[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fVMmthGgmzIESc_c73gRm5bSXEz0HONLjGSqONh5TpPg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":135,"fingerprints":201},"javibola-custom-theme","JaviBola Custom Theme Test","2.0.5","JaviBola","https:\u002F\u002Fprofiles.wordpress.org\u002Fjavibola\u002F","\u003Cp>\u003Cstrong>ENGLISH\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin enables a custom theme when the administrator is logged.\u003Cbr \u002F>\nIt is very useful for working with a new theme and normal users will not see the changes that are being made.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SPANISH\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Este plugin habilita un tema específico cuando el administrador está registrado.\u003Cbr \u002F>\nEs muy indicado para trabajar con un tema nuevo y que los usuarios normales no vean las modificaciones que se están realizando.\u003C\u002Fp>\n","This plugin enables a custom theme when the administrator is logged for a safely testing.",10,2447,100,2,"2018-07-02T17:26:00.000Z","4.9.29","3.8","",[20,21,22,23,24],"admin","change","custom-theme","role","theme","http:\u002F\u002Fjavibola.com\u002Fjavibola-custom-theme.zip","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjavibola-custom-theme.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"javibola",1,30,84,"2026-04-04T22:03:09.674Z",[39,59,78,97,117],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":28,"num_ratings":28,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":57,"download_link":58,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"background-color-changer","Background Color Changer","1.0.1","Deboraj Datta","https:\u002F\u002Fprofiles.wordpress.org\u002Fraj009\u002F","\u003Cp>This is a simple plugin to change the background color, text color, and heading color of the theme. This plugin provides a customizer option in the theme.\u003C\u002Fp>\n\u003Cp>Plugin Documentation: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fraj009\" rel=\"nofollow ugc\">About Author\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>You can change\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Background Color (Unlimited colors).\u003C\u002Fli>\n\u003Cli>Text Color (Unlimited colors).\u003C\u002Fli>\n\u003Cli>Heading Color (Unlimited colors).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can make my day by submitting a positive review on \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F\" rel=\"ugc\">\u003Cstrong>WordPress.org!\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Go to your Customizer Option after installation and activation of the plugin. The Background Color Changer Plugin will be available there under the name Background Customization.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Very easy installation\u003C\u002Fli>\n\u003Cli>Flexible and easy to use for admin\u003C\u002Fli>\n\u003Cli>Unlimited colors for the background, text, and heading\u003C\u002Fli>\n\u003C\u002Ful>\n","This is a simple plugin to change the background color, text color, and heading color of the theme. This plugin provides a customizer option in the th &hellip;",20,934,"2023-09-23T17:07:00.000Z","6.3.8","5.2","7.2",[40,54,55,56],"theme-background-color-change-for-admin","theme-background-color-changer-from-dashboard","theme-color-changer","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbackground-color-changer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbackground-color-changer.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":13,"num_ratings":34,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":18,"tags":71,"homepage":18,"download_link":77,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"admin-notify","Admin Notify","1.0.5","Eliyahna","https:\u002F\u002Fprofiles.wordpress.org\u002Feliyahna\u002F","\u003Cp>The \u003Cstrong>Admin Notify\u003C\u002Fstrong> plugin sends email notifications to the administrator whenever an \u003Cstrong>administrator account\u003C\u002Fstrong> is:\u003Cbr \u002F>\n– Added\u003Cbr \u002F>\n– Password is changed\u003Cbr \u002F>\n– Downgraded\u003Cbr \u002F>\n– Deleted\u003C\u002Fp>\n\u003Cp>This plugin helps keep your WordPress site secure by notifying the administrator of important changes to user accounts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Email notification when a new administrator is added.\u003Cbr \u002F>\n– Email notification when an administrator’s password is changed.\u003Cbr \u002F>\n– Email notification when an administrator is deleted.\u003Cbr \u002F>\n– Email notification when an administrator is downgraded.\u003Cbr \u002F>\n– Easily configurable via the plugin settings page.\u003C\u002Fp>\n\u003Cp>This plugin requires the administrator’s email to be configured in the plugin settings.\u003C\u002Fp>\n\u003Ch3>Acknowledgments\u003C\u002Fh3>\n\u003Cp>Special thanks to the contributors at WordPress.org for providing a platform for plugins and helping make WordPress an open and secure CMS.\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cp>This plugin has been developed with security in mind and follows WordPress best practices for securing input and output. However, it is important to:\u003Cbr \u002F>\n– Ensure that your WordPress installation and all plugins are kept up to date.\u003Cbr \u002F>\n– Use strong passwords for your administrator accounts.