[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9EuFmCXcTVdSC-vuHTwoFJSlky3Yqu3njaizVB45gCE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":159,"fingerprints":414},"lock-your-updates","Lock Your Updates Plugins\u002FThemes Manager","1.1","Rachel Cherry","https:\u002F\u002Fprofiles.wordpress.org\u002Fbamadesigner\u002F","\u003Cp>It hopefully doesn’t happen alot, but sometimes you have to edit the core code of a plugin or theme. It’s not ideal, and it sucks, but, whatever the reason, you had to do it. Now you’re worried you’re going to forget about your edit, update your plugin or theme (as you usually should), and lose your edits!\u003C\u002Fp>\n\u003Cp>Well, instead of worrying, use the Lock Your Updates Plugins\u002FThemes Manager to lock your plugins and themes from being updated and to store notes to help you remember what edits you made, all from the plugins or themes admin management page.\u003C\u002Fp>\n\u003Cp>The Lock Your Updates Plugins\u002FThemes Manager is multisite compatible.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Provides simple lock\u002Funlock management on the plugins and themes admin management page.\u003C\u002Fli>\n\u003Cli>Provides method of storing notes so you can remember why you locked the plugin or theme.\u003C\u002Fli>\n\u003Cli>You will still be notified that a plugin or theme needs to be updated, even if it is locked.\u003C\u002Fli>\n\u003Cli>Lock Your Updates is multisite compatible.\u003C\u002Fli>\n\u003Cli>If running WordPress multisite, Lock Your Updates provides an admin column that shows you where your plugins and themes are active.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>If You’d Like To Contribute\u003C\u002Fh4>\n\u003Cp>If you’d like to contribute to this plugin, feel free to do so on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbamadesigner\u002Flock-your-updates\" rel=\"nofollow ugc\">“Lock Your Updates” GitHub repo\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>A big shoutout to Aaron Robb \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Faaron_robb\" rel=\"nofollow ugc\">@aaron_robb\u003C\u002Fa> who helped make this plugin grow.\u003C\u002Fp>\n","Allows you to lock your plugins and themes from being updated and keep notes on why the plugin or theme is locked.",300,6663,100,5,"2015-03-22T16:27:00.000Z","4.1.42","3.8","",[20,21,22,23,24],"lock","theme","unlock","update","updates","http:\u002F\u002Fwpdreamer.com\u002Fplugins\u002Flock-your-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flock-your-updates.1.1.zip",63,1,"2025-04-09 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-32537","lock-your-updates-reflected-cross-site-scripting","Lock Your Updates \u003C= 1.1 - Reflected Cross-Site Scripting","The Lock Your Updates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-04-16 19:11:52",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb457db06-84c8-4b7b-b7c1-091771a11a35?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"bamadesigner",3,410,83,30,82,"2026-04-04T09:06:48.211Z",[55,79,102,122,143],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":69,"tags":70,"homepage":76,"download_link":77,"security_score":13,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"disable-email-notification-for-auto-updates","Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes","1.0.5","ideasToCode","https:\u002F\u002Fprofiles.wordpress.org\u002Fideastocode\u002F","\u003Cp>Key Features:\u003Cbr \u002F>\n– Disable Email Notifications for Auto-Updates\u003Cbr \u002F>\n– Block\u002Fhide Specific Plugin Updates: You can choose plugins to block\u002Fhide (plugin’s list)\u003Cbr \u002F>\n– Block WordPress Core and Theme Updates\u003Cbr \u002F>\n– Remove Update Buttons from Admin Panel (under Dashboard menu)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Our Another Plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F\" rel=\"ugc\">Improve Website Security\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F\" rel=\"ugc\">Enable SVG, WebP, and ICO Upload\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable Email Notifications for Auto-Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nWith the introduction of WordPress 5.5, the auto-update feature was enabled, and email notifications started being sent for every update made. By simply installing this plugin, you can stop receiving these annoying notifications for every auto-update made to plugins, themes, or even the WordPress core. Please note that this plugin will not affect the auto-update feature of WordPress if it is enabled.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Specific Plugin Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn the “Block Plugin Updates” tab, the plugin will list all installed plugins on your website. If there are specific plugins you do not want to update, you can disable updates for those particular plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block WordPress Core and Theme Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou also have the option to block updates for the WordPress core and themes. However, this is not recommended for security reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Update Buttons from Admin Panel:\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you do not want to see the “Updates” menu under the Dashboard, you can easily hide it from the admin panel menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Default Settings:\u003C\u002Fstrong>\u003Cbr \u002F>\nBy default, only the email notification feature is turned on; other settings must be configured manually.