[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsari6NwRTupeDgVLtPi_A9wJt-C5g_YCI4ujaLw-A_k":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":114,"crawl_stats":37,"alternatives":122,"analysis":144,"fingerprints":610},"keep-backup-daily","Keep Backup Daily","2.1.3","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"https:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fkeep-backup-daily\" rel=\"nofollow ugc\">https:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Fkeep-backup-daily\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>License: GPL 3. See License below for copyright jots and tittles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Keep Backup Daily backup your wordpress database and email to you daily, weekly, monthly and even yearly according to the settings. It is a wordpress plugin which helps you to get relax about taking regular backups. It is much better that if you are running a news website and don’t want to overload your database. Keep backup daily and another plugin might be freeing up your database on weekly basis. There can be many uses of this plugin, you could have a look what activity is performing on your database now a days. Its not only a convenience of exporting mysql database but having it in secure place as well. If you have configured the email client on your PC and want to keep backup on disk so it is possible as well with convenience. I am a PHP, WordPress developer and i faced a lot of inconvenience regarding keep an eye on wordpress DB regarding plugins and user’s activity. Our debugging process demands access to the DB most of the time so developed this utility for personal use and now publishing it. I coded a no. of fixes for wordpress sites and few of the solutions are in form of articles on my blog.\u003C\u002Fp>\n\u003Cp>Important!\u003C\u002Fp>\n\u003Cp>1- Many of the users might be using free hosting or cheap price hosting. Especially students do that but their data can be important to them, this plugin will give a feel of relax and to restore the website on last stable version of DB.\u003C\u002Fp>\n\u003Cp>2- Default Settings: For your convenience, we are providing cron schedule from our website androidbubbles.com to the URL https:\u002F\u002Fwww.androidbubbles.com\u002Fapi\u002Fkbd.php. For this purpose, we keep your domain name with us to access it e.g. http:\u002F\u002Fwww.yourdomain.com\u002F?kbd_cron_process=1\u003C\u002Fp>\n\u003Cp>Keep backup daily is arranged in flexible manner for better user experience.\u003C\u002Fp>\n\u003Ch4>Tags\u003C\u002Fh4>\n\u003Cp>offsite, sql, online backup, full backup, complete backup, mysql export, email mysql dump, db backup, database backup, email database backup, restore database backup\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This WordPress Plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. This free software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this software. If not, see http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n","Keep Backup Daily backup your wordpress database and email to you daily, weekly, monthly and even yearly according to the settings.",300,51591,88,45,"2026-03-13T00:17:00.000Z","6.9.4","3.0","7.0",[20,21,22,4,23],"daily-backup","database-security","free-backup","regular-backup","http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwebsite-development\u002Fphp-frameworks\u002Fwordpress\u002Fplugins\u002Fwordpress-plugin-keep-backup-daily\u002F1046","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeep-backup-daily.2.1.3.zip",95,6,0,"2026-03-20 00:00:00","2026-03-15T15:16:48.613Z",[32,47,60,74,89,103],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2026-3339","keep-backup-daily-authenticated-admin-limited-path-traversal-via-kbdpath-parameter","Keep Backup Daily \u003C= 2.1.1 - Authenticated (Admin+) Limited Path Traversal via 'kbd_path' Parameter","The Keep Backup Daily plugin for WordPress is vulnerable to Limited Path Traversal in all versions up to, and including, 2.1.1 via the `kbd_open_upload_dir` AJAX action. This is due to insufficient validation of the `kbd_path` parameter, which is only sanitized with `sanitize_text_field()` - a function that does not strip path traversal sequences. This makes it possible for authenticated attackers, with Administrator-level access and above, to list the contents of arbitrary directories on the server outside of the intended uploads directory.",null,"\u003C=2.1.1","low",2.7,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2026-03-20 