[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJlCiI4wI3zXK0kv2m_oXKAUXLqAxfns9sBv3_qFohQE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":126,"fingerprints":227},"ipv6detector","IPv6 Detector","1.2","ppatux","https:\u002F\u002Fprofiles.wordpress.org\u002Fppatux\u002F","\u003Cp>Simple IPv6 detector widget for WordPress to show if user is connecting with IPv6 or IPv4.\u003C\u002Fp>\n\u003Cp>Additionaly, it makes a link to a whois service with the ip address.\u003C\u002Fp>\n\u003Cp>It was born because of my own blog. I needed to include a little box that shows users ip and different messages depending on the ip version.\u003C\u002Fp>\n\u003Cp>The idea behind this is to promote and leave a way to discover and make sense about the ipv4 address space limits.\u003C\u002Fp>\n","Simple IPv6 detector widget for WordPress to show if user is connecting with IPv6 or IPv4.",20,2956,0,"2011-06-28T02:03:00.000Z","3.1.4","2.6.0","",[19,20,21,22],"detect","ipv4","ipv6","whois","http:\u002F\u002Fpatux.cl\u002Fipv6detector","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fipv6detector.1.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-05T17:51:08.980Z",[35,57,74,90,112],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":30,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"atec-stats","atec Stats","1.1.34","docjojo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdocjojo\u002F","\u003Cp>This plugin observes incoming traffic and logs page views and visitors.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No configuration required.\u003C\u002Fli>\n\u003Cli>IP addresses are obfuscated after processing, so it is very GDPR safe.\u003C\u002Fli>\n\u003Cli>Optimized DB design and data types guarantee for the lowest storage usage (32 bytes per IP log entry, so roughly 1GB per 31 million distinctiv visits).\u003C\u002Fli>\n\u003Cli>Advanced minimal logging only adds an average of 1 ms to page load time.\u003C\u002Fli>\n\u003Cli>Super fast Internal IP2GEO location database for IP resolution (2.5MB).\u003C\u002Fli>\n\u003Cli>For multisite use, the plugin must be active on each site that you want to be included in the stats.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Specifications\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Requires jQuery in the frontend to bypass page cache plugins.\u003C\u002Fli>\n\u003Cli>CDN compatible (like cloudflare.com or bunny.net).\u003C\u002Fli>\n\u003Cli>Multisite compatible.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Third-Party Services\u003C\u002Fh3>\n\u003Ch3>Integrity check\u003C\u002Fh3>\n\u003Cp>Once, when activating the plugin, an integrity check is requested from our server – if you give your permission.\u003Cbr \u002F>\nSource: https:\u002F\u002Fatecplugins.com\u002F\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Cp>The country map requires access to google’s chart API at https:\u002F\u002Fwww.gstatic.com.\u003Cbr \u002F>\nNo account required.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fp>\n\u003Ch3>3rd party data\u003C\u002Fh3>\n\u003Cp>This product includes IP2GEO™ location data created by IP2Location, available from https:\u002F\u002Fwww.ip2location.com.\u003Cbr \u002F>\nCountry flags by “Free Country Flags in SVG” @ https:\u002F\u002Fflagicons.lipis.dev\u002F\u003C\u002Fp>\n\u003Cp>The file IP2LOCATION-LITE-DB1.BIN.zip is around 800 KB in size and therefore not included in the plugin.\u003Cbr \u002F>\nIt is downloaded from https:\u002F\u002Fatecplugins.com\u002F and stored in the uploads\u002Fatec-stats folder on plugin activation.\u003Cbr \u002F>\nPrivacy policy: https:\u002F\u002Fatecplugins.com\u002Fprivacy-policy\u002F\u003C\u002Fp>\n\u003Ch3>Tracking Behavior\u003C\u002Fh3>\n\u003Cp>This plugin sends a single stats request per pageview, triggered by the visitor’s first interaction (click, scroll, touch, etc.). An optional short timeout can fire the request if the user reads without interacting.\u003Cbr \u002F>\nThis approach avoids interfering with normal browsing, reduces bot noise, and provides cleaner, more meaningful visit data.