[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYuNL1uHc-aAn-oXQytAIyUR2wo2bO-QMJq-ao9YPBTM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":57,"analysis":164,"fingerprints":422},"ioncube-tester-plus","ionCube Tester Plus","1.5","Robert Seyfriedsberger","https:\u002F\u002Fprofiles.wordpress.org\u002Fharmr\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.ioncube.com\" rel=\"nofollow ugc\">ionCube encoder\u003C\u002Fa> is an established industry standard solution for PHP encoding. In order to run encrypted files on your webserver, it has have ionCube encoders installed. This plugin checks if this is true and if not, you are given a guidance through the official loader wizard which determines what exactly has to be installed on your server on how this can be achieved (if you are not admin of your webserver, you are given instructions which you can easily forward to your admin).\u003C\u002Fp>\n","This plugin helps you to determine if the ionCube loaders are installed correctly on your web server. This plugin is sponsored by \"Maps Marker Pr &hellip;",300,19084,100,2,"2026-01-11T22:58:00.000Z","6.9.4","2.2","",[20,21,22,23,24],"encoding","ioncube","loader","php","test","http:\u002F\u002Fwww.mapsmarker.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fioncube-tester-plus.1.5.zip",94,1,0,"2026-03-04 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2025-69411","ioncube-tester-plus-unauthenticated-arbitrary-file-download","ionCube Tester Plus \u003C= 1.3 - Unauthenticated Arbitrary File Download","The ionCube Tester Plus plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.",null,"\u003C=1.3","1.4","critical",9.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2026-03-12 17:21:48",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2d903c78-2c7e-45fb-a8b4-ae060d9a020c?source=api-prod",9,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":54,"trust_score":55,"computed_at":56},"harmr",3,10310,91,1302,73,"2026-04-04T16:09:15.174Z",[58,78,97,121,145],{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":13,"downloaded":66,"rating":13,"num_ratings":28,"last_updated":67,"tested_up_to":16,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":76,"download_link":77,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"eli-php-compatibility-scanner","Eli's PHP Compatibility Scanner","1.1.1","Eli Hanna","https:\u002F\u002Fprofiles.wordpress.org\u002Feliehanna\u002F","\u003Cp>\u003Cstrong>⚠️ Important: Development Environment Only\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is designed for development environments like LocalWP, XAMPP, or self-hosted servers. It will \u003Cstrong>not work\u003C\u002Fstrong> on most managed hosting providers (WP Engine, Kinsta, SiteGround, etc.) due to security restrictions that disable the \u003Ccode>exec()\u003C\u002Fcode> function and limit access to PHP binaries.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>How It Works\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin leverages \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsquizlabs\u002FPHP_CodeSniffer\" rel=\"nofollow ugc\">PHP_CodeSniffer\u003C\u002Fa> with the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FPHPCompatibility\u002FPHPCompatibility\" rel=\"nofollow ugc\">PHPCompatibility\u003C\u002Fa> standard to perform deep static analysis of your PHP code.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Core Components:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Bundled Dependencies\u003C\u002Fstrong>: Includes PHP_CodeSniffer and PHPCompatibility ruleset\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Batch Processing\u003C\u002Fstrong>: Scans files in configurable batches (10-100 files) to manage memory usage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Command Execution\u003C\u002Fstrong>: Executes PHPCS via PHP’s \u003Ccode>exec()\u003C\u002Fcode> function with specific parameters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server-Side State\u003C\u002Fstrong>: Stores file lists in WordPress options to optimize AJAX requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Progressive UI\u003C\u002Fstrong>: Real-time batch results with stop\u002Fstart controls\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>How to Use:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Navigate to \u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> PHP Compatibility Scanner\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Review the \u003Cstrong>System Check\u003C\u002Fstrong> section to ensure your environment is compatible\u003C\u002Fli>\n\u003Cli>Select the \u003Cstrong>plugins and\u002For themes\u003C\u002Fstrong> you want to scan by checking their boxes\u003C\u002Fli>\n\u003Cli>Configure your scan options:\n\u003Cul>\n\u003Cli>\u003Cstrong>Target PHP Version\u003C\u002Fstrong>: Choose the PHP version