23:25:10",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F01984754-e332-4500-99a2-10a7b79967f5?source=api-prod",1,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":37,"affected_versions":52,"patched_in_version":6,"severity":53,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":29,"updated_date":57,"references":58,"days_to_patch":46},"CVE-2026-3577","keep-backup-daily-authenticated-admin-stored-cross-site-scripting-via-backup-title","Keep Backup Daily \u003C= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title","The Keep Backup Daily plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the backup title alias (`val` parameter) in the `update_kbd_bkup_alias` AJAX action in all versions up to, and including, 2.1.2. This is due to insufficient input sanitization and output escaping. While `sanitize_text_field()` strips HTML tags on save, it does not encode double quotes. The backup titles are output in HTML attribute contexts without `esc_attr()`. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts via attribute injection that will execute whenever another administrator views the backup list page.","\u003C=2.1.2","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-20 23:25:11",[59],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F18a4fa4b-5c99-4347-8b34-e49f7e0972be?source=api-prod",{"id":61,"url_slug":62,"title":63,"description":64,"plugin_slug":4,"theme_slug":37,"affected_versions":65,"patched_in_version":66,"severity":53,"cvss_score":67,"cvss_vector":68,"vuln_type":42,"published_date":69,"updated_date":70,"references":71,"days_to_patch":73},"CVE-2025-26779","keep-backup-daily-authenticated-admin-arbitrary-file-download","Keep Backup Daily \u003C= 2.1.0 - Authenticated (Admin+) Arbitrary File Download","The Keep Backup Daily plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.1.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information.","\u003C=2.1.0","2.1.1",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","2025-02-14 00:00:00","2025-02-18 20:54:41",[72],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fedc197c6-dd0e-4a61-9421-5ae2595ff42b?source=api-prod",5,{"id":75,"url_slug":76,"title":77,"description":78,"plugin_slug":4,"theme_slug":37,"affected_versions":79,"patched_in_version":80,"severity":53,"cvss_score":81,"cvss_vector":82,"vuln_type":83,"published_date":84,"updated_date":85,"references":86,"days_to_patch":88},"CVE-2024-48024","keep-backup-daily-unauthenticated-information-disclosure","Keep Backup Daily \u003C= 2.0.8 - Unauthenticated Information Disclosure","The Keep Backup Daily plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.8. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.","\u003C=2.0.8","2.0.9",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2024-10-09 00:00:00","2024-10-24 18:15:24",[87],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8b007bf9-9756-4f18-81b9-7d4b15c5dca8?source=api-prod",16,{"id":90,"url_slug":91,"title":92,"description":93,"plugin_slug":4,"theme_slug":37,"affected_versions":94,"patched_in_version":95,"severity":53,"cvss_score":96,"cvss_vector":97,"vuln_type":56,"published_date":98,"updated_date":99,"references":100,"days_to_patch":102},"WF-741ad2f5-d5cf-44bc-ac4a-7894df77a3d1-keep-backup-daily","keep-backup-daily-reflected-cross-site-scripting","Keep Backup Daily \u003C= 2.0.3 - Reflected Cross-Site Scripting","The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any URL parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is not likely to be exploitable in modern browsers.","\u003C=2.0.3","2.0.4",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2022-07-07 00:00:00","2024-01-22 19:56:02",[101],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F741ad2f5-d5cf-44bc-ac4a-7894df77a3d1?source=api-prod",565,{"id":104,"url_slug":105,"title":106,"description":107,"plugin_slug":4,"theme_slug":37,"affected_versions":108,"patched_in_version":109,"severity":53,"cvss_score":96,"cvss_vector":97,"vuln_type":56,"published_date":110,"updated_date":99,"references":111,"days_to_patch":113},"CVE-2022-1820","keep-backup-daily-reflected-cross-site-scripting-2","Keep Backup Daily \u003C= 2.0.2 - Reflected Cross-Site Scripting","The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=2.0.2","2.0.3","2022-05-23 00:00:00",[112],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F8693a8b1-15e1-4c9c-90fb-51fcaf5ff451?source=api-prod",610,{"slug":115,"display_name":7,"profile_url":8,"plugin_count":116,"total_installs":117,"avg_security_score":118,"avg_patch_time_days":119,"trust_score":120,"computed_at":121},"fahadmahmood",40,32660,96,223,76,"2026-04-04T23:18:11.563Z",[123],{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":28,"downloaded":131,"rating":28,"num_ratings":28,"last_updated":132,"tested_up_to":16,"requires_at_least":133,"requires_php":134,"tags":135,"homepage":140,"download_link":141,"security_score":142,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":143},"content-guard-pro","Content Guard Pro – Database Malware Scanner & Spam Detector","1.0.6","contentguardpro","https:\u002F\u002Fprofiles.wordpress.org\u002Fcontentguardpro\u002F","\u003Cp>Your file scanner says “all clear” — but Google just flagged your site for spam.