\u003C\u002Fp>\n","Lightweight, beautiful and GDPR compliant WP statistics, including countries map (IPv4, IPv6, CDN & Multisite compatible).",50,3781,100,"2026-01-08T13:20:00.000Z","6.9.4","4.9","7.4",[51,52,53,21,54],"beautiful-and-gdpr-compliant-wp-statistics","cdn-multisite-compatible","including-countries-map-ipv4","lightweight","https:\u002F\u002Fatecplugins.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fatec-stats.1.1.34.zip",{"slug":58,"name":59,"version":6,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":30,"last_updated":17,"tested_up_to":67,"requires_at_least":16,"requires_php":17,"tags":68,"homepage":71,"download_link":72,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":73},"client-ip-detector","Client IP Detector Plugin","alessiobravi","https:\u002F\u002Fprofiles.wordpress.org\u002Falessiobravi\u002F","\u003Cp>Simple IP detector widget for WordPress to show if user is connecting with IPv6 or IPv4.\u003C\u002Fp>\n\u003Cp>IPv4 Address TAG will be marked in RED while IPv6 ones will me marked in GREEN, to remember the reached availability limits of v4 Protocols.\u003C\u002Fp>\n\u003Cp>Statistics (percentage) of clients using IPv6 and IPv4 are generated and printed.\u003C\u002Fp>\n","A Simple widget to display client IP Address and print if the client is connecting via IPv6 or IPv4.",10,2254,80,"3.5.2",[69,70,20,21],"client-ip","ip","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fclient-ip-detector\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fclient-ip-detector.zip","2026-03-15T10:48:56.248Z",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":13,"downloaded":82,"rating":13,"num_ratings":13,"last_updated":83,"tested_up_to":17,"requires_at_least":84,"requires_php":85,"tags":86,"homepage":88,"download_link":89,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"subnet-info","subnetinfo","1.0.1","Cris van Geel","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrisvangeel\u002F","\u003Cp>This plugin provides detailed info about an IPv4 or IPv6 subnet.\u003C\u002Fp>\n\u003Cp>How do you use it? Place the IP adres and CIDR subnet between [subnetinfo] and [\u002Fsubnetinfo] brackets.\u003C\u002Fp>\n\u003Cp>Use the following format :  [subnetinfo]FE80:0000:0000:0000:0202:B3FF:FE1E:8329\u002F64[\u002Fsubnetinfo]\u003C\u002Fp>\n\u003Cp>or [subnetinfo]192.168.100.10\u002F24[\u002Fsubnetinfo]\u003C\u002Fp>\n\u003Cp>It will be automatically parsed to a nice layout.\u003C\u002Fp>\n\u003Cp>The address identification  and all calculation are carried out within the plugin itself.\u003C\u002Fp>\n\u003Cp>A link to IANA is created in the results to the corresponding RFC which describes more details about the specific IP range.\u003Cbr \u002F>\nFor some special IP ranges that are not directly described in an RFC, a link to a relevant website or Wikipedia site is offered.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Provides detailed information about the IP adress and subnet using a shortcode.",1115,"2019-11-08T19:51:00.000Z","5.0.0","5.1",[70,20,21,87,76],"subnet","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fsubnetinfo\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubnet-info.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":97,"active_installs":98,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":110,"download_link":111,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"embed-optimizer","Embed Optimizer","1.0.0-beta5","WordPress Performance Team","https:\u002F\u002Fprofiles.wordpress.org\u002Fperformanceteam\u002F","\u003Cp>This plugin’s purpose is to optimize the performance of \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fdocumentation\u002Farticle\u002Fembeds\u002F\" rel=\"ugc\">embeds in WordPress\u003C\u002Fa>, such as Tweets, YouTube videos, TikToks, and others.\u003C\u002Fp>\n\u003Cp>The current optimizations include:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Lazy loading embeds just before they come into view.\u003C\u002Fli>\n\u003Cli>Adding dns-prefetch links for embeds in the initial viewport.