[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fX9iyVDs4HBwlvVALl5h2muuDJaZ8zIER_xJQD-cQw9g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":137,"fingerprints":190},"itmaroon-extra-settings","ITMAROON EXTRA SETTINGS","1.0.0","Isamu Takeda","https:\u002F\u002Fprofiles.wordpress.org\u002Fitmaroon\u002F","\u003Cp>There are various settings to make when operating a WordPress site. This can be easily done because WordPress provides tools to allow for GUI configuration in the admin screen, but there are also quite a few setting tools that are not provided. This plugin collects setting items that WordPress does not provide and provides functions that allow easy configuration via GUI.\u003Cbr \u002F>\n1. Redirect Settings\u003Cbr \u002F>\nMakes the site accessible at the root URL of the domain, even if the site is installed in a subdirectory of the domain.\u003Cbr \u002F>\n2. Post menu change settings\u003Cbr \u002F>\nProvides the ability to change settings for the built-in post type, post, through a GUI.\u003Cbr \u002F>\n3. Revision Control Settings\u003Cbr \u002F>\nThis setting will display a menu on the post management screen to set the number of revisions held for each post. It will also show the default number.\u003Cbr \u002F>\n4. OGP Settings\u003Cbr \u002F>\nOutput OGP tags on each page of the site. We have confirmed that OGP tags are output on X, Facebook, and LINE.\u003Cbr \u002F>\n5. Google SEO Settings\u003Cbr \u002F>\nGoogle Search Console, Google Tag Manager and Google Analytics (GA4) tags will be output on each page of the site.\u003Cbr \u002F>\n6. Security Settings\u003Cbr \u002F>\nWe will set three security settings:\u003Cbr \u002F>\n– Change the default login URL (wp-login.php).\u003Cbr \u002F>\n– Block access to ?author= and the REST API \u002Fwp\u002Fv2\u002Fusers.\u003Cbr \u002F>\n– Disable the XML-RPC endpoint.\u003C\u002Fp>\n\u003Ch3>Related Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fitmaroon\u002Fitmaroon-extra-settings\" rel=\"nofollow ugc\">ITMAROON EXTRA SETTINGS:Github\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fitmaroon\u002Fwpsetting-class-package\" rel=\"nofollow ugc\">wpsetting-class-package:GitHub\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpackagist.org\u002Fpackages\u002Fitmar\u002Fwpsetting-class-package\" rel=\"nofollow ugc\">wpsetting-class-package:Packagist\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A plugin that provides the ability to configure WordPress site settings that are not provided by default in the admin screen using a GUI.",0,906,"2025-06-03T11:15:00.000Z","6.8.5","6.4","8.2",[18,19,20,21,22],"post-name","revision","security","seo","setting","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fitmaroon-extra-settings.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"itmaroon",9,50,99,30,93,"2026-04-04T20:19:55.327Z",[38,57,77,98,117],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":25,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"sackson-web-data","SacksonWeb Data","2.2.8","ehops32","https:\u002F\u002Fprofiles.wordpress.org\u002Fehops32\u002F","\u003Cp>Free version – This plugin will locally collect data from the website you install it on. You can then access the settings page to see a small\u003Cbr \u002F>\ncollection of settings that we recommend you review and consider changing.\u003C\u002Fp>\n\u003Cp>The PRO version of this plugin leverages a web application which acts as the home collection place for all your websites collected data. As you install SacksonWeb Data\u003Cbr \u002F>\non all your websites and opt-in to activite data collection, then the data is not only gathered locally, but also remotely. You will be able to log in at our main\u003Cbr \u002F>\nservice site and view all your websites key data elements from a single location.  The terms of use are the same as for the SacksonWeb Data plugin.\u003Cbr \u002F>\nVisit your WordPress Menu > Settings > SacksonWeb Pro – Settings.\u003C\u002Fp>\n\u003Cp>Data will not be remotley collected unless you update the plugins default setting to allow remote data collection. Opt-In and enable this in the SacksonWeb plugin settings to start using\u003Cbr \u002F>\nthis PRO feature to aggregate data from all your websites in one place. Visit your WordPress Menu > Settings > SacksonWeb Pro – Settings.