\u003Cbr \u002F>\n– Regularly monitor your site’s user activity.\u003C\u002Fp>\n","Short Description: Admin Notify sends email notifications when administrator accounts are added, updated, or deleted.",733,"2025-04-16T18:58:00.000Z","6.8.5","5.0",[72,73,74,75,76],"admin-notification","admin-role-change","password-change","security","user-management","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-notify.1.0.5.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":28,"num_ratings":28,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":95,"download_link":96,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"bns-theme-add-ins","BNS Theme Add-Ins","0.7","Edward Caissie","https:\u002F\u002Fprofiles.wordpress.org\u002Fcais\u002F","\u003Cp>A collection of functions and code that can be used to extend the capabilities of WordPress Parent-Themes and Child-Themes.\u003Cbr \u002F>\n* Copyright 2011-2014  Edward Caissie  (email : edward.caissie@gmail.com)\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\n  it under the terms of the GNU General Public License version 2,\u003Cbr \u002F>\n  as published by the Free Software Foundation.\u003C\u002Fp>\n\u003Cp>You may NOT assume that you can use any other version of the GPL.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\n  but WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\n  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\n  GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\n  along with this program; if not, write to the Free Software\u003Cbr \u002F>\n  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\u003C\u002Fp>\n\u003Cp>The license for this software can also likely be found here:\u003Cbr \u002F>\n  http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Please note, support may be available on the WordPress Support forums; but, it may be faster to visit http:\u002F\u002Fbuynowshop.com\u002Fplugins\u002Fbns-theme-add-ins\u002F and leave a comment with the issue you are experiencing.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin utilizes three text files if included with the active theme, although these files are not required for the plugin to work correctly they will enhance its functionality if they exist:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>readme.txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>changelog.txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>support.txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Extend the capabilities of WordPress Parent-Themes and Child-Themes",3442,"2016-04-10T18:02:00.000Z","4.5.33","3.5",[20,91,92,93,94],"changelog","child-themes","login","readme","http:\u002F\u002Fbuynowshop.com\u002Fplugins\u002Fbns-theme-add-ins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbns-theme-add-ins.0.7.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":13,"num_ratings":106,"last_updated":18,"tested_up_to":107,"requires_at_least":70,"requires_php":108,"tags":109,"homepage":18,"download_link":115,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":116},"incognito-admin-manager","Incognito Admin Manager","1.0.2","diyaaaboualloul","https:\u002F\u002Fprofiles.wordpress.org\u002Fdiyaaaboualloul\u002F","\u003Cp>Incognito Admin Manager is an all-in-one solution for customizing your WordPress admin area. Perfect for agencies, developers, and site owners who want to create a branded, streamlined admin experience.\u003C\u002Fp>\n\u003Cp>Incognito Admin Manager provides powerful admin customization tools out of the box — fully functional with no restrictions.\u003C\u002Fp>\n\u003Ch4>Custom Login Screen\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Modern split-screen login page design\u003C\u002Fli>\n\u003Cli>Custom background image or solid color for left panel\u003C\u002Fli>\n\u003Cli>Customizable form colors (background, text, buttons)\u003C\u002Fli>\n\u003Cli>Custom logo\u003C\u002Fli>\n\u003Cli>Button hover effects\u003C\u002Fli>\n\u003Cli>Fully responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Admin Theme Styler\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customize admin menu colors (background, text, hover, active states)\u003C\u002Fli>\n\u003Cli>Customize admin bar colors and dropdown backgrounds\u003C\u002Fli>\n\u003Cli>Hide WordPress logo from admin bar\u003C\u002Fli>\n\u003Cli>Live preview sidebar to see changes before saving\u003C\u002Fli>\n\u003Cli>Non-admin users see custom styling (admins see default by default)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Access Role Creator\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Hide specific menu items per user role\u003C\u002Fli>\n\u003Cli>Hide menu from sidebar (Hide Only mode)\u003C\u002Fli>\n\u003Cli>Extra slugs field for custom page restrictions\u003C\u002Fli>\n\u003Cli>Unlimited role restrictions\u003C\u002Fli>\n\u003Cli>Administrators are always protected from lockouts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Agencies\u003C\u002Fstrong>: Create branded admin experiences for clients\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Membership Sites\u003C\u002Fstrong>: Simplify the dashboard for members\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-author Blogs\u003C\u002Fstrong>: Restrict editor access to specific areas\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Client Sites\u003C\u002Fstrong>: Hide unnecessary WordPress elements\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Looking for More?