\u003C\u002Fli>\n\u003Cli>Reserving space for embeds that resize to reduce layout shifting.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Lazy loading embeds\u003C\u002Fstrong> improves performance because embeds are generally very resource-intensive, so lazy loading them ensures that they don’t compete with resources when the page is loading. Lazy loading of \u003Ccode>IFRAME\u003C\u002Fcode>-based embeds is handled simply by adding the \u003Ccode>loading=lazy\u003C\u002Fcode> attribute. Lazy loading embeds that include \u003Ccode>SCRIPT\u003C\u002Fcode> tags is handled by using an Intersection Observer to watch for when the embed’s \u003Ccode>FIGURE\u003C\u002Fcode> container is going to enter the viewport, and then it dynamically inserts the \u003Ccode>SCRIPT\u003C\u002Fcode> tag.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin also recommends that you install and activate the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foptimization-detective\u002F\" rel=\"ugc\">Optimization Detective\u003C\u002Fa> plugin\u003C\u002Fstrong>, which unlocks several optimizations beyond just lazy loading. Without Optimization Detective, lazy loading can actually degrade performance \u003Cem>when an embed is positioned in the initial viewport\u003C\u002Fem>. This is because lazy loading such viewport-initial elements can degrade LCP since rendering is delayed by the logic to determine whether the element is visible. This is why WordPress Core tries its best to \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2021\u002F07\u002F15\u002Frefining-wordpress-cores-lazy-loading-implementation\u002F\" rel=\"nofollow ugc\">avoid\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2021\u002F07\u002F15\u002Frefining-wordpress-cores-lazy-loading-implementation\u002F\" rel=\"nofollow ugc\">lazy loading\u003C\u002Fa> \u003Ccode>IMG\u003C\u002Fcode> tags which appear in the initial viewport, although the server-side heuristics aren’t perfect. This is where Optimization Detective comes in since it detects whether an embed appears in any breakpoint-specific viewports, like mobile, tablet, and desktop. (See also the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-prioritizer\u002F\" rel=\"ugc\">Image Prioritizer\u003C\u002Fa> plugin which extends Optimization Detective to ensure lazy loading is correctly applied based on whether an IMG is in the initial viewport.)\u003C\u002Fp>\n\u003Cp>When Optimization Detective is active, it will start keeping track of which embeds appear in the initial viewport based on actual visits to your site. With this information in hand, Embed Optimizer will then avoid lazy loading embeds which appear in the initial viewport. Furthermore, for such above-the-fold embeds Embed Optimizer will also \u003Cstrong>add dns-prefetch links\u003C\u002Fstrong> for resources known to be used by those embeds. For example, if a YouTube embed appears in the initial viewport, Embed Optimizer with Optimization Detective will omit \u003Ccode>loading=lazy\u003C\u002Fcode> while also adding a \u003Ccode>dns-prefetch\u003C\u002Fcode> link for \u003Ccode>https:\u002F\u002Fi.ytimg.com\u003C\u002Fcode> which is the domain from which YouTube video poster images are served. Such links cause the initial-viewport embeds to load even faster.\u003C\u002Fp>\n\u003Cp>The other major feature in Embed Optimizer enabled by Optimization Detective is the \u003Cstrong>reduction of layout shifts\u003C\u002Fstrong> caused by embeds that resize when they load. This is seen commonly in WordPress post embeds or Tweet embeds. Embed Optimizer keeps track of the resized heights of these embeds. With these resized heights stored, Embed Optimizer sets the appropriate height on the container FIGURE element as the viewport-specific \u003Ccode>min-height\u003C\u002Fcode> so that when the embed loads it does not cause a layout shift.\u003C\u002Fp>\n\u003Cp>Since Optimization Detective relies on page visits to learn how the page is laid out, you’ll need to wait until you have visits from a mobile and desktop device to start seeing optimizations applied. Also, note that Optimization Detective does not apply optimizations by default for logged-in admin users.