[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnW0M2KSFqHigcUJoRaJ4Ucz2ZsozTyLhppRK1h-FH1Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":35,"analysis":122,"fingerprints":173},"ithstatswp-client","IthStatsWP Client","0.0.2","4ebizz","https:\u002F\u002Fprofiles.wordpress.org\u002F4ebizz\u002F","\u003Cp>Main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Self-hosted system: Resides on your own server and totally under your control\u003C\u002Fli>\n\u003Cli>One-click updates for WordPress, plugins and themes across all your sites\u003C\u002Fli>\n\u003Cli>One-click access to all WP admin panels\u003C\u002Fli>\n\u003Cli>Bulk Manage plugins: Activate & Deactive multiple plugins on multiple sites simultaneously\u003C\u002Fli>\n\u003Cli>and more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Install this plugin on unlimited sites and manage them all from a central dashboard.",10,1295,0,"2016-04-28T09:39:00.000Z","4.4.34","3.0","",[19,20,21,22,23],"admin","administration","api","authentication","restfull-api","http:\u002F\u002Fithtesting.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fithstatswp-client.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},1,30,84,"2026-04-04T09:02:42.404Z",[36,51,72,91,108],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":16,"requires_php":17,"tags":47,"homepage":49,"download_link":50,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wpsupervisor-client","WPSupervisor Client","1.1.10","Profit Marketer","https:\u002F\u002Fprofiles.wordpress.org\u002Fprofit-marketer\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.profitmarketer.com\u002Fservices\u002Fwp-supervisor\u002F\" rel=\"nofollow ugc\">WPSupervisor\u003C\u002Fa> allows users to manage unlimited number of WordPress sites from their account.\u003C\u002Fp>\n\u003Cp>Main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>One-click updates for WordPress, plugins and themes across all your sites\u003C\u002Fli>\n\u003Cli>Instant backup and restore your entire site or just the database\u003C\u002Fli>\n\u003Cli>One-click access to all WP admin panels\u003C\u002Fli>\n\u003Cli>Bulk Manage plugins & themes: Activate & Deactive multiple plugins & themes on multiple sites simultaneously\u003C\u002Fli>\n\u003Cli>Bulk Install plugins & themes in multiple sites at once\u003C\u002Fli>\n\u003Cli>and more..\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit us at \u003Ca href=\"http:\u002F\u002Fwww.profitmarketer.com\u002Fservices\u002Fwp-supervisor\u002F\" rel=\"nofollow ugc\">WPSupervisor\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Check out the \u003Ca href=\"http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=5HFY4iYifbE\" rel=\"nofollow ugc\">WPSupervisor Overview Video\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Credits: \u003Ca href=\"http:\u002F\u002Finfinitewp.com\u002F\" rel=\"nofollow ugc\">InfiniteWP\u003C\u002Fa> for InfiniteWP Client and \u003Ca href=\"http:\u002F\u002Fprelovac.com\u002Fvladimir\" rel=\"nofollow ugc\">Vladimir Prelovac\u003C\u002Fa> for his worker plugin on which the client plugin is being developed.\u003C\u002Fp>\n","Install this plugin on unlimited sites and manage them all from a central dashboard. This plugin communicates with your WPSupervisor Admin Panel.",2631,"2013-04-09T12:25:00.000Z","3.5.2",[19,20,48,21,22],"amazon","http:\u002F\u002Fprofitmarketer.com\u002Fplugins\u002Fwps-client","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpsupervisor-client.zip",{"slug":52,"name":53,"version":54,"author":53,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":69,"download_link":70,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bugherd","BugHerd","1.0.14","https:\u002F\u002Fprofiles.wordpress.org\u002Fbugherd\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fbugherd.com\u002F\" rel=\"nofollow ugc\">BugHerd\u003C\u002Fa> is the world’s simplest visual feedback tool for websites. BugHerd turns the tedious task of issue tracking into a streamlined process. Point and click to highlight issues and manage them through to completion using the BugHerd Kanban board. Loved by thousands of great teams worldwide to manage projects across the web, ensuring no website feedback falls through the cracks.