[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fDxONu_79xVhRN03D_GLJrj88W2kokUuOyaWddMXDXiI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":136,"fingerprints":307},"invite-friends","Invite Friends","0.4","DjZoNe","https:\u002F\u002Fprofiles.wordpress.org\u002Fdjzone\u002F","\u003Cp>This plugins main goal was to provide the ability to any of your registered users, to invite more people to the community.\u003C\u002Fp>\n\u003Cp>Please notice, that this plugin totaly ignores whether the registration is enabled or disabled to your blog.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvite-friends.0.3.zip\" rel=\"nofollow ugc\">Download now!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Finvite-friends.dev.rain.hu\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa> |\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Finvite-friends.dev.rain.hu\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa> |\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fdjz.hu\" rel=\"nofollow ugc\">Author\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=djzone@cracker.hu&item_name=Invite%20Friends%20for%20Wordpress\" rel=\"nofollow ugc\">Donate\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Some functions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>invitation sending\u003C\u002Fli>\n\u003Cli>invitation cards limit per site\u003C\u002Fli>\n\u003Cli>after activation, the user is logged in automatically\u003C\u002Fli>\n\u003Cli>after activation, the user can be redirected to a custom URL\u003C\u002Fli>\n\u003Cli>activation screen is using the same styles as the login screen (if you have customized login screen it will affect the activation screen as well)\u003C\u002Fli>\n\u003Cli>Dashboard for custom settings Plugins > Invite friends settings\u003C\u002Fli>\n\u003Cli>i18n support (localized messages)\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin give the ability to anyone how registered to your blog, to invite more people, even if the registration is closed.",10,21298,0,"2008-08-05T00:19:00.000Z","2.6","2.3","",[19,20,21,22],"dashboard","e-mail","registration","sidebar","http:\u002F\u002Finvite-friends.dev.rain.hu","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finvite-friends.0.4.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"djzone",5,2810,30,84,"2026-04-05T02:30:34.850Z",[37,61,83,96,117],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-widget-disable","Widget Disable","3.0.1","required","https:\u002F\u002Fprofiles.wordpress.org\u002Fwearerequired\u002F","\u003Cp>This simple plugin allows you to disable any sidebar and dashboard widget for the current WordPress site you are on. It provides a simple user interface available to users with \u003Ccode>edit_theme_options\u003C\u002Fcode> capabilities (usually Administrator role) available under Appearance -> Disable Widgets.\u003Cbr \u002F>\nAfter saving the settings, the sidebar and dashboard widgets are removed from and the user can’t see those widgets anymore.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer? Get to know the hooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Have a look at the filters we provide:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>wp_widget_disable_default_sidebar_widgets\u003C\u002Fcode> – Allows you to exclude certain sidebar widgets from being disabled.\u003C\u002Fli>\n\u003Cli>\u003Ccode>wp_widget_disable_default_dashboard_widgets\u003C\u002Fcode> – Allows you to exclude certain dashboard widgets from being disabled.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Contributions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you would like to contribute to this plugin, report an issue or anything like that, please note that we develop this plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwearerequired\u002FWP-Widget-Disable\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Frequired.com\u002F\" title=\"Team of experienced web professionals from Switzerland & Germany\" rel=\"nofollow ugc\">required\u003C\u002Fa>\u003C\u002Fp>\n","Disable sidebar and dashboard widgets with an easy to use interface.",10000,185111,96,24,"2024-11-18T13:40:00.000Z","6.7.5","6.0","7.4",[54,19,55,56,57],"admin","dashboard-widgets","sidebar-widgets","widgets","https:\u002F\u002Frequired.com\u002Fservices\u002Fwordpress-plugins\u002Fwp-widget-disable\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-widget-disable.3.0.1.zip",92,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":63,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":17,"tags":75,"homepage":81,"download_link":82,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"custom-new-user-email-template","Custom New User Email Template","1.0","LogicRays Technologies","https:\u002F\u002Fprofiles.wordpress.org\u002Flogicrays\u002F","\u003Cp>This plugin allows you to customize the email sent on a new user registration.