\u003C\u002Fp>\n\u003Cp>Please note that the optimizations are intended to apply to Embed blocks. So if you do not see optimizations applied, make sure that your embeds are not inside a Classic Block.\u003C\u002Fp>\n\u003Cp>Your site must have the \u003Cstrong>REST API accessible\u003C\u002Fstrong> to unauthenticated frontend visitors since this is how metrics are collected about how a page should be optimized. There are currently \u003Cstrong>no settings\u003C\u002Fstrong> and no user interface for this plugin since it is designed to work without any configuration.\u003C\u002Fp>\n","Optimizes the performance of embeds through lazy-loading, adding dns-prefetch links, and reserving space to reduce layout shifts.",60000,349166,60,2,"2026-02-27T20:19:00.000Z","7.0","6.6","7.2",[107,108,109],"embeds","optimization-detective","performance","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance\u002Ftree\u002Ftrunk\u002Fplugins\u002Fembed-optimizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fembed-optimizer.1.0.0-beta5.zip",{"slug":113,"name":114,"version":115,"author":94,"author_profile":95,"description":116,"short_description":117,"active_installs":118,"downloaded":119,"rating":45,"num_ratings":30,"last_updated":120,"tested_up_to":47,"requires_at_least":104,"requires_php":105,"tags":121,"homepage":124,"download_link":125,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"image-prioritizer","Image Prioritizer","1.0.0-beta3","\u003Cp>This plugin optimizes the loading of images (and videos) with prioritization to improve \u003Ca href=\"https:\u002F\u002Fweb.dev\u002Farticles\u002Flcp\" rel=\"nofollow ugc\">Largest Contentful Paint\u003C\u002Fa> (LCP), lazy loading, and more accurate image size selection.\u003C\u002Fp>\n\u003Cp>The current optimizations include:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Add breakpoint-specific \u003Ccode>fetchpriority=high\u003C\u002Fcode> preload links (both as \u003Ccode>LINK[rel=preload]\u003C\u002Fcode> elements and \u003Ccode>Link\u003C\u002Fcode> response headers) for image URLs of LCP elements:\n\u003Col>\n\u003Cli>An \u003Ccode>IMG\u003C\u002Fcode> element, including the \u003Ccode>srcset\u003C\u002Fcode>\u002F\u003Ccode>sizes\u003C\u002Fcode> attributes supplied as \u003Ccode>imagesrcset\u003C\u002Fcode>\u002F\u003Ccode>imagesizes\u003C\u002Fcode> on the \u003Ccode>LINK\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>The first \u003Ccode>SOURCE\u003C\u002Fcode> element with a \u003Ccode>type\u003C\u002Fcode> attribute in a \u003Ccode>PICTURE\u003C\u002Fcode> element. (Art-directed \u003Ccode>PICTURE\u003C\u002Fcode> elements using media queries are not supported.)\u003C\u002Fli>\n\u003Cli>An element with a CSS \u003Ccode>background-image\u003C\u002Fcode> inline \u003Ccode>style\u003C\u002Fcode> attribute.\u003C\u002Fli>\n\u003Cli>An element with a CSS \u003Ccode>background-image\u003C\u002Fcode> applied with a stylesheet (when the image is from an allowed origin).\u003C\u002Fli>\n\u003Cli>A \u003Ccode>VIDEO\u003C\u002Fcode> element’s \u003Ccode>poster\u003C\u002Fcode> image.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>Ensure \u003Ccode>fetchpriority=high\u003C\u002Fcode> is only added to an \u003Ccode>IMG\u003C\u002Fcode> when it is the LCP element across all responsive breakpoints.\u003C\u002Fli>\n\u003Cli>Add \u003Ccode>fetchpriority=low\u003C\u002Fcode> to \u003Ccode>IMG\u003C\u002Fcode> tags which appear in the initial viewport but are not visible, such as when they are subsequent carousel slides.\u003C\u002Fli>\n\u003Cli>Lazy loading:\n\u003Col>\n\u003Cli>Apply lazy loading to \u003Ccode>IMG\u003C\u002Fcode> tags based on whether they appear in any breakpoint’s initial viewport.\u003C\u002Fli>\n\u003Cli>Implement lazy loading of CSS background images added via inline \u003Ccode>style\u003C\u002Fcode> attributes.