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tutorial video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3U4QM7UZ6D8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>If you want to learn more and see how this plugin works – please check our\u003Ca href=\"https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F\" rel=\"nofollow ugc\"> website – ideastocode.com.\u003C\u002Fa>\u003C\u002Fp>\n","This plugin disables email notifications for auto-updates and blocks updates for specific plugins, hide plugins, WordPress core, and themes.",3000,15949,2,"2025-12-04T21:10:00.000Z","6.9.4","5.5","7.0",[71,72,73,74,75],"block-specific-plugin-updates","block-themes-updates","block-wordpress-core-updates","disable-update-notification-emails","hide-updates-from-dashboard","https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-email-notification-for-auto-updates.1.0.5.zip",0,{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":92,"requires_at_least":93,"requires_php":18,"tags":94,"homepage":99,"download_link":100,"security_score":101,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"automatic-updater","Advanced Automatic Updates","1.0.2","Gary Pendergast","https:\u002F\u002Fprofiles.wordpress.org\u002Fpento\u002F","\u003Cp>Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!\u003C\u002Fp>\n\u003Cp>If you’re working on a WordPress Multisite install, it will properly restrict the options page to your Network Admin.\u003C\u002Fp>\n\u003Cp>While this will be useful for the vast majority of sites, please exercise caution, particularly if you have any custom themes or plugins running on your site.\u003C\u002Fp>\n","Adds extra options to WordPress' built-in Automatic Updates feature.",30000,255107,94,61,"2021-06-04T00:46:00.000Z","5.0.25","3.7",[95,96,97,98,24],"core","plugins","stable","themes","http:\u002F\u002Fpento.net\u002Fprojects\u002Fautomatic-updater-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-updater.1.0.2.zip",85,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":17,"requires_php":116,"tags":117,"homepage":120,"download_link":121,"security_score":13,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"disable-wordpress-updates","Disable All WordPress Updates","1.9.1","wpseek","https:\u002F\u002Fprofiles.wordpress.org\u002Falphawolf\u002F","\u003Cp>This plugin completely disables the theme, plugin and core update checking system in WordPress. The plugin prevents WordPress from\u003Cbr \u002F>\nchecking for updates including cronjobs, and prevents any notifications from being displayed.\u003C\u002Fp>\n\u003Cp>It’s \u003Cem>very\u003C\u002Fem> important that you keep your WordPress theme, core and plugins up to date! If you don’t, your blog or website could\u003Cbr \u002F>\nbe \u003Cstrong>susceptible to security vulnerabilities\u003C\u002Fstrong> or performance issues.\u003C\u002Fp>\n\u003Cp>If you use this plugin, make sure you keep yourself up to date with new releases of your active WordPress version, plugins\u003Cbr \u002F>\nand themes and update them as new versions are released (simply by deactivating this plugin for a short time).\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fx.com\u002Fwpseek\" title=\"Developer on X\" rel=\"nofollow ugc\">Developer on X\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fbsky.app\u002Fprofile\u002Fcyberblitzbirne.bsky.social\" title=\"Developer on Bluesky\" rel=\"nofollow ugc\">Developer on Bluesky\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Looking for more WordPress plugins? Visit \u003Ca href=\"https:\u002F\u002Fwww.schloebe.de\u002Fportfolio\u002F\" rel=\"nofollow ugc\">www.schloebe.de\u002Fportfolio\u002F\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Disables the theme, plugin and core update checking, the related cronjobs, plugin\u002Ftheme update health checks and notification system.",20000,843364,96,68,"2026-02-15T13:23:00.000Z","6.9.99","7.4",[118,21,23,119],"disable-updates","update-control","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-wordpress-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wordpress-updates.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":13,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":68,"requires_php":135,"tags":136,"homepage":141,"download_link":142,"security_score":101,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"disable-theme-and-plugin-auto-update-emails","Disable Theme and Plugin Auto-Update Emails","2.0.5","KZeni","https:\u002F\u002Fprofiles.wordpress.org\u002Fkzeni\u002F","\u003Cp>Disables the default notification emails sent by a site after an automatic theme and\u002For plugin update. Simply activate the plugin to disable these email notifications (allows failure notices through unless setting is enabled to disable these as well).