you want to test against (7.4 – 8.4)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Batch Size\u003C\u002Fstrong>: Select how many files to process at once (default: 50 files)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Skip Vendor Directory\u003C\u002Fstrong>: Keep checked to skip third-party dependencies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Start Scan\u003C\u002Fstrong> to begin the compatibility check\u003C\u002Fli>\n\u003Cli>View results in real-time as each plugin\u002Ftheme is scanned\u003C\u002Fli>\n\u003Cli>Review any \u003Cstrong>errors\u003C\u002Fstrong> (❌) or \u003Cstrong>warnings\u003C\u002Fstrong> (⚠️) found in your code\u003C\u002Fli>\n\u003Cli>Click on any target to expand and see detailed compatibility issues\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Why It Requires Development Environments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ccode>exec()\u003C\u002Fcode> Function\u003C\u002Fstrong>: Required to run PHPCS binary – disabled on managed hosts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP Binary Access\u003C\u002Fstrong>: Needs access to PHP executable – restricted on shared hosting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Composer Dependencies\u003C\u002Fstrong>: Requires vendor directory with PHPCS installation\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File System Access\u003C\u002Fstrong>: Creates temporary files for batch processing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Memory\u002FTime Limits\u003C\u002Fstrong>: Long-running scans need relaxed execution limits\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Environments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>LocalWP\u003C\u002Fstrong> (recommended)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>XAMPP\u002FMAMP\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Docker WordPress\u003C\u002Fstrong> setups\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Self-hosted\u003C\u002Fstrong> VPS\u002Fdedicated servers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development\u003C\u002Fstrong> environments with shell access\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Unsupported Environments\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WP Engine\u003C\u002Fstrong> (exec() disabled)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Kinsta\u003C\u002Fstrong> (security restrictions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SiteGround\u003C\u002Fstrong> (managed hosting limitations)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GoDaddy Managed WordPress\u003C\u002Fstrong> (function restrictions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress.com\u003C\u002Fstrong> (no plugin uploads)\u003C\u002Fli>\n\u003Cli>Most \u003Cstrong>shared hosting\u003C\u002Fstrong> providers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>This plugin is actively developed for WordPress development environments. Contributions are welcome, especially:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Additional PHP version compatibility rules\u003C\u002Fli>\n\u003Cli>Performance optimizations\u003C\u002Fli>\n\u003Cli>UI\u002FUX improvements\u003C\u002Fli>\n\u003Cli>Hosted environment compatibility solutions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Details\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Dependencies\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>PHP_CodeSniffer\u003C\u002Fstrong>: ^3.13 (static analysis engine)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHPCompatibility\u003C\u002Fstrong>: dev-develop (compatibility ruleset)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>License\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>GPLv2 or later – same as WordPress core.\u003C\u002Fp>\n","A comprehensive WordPress plugin that scans your plugins and themes for PHP version compatibility issues using the  PHPCompatibility ruleset.",891,"2026-03-09T20:55:00.000Z","4.5","7.4",[71,72,73,74,75],"code-quality","compatibility","phpcs","testing","wordpress-development","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feli-php-compatibility-scanner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feli-php-compatibility-scanner.1.1.1.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":29,"downloaded":86,"rating":13,"num_ratings":28,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":18,"download_link":95,"security_score":96,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"core-vitals-monitor","Core Vitals Monitor","1.0","speedplussecurity","https:\u002F\u002Fprofiles.wordpress.org\u002Fspeedplussecurity\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Speedplussecurity.com Has Integrated Core Vital Monitoring Into Your WordPress Dashboard.