\u003C\u002Fli>\n\u003Cli>Lazy-load \u003Ccode>VIDEO\u003C\u002Fcode> tags by setting the appropriate attributes based on whether they appear in the initial viewport. If a \u003Ccode>VIDEO\u003C\u002Fcode> is the LCP element, it gets \u003Ccode>preload=auto\u003C\u002Fcode>; if it is in an initial viewport, the \u003Ccode>preload=metadata\u003C\u002Fcode> default is left; if it is not in an initial viewport, it gets \u003Ccode>preload=none\u003C\u002Fcode>. Lazy-loaded videos also get initial \u003Ccode>preload\u003C\u002Fcode>, \u003Ccode>autoplay\u003C\u002Fcode>, and \u003Ccode>poster\u003C\u002Fcode> attributes restored when the \u003Ccode>VIDEO\u003C\u002Fcode> is going to enter the viewport.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>Responsive image sizes:\n\u003Col>\n\u003Cli>Ensure \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2024\u002F10\u002F18\u002Fauto-sizes-for-lazy-loaded-images-in-wordpress-6-7\u002F\" rel=\"nofollow ugc\">\u003Ccode>sizes=auto\u003C\u002Fcode>\u003C\u002Fa> is set on \u003Ccode>IMG\u003C\u002Fcode> tags after setting correct lazy-loading (above).\u003C\u002Fli>\n\u003Cli>~~Compute the \u003Ccode>sizes\u003C\u002Fcode> attribute using the widths of an image collected from URL Metrics for each breakpoint (when not lazy-loaded since then handled by \u003Ccode>sizes=auto\u003C\u002Fcode>).~~ (This has been removed due to an \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance\u002Fissues\u002F2098\" rel=\"nofollow ugc\">issue\u003C\u002Fa>; use \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fauto-sizes\u002F\" rel=\"ugc\">Enhanced Responsive Images instead\u003C\u002Fa>.)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003C\u002Fli>\n\u003Cli>Reduce the size of the \u003Ccode>poster\u003C\u002Fcode> image of a \u003Ccode>VIDEO\u003C\u002Fcode> from full size to the size appropriate for the maximum width of the video (on desktop).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>This plugin requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foptimization-detective\u002F\" rel=\"ugc\">Optimization Detective\u003C\u002Fa> plugin as a dependency.\u003C\u002Fstrong> Please refer to that plugin for additional background on how this plugin works as well as additional developer options.\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Note:\u003C\u002Fstrong> This plugin optimizes pages for actual visitors, and it depends on visitors to optimize pages. As such, you won’t see optimizations applied immediately after activating the plugin. Please wait for URL Metrics to be gathered for both mobile and desktop visits. And since administrator users are not normal visitors typically, optimizations are not applied for admins by default.\u003C\u002Fp>\n\u003Cp>Your site must have the \u003Cstrong>REST API accessible\u003C\u002Fstrong> to unauthenticated frontend visitors since this is how metrics are collected about how a page should be optimized. There are currently \u003Cstrong>no settings\u003C\u002Fstrong> and no user interface for this plugin since it is designed to work without any configuration.\u003C\u002Fp>\n","Prioritizes the loading of images and videos based on how they appear to actual visitors: adds fetchpriority, preloads, lazy-loads, and sets sizes.",50000,275800,"2026-01-09T00:12:00.000Z",[122,123,108,109],"image","optimization","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fperformance\u002Ftree\u002Ftrunk\u002Fplugins\u002Fimage-prioritizer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fimage-prioritizer.1.0.0-beta3.zip",{"attackSurface":127,"codeSignals":139,"taintFlows":164,"riskAssessment":212,"analyzedAt":226},{"hooks":128,"ajaxHandlers":135,"restRoutes":136,"shortcodes":137,"cronEvents":138,"entryPointCount":13,"unprotectedCount":13},[129],{"type":130,"name":131,"callback":132,"file":133,"line":134},"action","init","ipv6detector_register_widget","ipv6detector.php",13,[],[],[],[],{"dangerousFunctions":140,"sqlUsage":141,"outputEscaping":143,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":163},[],{"prepared":13,"raw":13,"locations":142},[],{"escaped":13,"rawEcho":64,"locations":144},[145,147,149,151,153,155,157,158,159,161],{"file":133,"line":31,"context":146},"raw