\u003C\u002Fp>\n\u003Cp>Attackers don’t always hide in files. They inject spam links directly into your Gutenberg blocks, bury SEO poison in postmeta, and hide obfuscated scripts in custom fields. \u003Cstrong>Traditional security plugins don’t scan there. Content Guard Pro does.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Content Guard Pro is a database-first malware scanner that finds hidden threats in your WordPress content — the blind spot in your current security stack.\u003C\u002Fp>\n\u003Ch4>The Gap in Your WordPress Security\u003C\u002Fh4>\n\u003Cp>Most security plugins scan files. That’s essential — but it’s only half the picture.\u003C\u002Fp>\n\u003Cp>Malware and spam increasingly bypass file scanners by injecting directly into your database:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Post content\u003C\u002Fstrong> — Hidden pharma links and casino spam inside nested Gutenberg blocks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom fields (postmeta)\u003C\u002Fstrong> — SEO spam and malicious redirects buried in metadata\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget areas\u003C\u002Fstrong> — Injected scripts that survive every file scan\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Options table\u003C\u002Fstrong> — Persistent backdoors and cloaked content\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you’ve ever cleaned a hacked site only to have Google flag it again weeks later, database-resident threats are likely the reason. Content Guard Pro finds them.\u003C\u002Fp>\n\u003Ch4>How Content Guard Pro Protects Your Site\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Find what other security plugins miss.\u003C\u002Fstrong> Content Guard Pro scans your posts, pages, custom post types, and metadata — the places where WordPress actually stores your content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Know exactly what to fix first.\u003C\u002Fstrong> Every finding gets a confidence score from 0 to 100 and a severity level (Critical, Suspicious, or Review). No guesswork, no alert fatigue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan without slowing down your site.\u003C\u002Fstrong> Background batch processing with auto-throttling means scans run smoothly even on shared hosting. Your visitors never notice.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Keep false positives low.\u003C\u002Fstrong> Accessibility-aware detection respects screen reader classes. Configurable allowlists let you whitelist trusted domains and patterns.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Maintain a complete audit trail.\u003C\u002Fstrong> Every scan, every finding, every action — tracked and timestamped for forensics and compliance.\u003C\u002Fp>\n\u003Ch4>What the Malware Scanner Detects\u003C\u002Fh4>\n\u003Cp>Content Guard Pro catches a wide range of database-resident threats:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hidden spam links\u003C\u002Fstrong> — Cloaked content using \u003Ccode>display:none\u003C\u002Fcode>, \u003Ccode>visibility:hidden\u003C\u002Fcode>, \u003Ccode>opacity:0\u003C\u002Fcode>, \u003Ccode>font-size:0\u003C\u002Fcode>, and other CSS tricks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Suspicious external resources\u003C\u002Fstrong> — Unknown \u003Ccode>\u003Ciframe>\u003C\u002Fcode> and \u003Ccode>\u003Cscript>\u003C\u002Fcode> tags loading remote content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO spam injections\u003C\u002Fstrong> — Pharma, casino, crypto, and gambling keyword stuffing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>URL shorteners and redirectors\u003C\u002Fstrong> — bit.ly, t.co, cutt.ly, and other redirect services hiding malicious destinations\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Obfuscated JavaScript\u003C\u002Fstrong> — \u003Ccode>eval()\u003C\u002Fcode>, \u003Ccode>fromCharCode()\u003C\u002Fcode>, Base64-encoded scripts, and \u003Ccode>data:\u003C\u002Fcode> URIs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Serialized PHP malware\u003C\u002Fstrong> — Threats hidden inside PHP arrays in postmeta, options, and page builder data\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cryptocurrency miners\u003C\u002Fstrong> — Coinhive, CryptoLoot, JSEcoin, and similar scripts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-layer encoded attacks\u003C\u002Fstrong> — Automatically peels back up to 3 layers of obfuscation: Base64 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> URL encoding \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> ROT13 \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> hex \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> octal\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Works Alongside Your Existing Security Plugins\u003C\u002Fh4>\n\u003Cp>Content Guard Pro is designed to \u003Cstrong>complement\u003C\u002Fstrong> file-based security, not replace it.