[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbX41Rr-cXzJ5PMXO_BL1Z2Vmod1YeAsxHjz1lBJSmbU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":108,"fingerprints":173},"kortez-toolset","Kortez Toolset","1.1.2","kortezthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fkortezthemes\u002F","\u003Cp>A easy plugin to import dummy data for themes by Kortez Themes.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Kortez Toolset is inspired by Keon Toolset. Some of the codes used in this plugin are used from Keon Toolset as they are under GPL license.\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fp>\n","Import dummy data for themes developed by Kortez Themes.",1000,19408,0,"2024-09-06T13:09:00.000Z","6.4.8","4.6",[18,19,20],"demo-data","demo-data-importer","one-click-demo-import","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkortez-toolset.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":30,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},40,7310,99,30,93,"2026-04-04T04:20:36.427Z",[35,50,67,78,94],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":46,"requires_at_least":16,"requires_php":16,"tags":47,"homepage":21,"download_link":48,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"keon-toolset","Keon Toolset","2.4.5","keonthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeonthemes\u002F","\u003Cp>A demo importer plugin that makes importing starter sites effortless for building your website!\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fp>\n","Import dummy data for themes developed by Keon Themes.",30000,1490109,"2026-01-07T05:31:00.000Z","6.9.4",[18,19,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fkeon-toolset.2.4.5.zip",100,{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":13,"num_ratings":13,"last_updated":60,"tested_up_to":46,"requires_at_least":61,"requires_php":62,"tags":63,"homepage":21,"download_link":66,"security_score":49,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"blockskit","Blockskit","1.2.2","BlockskitDev","https:\u002F\u002Fprofiles.wordpress.org\u002Fblockskitdev\u002F","\u003Cp>An easy plugin to import starter sites and add different effects to the image.\u003C\u002Fp>\n","An easy plugin to import starter sites and add different effects to the image.",8000,88023,"2025-12-21T10:23:00.000Z","5.9","7.4.9",[64,18,19,65,20],"block","image-block","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblockskit.1.2.2.zip",{"slug":68,"name":69,"version":70,"author":54,"author_profile":55,"description":71,"short_description":72,"active_installs":49,"downloaded":73,"rating":13,"num_ratings":13,"last_updated":74,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":75,"homepage":21,"download_link":76,"security_score":77,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"blockskit-import","Blockskit Import","0.0.6","\u003Cp>A easy plugin to import starter sites.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Blockskit Import is inspired by Keon Toolset. Some of the codes used in this plugin are used from Keon Toolset as they are under GPL license.\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cp>https:\u002F\u002Fpxhere.com\u002Fen\u002Flicense [CCO License]\u003C\u002Fp>\n","A easy plugin to import starter sites.",5891,"2024-02-12T12:03:00.000Z",[18,19,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblockskit-import.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":21,"download_link":93,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"cyclone-demo-importer","Cyclone Demo Importer","2.9.60","Cyclone Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcyclonetheme\u002F","\u003Cp>A easy plugin to import dummy data for themes by Cyclone Themes.\u003C\u002Fp>\n","Import Dummy data for themes developed by Cyclone Themes.",10000,537787,"2024-06-18T09:59:00.000Z","6.5.8","4.9","5.6",[18,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcyclone-demo-importer.2.9.60.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":11,"downloaded":102,"rating":13,"num_ratings":13,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":16,"tags":106,"homepage":21,"download_link":107,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"candid-advanced-toolset","Candid Advanced Toolset","1.1.0","candidthemes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcandidthemes\u002F","\u003Cp>A easy plugin to import dummy data for themes by Candid Themes.