output",{"file":133,"line":148,"context":146},31,{"file":133,"line":150,"context":146},34,{"file":133,"line":152,"context":146},37,{"file":133,"line":154,"context":146},44,{"file":133,"line":156,"context":146},49,{"file":133,"line":43,"context":146},{"file":133,"line":100,"context":146},{"file":133,"line":160,"context":146},67,{"file":133,"line":162,"context":146},74,[],[165,198],{"entryPoint":166,"graph":167,"unsanitizedCount":196,"severity":197},"ipv6detector_control (ipv6detector.php:53)",{"nodes":168,"edges":191},[169,174,179,183,185,189],{"id":170,"type":171,"label":172,"file":133,"line":173},"n0","source","$_POST['url']",57,{"id":175,"type":176,"label":177,"file":133,"line":173,"wp_function":178},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":180,"type":171,"label":181,"file":133,"line":182},"n2","$_POST['v4_msg']",64,{"id":184,"type":176,"label":177,"file":133,"line":182,"wp_function":178},"n3",{"id":186,"type":171,"label":187,"file":133,"line":188},"n4","$_POST['v6_msg']",71,{"id":190,"type":176,"label":177,"file":133,"line":188,"wp_function":178},"n5",[192,194,195],{"from":170,"to":175,"sanitized":193},false,{"from":180,"to":184,"sanitized":193},{"from":186,"to":190,"sanitized":193},3,"low",{"entryPoint":199,"graph":200,"unsanitizedCount":196,"severity":197},"\u003Cipv6detector> (ipv6detector.php:0)",{"nodes":201,"edges":208},[202,203,204,205,206,207],{"id":170,"type":171,"label":172,"file":133,"line":173},{"id":175,"type":176,"label":177,"file":133,"line":173,"wp_function":178},{"id":180,"type":171,"label":181,"file":133,"line":182},{"id":184,"type":176,"label":177,"file":133,"line":182,"wp_function":178},{"id":186,"type":171,"label":187,"file":133,"line":188},{"id":190,"type":176,"label":177,"file":133,"line":188,"wp_function":178},[209,210,211],{"from":170,"to":175,"sanitized":193},{"from":180,"to":184,"sanitized":193},{"from":186,"to":190,"sanitized":193},{"summary":213,"deductions":214},"The \"ipv6detector\" v1.2 plugin exhibits a seemingly robust security posture based on the provided static analysis and vulnerability history. The absence of any identified CVEs and a lack of common vulnerability types in its history suggest a well-maintained and secure plugin. Furthermore, the static analysis reveals a zero attack surface for AJAX, REST API, shortcodes, and cron events, and importantly, no unprotected entry points. The code also demonstrates good practices by exclusively using prepared statements for SQL queries and having no file operations or external HTTP requests. This indicates a low likelihood of common web vulnerabilities such as SQL injection, file inclusion, or remote code execution. However, a significant concern arises from the output escaping analysis, where 100% of outputs are not properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the website's content and executed by users' browsers. The taint analysis, while showing no critical or high severity unsanitized paths, does reveal two flows with unsanitized paths, which, when combined with the lack of output escaping, could potentially lead to XSS if those paths involve user-supplied data that is later displayed. The absence of nonces and capability checks on these potential output points further exacerbates this risk, as there are no built-in mechanisms to verify user intent or permissions before displaying potentially malicious content.",[215,218,221,224],{"reason":216,"points":217},"100% of outputs not properly escaped",8,{"reason":219,"points":220},"2 flows with unsanitized paths",4,{"reason":222,"points":223},"0 Nonce checks",5,{"reason":225,"points":223},"0 Capability checks","2026-03-16T22:56:38.251Z",{"wat":228,"direct":233},{"assetPaths":229,"generatorPatterns":230,"scriptPaths":231,"versionParams":232},[],[],[],[],{"cssClasses":234,"htmlComments":237,"htmlAttributes":238,"restEndpoints":242,"jsGlobals":243,"shortcodeOutput":248},[235,236],"bshow","bhide",[],[239,240,241],"id=\"bshow\"","id=\"bhide\"","id=\"ipstat\"",[],[244,245,246,247],"lshow","lhide","showinfo","hideinfo",[]]