\u003C\u002Fp>\n\u003Cp>Contact info@sacksonweb.com for questions or more information.\u003C\u002Fp>\n\u003Ch3>Pro Version\u003C\u002Fh3>\n\u003Cp>The Pro version offers centralized monitoring for multiple websites:\u003Cbr \u002F>\n* Remote data collection and aggregation\u003Cbr \u002F>\n* Single dashboard for all your websites\u003Cbr \u002F>\n* Enhanced monitoring capabilities\u003Cbr \u002F>\n* Detailed analytics and reporting\u003C\u002Fp>\n\u003Cp>To access the Pro version:\u003Cbr \u002F>\n1. Enable remote data collection in the plugin settings\u003Cbr \u002F>\n2. Request access via email to eric@sacksonweb.com\u003Cbr \u002F>\n3. Visit https:\u002F\u002Fdata.sacksonweb.com to manage all your websites\u003C\u002Fp>\n","A comprehensive WordPress plugin that monitors security issues, performance issues, and WordPress settings that should be reviewed for potential impro &hellip;",3835,"2026-01-24T17:29:00.000Z","6.7.5","3.0.1","8.0.30",[52,53,20,21,54],"efficiency","monitor","settings","http:\u002F\u002Fdata.sacksonweb.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsackson-web-data.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":25,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":23,"download_link":76,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"hsts-ready","HSTS Ready","1.04","manu225","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanu225\u002F","\u003Cp>Enable easily HSTS on your website.\u003Cbr \u002F>\nAnd see my others WordPress Pro plugin on \u003Ca href=\"https:\u002F\u002Fwww.info-d-74.com\u002Fen\u002Fshop\u002F\" rel=\"nofollow ugc\">my shop\u003C\u002Fa>\u003C\u002Fp>\n","Enable easily HSTS on your website.",3000,31199,4,"2025-12-02T14:53:00.000Z","6.9.4","3.5","5.6",[73,74,20,21,75],"hsts","https","strict-transport-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhsts-ready.1.04.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":69,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":96,"download_link":97,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"staatic","Staatic – Static Site Generator","1.12.1","Team Staatic","https:\u002F\u002Fprofiles.wordpress.org\u002Fstaatic\u002F","\u003Cp>Staatic lets you create and deploy a streamlined static version of your WordPress site, enhancing performance, SEO, and security simultaneously.\u003C\u002Fp>\n\u003Cp>Features of Staatic include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Powerful Crawler to transform your WordPress site quickly.\u003C\u002Fli>\n\u003Cli>Supports multiple deployment methods, e.g. GitHub, Netlify, AWS (Amazon Web Services) S3 or S3-compatible providers + CloudFront integration, or even your local server (dedicated or shared hosting).\u003C\u002Fli>\n\u003Cli>Very flexible out of the box (allows for additional urls, paths, redirects, exclude rules, etc.).\u003C\u002Fli>\n\u003Cli>Supports HTTP (301, 302, 307, 308) redirects, custom “404 not found” page and other HTTP headers.\u003C\u002Fli>\n\u003Cli>CLI command to publish from the command line.\u003C\u002Fli>\n\u003Cli>Compatible with WordPress MultiSite installations.\u003C\u002Fli>\n\u003Cli>Compatible with WPML (multilingual) installations.\u003C\u002Fli>\n\u003Cli>Supports HTTP basic auth protected WordPress installations.\u003C\u002Fli>\n\u003Cli>Various integrations to improve compatibility with popular WordPress plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Depending on the chosen deployment method, additional features may be available.\u003C\u002Fp>\n\u003Ch3>Staatic Premium\u003C\u002Fh3>\n\u003Cp>In order to support ongoing development of Staatic, please consider going Premium. In addition to helping the authors maintain Staatic, Staatic Premium adds additional functionality.\u003C\u002Fp>\n\u003Cp>For more information visit \u003Ca href=\"https:\u002F\u002Fstaatic.com\u002Fwordpress\u002F\" rel=\"nofollow ugc\">Staatic\u003C\u002Fa>.\u003C\u002Fp>\n","Staatic lets you create and deploy a streamlined static version of your WordPress site.",2000,64859,86,21,"2026-01-12T14:00:00.000Z","5.0","7.1",[93,20,21,94,95],"performance","speed","static","https:\u002F\u002Fstaatic.com\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstaatic.1.12.1.