[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMczJHg0cZ53Nezhn8ArL3feySXs4sRSIrFEdrBkhgpQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":7,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":149,"fingerprints":247},"kahis-wp-lite","Kahi's WP Lite","0.9","","https:\u002F\u002Fprofiles.wordpress.org\u002Fkahi\u002F","\u003Cp>There are always parts in the WP administration you don’t currently need. This plugin makes it easy to hide them – like unnecessary menu items or any of the boxes on the posting screen (like custom fields or trackback box). Unclutter the administration and work faster.\u003C\u002Fp>\n\u003Cp>You can also input your own CSS code to modify the look of administration.\u003C\u002Fp>\n\u003Cp>For more information, support, giving feedback, reporting problems (thank you for that!) or anything else – see the \u003Ca href=\"http:\u002F\u002Fkahi.cz\u002Fwordpress\u002Fwp-lite-plugin\u002F\" rel=\"nofollow ugc\">official plugin’s page\u003C\u002Fa>.\u003C\u002Fp>\n","To hide unused functions from the administration. Make it clear.",100,5029,0,"2011-01-06T15:08:00.000Z","3.1.4","2.7",[18,19,20,21,22],"admin","administration","lite","usability","wplite","http:\u002F\u002Fkahi.cz\u002Fwordpress\u002Fwp-lite-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkahis-wp-lite.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":30,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"kahi",4,420,30,84,"2026-04-04T14:00:52.060Z",[37,61,82,105,129],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":7,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":13,"last_vuln_date":60,"fetched_at":27},"wp-maintenance-mode","LightStart – Maintenance Mode, Coming Soon and Landing Page Builder","2.6.20","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Add a maintenance page to your blog that lets visitors know your blog is down for maintenance, add a coming soon page for a new website or create a landing page for an existing site. User with admin rights gets full access to the blog including the front end.\u003C\u002Fp>\n\u003Cp>Activate the plugin and your blog is in maintenance-mode, works and only registered users with enough rights can see the front end. You can use a date with a countdown timer for visitor information or set a value and unit for information.\u003C\u002Fp>\n\u003Cp>Also works with WordPress Multisite installs (each blog from the network has its own maintenance settings).\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Fully customizable (change colors, texts and backgrounds).\u003C\u002Fli>\n\u003Cli>Subscription form (export emails to .csv file).\u003C\u002Fli>\n\u003Cli>Countdown timer (remaining time).\u003C\u002Fli>\n\u003Cli>Contact form (receive emails from visitors).\u003C\u002Fli>\n\u003Cli>Coming soon page;\u003C\u002Fli>\n\u003Cli>Landing page templates;\u003C\u002Fli>\n\u003Cli>WordPress multisite;\u003C\u002Fli>\n\u003Cli>Responsive design;\u003C\u002Fli>\n\u003Cli>Social media icons;\u003C\u002Fli>\n\u003Cli>Works with any WordPress theme;\u003C\u002Fli>\n\u003Cli>SEO options;\u003C\u002Fli>\n\u003Cli>Exclude URLs from maintenance;\u003C\u002Fli>\n\u003Cli>Bot functionality to collect the emails in a friendly and efficient way;\u003C\u002Fli>\n\u003Cli>GDPR Ready;\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Bugs, technical hints or contribute\u003C\u002Fh4>\n\u003Cp>Please give us feedback, contribute and file technical bugs on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fandrianvaleanu\u002FWP-Maintenance-Mode\" rel=\"nofollow ugc\">GitHub Repo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Fthemeisle.com\" rel=\"nofollow ugc\">Themeisle\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>What’s Next\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then consider checking out our other projects:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Foptimole.com\u002F\" rel=\"nofollow ugc\">Optimole\u003C\u002Fa> – Optimole is your all-in-one image optimization solution for WordPress & beyond.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpshout.com\u002F\" rel=\"nofollow ugc\">WPShout\u003C\u002Fa> – In-Depth WordPress Tutorials for Developers\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frevive.social\u002F\" rel=\"nofollow ugc\">Revive Social\u003C\u002Fa> – Revive Old Posts helps you keep your content alive and in front the audiences that matter.