\u003C\u002Fp>\n\u003Ch3>How it works\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FizG3vI9t_YE?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>BugHerd’s simple website feedback and bug tracking tool sits on top of your website and lets you and your stakeholders log website feedback instantaneously.\u003C\u002Fp>\n\u003Cp>The feedback and comments are pinned to the website element, letting your team access it directly from the webpage. Website bug and issue tracking has never been easier.\u003C\u002Fp>\n\u003Ch3>BugHerd features\u003C\u002Fh3>\n\u003Ch3>Easy website annotations\u003C\u002Fh3>\n\u003Cp>Get clear, actionable feedback from your team and clients with website annotations, pinned directly on the webpage, without leaving the website.\u003C\u002Fp>\n\u003Ch3>Feedback on designs & deliverables\u003C\u002Fh3>\n\u003Cp>Discover the best way to get marketing asset feedback from your stakeholders.\u003C\u002Fp>\n\u003Ch3>Actionable bug reports\u003C\u002Fh3>\n\u003Cp>Automatically capture complete and contextual info from the feedback or bug submitted (including screenshots, video, browser, OS & CSS selector data)\u003C\u002Fp>\n\u003Ch3>Integrated kanban board\u003C\u002Fh3>\n\u003Cp>BugHerd’s task board makes it easy to triage the feedback from your team, clients and stakeholders. Remove duplicate tasks, assign them to your team for completion, and set severities. Comment on tasks to further clarify them with clients or with your team.\u003C\u002Fp>\n\u003Ch3>Video feedback\u003C\u002Fh3>\n\u003Cp>Create walkthroughs to give feedback and report bugs on your website with BugHerd’s video feedback tool.\u003C\u002Fp>\n\u003Ch3>Public feedback widget\u003C\u002Fh3>\n\u003Cp>Capture and manage website feedback from visitors or users, without requiring them to be invited into a BugHerd project. BugHerd’s public feedback tool lets you customize an always-on feedback experience, perfect for live websites.\u003C\u002Fp>\n\u003Ch3>BugHerd WordPress plugin features\u003C\u002Fh3>\n\u003Cp>BugHerd’s WordPress plugin removes the need to add code to your website, or to install the extension. Simply install the plugin once, then turn it on and off as required. You and your stakeholders can use BugHerd on both your websites and the WordPress Admin.\u003C\u002Fp>\n\u003Cp>Find out how to install the \u003Ca href=\"https:\u002F\u002Fsupport.bugherd.com\u002Fen\u002Farticles\u002F84872-install-the-bugherd-wordpress-plugin\" rel=\"nofollow ugc\">BugHerd WordPress plugin here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>BugHerd integrates with your favorite tools\u003C\u002Fh3>\n\u003Cp>Looking to integrate our website feedback and bug tracking tools into your workflow seamlessly? BugHerd is designed to be a complete all-in-one solution for managing website feedback, but some teams prefer to integrate with tools they previously used for resolving web bugs and issues.\u003Cbr \u002F>\nBugHerd has 2-way integration with your favorite tools And we’re always adding new integrations to meet our customers needs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Jira\u003C\u002Fli>\n\u003Cli>Trello\u003C\u002Fli>\n\u003Cli>Asana\u003C\u002Fli>\n\u003Cli>Monday.com\u003C\u002Fli>\n\u003Cli>ClickUp\u003C\u002Fli>\n\u003Cli>Slack\u003C\u002Fli>\n\u003Cli>GitHub\u003C\u002Fli>\n\u003Cli>Basecamp\u003C\u002Fli>\n\u003Cli>Drupal\u003C\u002Fli>\n\u003Cli>Zapier\u003C\u002Fli>\n\u003Cli>Make\u003C\u002Fli>\n\u003Cli>Harvest\u003C\u002Fli>\n\u003Cli>Linear\u003C\u002Fli>\n\u003Cli>FullStory\u003C\u002Fli>\n\u003Cli>LogRocket\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Get Started with a free trial\u003C\u002Fh3>\n\u003Cp>Try BugHerd free for 7 days. You can get started at \u003Ca href=\"https:\u002F\u002Fbugherd.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbugherd.com\u002F \u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Q&A\u003C\u002Fh3>\n\u003Ch3>What is BugHerd?\u003C\u002Fh3>\n\u003Cp>BugHerd is the world’s simplest visual feedback tool for websites. You will never need to second guess what your client meant by the feedback they sent via email or on a spreadsheet.\u003C\u002Fp>\n\u003Ch3>Do I need to sign up?\u003C\u002Fh3>\n\u003Cp>Yes, in order to use BugHerd, you will need to sign up for an account at \u003Ca href=\"https:\u002F\u002Fbugherd.