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":25,"num_ratings":108,"last_updated":109,"tested_up_to":69,"requires_at_least":110,"requires_php":111,"tags":112,"homepage":115,"download_link":116,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"app-for-cf","App for Cloudflare®","1.9.9","digitalpoint","https:\u002F\u002Fprofiles.wordpress.org\u002Fdigitalpoint\u002F","\u003Cp>Unlock advanced Cloudflare features without being a network administrator or developer. Works with any Cloudflare plan (including Free), no Automatic Platform Optimization (APO) subscription needed.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cache HTML at network edge\u003C\u002Fli>\n\u003Cli>Preload JavaScript and CSS\u003C\u002Fli>\n\u003Cli>View\u002Fset all Cloudflare settings\u003C\u002Fli>\n\u003Cli>Fixes Cloudflare Flexible SSL redirect loops\u003C\u002Fli>\n\u003Cli>Fixes situation when IPs are coming through as Cloudflare IPs rather than user IPs\u003C\u002Fli>\n\u003Cli>Cloudflare web analytics support\u003C\u002Fli>\n\u003Cli>Cloudflare analytics on dashboard\u003C\u002Fli>\n\u003Cli>Purge cache\u003C\u002Fli>\n\u003Cli>Automatic image transformations (automatically serve AVIF\u002FWebP versions to browsers that support them)\u003C\u002Fli>\n\u003Cli>Turnstile CAPTCHA system for registrations, logins, password reset, comments and\u002For third party plugins\u003C\u002Fli>\n\u003Cli>View Page rules, Cache rules, Firewall rules, IP Address rules, User Agent rules\u003C\u002Fli>\n\u003Cli>View Zero Trust Network Access setup\u003C\u002Fli>\n\u003Cli>View DMARC statistics\u003C\u002Fli>\n\u003Cli>Included tools: HTTP request trace, IP address details, domain details, WHOIS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Directly cache HTML\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>App for Cloudflare® can automatically cache your HTML pages at Cloudflare data centers in 330+ cities. “Standard” WordPress caching plugins can’t escape the laws of physics because \u003Cstrong>information can’t travel faster than the speed of light\u003C\u002Fstrong> (even if the page is cached, the cache exists on your physical origin server, which can be \u003Cstrong>over 20,000 km from an end user\u003C\u002Fstrong>). Caching content in Cloudflare data centers makes your website faster by putting your website cache closer to end-users (95% of the world’s population is within 50ms of a Cloudflare data center).\u003C\u002Fp>\n\u003Cp>This can be done \u003Cstrong>without Cloudflare Workers or even a Page Rule\u003C\u002Fstrong> (done with a single Cache Rule on Cloudflare’s side, and custom code in the plugin).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Preload JavaScript and CSS\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Speed your site up by using the option that instructs browsers to preload JavaScript and CSS used to render the page being viewed. Can be used on its own, or in conjunction with Cloudflare’s \u003Ca href=\"https:\u002F\u002Fblog.cloudflare.com\u002Fearly-hints\u002F\" rel=\"nofollow ugc\">Early Hints\u003C\u002Fa> function.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage all Cloudflare settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All Cloudflare settings can be changed directly within your WordPress admin area.\u003C\u002Fp>\n\u003Cp>Includes \u003Cstrong>Easy config\u003C\u002Fstrong> function that will optimally set your Cloudflare zone settings for WordPress.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Fixes Cloudflare Flexible SSL redirect loops\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically fixes HTTPS redirect loops when using Cloudflare’s Flexible SSL option (traffic between user and Cloudflare is encrypted, but traffic between Cloudflare and origin server is not).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Handles user IP addresses\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Automatically handles the situation where your web server is passing Cloudflare IP addresses rather than the IP address of the user making the request.