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.codeinwp.com\u002F\" rel=\"nofollow ugc\">CodeinWP\u003C\u002Fa> – CodeinWP stands for all-things-WordPress. From web design to freelancing and from development to business, your questions are covered.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdomainwheel.com\" rel=\"nofollow ugc\">DomainWheel\u003C\u002Fa> – Free Short Website name generator, with the help of AI, for instant ideas.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Check-out \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fblog\u002F\" title=\"Themeisle blog\" rel=\"nofollow ugc\">our blog\u003C\u002Fa> to learn from our \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fblog\u002Fcategory\u002Fwordpress\u002Freviews\u002F\" title=\"WordPress Reviews\" rel=\"nofollow ugc\">WordPress Reviews\u003C\u002Fa> and see other \u003Ca href=\"https:\u002F\u002Fthemeisle.com\u002Fblog\u002Fcategory\u002Fwordpress-plugins\u002F\" title=\"WordPress Plugins Comparisons\" rel=\"nofollow ugc\">WordPress plugins\u003C\u002Fa>.\u003C\u002Fp>\n","Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.",500000,19310486,86,859,"2025-12-10T19:23:00.000Z","6.9.4","4.7","7.1",[18,19,54,55,56],"coming-soon","maintenance-mode","unavailable","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-maintenance-mode.2.6.20.zip",96,6,"2024-01-05 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":7,"tags":76,"homepage":78,"download_link":79,"security_score":34,"vuln_count":80,"unpatched_count":13,"last_vuln_date":81,"fetched_at":27},"adminimize","Adminimize","1.11.11","WP Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fwp_media\u002F","\u003Cp>If you manage a multi-author WordPress blog or WordPress sites for clients, then you may have wondered if it was possible to clean up the WordPress admin area for your users? There are lots of things in the WordPress admin area that your users don’t need to see or use. This plugin help you to hide unnecessary items from WordPress admin area.\u003C\u002Fp>\n\u003Cp>Adminimize makes it easy to remove items from view based on a user’s role.\u003C\u002Fp>\n\u003Ch4>What does this plugin do?\u003C\u002Fh4>\n\u003Cp>The plugin changes the administration backend and gives you the power to assign rights on certain parts. Admins can activate\u002Fdeactivate every part of the menu and even parts of the sub-menu. Meta fields can be administered separately for posts and pages. Certain parts of the write menu can be deactivated separately for admins or non-admins. The header of the backend is minimized and optimized to give you more space and the structure of the menu gets changed to make it more logical – this can all be done per user so each role and their resulting users can have his own settings.\u003C\u002Fp>\n\u003Ch4>Support Custom Post Type\u003C\u002Fh4>\n\u003Cp>The plugin support all functions also for custom post types, automatically in the settings page.\u003C\u002Fp>\n\u003Ch4>Support Custom Options on all different post types\u003C\u002Fh4>\n\u003Cp>It is possible to add own options to hide areas in the back-end of WordPress. It is easy and you must only forgive a ID or class, a selector, of the markup, that you will hide.\u003C\u002Fp>\n\u003Ch4>Compatibility with plugins for MetaBoxes in Write-area\u003C\u002Fh4>\n\u003Cp>You can add your own options, you must only check for css selectors.\u003C\u002Fp>\n\u003Ch4>Help with “Your own options”\u003C\u002Fh4>\n\u003Cp>See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002F328449\" title=\"Plugin: Adminimize Help with Your own options (3 posts)\" rel=\"ugc\">entry on the WP community forum\u003C\u002Fa> for help with this great possibility.