\u003C\u002Fp>\n",200,2755,100,1,"2024-04-09T10:27:00.000Z","6.5.8","4.6",[76,77,78,79,80],"new-user","new-user-notification","registration-email","user-registration","welcome-mail","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-new-user-email-template\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-new-user-email-template.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":67,"short_description":85,"active_installs":89,"downloaded":90,"rating":70,"num_ratings":71,"last_updated":91,"tested_up_to":92,"requires_at_least":74,"requires_php":17,"tags":93,"homepage":94,"download_link":95,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"custom-new-user-notification","Custom New User Notification","1.2.0","rafasashi","https:\u002F\u002Fprofiles.wordpress.org\u002Frafasashi\u002F",80,5214,"2023-06-29T06:13:00.000Z","6.2.9",[76,77,78,79,80],"https:\u002F\u002Fgithub.com\u002Frafasashi\u002Fcustom-new-user-notification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-new-user-notification.1.2.0.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":13,"num_ratings":13,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":113,"download_link":114,"security_score":60,"vuln_count":115,"unpatched_count":13,"last_vuln_date":116,"fetched_at":27},"peprodev-ups","PeproDev Ultimate Profile Solutions","8.0.4","Pepro Dev. Group","https:\u002F\u002Fprofiles.wordpress.org\u002Fpeprodev\u002F","\u003Cp>The most powerful and feature-rich profile builder and user management solution for WordPress.\u003C\u002Fp>\n\u003Cp>🎉 Thank you for supporting PeproDev Ultimate Profile Solutions since its first private release in 2019!\u003Cbr \u002F>\nYour support and feedback have been key in shaping this plugin into a reliable and feature-rich solution for WordPress user profiles.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>FREE OF ANY CHARGE, UNLIMITED, and OPEN-SOURCE FOREVER!\u003C\u002Fli>\n\u003Cli>Ajaxified Popup Login\u002FRegister form\u003C\u002Fli>\n\u003Cli>Login by Username\u002FPassword | Email\u002FPassword | Mobile OTP | Email OTP | (social login soon)\u003C\u002Fli>\n\u003Cli>Show Popup\u002FToast Notification after Login\u002FRegister\u003C\u002Fli>\n\u003Cli>Unlimited User Customized Registration Fields:\n\u003Cul>\n\u003Cli>Text Field\u003C\u002Fli>\n\u003Cli>Number Field\u003C\u002Fli>\n\u003Cli>Email Field\u003C\u002Fli>\n\u003Cli>Mobile Number Field\u003C\u002Fli>\n\u003Cli>reCAPTCHA Field\u003C\u002Fli>\n\u003Cli>Select Dropdown Field\u003C\u002Fli>\n\u003Cli>Multiple-choice Field\u003C\u002Fli>\n\u003Cli>WooCommerce Based fields\u003C\u002Fli>\n\u003Cli>TinyMCE Editor\u003C\u002Fli>\n\u003Cli>DEV: Hooked Customized Fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Unlimited User Customized Login Redirection rules (based on User Role)\u003C\u002Fli>\n\u003Cli>Unlimited User Customized Logout Redirection rules (based on User Role)\u003C\u002Fli>\n\u003Cli>Unlimited User Customized Registration Redirection rules (based on User Role)\u003C\u002Fli>\n\u003Cli>Hide wp-login.php and Change Login address\u003C\u002Fli>\n\u003Cli>Customized\u002FThemed wp-login.php login screen\u003C\u002Fli>\n\u003Cli>Built-in CSS Editor for Login screen\u003C\u002Fli>\n\u003Cli>Built-in Dashboard with Responsive Design compatible with WooCommerce\u003C\u002Fli>\n\u003Cli>Unlimited User Customized Profile sections\u003C\u002Fli>\n\u003Cli>Built-in Individual CSS Editor for Each Profile Section\u003C\u002Fli>\n\u003Cli>Built-in Individual JS Editor for Each Profile Section\u003C\u002Fli>\n\u003Cli>Apply Restriction rules for Profile Section based on User Role or LearnDash Course Access\u003C\u002Fli>\n\u003Cli>Built-in Admin-User Notification system, announcement functionality\u003C\u002Fli>\n\u003Cli>Easily Integrate your SMS Provider with OTP System\u003C\u002Fli>\n\u003Cli>Newsletter Mobile-based