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Turnstile CAPTCHA\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Cloudflare Turnstile CAPTCHA support for registration, login, password reset, comment forms, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"ugc\">Contact Form 7\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhtml-forms\u002F\" rel=\"ugc\">HTML Forms\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmetform\u002F\" rel=\"ugc\">MetForm\u003C\u002Fa> and\u002For \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpforms-lite\u002F\" rel=\"ugc\">WPForms\u003C\u002Fa>. Single-click setup (done transparently via API call).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Network analytics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>View network stats for your website directly within your WordPress admin area with a dashboard widget.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>View rules & firewall\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Quickly review your site’s Cloudflare rules and firewall settings from within your WordPress admin area. Includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Page rules\u003C\u002Fli>\n\u003Cli>Cache rules\u003C\u002Fli>\n\u003Cli>Firewall custom rules\u003C\u002Fli>\n\u003Cli>IP address rules\u003C\u002Fli>\n\u003Cli>User agent blocking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>DMARC management\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Track third parties that are sending email on your behalf (for example an email provider you have authorized like Gmail or Outlook). You can also see unauthorized email senders or spammers sending email on behalf of your domain.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Multisite network support\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can have a network-wide Cloudflare API token that can be overridden on a per site basis. In the case where a multisite network operator has the site domains in a single Cloudflare account, they can allow the site users to use Cloudflare features for their individual site without disclosing the underlying API token.\u003C\u002Fp>\n\u003Cp>Additionally, a single Pro license for the main network site allows the media from all sites in the network to be stored in the cloud, within a single Cloudflare R2 bucket.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Image Transformations\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Supports Cloudflare’s Image Transformation service, which allows Media images to automatically be served in the best format that a browser supports (AVIF, WebP, etc). Additionally, smaller images can be automatically served to users on very slow network connections. No web server configuration required.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Store media in the cloud [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily and seamlessly store your WordPress media in the cloud with \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fdeveloper-platform\u002Fr2\u002F\" rel=\"nofollow ugc\">Cloudflare R2\u003C\u002Fa>. This allows you to offload resources (both bandwidth and disk space) from your server. The \u003Cstrong>first 10GB is free\u003C\u002Fstrong>, and only costs $0.015 per GB thereafter (ex. if you had 100GB of media, it would cost $1.35 per month to store it in the cloud).\u003C\u002Fp>\n\u003Cp>Includes the ability to migrate existing media from local filesystem to R2 (or from R2 to local filesystem). Works with individual media, or all media in bulk (includes web-based migration as well as a shell\u002FWP-CLI option).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatically convert uploaded images to AVIF or WebP\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This is done with a free companion plugin, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimage-shift\u002F\" rel=\"ugc\">Image Shift\u003C\u002Fa> (includes the ability to apply watermarks).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Protect admin area [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Utilize \u003Ca href=\"https:\u002F\u002Fwww.cloudflare.com\u002Fzero-trust\u002Fproducts\u002Faccess\u002F\" rel=\"nofollow ugc\">Zero Trust Network Access\u003C\u002Fa> to authenticate users before they access your WordPress admin area.