\u003C\u002Fp>\n\u003Cp>Already using Wordfence, Sucuri, iThemes Security, All-In-One Security, or MalCare? Great — those tools protect your files. Content Guard Pro covers the database layer they don’t scan. Together, you get complete WordPress security coverage.\u003C\u002Fp>\n\u003Ch4>Built for WordPress Professionals\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Agencies managing client sites\u003C\u002Fstrong> — Find database threats before clients or Google discover them. Use findings to demonstrate the value of your security retainer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Freelancers and consultants\u003C\u002Fstrong> — Add content-layer scanning to your cleanup and maintenance workflow. Catch what file scanners leave behind.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>E-commerce site owners\u003C\u002Fstrong> — Protect product descriptions and category pages from SEO spam that damages your search rankings and revenue.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security professionals\u003C\u002Fstrong> — Fill the database gap in your security stack with specialized content-layer analysis.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Gutenberg Block Editor Security\u003C\u002Fh4>\n\u003Cp>WordPress stores content as nested blocks — and attackers exploit this. Content Guard Pro includes a recursive Gutenberg block parser that inspects every layer of nested blocks, including reusable blocks and block patterns. It also scans content in the Classic Editor with a dedicated meta box for findings.\u003C\u002Fp>\n\u003Ch4>Serialized Data Inspector\u003C\u002Fh4>\n\u003Cp>Page builders like Elementor, Beaver Builder, and Divi store data as serialized PHP arrays. Content Guard Pro safely unserializes and recursively inspects these structures up to 10 levels deep, detecting malware hidden in keys like \u003Ccode>custom_css\u003C\u002Fcode>, \u003Ccode>custom_js\u003C\u002Fcode>, \u003Ccode>callback\u003C\u002Fcode>, \u003Ccode>raw_html\u003C\u002Fcode>, and more.\u003C\u002Fp>\n\u003Ch4>Performance You Can Trust\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Scans approximately 100 posts in 30–60 seconds on shared hosting\u003C\u002Fli>\n\u003Cli>Auto-throttling prevents timeouts and resource exhaustion\u003C\u002Fli>\n\u003Cli>Resumable scans survive server restarts\u003C\u002Fli>\n\u003Cli>Safe Mode activates automatically for large sites (over 2 million rows)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer-Friendly\u003C\u002Fh4>\n\u003Cp>Content Guard Pro provides hooks and filters for customization:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>content_guard_pro_loaded\u003C\u002Fcode> — Plugin initialization\u003C\u002Fli>\n\u003Cli>\u003Ccode>content_guard_pro_finding_saved\u003C\u002Fcode> — After a finding is stored\u003C\u002Fli>\n\u003Cli>\u003Ccode>content_guard_pro_detection_patterns\u003C\u002Fcode> — Modify or add detection rules\u003C\u002Fli>\n\u003Cli>\u003Ccode>content_guard_pro_allowlist_domains\u003C\u002Fcode> — Programmatic domain allowlisting\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>REST API available at \u003Ccode>\u002Fwp-json\u002Fcontent-guard-pro\u002Fv1\u002Ffindings\u003C\u002Fcode> for programmatic access (Premium Agency+ tiers).\u003C\u002Fp>\n\u003Ch4>External Services & Privacy\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>API Connection:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin connects to Content Guard Pro API (api.contentguardpro.com) for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Free tier activation tracking (site URL, WP version, PHP version, plugin version)\u003C\u002Fli>\n\u003Cli>License validation when a paid license key is entered\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>What is sent:\u003C\u002Fstrong> Site URL, site name, WordPress version, PHP version, plugin version, and admin email (free tier only). Sent once on activation via asynchronous, non-blocking request.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy:\u003C\u002Fstrong> All data sent over HTTPS. No post content or scan data is ever transmitted. All scanning happens locally on your server.