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbugherd.com\u002F\u003C\u002Fa>. All BugHerd accounts come with a 7-day free trial, so that you have enough time to work out which plan you need for the work that you do. Our plans are available from $41\u002Fmonth.\u003C\u002Fp>\n\u003Ch3>Do I need to install anything?\u003C\u002Fh3>\n\u003Cp>Yes, you need to install the BugHerd WordPress plugin. It’s available on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbugherd\u002F#description\" rel=\"ugc\">WordPress plugin library\u003C\u002Fa> and you can install it directly from your WordPress Dashboard. Follow these \u003Ca href=\"https:\u002F\u002Fsupport.bugherd.com\u002Fhc\u002Fen-us\u002Farticles\u002F360002180976-Install-the-BugHerd-Wordpress-plugin\" rel=\"nofollow ugc\">installation instructions\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Ch3>Does BugHerd work on a local or staging environment?\u003C\u002Fh3>\n\u003Cp>It works on both! Once you install the plugin, you can use it on staging links, production links or even admin pages you’re editing, making it easy to leave feedback on pages\u003C\u002Fp>\n\u003Ch3>Can I contact BugHerd if I have an issue?\u003C\u002Fh3>\n\u003Cp>Absolutely! Our support team would love to help you out. You can email us at support@bugherd.com.\u003C\u002Fp>\n\u003Ch3>How to Install\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Log in to your WordPress Admin.\u003C\u002Fli>\n\u003Cli>Click on the Plugins tab in your WordPress Site. The Plugins window opens.\u003C\u002Fli>\n\u003Cli>In the search box, type BugHerd to search for the BugHerd plugin.\u003C\u002Fli>\n\u003Cli>Click on the BugHerd plugin to open it.\u003C\u002Fli>\n\u003Cli>Click the Install and activate button next to BugHerd. BugHerd will install and open the Settings menu.\u003C\u002Fli>\n\u003Cli>You’ll need to enter your Project Key from BugHerd to enable the Plugin. Use these instructions to find your Project Key in BugHerd.\u003C\u002Fli>\n\u003Cli>If you want BugHerd on your WordPress Admin pages, select the Also show \u003Cem>BugHerd on WP Admin pages?\u003C\u002Fem> option.\u003C\u002Fli>\n\u003Cli>Open your new site. The BugHerd sidebar appears on the right side of your site`, ready to capture feedback. You, your team and your clients you invite to your BugHerd project will be able to leave feedback or video clips with feedback about the site.\u003C\u002Fli>\n\u003Cli>If you’ve chosen to show BugHerd on your WordPress Admin pages, you’ll also be able to see the sidebar and leave feedback on pages in the Admin regarding setup of the page, metadata, required tags, etc.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsupport.bugherd.com\u002Fen\u002Farticles\u002F84872-Install-the-BugHerd-Wordpress-plugin\" rel=\"nofollow ugc\">View more information here\u003C\u002Fa>.\u003C\u002Fp>\n","BugHerd is the visual feedback tool for websites.",3000,54372,70,4,"2025-04-30T02:10:00.000Z","6.6.5","4.7","5.6",[19,20,21,67,68],"integration","tracking","https:\u002F\u002Fbugherd.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbugherd.1.0.14.zip",100,{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":71,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":64,"requires_php":85,"tags":86,"homepage":89,"download_link":90,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"latepoint-manager","LatePoint Manager","1.2.0","Ashraful Sarkar Naiem","https:\u002F\u002Fprofiles.wordpress.org\u002Fashrafulsarkar\u002F","\u003Cp>LatePoint Manager is a new role for LatePoint – Appointment Booking & Reservation plugin. This Plugin Assign a new role. LatePoint Manager can control LatePoint plugin ‘Pending Approval’ page, edit ‘Appointments’, and after verify, ‘Appointments’ can be approved.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check out some of our most popular plugins:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feasy-login-logout\u002F\" title=\"Control Who Can Access Menu\" rel=\"ugc\">Easy Login Logout\u003C\u002Fa> – Control Login Logout Menu\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffirst-order-coupon-manager-for-woocommerce\u002F\" title=\"First Order Discount in WooCommerce\" rel=\"ugc\">First Order Discount in WooCommerce\u003C\u002Fa> – First Order Discount in WooCommerce\u003C\u002Fli>\n\u003C\u002Ful>\n","LatePoint Manager is a new role for LatePoint - Appointment Booking & Reservation plugin. You can contronl pending Appointment Booking list and ma …",200,6961,2,"2022-02-11T20:29:00.000Z","5.9.13","7.0",[20,22,87,88],"role","user","https:\u002F\u002Fgithub.com\u002Fashrafulsarkar\u002Flatepoint-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flatepoint-manager.1.2.0.