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage rules & firewall [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The premium version unlocks the ability to manage (create, delete, suspend and unsuspend) Cloudflare rules and firewall definitions. In addition to defining your own rules, you can deploy useful rules with a single click:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block traffic from certain countries (or Tor exit nodes widely used by spammers and hackers)\u003C\u002Fli>\n\u003Cli>Block AI scrapers & crawlers (block bots from scraping your content for AI applications like model training)\u003C\u002Fli>\n\u003Cli>Force a challenge before users can register (bot\u002Fspammer mitigation)\u003C\u002Fli>\n\u003Cli>Cache static content\u003C\u002Fli>\n\u003Cli>Automatically block the IP address(es) of spammers for a period of time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Backup & restore [Premium]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can backup and restore some of your most important Cloudflare configuration settings:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Zero Trust Access Policies\u003C\u002Fli>\n\u003Cli>Firewall Rules\u003C\u002Fli>\n\u003Cli>Firewall IP Access Rules\u003C\u002Fli>\n\u003Cli>Firewall User Agent Blocking\u003C\u002Fli>\n\u003Cli>Page Rules\u003C\u002Fli>\n\u003Cli>Cache Rules\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Backups can be restored to different zones (for example if you had extensive configuration for a zone, you could give another zone the same configuration through a backup restore).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Other features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>API calls are done exclusively through API Tokens (with the \u003Ca href=\"https:\u002F\u002Fappforcf.com\u002Fthreads\u002Fpermissions-needed-for-app-for-cloudflare%C2%AE.3\u002F?utm_source=readme&utm_medium=wordpress&utm_campaign=plugin\" rel=\"nofollow ugc\">minimum required permissions\u003C\u002Fa>) and \u003Cstrong>not\u003C\u002Fstrong> a Global API Key. Global API Keys are an incredibly bad idea from a security standpoint.\u003C\u002Fli>\n\u003Cli>Ability to purge Cloudflare cache from WordPress admin (or via WP-CLI).\u003C\u002Fli>\n\u003Cli>Ability to copy Cloudflare zone settings from a different zone on the same Cloudflare account.\u003C\u002Fli>\n\u003Cli>Cached pages are automatically purged when a post\u002Fpage is edited (just the necessary pages, not all pages). Stale content is not served to users.\u003C\u002Fli>\n\u003Cli>Ability to designate an individual admin user to manage settings (maybe you don’t want all admins to have the ability to change things in Cloudflare).\u003C\u002Fli>\n\u003Cli>Ability to use WordPress filters to add your own logic to things (for example, maybe you don’t want to cache a certain page or post for whatever reason).\u003C\u002Fli>\n\u003Cli>All JavaScript is native (no dependencies on jQuery or anything else).\u003C\u002Fli>\n\u003Cli>No third-party PHP libraries used (no dependencies on other libs).\u003C\u002Fli>\n\u003C\u002Ful>\n","All things Cloudflare (caching, flexible SSL, Turnstile, settings, rules, analytics, media in R2, image transforms [AVIF, WebP], secure admin area).",1000,31530,13,"2026-02-18T00:00:00.000Z","5.2","5.4.0",[113,114,93,20,21],"caching","cloudflare","https:\u002F\u002Fappforcf.com\u002F?utm_source=uri&utm_medium=wordpress&utm_campaign=plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapp-for-cf.1.9.9.zip",{"slug":118,"name":119,"version":6,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":90,"requires_php":130,"tags":131,"homepage":134,"download_link":135,"security_score":136,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"firstpage-sg-security-headers","Security Headers","Joseph Mendez","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshme21\u002F","\u003Cp>Security headers are directives used by web applications to configure security defenses.\u003C\u002Fp>\n\u003Ch3>Why security headers important?\u003C\u002Fh3>\n\u003Cp>When auditing websites, security headers are frequently forgotten.\u003C\u002Fp>\n\u003Cp>Although some may argue that website security is unrelated to SEO, it does become so when a site is compromised and search traffic completely disappears.\u003C\u002Fp>\n\u003Cp>Everyone who publishes content online should pay special attention to security headers.