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Speedplusecurity.com,  a leading provider of core vital performance monitoring,  introduces a monitoring plugin for wordpress. The basic version of Core Vital Monitoring will allow users to see desktop and mobile pagespeed scores from Google Page Speed Insights with scores updated weekly and alerts to notify users if the score dips below a point set by the user. The notification will popup in the wordpress dashboard with the option for email notification available.\u003C\u002Fli>\n\u003Cli>In addition to page speed monitoring the Core Vitals Monitor plugin also watches out for the security of your site. If the  grade, updated weekly,and obtained from securityheaders.com dips below a point set by the user, a notification is provided.\u003C\u002Fli>\n\u003Cli>The basic free service allows for the monitoring of upto five different url’s. This allows for the monitoring of sites most important pages. If you are interested in daily monitoring with up to 15 pages please consider upgrading to the premium edition. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>What About Security?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>*CVM does not use your site’s databse and has no reference to your site’s database, which makes the plugin not vulnerable to your site.\u003Cbr \u002F>\n  *CVM won’t interact with your site’s visitors. No data is collected.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Go Pro\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>*Ability to test more than five URLs.\u003Cbr \u002F>\n  *Email notifications when there is drop in site’s performance standards.\u003Cbr \u002F>\n  *Premium version allows for daily updates and access to change the update interval.\u003Cbr \u002F>\n  *IP or location restriction to either frontend or backend.\u003Cbr \u002F>\n  *IP-rate limiting feature.\u003Cbr \u002F>\n  *Browser fingerprinting, TLS fingerprinting, and other Anti-bot techniques.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Compatibility\u003C\u002Fstrong>\u003Cbr \u002F>\nCVM is fully compatibe with any PHP supported platform. For non-wordpress usage, please check our \u003Ca href=\"https:\u002F\u002Fspeedplussecurity.com\u002Fcore-vitals-monitor\u002F#download\" rel=\"nofollow ugc\">page\u003C\u002Fa> for more information\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>\u003Cbr \u002F>\nIf performance scan results shows 0 or ‘-‘, please confirm the URL being tested is a valid link.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contribute\u003C\u002Fstrong>\u003Cbr \u002F>\nPlease email us at idris@bequestmutual.com to get a link to the Github repository or you have suggestions for a new add-on.\u003C\u002Fp>\n","Tests performance metrics (security and performance) on- a periodic schedule",1142,"2023-01-27T19:24:00.000Z","6.1.10","3.0","5.4",[23,92,93,24,94],"security","speed","wp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcore-vitals-monitor.1.0.zip",85,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":16,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":117,"download_link":118,"security_score":119,"vuln_count":51,"unpatched_count":29,"last_vuln_date":120,"fetched_at":31},"insert-headers-and-footers","WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager","2.3.4","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Ch4>Insert Headers & Footers + Full WordPress Code Snippets Plugin\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwpcode.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin\" rel=\"nofollow ugc\">WPCode\u003C\u002Fa> (formerly known as Insert Headers and Footers by WPBeginner) is the most popular code snippets plugin for WordPress used by over 2 million websites.\u003C\u002Fp>\n\u003Cp>We make it easy for you to add code snippets in WordPress without having to edit your theme’s functions.php file.\u003C\u002Fp>\n\u003Cp>Our simple insert headers and footers interface allows you to insert code like Google Analytics, custom CSS, Facebook Pixel, and more to your WordPress site’s header and footer as well other areas of your website. No need to edit your theme files!\u003C\u002Fp>\n\u003Cp>Aside from Header and Footer scripts, you can also use WPCode to insert custom PHP code snippets, JavaScript code snippets, CSS code snippets, HTML code snippets, and text snippets with full conditional logic support.\u003C\u002Fp>\n\u003Cp>We took the pain out of adding custom code snippets in WordPress and made it easy.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I have been using Insert Headers and Footers and it is such a useful tool. Super helpful and the very best of its kind. Highly recommend\u003Cbr \u002F>\n  The_Gibble – WordPress user\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Quick Overview of WPCode from WPBeginner\u003C\u002Fh4>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFo-7MKRRUec?