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":100,"requires_at_least":64,"requires_php":65,"tags":101,"homepage":105,"download_link":106,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":107},"wp-site-monitor","WP Site Monitor","1.0.0","bwibrew","https:\u002F\u002Fprofiles.wordpress.org\u002Fbwibrew\u002F","\u003Ch3>WP REST API endpoints to help manage sites remotely\u003C\u002Fh3>\n\u003Cp>All additional endpoints are under the \u003Ccode>wp-site-monitor\u002Fv1\u002F\u003C\u002Fcode> namespace.\u003Cbr \u002F>\ne.g. \u003Ccode>https:\u002F\u002Fexample.com\u002Fwp-json\u002Fwp-site-monitor\u002Fv1\u002Fwp-version\u003C\u002Fcode>\u003C\u002Fp>\n\u003Ch4>Additional endpoints\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Ccode>wp-version\u003C\u002Fcode> returns the current version of wordpress as a string.\u003C\u002Fp>\n\u003Cp>Example output: \u003Ccode>\"4.9.2\"\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ccode>plugins\u003C\u002Fcode> returns a JSON object listing installed plugins with the plugin details.\u003C\u002Fp>\n\u003Cp>Example output:\u003Cbr \u002F>\n  \u003Ccode>json\u003Cbr \u002F>\n{\u003Cbr \u002F>\n  \"wp-super-cache\u002Fwp-cache.php\": {\u003Cbr \u002F>\n      \"Name\": \"WP Super Cache\",\u003Cbr \u002F>\n      \"PluginURI\": \"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-super-cache\u002F\",\u003Cbr \u002F>\n      \"Version\": \"1.5.9\",\u003Cbr \u002F>\n      \"Description\": \"Very fast caching plugin for WordPress.\",\u003Cbr \u002F>\n      \"Author\": \"Automattic\",\u003Cbr \u002F>\n      \"AuthorURI\": \"https:\u002F\u002Fautomattic.com\u002F\",\u003Cbr \u002F>\n      \"TextDomain\": \"wp-super-cache\",\u003Cbr \u002F>\n      \"DomainPath\": \"\",\u003Cbr \u002F>\n      \"Network\": false,\u003Cbr \u002F>\n      \"Title\": \"WP Super Cache\",\u003Cbr \u002F>\n      \"AuthorName\": \"Automattic\",\u003Cbr \u002F>\n      \"Active\": true\u003Cbr \u002F>\n  },\u003Cbr \u002F>\n  \"wordpress-seo\u002Fwp-seo.php\": {\u003Cbr \u002F>\n      \"Name\": \"Yoast SEO\",\u003Cbr \u002F>\n      \"PluginURI\": \"https:\u002F\u002Fyoa.st\u002F1uj\",\u003Cbr \u002F>\n      \"Version\": \"6.1.1\",\u003Cbr \u002F>\n      \"Description\": \"The first true all-in-one SEO solution for WordPress, including on-page content analysis, XML sitemaps and much more.\",\u003Cbr \u002F>\n      \"Author\": \"Team Yoast\",\u003Cbr \u002F>\n      \"AuthorURI\": \"https:\u002F\u002Fyoa.st\u002F1uk\",\u003Cbr \u002F>\n      \"TextDomain\": \"wordpress-seo\",\u003Cbr \u002F>\n      \"DomainPath\": \"\u002Flanguages\u002F\",\u003Cbr \u002F>\n      \"Network\": false,\u003Cbr \u002F>\n      \"Title\": \"Yoast SEO\",\u003Cbr \u002F>\n      \"AuthorName\": \"Team Yoast\",\u003Cbr \u002F>\n      \"Active\": true\u003Cbr \u002F>\n  }\u003Cbr \u002F>\n}\u003C\u002Fcode>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Options are provided in the WP Site Monitor settings menu to toggle individual endpoints.\u003C\u002Fp>\n","Extends official WP REST API to provide extra endpoints to help manage sites remotely.",1228,"4.9.29",[19,21,102,103,104],"remote-administration","rest","rest-api","https:\u002F\u002Fgithub.com\u002FBWibrew\u002FWP-Site-Monitor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-site-monitor.1.0.0.zip","2026-03-15T10:48:56.248Z",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":13,"downloaded":116,"rating":13,"num_ratings":13,"last_updated":117,"tested_up_to":118,"requires_at_least":17,"requires_php":65,"tags":119,"homepage":120,"download_link":121,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"user-role-blocker","User Role Blocker","1.1.0","captainhaddock","https:\u002F\u002Fprofiles.wordpress.org\u002Fcaptainhaddock\u002F","\u003Cp>A simple and nice plugin to block existing users from logging into the admin panel by assigning them to the ‘Blocked’ user role, as simple as that. If the installation is okay, go to any user’s profile and you can find a new role called \u003Cstrong>Blocked\u003C\u002Fstrong> in the user role dropdown. Just assign any user to that role, and the user will be taken to the ‘blocked’ URL whenever they want to log in.