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Service provider:\u003C\u002Fstrong> Content Guard Pro Team\u003Cbr \u002F>\n\u003Cstrong>Terms:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fcontentguardpro.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fcontentguardpro.com\u002Fterms\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fcontentguardpro.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fcontentguardpro.com\u002Fprivacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Documentation:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fcontentguardpro.com\u002Fdocs\" rel=\"nofollow ugc\">https:\u002F\u002Fcontentguardpro.com\u002Fdocs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Support Forum:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontent-guard-pro\u002F\" rel=\"ugc\">https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontent-guard-pro\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bug Reports:\u003C\u002Fstrong> WordPress.org support forum\u003C\u002Fli>\n\u003C\u002Ful>\n","Scan your WordPress database for hidden malware, spam links, and SEO injections that file-based security plugins miss. Gutenberg-aware.",233,"","6.1","8.0",[21,136,137,138,139],"malware-removal","malware-scanner","security-scanner","spam-detection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontent-guard-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcontent-guard-pro.1.0.6.zip",100,"2026-03-15T10:48:56.248Z",{"attackSurface":145,"codeSignals":326,"taintFlows":460,"riskAssessment":596,"analyzedAt":609},{"hooks":146,"ajaxHandlers":246,"restRoutes":321,"shortcodes":322,"cronEvents":323,"entryPointCount":324,"unprotectedCount":325},[147,153,159,163,168,173,179,181,186,189,194,198,202,205,207,212,217,220,224,229,232,237,240,242,244],{"type":148,"name":149,"callback":150,"file":151,"line":152},"filter","kbfnr_backup_header_included_tables","backup_header_included_tables","inc\\find_replace\\class\\Common\\BackupExport.php",70,{"type":154,"name":155,"callback":156,"file":157,"line":158},"action","kbfnr_notices","template_muplugin_update_fail","inc\\find_replace\\class\\Common\\Compatibility\\CompatibilityManager.php",105,{"type":154,"name":160,"callback":161,"file":157,"line":162},"kb_migrate_db_remove_compatibility_plugin","remove_muplugin_on_deactivation",107,{"type":154,"name":164,"callback":165,"file":166,"line":167},"admin_init","check_for_wp_filesystem","inc\\find_replace\\class\\Common\\Filesystem\\Filesystem.php",64,{"type":148,"name":169,"callback":170,"file":171,"line":172},"kbfnr_after_response","unscramble","inc\\find_replace\\class\\Common\\Http\\RemotePost.php",113,{"type":148,"name":174,"callback":175,"priority":176,"file":177,"line":178},"kbfnr_create_table_query","mysql_compat_filter",10,"inc\\find_replace\\class\\Common\\Migration\\MigrationManager.php",254,{"type":148,"name":174,"callback":175,"priority":176,"file":177,"line":180},259,{"type":154,"name":182,"callback":183,"file":184,"line":185},"admin_menu","admin_head_connection_info","inc\\find_replace\\class\\Common\\Plugin\\Menu.php",39,{"type":154,"name":187,"callback":183,"file":184,"line":188},"admin_head-settings_page_kbd_download",50,{"type":154,"name":190,"callback":191,"file":192,"line":193},"pre_current_active_plugins","plugin_deactivated_notice","inc\\find_replace\\class\\Common\\Plugin\\PluginManagerBase.php",101,{"type":154,"name":195,"callback":196,"file":192,"line":197},"plugins_loaded","maybe_disable_wp_engine_filtering",103,{"type":148,"name":199,"callback":200,"priority":176,"file":192,"line":201},"http_request_args","preempt_expect_header",108,{"type":154,"name":164,"callback":203,"file":192,"line":204},"maybe_schema_update",110,{"type":154,"name":206,"callback":183,"file":192,"line":172},"admin_enqueue_scripts",{"type":154,"name":208,"callback":209,"file":210,"line":211},"kbfnr_after_advanced_options","mf_migration_form_controls","inc\\find_replace\\class\\Free\\UI\\Template.php",35,{"type":154,"name":213,"callback":214,"file":215,"line":216},"init","loadPluginTextDomain","inc\\find_replace\\class\\KBDFindReplace.php",47,{"type":148,"name":218,"callback":218,"file":215,"line":219},"nocache_headers",49,{"type":154,"name":195,"callback":221,"file":222,"line":223},"kb_migrate_db_loaded","inc\\find_replace\\setup-mdb.php",34,{"type":154,"name":225,"callback":226,"file":227,"line":228},"admin_footer","kbd_add_export_media_button","inc\\functions.php",711,{"type":154,"name":213,"callback":230,"file":227,"line":231},"kbd_download_backup_zip",912,{"type":148,"name":233,"callback":234,"file":235,"line":236},"wp_mail_content_type","kbd_email_content_type","inc\\kbd_cron.php",43,{"type":154,"name":213,"callback":238,"priority":46,"file":239,"line":193},"init_sessions","index.php",{"type":154,"name":182,"callback":