Subscription (Export to Excel CSV)\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce, LearnDash, WooWallet, Wishlist, YITH Plugins\u003C\u002Fli>\n\u003Cli>Made by Developers for the Developers! \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpeprodev\u002FUltimate-Profile-Solutions\" rel=\"nofollow ugc\">Source code in GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Custom Profile Creation with multiple sections\u003C\u002Fli>\n\u003Cli>Ability to display shortcodes within profile sections\u003C\u002Fli>\n\u003Cli>Add custom CSS and JavaScript to profile pages\u003C\u002Fli>\n\u003Cli>Editable profile with custom fields\u003C\u002Fli>\n\u003Cli>Customizable profile avatars\u003C\u002Fli>\n\u003Cli>View WooCommerce orders within profile\u003C\u002Fli>\n\u003Cli>Send notifications to selected or all users\u003C\u002Fli>\n\u003Cli>Popup login\u002Fregister forms\u003C\u002Fli>\n\u003Cli>Custom redirection after login\u002Fregister\u002Flogout based on user role\u003C\u002Fli>\n\u003Cli>Migration from Digits plugin\u003C\u002Fli>\n\u003Cli>Responsive and clean design\u003C\u002Fli>\n\u003Cli>Change default login URL instead of wp-login.php\u003C\u002Fli>\n\u003Cli>Add reCAPTCHA for enhanced security\u003C\u002Fli>\n\u003Cli>Mobile OTP-based subscription list for users\u003C\u002Fli>\n\u003Cli>Modify default WordPress login design and behavior\u003C\u002Fli>\n\u003Cli>SMS Providers: SMS.ir (v1, v2), FarazSMS, IPPanel (Normal, Pattern), Kavehnegar (Normal, Pattern), ParsGreen, with options to add more using hooks\u003C\u002Fli>\n\u003Cli>Fully compatible with Elementor, Zephyr theme, Woodmart theme, Visual Composer, LearnDash, WooWallet, PeproDev Ticketing, WooCommerce, and more\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How to Use\u003C\u002Fh3>\n\u003Cp>Place the shortcode \u003Ccode>[pepro-smart-btn]\u003C\u002Fcode> in your page header or view \u003Ccode>wp-admin\u002F?page=peprodev-ups&section=loginregister\u003C\u002Fcode> for more advanced shortcodes. Explore \u003Ccode>wp-admin\u002F?page=peprodev-ups&section=shortcodes\u003C\u002Fcode> to browse all available shortcodes provided by the plugin.\u003C\u002Fp>\n\u003Ch3>About Us\u003C\u002Fh3>\n\u003Cp>PeproDev is a premium supplier of quality WordPress plugins, services, and support. We are Pepro Dev. Group [peprodev.com], and we make premium WordPress stuff, plugins, and contribute to FOSS. Proudly made in Iran for all web users to use freely, without any commercial influence or support from SMS providers listed in the plugin.\u003C\u002Fp>\n\u003Ch3>Maintenance & Warranty\u003C\u002Fh3>\n\u003Cp>This plugin is provided “as is,” with no warranty of any kind. We do not guarantee the plugin’s performance or suitability for any specific purpose. Updates are pushed through our GitHub channel.\u003C\u002Fp>\n\u003Ch3>How to Contribute\u003C\u002Fh3>\n\u003Cp>You can help us improve this plugin by forking it on GitHub and submitting your contributions. Visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpeprodev\u002FUltimate-Profile-Solutions\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa> to get started.\u003C\u002Fp>\n\u003Ch3>Legal Disclaimer\u003C\u002Fh3>\n\u003Cp>PeproDev is not liable for any data breaches, hacks, or other security-related issues that may occur as a result of using this plugin. Please ensure that your website is secure and that you follow best practices for security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Privacy Notice:\u003C\u002Fstrong> We do not collect any data from you. Your usage of this plugin is completely private, and no information is transmitted or stored by us.\u003C\u002Fp>\n\u003Ch3>Security and Bug Reporting\u003C\u002Fh3>\n\u003Cp>Our plugin is submitted through Patchstack, and any bugs or security vulnerabilities are promptly addressed. Please report any issues through our GitHub repository or contact us directly.\u003C\u002Fp>\n\u003Ch3>Customization Services\u003C\u002Fh3>\n\u003Cp>We offer customization services for this plugin. If you need specific features added or changes made, our team is available to assist you, either freely or for a fee. Contact us at \u003Ca href=\"mailto:support@pepro.dev\" rel=\"nofollow ugc\">support@peprodev.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>We are working on a new pro version of the plugin with refactored code and enhanced standards, which will be available soon.