\u003C\u002Fp>\n\u003Ch4>License\u003C\u002Fh4>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But if you enjoy this plugin, you can thank me and leave a \u003Ca href=\"http:\u002F\u002Fbueltge.de\u002Fwunschliste\u002F\" title=\"Wishliste and Donate\" rel=\"nofollow ugc\">small donation\u003C\u002Fa> for the time I’ve spent writing and supporting this plugin. And I really don’t want to know how many hours of my life this plugin has already eaten 😉\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>The plugin comes with various translations, please refer to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FInstalling_WordPress_in_Your_Language\" title=\"Installing WordPress in Your Language\" rel=\"nofollow ugc\">WordPress Codex\u003C\u002Fa> for more information about activating the translation. If you want to help to translate the plugin to your language, please have a look at the sitemap.pot file which contains all definitions and may be used with a \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fsoftware\u002Fgettext\u002F\" rel=\"nofollow ugc\">gettext\u003C\u002Fa> editor like \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002F\" rel=\"nofollow ugc\">Poedit\u003C\u002Fa> (Windows) or use, I prefers this, the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fadminimize\" rel=\"nofollow ugc\">translation service from wordpress.org\u003C\u002Fa>.\u003C\u002Fp>\n","Adminimize that lets you hide 'unnecessary' items from the WordPress backend",200000,3104947,94,253,"2024-03-15T16:24:00.000Z","6.4.8","4.0",[19,77],"customization","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadminimize\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadminimize.1.11.11.zip",2,"2014-08-01 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":92,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":103,"download_link":104,"security_score":92,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"remove-dashboard-access-for-non-admins","Remove Dashboard Access","1.2.1","TrustedLogin","https:\u002F\u002Fprofiles.wordpress.org\u002Ftrustedlogin\u002F","\u003Cp>The easiest and safest way to restrict access to your WordPress site’s Dashboard and administrative menus. Remove Dashboard Access is a lightweight plugin that automatically redirects users who shouldn’t have access to the Dashboard to a custom URL of your choosing. Redirects can also be configured on a per-role\u002Fper-capability basis, allowing you to keep certain users out of the Dashboard, while retaining access for others.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Limit Dashboard access to user roles:\n\u003Cul>\n\u003Cli>Admins only\u003C\u002Fli>\n\u003Cli>Admins + editors\u003C\u002Fli>\n\u003Cli>Admins, editors, and authors\u003C\u002Fli>\n\u003Cli>or restrict by specific user capability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Choose your own redirect URL\u003C\u002Fli>\n\u003Cli>Optionally allow users to edit their profiles\u003C\u002Fli>\n\u003Cli>Display a message on the login screen so users know why they’re being redirected\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Blocking access to the Dashboard is a great way to prevent clients from breaking their sites, prevent users from seeing things they shouldn’t, and to keep your site’s backend more secure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Allow only users with roles or capabilities:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can restrict Dashboard access to Admins only, Editors or above, Authors or above, or by selecting a specific user capability.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Grant access to user profiles:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Optionally allow all users the ability to edit their profiles in the Dashboard. Users lacking the chosen capability won’t be able to access any other sections of the Dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Show a custom login message:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Supply a message to display on the login screen. Leaving this blank disables the message.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.",30000,467245,92,78,"2024-11-29T20:13:00.000Z","6.7.5","3.1.0","5.3",[99,19,100,101,102],"access","dashboard","login","restrict","https:\u002F\u002Fwww.trustedlogin.com\u002Fremove-dashboard-access\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-dashboard-access-for-non-admins.1.2.1.zip",{"slug":106,"name":107,"version":108,"author":109,"author_profile":110,"description":111,"short_description":112,"active_installs":113,"downloaded":114,"rating":47,"num_ratings":115,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":124,"download_link":125,"security_score":126,"vuln_count":127,"unpatched_count":13,"last_vuln_date":128,"fetched_at":27},"error-log-monitor","Error Log Monitor","1.7.12","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>This plugin adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send you email notifications about newly logged errors.