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Introducing New WPCode Pro\u003C\u002Fstrong>\u003Cbr \u002F>\n  While WPCode Lite offers tons of powerful features for free, we listened to user feedback and created WPCode Pro with even more amazing features to improve your workflow. This includes smart conditional logic, saving code snippets to cloud library, code revisions, page-specific snippets, deeper integration with popular plugins like WooCommerce, Easy Digital Downloads, and so much more. \u003Ca href=\"https:\u002F\u002Fwpcode.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin\" rel=\"nofollow ugc\">Click here to purchase the best premium WordPress code snippet plugin now!\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Future Proof Code Snippet Management\u003C\u002Fh4>\n\u003Cp>Most \u003Ca href=\"https:\u002F\u002Fwww.wpbeginner.com\u002Fcategory\u002Fwp-tutorials\u002F\" rel=\"nofollow ugc\">WordPress tutorial websites\u003C\u002Fa> ask you to add code snippets to your theme’s functions.php file. This makes managing code snippets messy, and it also prevents you from updating your theme.\u003C\u002Fp>\n\u003Cp>If you ever update your theme or switch to another theme, then you will lose all custom code functions that you added in your functions.php file.\u003C\u002Fp>\n\u003Cp>WPCode solves this by providing you an easy way to insert header and footer scripts along with other code snippets directly from your WordPress dashboard. These code snippets actually run as if they were in your theme’s functions.php file.\u003C\u002Fp>\n\u003Cp>Our smart code snippet validation helps you prevent common code errors to ensure you never break your website when adding code snippets or header and footer scripts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New WPCode Cloud Library\u003C\u002Fstrong> even allows you to store all your custom code snippets in a cloud library, so you can easily re-use code snippets across multiple website projects and save time. You can keep your code snippets completely private or \u003Ca href=\"https:\u002F\u002Flibrary.wpcode.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin\" rel=\"nofollow ugc\">share it with the community\u003C\u002Fa> to give back while boosting your social profile.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This plugin allows me to not only add things to my site whenever needed, but it takes me only seconds to accomplish it.\u003Cbr \u002F>\n  David Weber – WordPress user\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Full Code Snippets Library and Code Generators\u003C\u002Fh4>\n\u003Cp>Ever wanted a central place to find all the most popular WordPress code snippets that are tested and proven to work?\u003C\u002Fp>\n\u003Cp>When we started Insert Headers and Footers plugin, we did too. So we built a WordPress code snippets library right inside the WPCode plugin.\u003C\u002Fp>\n\u003Cp>You will find verified PHP code snippets for popular feature requests like disable REST API, disable XML-RPC, disable comments, allow SVG file uploads, disable Gutenberg, add Classic Editor, and more without installing separate plugins for each.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I was very hesitant to get into any of the code for my website. Your plugin made it easy for me to do.\u003Cbr \u002F>\n  Conbrio75 – WordPress user\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>We also built the ability to save your code snippets to \u003Ca href=\"https:\u002F\u002Flibrary.wpcode.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin\" rel=\"nofollow ugc\">WPCode Cloud Library\u003C\u002Fa>, so you can easily re-use it on your other websites, client projects, or even share it with the larger community.\u003C\u002Fp>\n\u003Cp>WPCode Cloud Library helps you better organize your code snippets in one central location, so you can save more time and speed up your workflow when managing websites. No more wasting time looking for custom notes or Github gists.\u003C\u002Fp>\n\u003Cp>Aside from our growing code snippets library, we also have WordPress code generators to help you quickly get ready-to-use custom code using the latest WordPress coding standards and API’s.\u003C\u002Fp>\n\u003Ch4>Conditional Logic for Code Snippets + Code Insertion Priority\u003C\u002Fh4>\n\u003Cp>Our goal with WPCode was to create a WordPress code snippets plugin that’s both EASY and POWERFUL.\u003C\u002Fp>\n\u003Cp>That’s why aside from our global header and footer scripts, we added advanced features like conditional logic for code snippets and made it easy.