241,"file":239,"line":197},"kbd_menu",{"type":154,"name":206,"callback":243,"file":239,"line":158},"register_kbd_styles",{"type":154,"name":213,"callback":245,"priority":46,"file":239,"line":204},"kbd_cron_process",[247,252,256,260,264,268,272,275,279,280,285,289,294,297,300,304,308,312,315,318],{"action":248,"nopriv":249,"callback":250,"hasNonce":251,"hasCapCheck":249,"file":157,"line":197},"kbfnr_plugin_compatibility",false,"ajax_plugin_compatibility",true,{"action":253,"nopriv":249,"callback":254,"hasNonce":249,"hasCapCheck":249,"file":177,"line":255},"kbfnr_initiate_migration","ajax_initiate_migration",139,{"action":257,"nopriv":249,"callback":258,"hasNonce":251,"hasCapCheck":249,"file":177,"line":259},"kbfnr_migrate_table","ajax_migrate_table",140,{"action":261,"nopriv":249,"callback":262,"hasNonce":251,"hasCapCheck":249,"file":177,"line":263},"kbfnr_cancel_migration","ajax_cancel_migration",141,{"action":265,"nopriv":249,"callback":266,"hasNonce":249,"hasCapCheck":249,"file":177,"line":267},"kbfnr_finalize_migration","ajax_finalize_migration",142,{"action":269,"nopriv":249,"callback":270,"hasNonce":251,"hasCapCheck":249,"file":177,"line":271},"kbfnr_flush","ajax_flush",143,{"action":269,"nopriv":251,"callback":273,"hasNonce":249,"hasCapCheck":249,"file":177,"line":274},"ajax_nopriv_flush",144,{"action":276,"nopriv":249,"callback":277,"hasNonce":251,"hasCapCheck":249,"file":192,"line":278},"kbfnr_process_notice_link","ajax_process_notice_link",104,{"action":276,"nopriv":249,"callback":277,"hasNonce":251,"hasCapCheck":249,"file":192,"line":158},{"action":281,"nopriv":249,"callback":282,"hasNonce":251,"hasCapCheck":249,"file":283,"line":284},"kbfnr_delete_migration_profile","ajax_delete_migration_profile","inc\\find_replace\\class\\Common\\Profile\\ProfileManager.php",111,{"action":286,"nopriv":249,"callback":287,"hasNonce":251,"hasCapCheck":249,"file":283,"line":288},"kbfnr_save_profile","ajax_save_profile",112,{"action":290,"nopriv":249,"callback":291,"hasNonce":251,"hasCapCheck":249,"file":292,"line":293},"kbfnr_save_setting","ajax_save_setting","inc\\find_replace\\class\\Common\\Settings\\SettingsManager.php",48,{"action":295,"nopriv":249,"callback":296,"hasNonce":251,"hasCapCheck":249,"file":292,"line":219},"kbfnr_clear_log","ajax_clear_log",{"action":298,"nopriv":249,"callback":299,"hasNonce":251,"hasCapCheck":249,"file":292,"line":188},"kbfnr_get_log","ajax_get_log",{"action":301,"nopriv":249,"callback":302,"hasNonce":251,"hasCapCheck":249,"file":292,"line":303},"kbfnr_whitelist_plugins","ajax_whitelist_plugins",51,{"action":305,"nopriv":249,"callback":306,"hasNonce":251,"hasCapCheck":249,"file":292,"line":307},"kbfnr_update_max_request_size","ajax_update_max_request_size",52,{"action":309,"nopriv":249,"callback":310,"hasNonce":251,"hasCapCheck":249,"file":292,"line":311},"kbfnr_update_delay_between_requests","ajax_update_delay_between_requests",53,{"action":313,"nopriv":249,"callback":313,"hasNonce":251,"hasCapCheck":251,"file":227,"line":314},"update_kbd_bkup_alias",578,{"action":316,"nopriv":249,"callback":316,"hasNonce":251,"hasCapCheck":249,"file":227,"line":317},"kbd_open_upload_dir",818,{"action":319,"nopriv":249,"callback":319,"hasNonce":251,"hasCapCheck":249,"file":227,"line":320},"kbd_process_fresh_backup",969,[],[],[],20,3,{"dangerousFunctions":327,"sqlUsage":345,"outputEscaping":376,"fileOperations":307,"externalRequests":457,"nonceChecks":458,"capabilityChecks":73,"bundledLibraries":459},[328,332,336,339,342],{"fn":329,"file":171,"line":330,"context":331},"unserialize",298,"$response = unserialize( trim( $response ) );",{"fn":329,"file":333,"line":334,"context":335},"inc\\find_replace\\class\\Common\\Util\\Util.php",171,"$unserialized_string = @unserialize( $serialized_string );",{"fn":329,"file":227,"line":337,"context":338},327,"if(is_array(unserialize($data)))",{"fn":329,"file":227,"line":340,"context":341},332,"$data = unserialize($data);",{"fn":329,"file":227,"line":343,"context":344},687,"$unserialized = @unserialize($data);",{"prepared":188,"raw":346,"locations":347},12,[348,352,354,357,359,361,363,366,368,370,372,374],{"file":349,"line":350,"context":351},"inc\\find_replace\\class\\Common\\Sql\\Table.php",353,"$wpdb->get_results() with variable interpolation",{"file":349,"line":353,"context":351},387,{"file":349,"line":355,"context":356},485,"$wpdb->get_var() with variable interpolation",{"file":349,"line":358,"context":351},673,{"file":349,"line":360,"context":356},697,{"file":349,"line":362,"context":351},810,{"file":349,"line":364,"context":365},1736,"$wpdb->query() with variable