\u003C\u002Fp>\n\u003Ch3>Tips & Tricks\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>View the changelog at \u003Ccode>wp-admin\u002Fadmin.php?page=peprodev-ups&section=home&welcome=true\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Regenerate the plugin’s database structure by visiting \u003Ccode>wp-admin\u002F?peprodevups_force_db_create=1\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n","The Ultimate WordPress Profile Builder & User Management Plugin",70,4229,"2025-05-31T13:47:00.000Z","6.8.5","5.0","7.2",[19,111,112],"login-registration","profile","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpeprodev-ups\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpeprodev-ups.8.0.4.zip",3,"2025-05-06 13:28:19",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":125,"downloaded":126,"rating":70,"num_ratings":71,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":134,"download_link":135,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"dashboard-wiget","Dashboard Widget","1.3.2","Blase Beczkowski","https:\u002F\u002Fprofiles.wordpress.org\u002Fbeczkowski\u002F","\u003Cp>It is a plugin that adds two sidebar to the dashboard of the admin panel and specjal DW Text Widget. You can place any widget in your dashboard. The whole styling is done in such a way as to keep the appearance of the administration panel in harmony.\u003Cbr \u002F>\nYou can use it to leave messages or other information to all users or only for specific roles or specific user.\u003C\u002Fp>\n\u003Cp>Thanks for downloading my plugin. I hope it will serve you well and meet your expectations.\u003C\u002Fp>\n\u003Cp>I wish you successful cooperation.\u003C\u002Fp>\n","Very simple plugin to add sidebar with custom widget to your dashboard. You can add a sidebar which is only available to authors.",20,1921,"2022-09-19T20:03:00.000Z","6.0.11","5.6","7.0",[54,132,19,22,133],"admin-panel","widget","https:\u002F\u002Ffiolet.website","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-wiget.zip",{"attackSurface":137,"codeSignals":166,"taintFlows":223,"riskAssessment":290,"analyzedAt":306},{"hooks":138,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":13,"unprotectedCount":13},[139,145,149,153,158],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_menu","InviteFriendsInit","invite-friends.php",154,{"type":140,"name":146,"callback":147,"file":143,"line":148},"init","InviteFriendsRewriteRule",155,{"type":140,"name":150,"callback":151,"file":143,"line":152},"template_redirect","InviteFriendsTemplate",157,{"type":154,"name":155,"callback":156,"file":143,"line":157},"filter","query_vars","InviteFriendsQueryVars",158,{"type":140,"name":159,"callback":160,"file":143,"line":161},"activate_invite-friends\u002Finvite-friends.php","InviteFriendsActivate",159,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":183,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":222},[],{"prepared":13,"raw":31,"locations":169},[170,173,175,178,180],{"file":143,"line":171,"context":172},68,"$wpdb->get_row() with variable interpolation",{"file":143,"line":174,"context":172},83,{"file":176,"line":177,"context":172},"pages\\inviteform.php",12,{"file":176,"line":179,"context":172},67,{"file":176,"line":181,"context":182},114,"$wpdb->query() with variable interpolation",{"escaped":184,"rawEcho":185,"locations":186},2,17,[187,191,193,194,196,198,200,201,203,205,207,209,211,213,215,217,220],{"file":188,"line":189,"context":190},"pages\\activate.php",4,"raw output",{"file":188,"line":192,"context":190},19,{"file":188,"line":192,"context":190},{"file":188,"line":195,"context":190},31,{"file":188,"line":197,"context":190},39,{"file":176,"line":199,"context":190},23,{"file":176,"line":48,"context":190},{"file":176,"line":202,"context":190},35,{"file":176,"line":204,"context":190},41,{"file":176,"line":206,"context":190},108,{"file":176,"line":208,"context":190},169,{"file":176,"line":210,"context":190},182,{"file":176,"line":212,"context":190},192,{"file":176,"line":214,"context":190},196,{"file":176,"line":216,"context":190},198,{"file":218,"line":219,"context":190},"pages\\settings.php",38,{"file":218,"line":221,"context":190},42,[],[224,241,251,269,282],{"entryPoint":225,"graph":226,"unsanitizedCount":71,"severity":240},"\u003Cactivate> (pages\\activate.php:0)",{"nodes":227,"edges":237},[228,232],{"id":229,"type":230,"label":231,"file":188,"line":197},"n0","source","$_POST['if_user_login']",{"id":233,"type":234,"label":235,"file":188,"line":197,"wp_function":236},"n1","sink","echo() [XSS]","echo",[238],{"from":229,"to":233,"sanitized":239},false,"low",{"entryPoint":242,"graph":243,"unsanitizedCount":184,"severity":240},"\u003Cinviteform> (pages\\inviteform.php:0)",{"nodes":244,"edges":249},[245,248],{"id":229,"type":230,"label":246,"file":176,"line":247},"$_POST (x2)",89,{"id":233,"type":234,"label":235,"file":176,"line":214,"wp_function":236},[250],{"from":229,"to":233,"sanitized":239},{"entryPoint":252,"graph":253,"unsanitizedCount":184,"severity":240},"\u003Csettings> (pages\\settings.php:0)",{"nodes":254,"edges":266},[255,258,261,264],{"id":229,"type":230,"label":256,"file":218,"line":257},"$_POST['if_invitation_cards']",7,{"id":233,"type":234,"label":259,"file":218,"line":257,"wp_function":260},"update_option() [Settings Manipulation]","update_option",{"id":262,"type":230,"label":263,"file":218,"line":177},"n2","$_POST['if_activate_redirect']",{"id":265,"type":234,"label":259,"file":218,"line":177,"wp_function":260},"n3",[267,268],{"from":229,"to":233,"sanitized":239},{"from":262,"to":265,"sanitized":239},{"entryPoint":270,"graph":271,"unsanitizedCount":71,"severity":281},"InviteFriendsTemplate (invite-friends.php:59)",{"nodes":272,"edges":279},[273,276],{"id":229,"type":230,"label":274,"file":143,"line":275},"$_POST",79,{"id":233,"type":234,"label":277,"file":143,"line":174,"wp_function":278},"get_row() [SQLi]","get_row",[280],{"from":229,"to":233,"sanitized":239},"high",{"entryPoint":283,"graph":284,"unsanitizedCount":71,"severity":281},"\u003Cinvite-friends> (invite-friends.php:0)",{"nodes":285,"edges":288},[286,287],{"id":229,"type":230,"label":274,"file":143,"line":275},{"id":233,"type":234,"label":277,"file":143,"line":174,"wp_function":278},[289],{"from":229,"to":233,"sanitized":239},{"summary":291,"deductions":292},"The 'invite-friends' plugin v0.4 exhibits a mixed security posture. On the positive side, it has a very small attack surface with no registered AJAX handlers, REST API routes, shortcodes, or cron events. This significantly limits potential entry points for attackers. The absence of bundled libraries and external HTTP requests is also a good practice. However, the code analysis reveals significant concerns regarding data sanitization and database interaction. All identified SQL queries are not using prepared statements, which is a major risk for SQL injection vulnerabilities. Furthermore, all analyzed taint flows originate from unsanitized paths, with two flagged as high severity. This suggests that user-supplied data is likely being processed without adequate validation or sanitization, creating a strong possibility of various injection attacks.  The vulnerability history is clean, with no recorded CVEs. While this is encouraging, it does not negate the immediate risks identified in the static analysis. The lack of recent vulnerabilities might be due to the plugin's limited functionality or a lack of extensive security auditing.  In conclusion, while the plugin's minimal attack surface is a strength, the raw SQL queries and unsanitized taint flows present critical security weaknesses that require immediate attention. The absence of historical vulnerabilities should not lead to complacency given the current code-level risks.",[293,295,298,300,302,304],{"reason":294,"points":11},"All SQL queries use raw SQL, no prepared statements",{"reason":296,"points":297},"All taint flows have unsanitized paths",15,{"reason":299,"points":11},"High severity taint flows found",{"reason":301,"points":31},"No nonce checks found",{"reason":303,"points":31},"No capability checks found",{"reason":305,"points":31},"Low percentage of properly escaped output","2026-03-17T01:21:32.351Z",{"wat":308,"direct":314},{"assetPaths":309,"generatorPatterns":311,"scriptPaths":312,"versionParams":313},[310],"\u002Fwp-content\u002Fplugins\u002Finvite-friends\u002Fpages\u002Factivate.php",[],[],[],{"cssClasses":315,"htmlComments":317,"htmlAttributes":318,"restEndpoints":323,"jsGlobals":324,"shortcodeOutput":327},[316],"login",[],[319,320,321,322],"id=\"if_user_login\"","name=\"if_user_login\"","id=\"if_choose_login_form\"","name=\"if_choose_login_form\"",[],[325,326],"window.onload","document.getElementById('if_user_login').focus()",[]]