\u003C\u002Fp>\n\u003Cp>Instead of learning WordPress conditional logic queries, you can use our beginner-friendly conditional logic user interface to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Load code snippets for logged in users only\u003C\u002Fli>\n\u003Cli>Load PHP code snippets for specific user roles\u003C\u002Fli>\n\u003Cli>Load PHP code snippets only on specific page URLs\u003C\u002Fli>\n\u003Cli>Insert header and footer pixel scripts on specific pages\u003C\u002Fli>\n\u003Cli>Show code snippets based on type of page\u003C\u002Fli>\n\u003Cli>Run code snippet only on certain post types\u003C\u002Fli>\n\u003Cli>Load header and footer code snippet based on referrer source\u003C\u002Fli>\n\u003Cli>and more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We also added both automatic code insertion and manual code output using shortcodes.\u003C\u002Fp>\n\u003Cp>Our Auto Insert feature allows you to run the code snippet everywhere or choose from custom options like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Run code snippet only on frontend\u003C\u002Fli>\n\u003Cli>Run code snippet only in WordPress admin area\u003C\u002Fli>\n\u003Cli>Add header and footer scripts sitewide\u003C\u002Fli>\n\u003Cli>Insert PHP code snippet before or after post content\u003C\u002Fli>\n\u003Cli>Insert code snippet before or after specific paragraph\u003C\u002Fli>\n\u003Cli>Insert code snippet on specific archive pages\u003C\u002Fli>\n\u003Cli>Insert code snippets after specific WooCommerce function (\u003Ca href=\"https:\u002F\u002Fwpcode.com\u002F?utm_source=wprepo&utm_medium=link&utm_campaign=liteplugin\" rel=\"nofollow ugc\">Pro Feature\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Aside from that, we also added a visual code snippet priority system, so you can choose the order for your custom functions to avoid code conflict.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This is such a useful plugin! It makes it so much easier to include things on your website!\u003Cbr \u002F>\n  Understoryliving – WordPress user\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>And for even more flexibility and customization, we have added the ability for you to add page-specific code snippets right from the WordPress classic editor as well as the Gutenberg editor. You can even load code snippets based on device type such as mobile only code snippets, desktop only code snippets, etc.\u003C\u002Fp>\n\u003Ch4>Import and Export Code Snippets\u003C\u002Fh4>\n\u003Cp>Managing multiple websites or developing in a staging environment?\u003C\u002Fp>\n\u003Cp>We offer an easy way to import and export your custom code snippets, functions, and header and footer scripts to help you save time.\u003C\u002Fp>\n\u003Cp>You can also save your code snippets to WPCode Cloud (Pro feature), so you can easily re-use the same code snippets across multiple websites. This also allows you to better organize your code snippets instead of wasting time searching for random Github gists.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Simple plugin I use in quite every site. Very useful to insert scripts and tags.\u003Cbr \u002F>\n  tommasoperego – WordPress user\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Full WPCode Feature List\u003C\u002Fh4>\n\u003Cp>The simple interface of WPCode plugin (formerly known as Insert Headers and Footers) gives you one place where you can insert header and footer scripts as well as custom code snippets rather than dealing with dozens of different plugins.\u003C\u002Fp>\n\u003Cp>Below is a full list of WPCode features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Quick to set up\u003C\u002Fli>\n\u003Cli>Unlimited code snippets\u003C\u002Fli>\n\u003Cli>Simple to insert header and footer scripts globally\u003C\u002Fli>\n\u003Cli>Beginner Friendly Code Editor with Syntax Highlighter for PHP, JavaScript, and HTML\u003C\u002Fli>\n\u003Cli>Smart Code Validation to Prevent PHP Errors\u003C\u002Fli>\n\u003Cli>Insert header code and\u002For footer code using Conditional Logic\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>Google Analytics\u003C\u002Fstrong> code to header and footer\u003C\u002Fli>\n\u003Cli>Add \u003Cstrong>custom CSS\u003C\u002Fstrong> code to any theme\u003C\u002Fli>\n\u003Cli>Insert \u003Cstrong>Facebook pixel\u003C\u002Fstrong> code in header and footer\u003C\u002Fli>\n\u003Cli>Insert any code or script, including HTML and Javascript\u003C\u002Fli>\n\u003Cli>Insert PHP Code Snippets\u003C\u002Fli>\n\u003Cli>Ready-made Code Snippet Library\u003C\u002Fli>\n\u003Cli>Custom WordPress Code Snippet Generator\u003C\u002Fli>\n\u003Cli>Show or Hide PHP Code Snippets based on conditional logic\u003C\u002Fli>\n\u003Cli>Run PHP code and custom code snippets everywhere or in select areas using smart auto-insert rules.\u003C\u002Fli>\n\u003Cli>Manually insert PHP code snippets using shortcodes anywhere on website\u003C\u002Fli>\n\u003Cli>Add Rich Text Ads and Content Snippets automatically on posts & pages.