\u003C\u002Fp>\n\u003Cp>Unblocking a user is easy. Assign them to their previous role and you’re done!\u003C\u002Fp>\n","A simple and nice plugin to block existing users from logging into the admin panel by assigning them to the 'Blocked' user role, as simple a …",1072,"2021-03-04T09:30:00.000Z","5.6.17",[20,22,87,88],"https:\u002F\u002Fgithub.com\u002FLearnWithHasinHayder\u002Fuser-role-blocker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-role-blocker.zip",{"attackSurface":123,"codeSignals":147,"taintFlows":160,"riskAssessment":161,"analyzedAt":172},{"hooks":124,"ajaxHandlers":143,"restRoutes":144,"shortcodes":145,"cronEvents":146,"entryPointCount":13,"unprotectedCount":13},[125,131,135,139,141],{"type":126,"name":127,"callback":128,"file":129,"line":130},"action","setup_theme","ith_request","init.php",42,{"type":126,"name":132,"callback":133,"file":129,"line":134},"admin_enqueue_scripts","ith_styles",45,{"type":126,"name":136,"callback":137,"file":129,"line":138},"admin_notices","admin_notice",46,{"type":126,"name":132,"callback":133,"file":129,"line":140},62,{"type":126,"name":136,"callback":137,"file":129,"line":142},63,[],[],[],[],{"dangerousFunctions":148,"sqlUsage":149,"outputEscaping":151,"fileOperations":31,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":159},[],{"prepared":13,"raw":13,"locations":150},[],{"escaped":13,"rawEcho":82,"locations":152},[153,157],{"file":154,"line":155,"context":156},"includes\\ITH_Core.php",20,"raw output",{"file":129,"line":158,"context":156},87,[],[],{"summary":162,"deductions":163},"The static analysis of \"ithstatswp-client\" v0.0.2 reveals a plugin with a seemingly very small attack surface, as indicated by zero AJAX handlers, REST API routes, shortcodes, and cron events.  Furthermore, the absence of critical code signals like dangerous functions and the use of prepared statements for all SQL queries are positive indicators of good development practices. Taint analysis showing zero flows, especially unsanitized paths, further contributes to a positive initial security assessment.\n\nHowever, the analysis also highlights significant areas of concern. The fact that 100% of output is not properly escaped is a critical weakness. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the plugin's output and executed in the user's browser. Additionally, the complete lack of nonce checks and capability checks, especially considering there are no explicit authentication checks on entry points (though the attack surface is currently zero), leaves the plugin vulnerable to CSRF attacks and privilege escalation if any entry points were to be introduced or become accessible without proper authorization. The single file operation also warrants a closer look, as its context and security controls are not detailed.\n\nGiven the plugin's current version and the absence of recorded historical vulnerabilities, it's difficult to infer long-term patterns. This could mean the plugin is new, has always been secure, or simply hasn't been extensively audited or targeted. The current snapshot, however, points to a plugin that has avoided some common pitfalls (like raw SQL and dangerous functions) but has critical oversights in output sanitization and authorization checks. The lack of these fundamental security measures presents a notable risk despite the small current attack surface.",[164,167,170],{"reason":165,"points":166},"Unescaped output",6,{"reason":168,"points":169},"Missing nonce checks",5,{"reason":171,"points":169},"Missing capability checks","2026-03-17T00:12:38.627Z",{"wat":174,"direct":181},{"assetPaths":175,"generatorPatterns":177,"scriptPaths":178,"versionParams":179},[176],"\u002Fwp-content\u002Fplugins\u002Fithstatswp-client\u002Fassets\u002Fcss\u002Fstyles.css",[],[],[180],"ithstatswp-client\u002Fassets\u002Fcss\u002Fstyles.css?ver=",{"cssClasses":182,"htmlComments":183,"htmlAttributes":184,"restEndpoints":185,"jsGlobals":186,"shortcodeOutput":187},[],[],[],[],[],[]]