\u003C\u002Fp>\n\u003Cp>Getting hacked is not good. You lose traffic, customers and it’s a pain to resolve all the issues.\u003C\u002Fp>\n\u003Cp>But good thing you’re smart and have searched for this plugin :).\u003C\u002Fp>\n","Security headers are directives used by web applications to configure security defenses.",700,4275,60,2,"2022-09-24T01:34:00.000Z","6.0.11","7.0",[132,133],"security-headers","seo-security-headers","https:\u002F\u002Fwww.firstpagedigital.sg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffirstpage-sg-security-headers.1.0.0.zip",85,{"attackSurface":138,"codeSignals":165,"taintFlows":182,"riskAssessment":183,"analyzedAt":189},{"hooks":139,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":11,"unprotectedCount":11},[140,146,149,153,157],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","init","closure","itmaroon-extra-settings.php",39,{"type":141,"name":147,"callback":143,"file":144,"line":148},"admin_enqueue_scripts",44,{"type":141,"name":150,"callback":151,"file":144,"line":152},"admin_menu","itmar_extrasetting_menu",55,{"type":141,"name":154,"callback":155,"file":144,"line":156},"admin_post_itmar_save_settings","itmar_handle_save_settings",68,{"type":141,"name":158,"callback":159,"file":144,"line":160},"plugins_loaded","itmar_extrasetting_initialize",156,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":11,"externalRequests":11,"nonceChecks":180,"capabilityChecks":180,"bundledLibraries":181},[],{"prepared":11,"raw":11,"locations":168},[],{"escaped":127,"rawEcho":67,"locations":170},[171,174,176,178],{"file":144,"line":172,"context":173},103,"raw output",{"file":144,"line":175,"context":173},115,{"file":144,"line":177,"context":173},116,{"file":144,"line":179,"context":173},117,1,[],[],{"summary":184,"deductions":185},"The \"itmaroon-extra-settings\" plugin version 1.0.0 presents a generally positive security posture with no recorded vulnerabilities or critical code signals. The absence of any known CVEs and the plugin's adherence to good practices like using prepared statements for all SQL queries and implementing nonce and capability checks are strong indicators of careful development.  The attack surface appears minimal, with no identified AJAX handlers, REST API routes, shortcodes, or cron events, further reducing potential entry points for malicious activity.\n\nHowever, a significant concern arises from the output escaping. With only 33% of its outputs properly escaped, there's a notable risk of Cross-Site Scripting (XSS) vulnerabilities. This means user-supplied data or data processed by the plugin could be rendered directly in the browser without sufficient sanitization, potentially allowing attackers to inject malicious scripts. While taint analysis shows no unsanitized flows, this is based on zero analyzed flows, which may not be exhaustive. Therefore, the lack of comprehensive output escaping is the primary weakness that requires immediate attention.\n\nIn conclusion, \"itmaroon-extra-settings\" v1.0.0 demonstrates a foundation of secure coding practices. The lack of known vulnerabilities and a small attack surface are commendable. Nevertheless, the insufficient output escaping creates a significant security gap that could be exploited. Addressing this issue should be the highest priority to improve the plugin's overall security.",[186],{"reason":187,"points":188},"Low percentage of properly escaped output",8,"2026-03-17T06:21:33.666Z",{"wat":191,"direct":200},{"assetPaths":192,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[193,194],"\u002Fwp-content\u002Fplugins\u002Fitmaroon-extra-settings\u002Fcss\u002Fsetting_style.css","\u002Fwp-content\u002Fplugins\u002Fitmaroon-extra-settings\u002Fassets\u002Fjs\u002Ftab_setting.js",[],[194],[198,199],"itmaroon-extra-settings\u002Fcss\u002Fsetting_style.css?ver=","itmaroon-extra-settings\u002Fassets\u002Fjs\u002Ftab_setting.js?ver=",{"cssClasses":201,"htmlComments":210,"htmlAttributes":211,"restEndpoints":213,"jsGlobals":214,"shortcodeOutput":215},[202,203,204,205,206,207,208,209],"itmar-settings-tabs","itmar-settings-tabs__nav","itmar-settings-tabs__nav-button","itmar-settings-tabs__nav-button active","itmar-settings-tabs__submit","itmar-settings-content","itmar-settings-content__section","itmar-settings-content__section active",[],[212],"data-tab",[],[],[]]