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically detects error log location.\u003C\u002Fli>\n\u003Cli>Explains how to configure PHP error logging if it’s not enabled yet.\u003C\u002Fli>\n\u003Cli>The number of displayed log entries is configurable.\u003C\u002Fli>\n\u003Cli>Sends you email notifications about logged errors (optional).\u003C\u002Fli>\n\u003Cli>Configurable email address and frequency.\u003C\u002Fli>\n\u003Cli>You can easily clear the log file.\u003C\u002Fli>\n\u003Cli>The dashboard widget is only visible to administrators.\u003C\u002Fli>\n\u003Cli>Optimized to work well even with very large log files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once you’ve installed the plugin, go to the Dashboard and enable the “PHP Error Log” widget through the “Screen Options” panel. The widget should automatically display the last 20 lines from your PHP error log. If you see an error message like “Error logging is disabled” instead, follow the displayed instructions to configure error logging.\u003C\u002Fp>\n\u003Cp>Email notifications are disabled by default. To enable them, click the “Configure” link in the top-right corner of the widget and enter your email address in the “Periodically email logged errors to:” box. If desired, you can also change email frequency by selecting the minimum time interval between emails from the “How often to send email” drop-down.\u003C\u002Fp>\n","Adds a Dashboard widget that displays the latest messages from your PHP error log. It can also send logged errors to email.",20000,631204,48,"2025-10-01T15:12:00.000Z","6.8.5","4.5","7.4",[18,19,121,122,123],"dashboard-widget","error-reporting","php","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2012\u002F07\u002F25\u002Ferror-log-monitor-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ferror-log-monitor.1.7.12.zip",99,1,"2019-02-25 00:00:00",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":47,"num_ratings":139,"last_updated":140,"tested_up_to":95,"requires_at_least":141,"requires_php":7,"tags":142,"homepage":146,"download_link":147,"security_score":11,"vuln_count":127,"unpatched_count":13,"last_vuln_date":148,"fetched_at":27},"automatic-domain-changer","Automatic Domain Changer","2.0.4","nuagelab","https:\u002F\u002Fprofiles.wordpress.org\u002Fnuagelab\u002F","\u003Cp>This plugin automatically detects a domain name change, and updates all the WordPress tables in the database to reflect this change.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easily migrate a WordPress site from one domain to another\u003C\u002Fli>\n\u003Cli>Migrate www.domain.com and domain.com at once\u003C\u002Fli>\n\u003Cli>Migrate http and https links at once\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>We are open for your suggestions and feedback – Thank you for using or trying out one of our plugins!\u003C\u002Fli>\n\u003Cli>Drop us a line \u003Ca href=\"http:\u002F\u002Ftwitter.com\u002F#!\u002Fnuagelab\" rel=\"nofollow ugc\">@nuagelab\u003C\u002Fa> on Twitter\u003C\u002Fli>\n\u003Cli>Follow us on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpages\u002FNuageLab\u002F150091288388352\" rel=\"nofollow ugc\">our Facebook page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Drop us a line at \u003Ca href=\"mailto:wordpress-plugins@nuagelab.com\" rel=\"nofollow ugc\">wordpress-plugins@nuagelab.com\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>More\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.nuagelab.com\u002Fproducts\u002Fwordpress-plugins\u002F\" rel=\"nofollow ugc\">Also see our other plugins\u003C\u002Fa> or see \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Fnuagelab\u002F\" rel=\"nofollow ugc\">our WordPress.org profile page\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>Spanish\u003C\u002Fli>\n\u003Cli>Slovak\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically detects a domain name change, and updates all the WordPress tables in the database to reflect this