\u003C\u002Fli>\n\u003Cli>Export \u002F Import Code Snippets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New\u003C\u002Fstrong> Save snippets to Cloud Library – All your snippets stored in your private code snippet cloud.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>New\u003C\u002Fstrong> Deep integrations with Gutenberg, WooCommerce, and more.\u003C\u002Fli>\n\u003Cli>Device specific code snippets (such as load code snippets on mobile only, desktop only, etc)\u003C\u002Fli>\n\u003Cli>and more features coming soon.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Insert Headers and Footers plugin was first created by \u003Ca href=\"https:\u002F\u002Fsyedbalkhi.com\u002F\" rel=\"nofollow ugc\">Syed Balkhi\u003C\u002Fa> and the \u003Ca href=\"http:\u002F\u002Fwww.wpbeginner.com\u002F\" rel=\"nofollow ugc\">WPBeginner\u003C\u002Fa> team in 2011.\u003C\u002Fp>\n\u003Cp>It was later rebranded to WPCode in 2022 by Syed Balkhi to add powerful code snippets features that users were requesting for.\u003C\u002Fp>\n\u003Ch4>Branding Guideline\u003C\u002Fh4>\n\u003Cp>WPCode™ is a trademark of WPCode LLC. When writing about the Insert Headers and Footers – Code Snippets plugin by WPCode, please make sure to uppercase the initial 3 letters.\u003C\u002Fp>\n\u003Cp>WPCode (correct)\u003Cbr \u002F>\nWP Code (incorrect)\u003Cbr \u002F>\nwpcode (incorrect)\u003Cbr \u002F>\nwp code snippets (incorrect)\u003C\u002Fp>\n","Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.",3000000,82822570,98,1761,"2026-02-12T15:19:00.000Z","5.0","7.0",[113,114,115,116,23],"code","code-snippets","css","header","https:\u002F\u002Fwww.wpcode.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finsert-headers-and-footers.2.3.4.zip",99,"2023-07-17 00:00:00",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":16,"requires_at_least":134,"requires_php":111,"tags":135,"homepage":18,"download_link":141,"security_score":142,"vuln_count":143,"unpatched_count":29,"last_vuln_date":144,"fetched_at":31},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,96,2101,"2026-01-12T08:47:00.000Z","4.1",[136,137,138,139,140],"custom-login-url","login","rename","wp-login","wp-login-php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,10,"2024-06-24 00:00:00",{"slug":114,"name":146,"version":147,"author":148,"author_profile":149,"description":150,"short_description":151,"active_installs":152,"downloaded":153,"rating":27,"num_ratings":154,"last_updated":155,"tested_up_to":16,"requires_at_least":110,"requires_php":69,"tags":156,"homepage":159,"download_link":160,"security_score":161,"vuln_count":162,"unpatched_count":29,"last_vuln_date":163,"fetched_at":31},"Code Snippets","3.9.5","Code Snippets Pro","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodesnippetspro\u002F","\u003Cp>\u003Cstrong>✂ Code Snippets\u003C\u002Fstrong> provides an effortless way to enhance your WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🚀 Upgrade to Code Snippets Pro\u003C\u002Fstrong> for complete CSS, JavaScript, Gutenberg, Elementor and cloud synchronisation integrations. \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fcodesnippets.pro\u002Fpricing\" rel=\"nofollow ugc\">Elevate your snippets experience now!\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Say goodbye to the hassle of tweaking your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file and downloading endless plugins – Code Snippets simplifies the process!\u003C\u002Fp>\n\u003Cp>A snippet is like a mini-plugin for your WordPress site, providing added functionality without the clutter.\u003C\u002Fp>\n\u003Cp>Unlike other solutions that involve dumping code into your \u003Ccode>functions.php\u003C\u002Fcode> file, Code Snippets offers an intuitive graphical interface for seamless integration and real-time execution. Managing snippets is as easy as activating and deactivating plugins, only without the bloat and overhead.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎥 Watch a quick overview by Imran Siddiq:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuzND-wdSCMQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>☁️ Each copy of Code Snippets includes full integration with the community-powered \u003Ca href=\"https:\u002F\u002Fcodesnippets.cloud\u002F\" rel=\"nofollow ugc\">Code Snippets Cloud\u003C\u002Fa> platform, providing easy access to hundreds of tweaks and enhancements ready to power-up any WordPress site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🌐 Connect with us:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcode-snippets\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffacebook.com\u002Fgroups\u002Fcodesnippetsplugin\" rel=\"nofollow ugc\">Facebook Community\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsnipco.de\u002Fdiscord\" rel=\"nofollow ugc\">Discord Community\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcodesnippetspro\u002Fcode-snippets\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>🌟 Like our plugin? Find it useful? Please consider sharing your experience by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fcode-snippets\" rel=\"ugc\">leaving a review on WordPress.org\u003C\u002Fa>. Your feedback is instrumental to shaping our future growth!