,"methods":200,"callback":190,"permissionCallback":195,"file":196,"line":48},"apikey",[189],{"namespace":186,"route":202,"methods":203,"callback":190,"permissionCallback":195,"file":196,"line":204},"userdata",[189],93,{"namespace":186,"route":206,"methods":207,"callback":190,"permissionCallback":195,"file":196,"line":208},"process\u002Fstatus",[189],112,{"namespace":186,"route":210,"methods":211,"callback":190,"permissionCallback":195,"file":196,"line":212},"testresult\u002Fscanall\u002Ftruncatehistory",[189],168,{"namespace":186,"route":214,"methods":215,"callback":190,"permissionCallback":195,"file":196,"line":216},"settings",[189],221,[],[],7,{"dangerousFunctions":221,"sqlUsage":227,"outputEscaping":236,"fileOperations":237,"externalRequests":275,"nonceChecks":33,"capabilityChecks":27,"bundledLibraries":319},[222],{"fn":223,"file":224,"line":225,"context":226},"unserialize","src\\Tests\\Checksum\\WPRepository.php",27,"$this->result = unserialize($response['body']);",{"prepared":225,"raw":228,"locations":229},2,[230,234],{"file":231,"line":232,"context":233},"src\\Tests\\Files.php",148,"$wpdb->get_var() with variable interpolation",{"file":231,"line":235,"context":233},243,{"escaped":237,"rawEcho":238,"locations":239},3,43,[240,243,245,247,249,250,252,255,257,259,261,262,265,267,268,269,271,272,273,274,276,278,281,283,285,287,289,290,293,296,298,299,302,303,305,307,309,310,312,313,315,317,318],{"file":241,"line":126,"context":242},"src\\Admin\\views\\About.php","raw output",{"file":241,"line":244,"context":242},17,{"file":241,"line":246,"context":242},33,{"file":241,"line":248,"context":242},50,{"file":241,"line":163,"context":242},{"file":241,"line":251,"context":242},64,{"file":253,"line":254,"context":242},"src\\Admin\\views\\AdminPage.php",26,{"file":253,"line":256,"context":242},28,{"file":253,"line":258,"context":242},29,{"file":253,"line":260,"context":242},35,{"file":253,"line":260,"context":242},{"file":263,"line":264,"context":242},"src\\Admin\\views\\ChecksumScanResults.php",24,{"file":266,"line":244,"context":242},"src\\Admin\\views\\FilesScanResults.php",{"file":266,"line":264,"context":242},{"file":266,"line":225,"context":242},{"file":270,"line":33,"context":242},"src\\Admin\\views\\PluginUpdateAlert.php",{"file":270,"line":33,"context":242},{"file":270,"line":228,"context":242},{"file":270,"line":14,"context":242},{"file":270,"line":275,"context":242},11,{"file":277,"line":258,"context":242},"src\\Admin\\views\\Settings\\alerts.php",{"file":279,"line":280,"context":242},"src\\Admin\\views\\Settings\\files.php",18,{"file":279,"line":282,"context":242},48,{"file":279,"line":284,"context":242},63,{"file":279,"line":286,"context":242},78,{"file":279,"line":288,"context":242},95,{"file":279,"line":208,"context":242},{"file":291,"line":292,"context":242},"src\\Admin\\views\\Settings\\schedule.php",44,{"file":294,"line":295,"context":242},"src\\Admin\\views\\SettingsScanResults.php",16,{"file":294,"line":297,"context":242},23,{"file":294,"line":254,"context":242},{"file":300,"line":301,"context":242},"src\\Admin\\views\\Upgrade\\column.php",8,{"file":300,"line":275,"context":242},{"file":300,"line":304,"context":242},12,{"file":300,"line":306,"context":242},19,{"file":300,"line":308,"context":242},22,{"file":300,"line":34,"context":242},{"file":300,"line":311,"context":242},40,{"file":300,"line":150,"context":242},{"file":300,"line":314,"context":242},47,{"file":300,"line":316,"context":242},67,{"file":300,"line":316,"context":242},{"file":300,"line":197,"context":242},[320],{"name":321,"version":28,"knownCves":322},"DataTables",[],[],{"summary":325,"deductions":326},"The \"integrity-checker\" v0.10.0 plugin exhibits a mixed security posture.  While it benefits from a lack of documented vulnerabilities and a high percentage of SQL queries using prepared statements, several concerning areas warrant attention.  The presence of the `unserialize` function, a known source of vulnerabilities, is a significant red flag, especially given the limited output escaping.  Furthermore, the plugin exposes a REST API route without proper permission callbacks, creating an unprotected entry point that could be exploited to trigger the `unserialize` function or other unintended actions.  The limited scope of taint analysis, reporting zero flows, might indicate a lack of thorough dynamic testing or that the plugin's design genuinely avoids complex data flow issues.  However, the static analysis findings, particularly the `unserialize` function and the unprotected REST API endpoint, represent tangible risks that need mitigation.",[327,329,332,334],{"reason":328,"points":126},"Unprotected REST API route",{"reason":330,"points":331},"Dangerous function: unserialize",15,{"reason":333,"points":301},"Low percentage of output escaping",{"reason":335,"points":237},"Bundled library (DataTables) without version check","2026-03-16T20:23:49.577Z",{"wat":338,"direct":357},{"assetPaths":339,"generatorPatterns":347,"scriptPaths":348,"versionParams":349},[340,341,342,343,344,345,346],"\u002Fwp-content\u002Fplugins\u002Fintegrity-checker\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fintegrity-checker\u002Fcss\u002FjqCron.css","\u002Fwp-content\u002Fplugins\u002Fintegrity-checker\u002Fcss\u002Ffont-awesome.min.css","\u002Fwp-content\u002Fplugins\u002Fintegrity-checker\u002Fcss\u002Fjquery.dataTables.min.css","\u002Fwp-content\u002Fplugins\u002Fintegrity-checker\u002Fjs\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Fintegrity-checker\u002Fjs\u002Fjquery.dataTables.min.js","\u002Fwp-content\u002Fplugins\u002Fintegrity-checker\u002Fjs\u002FjqCron.js",[],[344,345,346],[350,351,352,353,354,355,356],"integrity-checker\u002Fjs\u002Fmain.js?ver=","integrity-checker\u002Fjs\u002Fjquery.dataTables.min.js?ver=","integrity-checker\u002Fjs\u002FjqCron.js?ver=","integrity-checker\u002Fcss\u002Fstyle.css?ver=","integrity-checker\u002Fcss\u002FjqCron.css?ver=","integrity-checker\u002Fcss\u002Ffont-awesome.min.css?ver=","integrity-checker\u002Fcss\u002Fjquery.dataTables.min.css?ver=",{"cssClasses":358,"htmlComments":360,"htmlAttributes":362,"restEndpoints":364,"jsGlobals":366,"shortcodeOutput":368},[359],"jq-cron",[361],"\u003C!-- Integrity Checker -->",[363],"data-tab-id",[365],"\u002Fwp-json\u002Fintegrity-checker\u002Fv1",[367],"integrityCheckerApi",[]]