\u003C\u002Fp>\n\u003Ch3>Images License\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All the images used on the plugins are GPL compatible\u003C\u002Fli>\n\u003C\u002Ful>\n","Import Dummy data for themes developed by Candid Themes.",45719,"2025-03-10T10:20:00.000Z","6.7.5","6.3",[18,20],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcandid-advanced-toolset.zip",{"attackSurface":109,"codeSignals":154,"taintFlows":164,"riskAssessment":165,"analyzedAt":172},{"hooks":110,"ajaxHandlers":144,"restRoutes":150,"shortcodes":151,"cronEvents":152,"entryPointCount":153,"unprotectedCount":153},[111,117,124,128,132,135,140],{"type":112,"name":113,"callback":114,"file":115,"line":116},"action","switch_theme","flush_transient","demo\\functions.php",28,{"type":118,"name":119,"callback":120,"priority":121,"file":122,"line":123},"filter","advanced_import_demo_lists","kortez_toolset_demo_import_lists",10,"kortez-toolset.php",54,{"type":118,"name":125,"callback":126,"priority":121,"file":122,"line":127},"admin_menu","import_menu",55,{"type":118,"name":129,"callback":130,"priority":121,"file":122,"line":131},"admin_enqueue_scripts","enqueue_styles",57,{"type":118,"name":129,"callback":133,"priority":121,"file":122,"line":134},"enqueue_scripts",58,{"type":112,"name":136,"callback":137,"priority":138,"file":122,"line":139},"advanced_import_replace_term_ids","replace_term_ids",20,59,{"type":112,"name":141,"callback":142,"priority":31,"file":122,"line":143},"advanced_import_replace_post_ids","replace_attachment_ids",60,[145],{"action":146,"nopriv":147,"callback":148,"hasNonce":147,"hasCapCheck":147,"file":122,"line":149},"kortez_toolset_getting_started",false,"install_advanced_import",56,[],[],[],1,{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":13,"externalRequests":161,"nonceChecks":153,"capabilityChecks":162,"bundledLibraries":163},[],{"prepared":13,"raw":13,"locations":157},[],{"escaped":159,"rawEcho":13,"locations":160},5,[],22,3,[],[],{"summary":166,"deductions":167},"The kortez-toolset v1.1.2 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals excellent practices in several key areas. There are no dangerous functions detected, all SQL queries utilize prepared statements, and all identified output operations are properly escaped, which significantly reduces the risk of common vulnerabilities like SQL injection and cross-site scripting (XSS).  Furthermore, the absence of known CVEs and any recorded vulnerabilities in its history suggests a generally stable and well-maintained codebase.\n\nHowever, a significant concern arises from the attack surface analysis. The plugin exposes one AJAX handler without any authentication or capability checks. This unprotected entry point represents a direct risk, as any unauthenticated user could potentially interact with this handler, leading to unintended actions or information disclosure if the handler's functionality is not robustly secured internally.  While taint analysis found no specific unsanitized paths, the presence of this unprotected AJAX handler means any data processed by it could be indirectly vulnerable if not handled with extreme care within the AJAX function itself. The plugin also makes a substantial number of external HTTP requests, which, while not inherently a vulnerability, increases the attack surface and potential for issues related to insecure handling of remote resources.\n\nIn conclusion, kortez-toolset v1.1.2 demonstrates strong adherence to secure coding principles in its handling of database queries and output. The lack of historical vulnerabilities is a positive indicator. Nevertheless, the unprotected AJAX handler is a critical flaw that requires immediate attention, as it bypasses fundamental WordPress security mechanisms and presents a clear pathway for exploitation.",[168,170],{"reason":169,"points":121},"Unprotected AJAX handler",{"reason":171,"points":162},"High number of external HTTP requests","2026-03-16T18:52:30.542Z",{"wat":174,"direct":183},{"assetPaths":175,"generatorPatterns":178,"scriptPaths":179,"versionParams":180},[176,177],"\u002Fwp-content\u002Fplugins\u002Fkortez-toolset\u002Fassets\u002Fkortez-toolset.css","\u002Fwp-content\u002Fplugins\u002Fkortez-toolset\u002Fassets\u002Fkortez-toolset.js",[],[177],[181,182],"kortez-toolset\u002Fassets\u002Fkortez-toolset.css?ver=","kortez-toolset\u002Fassets\u002Fkortez-toolset.js?ver=",{"cssClasses":184,"htmlComments":190,"htmlAttributes":191,"restEndpoints":195,"jsGlobals":197,"shortcodeOutput":199},[185,186,187,188,189],"ads-container","ads-screenshot","ads-notice","ads-gsm-btn","plugin-install-notice",[],[192,193,194],"data-name","data-slug","aria-label",[196],"\u002Fwp-json\u002Fkortez-toolset\u002Fv1\u002Fsettings",[198],"kortez_toolset",[]]