\u003C\u002Fp>\n\u003Cp>🌍 We’d like to thank the wonderful people who have helped contribute translations to allow Code Snippets to be used in different languages. \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcodesnippetspro\u002Fcode-snippets\u002Fblob\u002Fcore\u002FCREDITS.md#translators\" rel=\"nofollow ugc\">You can find a full list here\u003C\u002Fa>.\u003C\u002Fp>\n","An easy, clean and simple way to enhance your site with code snippets.",1000000,19655832,494,"2026-02-05T11:03:00.000Z",[113,115,157,23,158],"multisite","snippets","https:\u002F\u002Fcodesnippets.pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcode-snippets.3.9.5.zip",89,7,"2026-02-05 19:33:02",{"attackSurface":165,"codeSignals":181,"taintFlows":384,"riskAssessment":403,"analyzedAt":421},{"hooks":166,"ajaxHandlers":177,"restRoutes":178,"shortcodes":179,"cronEvents":180,"entryPointCount":29,"unprotectedCount":29},[167,173],{"type":168,"name":169,"callback":169,"priority":170,"file":171,"line":172},"action","admin_notices",6,"ioncube-tester-plus.php",29,{"type":168,"name":174,"callback":175,"file":171,"line":176},"admin_menu","register_menu_page",30,[],[],[],[],{"dangerousFunctions":182,"sqlUsage":199,"outputEscaping":201,"fileOperations":382,"externalRequests":28,"nonceChecks":29,"capabilityChecks":29,"bundledLibraries":383},[183,188,192,195],{"fn":184,"file":185,"line":186,"context":187},"unserialize","loader-wizard.php",275,"$unserialised_res = @unserialize($serialised_res);",{"fn":189,"file":185,"line":190,"context":191},"shell_exec",868,"$cmd = @shell_exec('sestatus');",{"fn":189,"file":185,"line":193,"context":194},880,"$cmd = @shell_exec('gradm -S');",{"fn":196,"file":185,"line":197,"context":198},"system",1996,"$result = @system($script,$retval);",{"prepared":29,"raw":29,"locations":200},[],{"escaped":48,"rawEcho":161,"locations":202},[203,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380],{"file":171,"line":204,"context":205},165,"raw output",{"file":171,"line":207,"context":205},185,{"file":185,"line":209,"context":205},1431,{"file":185,"line":211,"context":205},1435,{"file":185,"line":213,"context":205},1504,{"file":185,"line":215,"context":205},1506,{"file":185,"line":217,"context":205},1516,{"file":185,"line":219,"context":205},1517,{"file":185,"line":221,"context":205},1520,{"file":185,"line":223,"context":205},1526,{"file":185,"line":225,"context":205},1527,{"file":185,"line":227,"context":205},1530,{"file":185,"line":229,"context":205},1621,{"file":185,"line":231,"context":205},1623,{"file":185,"line":233,"context":205},1735,{"file":185,"line":235,"context":205},1737,{"file":185,"line":237,"context":205},1740,{"file":185,"line":239,"context":205},1760,{"file":185,"line":241,"context":205},1762,{"file":185,"line":243,"context":205},1765,{"file":185,"line":245,"context":205},1771,{"file":185,"line":247,"context":205},1776,{"file":185,"line":249,"context":205},1780,{"file":185,"line":251,"context":205},1784,{"file":185,"line":253,"context":205},1787,{"file":185,"line":255,"context":205},1789,{"file":185,"line":257,"context":205},1793,{"file":185,"line":259,"context":205},1806,{"file":185,"line":261,"context":205},1811,{"file":185,"line":263,"context":205},1821,{"file":185,"line":265,"context":205},1827,{"file":185,"line":267,"context":205},1853,{"file":185,"line":269,"context":205},1854,{"file":185,"line":271,"context":205},1860,{"file":185,"line":273,"context":205},1873,{"file":185,"line":275,"context":205},1879,{"file":185,"line":277,"context":205},1881,{"file":185,"line":279,"context":205},1884,{"file":185,"line":281,"context":205},2024,{"file":185,"line":283,"context":205},2025,{"file":185,"line":285,"context":205},2026,{"file":185,"line":287,"context":205},2027,{"file":185,"line":289,"context":205},2331,{"file":185,"line":291,"context":205},2405,{"file":185,"line":293,"context":205},2513,{"file":185,"line":295,"context":205},2523,{"file":185,"line":297,"context":205},2533,{"file":185,"line":299,"context":205},2543,{"file":185,"line":301,"context":205},2555,{"file":185,"line":303,"context":205},2707,{"file":185,"line":305,"context":205},2716,{"file":185,"line":307,"context":205},2739,{"file":185,"line":309,"context":205},2746,{"file":185,"line":311,"context":205},2768,{"file":185,"line":313,"context":205},2778,{"file":185,"line":315,"context":205},2785,{"file":185,"line":317,"context":205},2816,{"file":185,"line":319,"context":205},2817,{"file":185,"line":321,"context":205},2824,{"file":185,"line":323,"context":205},2825,{"file":185,"line":325,"context":205},2847,{"file":185,"line":327