\u003C\u002Fh4>\n\u003Cp>A separate Pro plugin is available at \u003Ca href=\"https:\u002F\u002Fdeewp.com\u002Fincognito-admin-manager-plugin\u002F\" rel=\"nofollow ugc\">deewp.com\u003C\u002Fa> with additional features such as direct URL blocking, admin bar visibility control, login redirects, and more admin cleanup options. The Pro plugin is sold and hosted separately — this free plugin is fully functional on its own.\u003C\u002Fp>\n","Customize your WordPress login screen, style the admin interface, and control menu visibility per user role.",247,3,"6.9.4","7.4",[110,111,112,113,114],"admin-customization","admin-theme","login-page","role-manager","white-label","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fincognito-admin-manager.1.0.2.zip","2026-03-15T10:48:56.248Z",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":11,"downloaded":125,"rating":28,"num_ratings":28,"last_updated":126,"tested_up_to":16,"requires_at_least":127,"requires_php":18,"tags":128,"homepage":18,"download_link":134,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"web-administrator-user-role","Web Administrator User Role","2.2","Robert Kampas","https:\u002F\u002Fprofiles.wordpress.org\u002Fironleg\u002F","\u003Cp>This plugin creates new user role called “Web Administrator”. This role has more permissions than Editor or Contributor roles but less permissions than  Administrator role. Therefore, this role is perfect for users who should not have access to critical functionality (update, manage plugins, manage themes, etc.) but still need access to some advanced options.\u003C\u002Fp>\n","Plugin that automatically creates custom role for Web Administrators and allows to edit capacities for this role.",1345,"2018-03-19T20:45:00.000Z","4.8",[129,130,131,132,133],"administrator","capability","change-capabilities","user-role","user-role-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweb-administrator-user-role.2.2.zip",{"attackSurface":136,"codeSignals":162,"taintFlows":172,"riskAssessment":191,"analyzedAt":200},{"hooks":137,"ajaxHandlers":158,"restRoutes":159,"shortcodes":160,"cronEvents":161,"entryPointCount":28,"unprotectedCount":28},[138,143,146,149,154],{"type":139,"name":140,"callback":141,"file":142,"line":47},"filter","template","jbct","javibola-custom-theme.php",{"type":139,"name":144,"callback":141,"file":142,"line":145},"option_template",21,{"type":139,"name":147,"callback":141,"file":142,"line":148},"option_stylesheet",22,{"type":150,"name":151,"callback":152,"file":142,"line":153},"action","setup_theme","jbct_init",25,{"type":150,"name":155,"callback":156,"file":142,"line":157},"admin_menu","jbct_menu",34,[],[],[],[],{"dangerousFunctions":163,"sqlUsage":164,"outputEscaping":166,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":171},[],{"prepared":28,"raw":28,"locations":165},[],{"escaped":28,"rawEcho":34,"locations":167},[168],{"file":142,"line":169,"context":170},102,"raw output",[],[173],{"entryPoint":174,"graph":175,"unsanitizedCount":28,"severity":190},"\u003Cjavibola-custom-theme> (javibola-custom-theme.php:0)",{"nodes":176,"edges":187},[177,182],{"id":178,"type":179,"label":180,"file":142,"line":181},"n0","source","$_GET['jbct_theme']",41,{"id":183,"type":184,"label":185,"file":142,"line":181,"wp_function":186},"n1","sink","update_option() [Settings Manipulation]","update_option",[188],{"from":178,"to":183,"sanitized":189},true,"low",{"summary":192,"deductions":193},"The \"javibola-custom-theme\" plugin v2.0.5 presents a mixed security posture.  On the positive side, the absence of known CVEs and the use of prepared statements for all SQL queries are strong indicators of good security practices and a focus on fundamental database security. The limited attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events further minimizes potential entry points.\n\nHowever, the static analysis reveals significant concerns. A complete lack of output escaping for the single identified output is a critical oversight, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of capability checks without corresponding nonce checks or permission callbacks on entry points is also concerning, suggesting that while some authorization is present, the implementation might be incomplete or bypassable. The fact that 0% of outputs are properly escaped, despite having output, is a major red flag.\n\nGiven the clean vulnerability history, it's possible the plugin has been maintained diligently in the past. However, the current static analysis findings, particularly the unescaped output, indicate a significant and immediate risk. The plugin's strengths lie in its small attack surface and database security, but the critical weakness in output sanitization demands attention.",[194,197],{"reason":195,"points":196},"0% output escaping for identified outputs",8,{"reason":198,"points":199},"Capability checks without auth on entry points",4,"2026-03-17T00:57:30.942Z",{"wat":202,"direct":208},{"assetPaths":203,"generatorPatterns":205,"scriptPaths":206,"versionParams":207},[204],"\u002Fwp-content\u002Fplugins\u002Fjavibola-custom-theme\u002Fstylesheet.css",[],[],[],{"cssClasses":209,"htmlComments":213,"htmlAttributes":214,"restEndpoints":217,"jsGlobals":218,"shortcodeOutput":219},[210,211,212],"theme-preview","theme-name","theme-active",[],[215,216],"name='jbct_theme'","name='jbct_theme_2'",[],[],[]]