interpolation",{"file":349,"line":367,"context":356},1758,{"file":349,"line":369,"context":351},1759,{"file":349,"line":371,"context":351},1927,{"file":227,"line":373,"context":356},635,{"file":227,"line":375,"context":365},653,{"escaped":142,"rawEcho":116,"locations":377},[378,382,384,386,388,390,392,394,396,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,437,439,441,442,444,446,448,449,451,453,455,456],{"file":379,"line":380,"context":381},"inc\\find_replace\\class\\Common\\Error\\ErrorLog.php",186,"raw output",{"file":379,"line":383,"context":381},207,{"file":379,"line":385,"context":381},214,{"file":379,"line":387,"context":381},216,{"file":379,"line":389,"context":381},225,{"file":379,"line":391,"context":381},227,{"file":379,"line":393,"context":381},400,{"file":349,"line":395,"context":381},1006,{"file":397,"line":398,"context":381},"inc\\find_replace\\class\\Common\\UI\\TemplateBase.php",193,{"file":397,"line":400,"context":381},195,{"file":333,"line":402,"context":381},398,{"file":333,"line":404,"context":381},801,{"file":227,"line":406,"context":381},451,{"file":227,"line":408,"context":381},601,{"file":227,"line":410,"context":381},829,{"file":227,"line":412,"context":381},984,{"file":235,"line":414,"context":381},62,{"file":235,"line":416,"context":381},65,{"file":235,"line":418,"context":381},236,{"file":235,"line":420,"context":381},241,{"file":235,"line":422,"context":381},242,{"file":235,"line":424,"context":381},251,{"file":235,"line":426,"context":381},252,{"file":235,"line":428,"context":381},284,{"file":235,"line":430,"context":381},285,{"file":235,"line":432,"context":381},286,{"file":235,"line":434,"context":381},507,{"file":235,"line":436,"context":381},508,{"file":235,"line":438,"context":381},509,{"file":440,"line":26,"context":381},"inc\\kbd_settings.php",{"file":440,"line":118,"context":381},{"file":440,"line":443,"context":381},97,{"file":440,"line":445,"context":381},98,{"file":440,"line":447,"context":381},106,{"file":440,"line":201,"context":381},{"file":440,"line":450,"context":381},119,{"file":440,"line":452,"context":381},156,{"file":440,"line":454,"context":381},198,{"file":440,"line":454,"context":381},{"file":440,"line":385,"context":381},2,21,[],[461,483,510,519,532,541,560,568,578],{"entryPoint":462,"graph":463,"unsanitizedCount":46,"severity":53},"kbd_open_upload_dir (inc\\functions.php:821)",{"nodes":464,"edges":480},[465,470,474],{"id":466,"type":467,"label":468,"file":227,"line":469},"n0","source","$_POST",848,{"id":471,"type":472,"label":473,"file":227,"line":469},"n1","transform","→ kbd_get_dir_list_html()",{"id":475,"type":476,"label":477,"file":227,"line":478,"wp_function":479},"n2","sink","echo() [XSS]",791,"echo",[481,482],{"from":466,"to":471,"sanitized":249},{"from":471,"to":475,"sanitized":249},{"entryPoint":484,"graph":485,"unsanitizedCount":46,"severity":53},"\u003Cfunctions> (inc\\functions.php:0)",{"nodes":486,"edges":505},[487,489,493,496,499,501,503],{"id":466,"type":467,"label":468,"file":227,"line":488},190,{"id":471,"type":476,"label":490,"file":227,"line":491,"wp_function":492},"file_get_contents() [SSRF\u002FLFI]",192,"file_get_contents",{"id":475,"type":467,"label":494,"file":227,"line":495},"$_POST (x3)",170,{"id":497,"type":476,"label":498,"file":227,"line":337,"wp_function":329},"n3","unserialize() [Object Injection]",{"id":500,"type":467,"label":468,"file":227,"line":469},"n4",{"id":502,"type":472,"label":473,"file":227,"line":469},"n5",{"id":504,"type":476,"label":477,"file":227,"line":478,"wp_function":479},"n6",[506,507,508,509],{"from":466,"to":471,"sanitized":251},{"from":475,"to":497,"sanitized":251},{"from":500,"to":502,"sanitized":249},{"from":502,"to":504,"sanitized":249},{"entryPoint":511,"graph":512,"unsanitizedCount":457,"severity":53},"kbd_cron_process (inc\\kbd_cron.php:12)",{"nodes":513,"edges":517},[514,516],{"id":466,"type":467,"label":515,"file":235,"line":414},"$_SERVER['HTTP_HOST'] (x2)",{"id":471,"type":476,"label":477,"file":235,"line":414,"wp_function":479},[518],{"from":466,"to":471,"sanitized":249},{"entryPoint":520,"graph":521,"unsanitizedCount":46,"severity":53},"kbd_force_download_old (inc\\kbd_cron.php:220)",{"nodes":522,"edges":530},[523,526],{"id":466,"type":467,"label":524,"file":235,"line":525},"$_GET",306,{"id":471,"type":476,"label":527,"file":235,"line":528,"wp_function":529},"header() [Header Injection]",312,"header",[531],{"from":466,"to":471,"sanitized":249},{"entryPoint":533,"graph":534,"unsanitizedCount":46,"severity":53},"kbd_force_download (inc\\kbd_cron.php:324)",{"nodes":535,"edges":539},[536,537],{"id":466,"type":467,"label":524,"file":235,"line":350},{"id":471,"type":476,"label":527,"file":235,"line":538,"wp_function":529},367,[540],{"from":466,"to":471,"sanitized":249},{"entryPoint":542,"graph":543,"unsanitizedCount":559,"severity":53},"\u003Ckbd_cron> (inc\\kbd_cron.php:0)",{"nodes":544,"edges":555},[545,546,547,549,550,553],{"id":466,"type":467,"label":515,"file":235,"line":414},{"id":471,"type":476,"label":477,"file":235,"line":414,"wp_function":479},{"id":475,"type":467,"label":548,"file":235,"line":525},"$_GET (x2)",{"id":497,"type":476,"label":527,"file":235,"line":528,"wp_function":529},{"id":500,"type":467,"label":551,"file":235,"line":552},"$_GET (x4)",340,{"id":502,"type":476,"label":477,"file":235,"line":554,"wp_function":479},505,[556,557,558],{"from":466,"to":471,"sanitized":249},{"from":475,"to":497,"sanitized":249},{"from":500,"to":502,"sanitized":249},8,{"entryPoint":561,"graph":562,"unsanitizedCount":28,"severity":39},"kbd_settings (inc\\functions.php:115)",{"nodes":563,"edges":566},[564,565],{"id":466,"type":467,"label":468,"file":227,"line":488},{"id":471,"type":476,"label":490,"file":227,"line":491,"wp_function":492},[567],{"from":466,"to":471,"sanitized":251},{"entryPoint":569,"graph":570,"unsanitizedCount":28,"severity":39},"\u003Ckbd_find_replace> (inc\\kbd_find_replace.php:0)",{"nodes":571,"edges":576},[572,575],{"id":466,"type":467,"label":573,"file":574,"line":559},"$_SERVER['REQUEST_URI']","inc\\kbd_find_replace.php",{"id":471,"type":476,"label":477,"file":574,"line":559,"wp_function":479},[577],{"from":466,"to":471,"sanitized":251},{"entryPoint":579,"graph":580,"unsanitizedCount":28,"severity":39},"\u003Ckbd_settings> (inc\\kbd_settings.php:0)",{"nodes":581,"edges":592},[582,584,585,588,589,591],{"id":466,"type":467,"label":573,"file":440,"line":583},58,{"id":471,"type":476,"label":477,"file":440,"line":583,"wp_function":479},{"id":475,"type":467,"label":586,"file":440,"line":587},"$_POST['wpkbd_tn']",248,{"id":497,"type":476,"label":477,"file":440,"line":587,"wp_function":479},{"id":500,"type":467,"label":590,"file":440,"line":178},"$_GET['t']",{"id":502,"type":476,"label":477,"file":440,"line":178,"wp_function":479},[593,594,595],{"from":466,"to":471,"sanitized":251},{"from":475,"to":497,"sanitized":251},{"from":500,"to":502,"sanitized":251},{"summary":597,"deductions":598},"The 'keep-backup-daily' plugin v2.1.3 presents a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and an adequate number of nonce checks, several concerning areas require attention. The presence of 3 AJAX handlers without authentication checks significantly expands the attack surface, potentially allowing unauthorized users to trigger sensitive operations.\n\nThe static analysis also highlights the use of the `unserialize` function, which is notoriously dangerous and can lead to remote code execution if used with untrusted input. Although the taint analysis shows no critical or high severity flows, the 6 flows with unsanitized paths are concerning as they could potentially be exploited, especially in conjunction with the unauthenticated AJAX handlers.\n\nThe plugin's vulnerability history is a significant red flag. With 4 known medium severity CVEs, including Path Traversal, Exposure of Sensitive Information, and Cross-site Scripting, it indicates a pattern of exploitable weaknesses. The fact that these vulnerabilities existed, even if they are now patched, suggests a recurring need for more robust security development practices. While the absence of currently unpatched vulnerabilities is positive, the historical pattern combined with the identified code weaknesses warrants a cautious approach to its deployment.",[599,601,603,605,607],{"reason":600,"points":176},"Unauthenticated AJAX handlers",{"reason":602,"points":559},"Dangerous function: unserialize usage",{"reason":604,"points":27},"Flows with unsanitized paths",{"reason":606,"points":346},"Known medium severity CVEs in history",{"reason":608,"points":73},"Improper output escaping (29% unescaped)","2026-03-16T20:02:22.762Z",{"wat":611,"direct":622},{"assetPaths":612,"generatorPatterns":616,"scriptPaths":617,"versionParams":618},[613,614,615],"\u002Fwp-content\u002Fplugins\u002Fkeep-backup-daily\u002Fassets\u002Fcss\u002Fcommon.css","\u002Fwp-content\u002Fplugins\u002Fkeep-backup-daily\u002Fassets\u002Fjs\u002Fcommon.js","\u002Fwp-content\u002Fplugins\u002Fkeep-backup-daily\u002Fassets\u002Fjs\u002Fkbfnr-admin.js",[],[],[619,620,621],"keep-backup-daily\u002Fassets\u002Fcss\u002Fcommon.css?ver=","keep-backup-daily\u002Fassets\u002Fjs\u002Fcommon.js?ver=","keep-backup-daily\u002Fassets\u002Fjs\u002Fkbfnr-admin.js?ver=",{"cssClasses":623,"htmlComments":626,"htmlAttributes":628,"restEndpoints":632,"jsGlobals":634,"shortcodeOutput":636},[624,625],"kbfnr-notice-wrap","kbfnr-button-wrap",[627],"\u003C!-- Begin KBFNR Compatibility Mode Notice -->",[629,630,631],"data-kbfnr-ajax-url","data-kbfnr-ajax-nonce","data-kbfnr-plugin-nonce",[633],"\u002Fwp-json\u002Fkbfnr\u002Fv1\u002Fcompatibility",[635],"kbfnr_admin_params",[]]