,"context":205},2854,{"file":185,"line":329,"context":205},2867,{"file":185,"line":331,"context":205},2970,{"file":185,"line":333,"context":205},2986,{"file":185,"line":335,"context":205},3213,{"file":185,"line":337,"context":205},3218,{"file":185,"line":339,"context":205},3224,{"file":185,"line":341,"context":205},3238,{"file":185,"line":343,"context":205},3244,{"file":185,"line":345,"context":205},3246,{"file":185,"line":347,"context":205},3247,{"file":185,"line":349,"context":205},3300,{"file":185,"line":351,"context":205},3324,{"file":185,"line":353,"context":205},3333,{"file":185,"line":355,"context":205},3405,{"file":185,"line":357,"context":205},3454,{"file":185,"line":359,"context":205},3477,{"file":185,"line":361,"context":205},3492,{"file":185,"line":363,"context":205},3634,{"file":185,"line":365,"context":205},3674,{"file":185,"line":367,"context":205},3747,{"file":185,"line":369,"context":205},3752,{"file":185,"line":371,"context":205},3753,{"file":185,"line":373,"context":205},3754,{"file":185,"line":375,"context":205},3755,{"file":185,"line":377,"context":205},3757,{"file":185,"line":379,"context":205},3758,{"file":185,"line":381,"context":205},3768,21,[],[385],{"entryPoint":386,"graph":387,"unsanitizedCount":28,"severity":402},"\u003Cloader-wizard> (loader-wizard.php:0)",{"nodes":388,"edges":399},[389,394],{"id":390,"type":391,"label":392,"file":185,"line":393},"n0","source","$_SERVER",1545,{"id":395,"type":396,"label":397,"file":185,"line":349,"wp_function":398},"n1","sink","echo() [XSS]","echo",[400],{"from":390,"to":395,"sanitized":401},false,"low",{"summary":404,"deductions":405},"The \"ioncube-tester-plus\" v1.5 plugin presents a mixed security posture, with some encouraging signs but also significant areas of concern.  The static analysis reveals a very limited attack surface, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events, which is generally positive for reducing immediate exploit vectors. Furthermore, all identified SQL queries utilize prepared statements, a strong indicator of good database interaction practices. However, the presence of dangerous functions like `unserialize`, `shell_exec`, and `system` is a major red flag, as these can be exploited for arbitrary code execution if not handled with extreme care and robust input validation, which the analysis suggests is lacking.\n\nThe taint analysis shows one flow with unsanitized paths, which, while not a critical or high severity issue in this instance, still points to potential weaknesses in how user-supplied data influencing file operations or commands is handled. The vulnerability history is particularly concerning, with one past critical vulnerability categorized as Path Traversal. Although there are no currently unpatched CVEs, the existence of a critical path traversal vulnerability in the past, coupled with the use of functions susceptible to such attacks and the indication of unsanitized paths, suggests a recurring or underlying issue in secure coding practices.\n\nIn conclusion, while the plugin benefits from a small attack surface and secure SQL practices, the critical danger functions, potential for unsanitized paths, and past critical vulnerability indicate a high risk of severe security incidents. The lack of capability checks and nonce checks on the identified entry points (even though there are zero) would be a major concern if those entry points were present and exposed to user input, and their absence in the analysis highlights an area that requires constant vigilance. The plugin developer must prioritize addressing the dangerous functions and ensuring all file operations and command executions are thoroughly sanitized.",[406,409,411,414,416,419],{"reason":407,"points":408},"Dangerous functions found (unserialize, shell_exec, system)",15,{"reason":410,"points":143},"Unsanitized paths in taint analysis flow",{"reason":412,"points":413},"Past critical vulnerability (Path Traversal)",18,{"reason":415,"points":162},"Low percentage of properly escaped output",{"reason":417,"points":418},"No nonce checks on entry points",5,{"reason":420,"points":418},"No capability checks on entry points","2026-03-16T20:03:02.610Z",{"wat":423,"direct":432},{"assetPaths":424,"generatorPatterns":427,"scriptPaths":428,"versionParams":429},[425,426],"\u002Fwp-content\u002Fplugins\u002Fioncube-tester-plus\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fioncube-tester-plus\u002Fscript.js",[],[426],[430,431],"ioncube-tester-plus\u002Fstyle.css?ver=","ioncube-tester-plus\u002Fscript.js?ver=",{"cssClasses":433,"htmlComments":434,"htmlAttributes":438,"restEndpoints":439,"jsGlobals":440,"shortcodeOutput":441},[],[435,436,437],"\u003C!-- ionCube Loader install Wizard -->","\u003C!-- ionCube is a registered trademark of ionCube Ltd. -->","\u003C!-- Copyright (c) ionCube Ltd. 2002-2011 -->",[],[],[],[]]