change.",10000,166221,28,"2025-04-14T20:03:00.000Z","3.0",[18,19,143,144,145],"domain-change","links","resources","http:\u002F\u002Fwww.nuagelab.com\u002Fwordpress-plugins\u002Fauto-domain-change","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-domain-changer.zip","2022-05-31 00:00:00",{"attackSurface":150,"codeSignals":171,"taintFlows":214,"riskAssessment":232,"analyzedAt":246},{"hooks":151,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":13,"unprotectedCount":13},[152,157,160,163],{"type":153,"name":154,"callback":154,"file":155,"line":156},"action","admin_init","kwplite.php",196,{"type":153,"name":158,"callback":158,"file":155,"line":159},"admin_head",197,{"type":153,"name":161,"callback":161,"file":155,"line":162},"admin_menu",198,{"type":164,"name":165,"callback":165,"file":155,"line":166},"filter","admin_body_class",199,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":213},[],{"prepared":13,"raw":13,"locations":174},[],{"escaped":13,"rawEcho":176,"locations":177},18,[178,182,184,186,188,189,190,192,193,195,197,199,201,203,205,207,209,211],{"file":179,"line":180,"context":181},"admin-page.php",22,"raw output",{"file":179,"line":183,"context":181},53,{"file":179,"line":185,"context":181},58,{"file":179,"line":187,"context":181},76,{"file":179,"line":93,"context":181},{"file":179,"line":93,"context":181},{"file":179,"line":191,"context":181},103,{"file":179,"line":191,"context":181},{"file":179,"line":194,"context":181},104,{"file":179,"line":196,"context":181},118,{"file":179,"line":198,"context":181},120,{"file":179,"line":200,"context":181},142,{"file":179,"line":202,"context":181},157,{"file":179,"line":204,"context":181},175,{"file":155,"line":206,"context":181},375,{"file":155,"line":208,"context":181},389,{"file":155,"line":210,"context":181},501,{"file":155,"line":212,"context":181},503,[],[215],{"entryPoint":216,"graph":217,"unsanitizedCount":127,"severity":231},"\u003Cadmin-page> (admin-page.php:0)",{"nodes":218,"edges":228},[219,223],{"id":220,"type":221,"label":222,"file":179,"line":204},"n0","source","$_GET['page']",{"id":224,"type":225,"label":226,"file":179,"line":204,"wp_function":227},"n1","sink","echo() [XSS]","echo",[229],{"from":220,"to":224,"sanitized":230},false,"low",{"summary":233,"deductions":234},"The \"kahis-wp-lite\" v0.9 plugin exhibits a mixed security posture.  While the absence of known CVEs and the use of prepared statements for SQL queries are positive indicators, significant concerns arise from the static analysis. The fact that 100% of outputs are not properly escaped presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, which could allow attackers to inject malicious scripts into user browsers. Furthermore, the single analyzed taint flow resulting in unsanitized paths is a critical finding, suggesting a potential for path traversal or arbitrary file read\u002Fwrite vulnerabilities. The plugin also lacks crucial security checks such as nonce verification and capability checks for its entry points, which are not present but could become exploitable if new entry points are added or discovered. The vulnerability history being clean is encouraging, but it doesn't negate the immediate risks identified in the current code.",[235,238,241,244],{"reason":236,"points":237},"Unescaped output detected",8,{"reason":239,"points":240},"Taint flow with unsanitized paths",15,{"reason":242,"points":243},"Missing nonce checks (potential risk)",5,{"reason":245,"points":243},"Missing capability checks (potential risk)","2026-03-16T20:57:46.932Z",{"wat":248,"direct":259},{"assetPaths":249,"generatorPatterns":253,"scriptPaths":254,"versionParams":255},[250,251,252],"\u002Fwp-content\u002Fplugins\u002Fkahis-wp-lite\u002Fcss\u002Fkwplite-admin.css","\u002Fwp-content\u002Fplugins\u002Fkahis-wp-lite\u002Fcss\u002Fkwplite-public.css","\u002Fwp-content\u002Fplugins\u002Fkahis-wp-lite\u002Fjs\u002Fkwplite-admin.js",[],[252],[256,257,258],"kahis-wp-lite\u002Fcss\u002Fkwplite-admin.css?ver=","kahis-wp-lite\u002Fcss\u002Fkwplite-public.css?ver=","kahis-wp-lite\u002Fjs\u002Fkwplite-admin.js?ver=",{"cssClasses":260,"htmlComments":262,"htmlAttributes":263,"restEndpoints":265,"jsGlobals":266,"shortcodeOutput":268},[261],"kwplite-admin-settings",[],[264],"data-kwplite-action",[],[267],"kwplite",[]]