\u003C\u002Fp>\n\u003Cp>This is a simple & lightweight plugin that simply uses the official filters made available as of WordPress 5.5 to disable these email notifications upon activation. It does let update failure notifications through by default, but the Settings => General page has a setting to disable these as well.\u003C\u002Fp>\n\u003Cp>Check things out on GitHub at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKZeni\u002FDisable-WordPress-Theme-and-Plugin-Auto-Update-Emails\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FKZeni\u002FDisable-WordPress-Theme-and-Plugin-Auto-Update-Emails\u003C\u002Fa>\u003C\u002Fp>\n","Disables the default notification emails sent by a site after an automatic theme and\u002For plugin update. Simply activate the plugin to disable these ema &hellip;",10000,112263,10,"2023-10-24T21:49:00.000Z","6.4.8","5.4",[137,138,139,140,24],"email","notifications","plugin-update","theme-update","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-theme-and-plugin-auto-update-emails\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-theme-and-plugin-auto-update-emails.2.0.5.zip",{"slug":118,"name":144,"version":145,"author":146,"author_profile":147,"description":148,"short_description":149,"active_installs":130,"downloaded":150,"rating":112,"num_ratings":151,"last_updated":152,"tested_up_to":67,"requires_at_least":153,"requires_php":154,"tags":155,"homepage":157,"download_link":158,"security_score":13,"vuln_count":78,"unpatched_count":78,"last_vuln_date":37,"fetched_at":30},"Disable Updates for WordPress Core, Plugins and Themes","1.4.2","Johan van der Wijk","https:\u002F\u002Fprofiles.wordpress.org\u002Fvanderwijk\u002F","\u003Cp>This plugin disables all WordPress updates (core, plugins and themes). This can be useful if you have multiple environments such as a live and staging server and you don’t want your users to use the update functionality.\u003C\u002Fp>\n\u003Cp>This plugin not only disables the update mechanism for the core, plugins and themes, but it also removes the update menu item from the left navigation menu in the admin dashboard.\u003C\u002Fp>\n","Disables the WordPress update checking and notification system for all core, plugin and theme updates.",108696,4,"2025-12-01T15:45:00.000Z","4.6","5.6",[156,118,139,140,24],"core-update","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisable-updates\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-updates.1.4.2.zip",{"attackSurface":160,"codeSignals":265,"taintFlows":333,"riskAssessment":400,"analyzedAt":413},{"hooks":161,"ajaxHandlers":239,"restRoutes":262,"shortcodes":263,"cronEvents":264,"entryPointCount":14,"unprotectedCount":48},[162,168,171,174,176,180,183,188,190,193,197,200,205,208,212,216,219,223,227,232,234],{"type":163,"name":164,"callback":165,"priority":28,"file":166,"line":167},"action","load-plugins.php","set_active_plugins_themes_by_site","admin\\class-lock-your-updates-admin.php",70,{"type":163,"name":169,"callback":165,"priority":28,"file":166,"line":170},"load-themes.php",71,{"type":163,"name":164,"callback":172,"priority":65,"file":166,"line":173},"lock_unlock_plugins_themes",74,{"type":163,"name":169,"callback":172,"priority":65,"file":166,"line":175},75,{"type":163,"name":177,"callback":178,"file":166,"line":179},"admin_enqueue_scripts","enqueue_admin_styles",78,{"type":163,"name":177,"callback":181,"file":166,"line":182},"enqueue_admin_scripts",79,{"type":184,"name":185,"callback":186,"priority":187,"file":166,"line":52},"filter","manage_plugins-network_columns","manage_plugins_themes_columns",1000,{"type":184,"name":189,"callback":186,"priority":187,"file":166,"line":50},"manage_plugins_columns",{"type":184,"name":191,"callback":186,"priority":187,"file":166,"line":192},"manage_themes-network_columns",84,{"type":163,"name":194,"callback":195,"priority":28,"file":166,"line":196},"manage_plugins_custom_column","manage_plugins_themes_custom_column",87,{"type":163,"name":198,"callback":195,"priority":28,"file":166,"line":199},"manage_themes_custom_column",88,{"type":184,"name":201,"callback":202,"priority":203,"file":166,"line":204},"network_admin_plugin_action_links","plugins_action_links",20,91,{"type":184,"name":206,"callback":202,"priority":203,"file":166,"line":207},"plugin_action_links",92,{"type":184,"name":209,"callback":210,"priority":203,"file":166,"line":211},"theme_action_links","themes_action_links",95,{"type":163,"name":213,"callback":214,"priority":28,"file":166,"line":215},"after_theme_row","after_theme_plugin_row",98,{"type":163,"name":217,"callback":214,"priority":28,"file":166,"line":218},"after_plugin_row",99,{"type":184,"name":220,"callback":221,"priority":28,"file":166,"line":222},"wp_get_update_data","filter_update_data",115,{"type":163,"name":224,"callback":225,"priority":28,"file":166,"line":226},"admin_init","process_bulk_actions",118,{"type":163,"name":228,"callback":229,"file":230,"line":231},"plugins_loaded","get_instance","lock-your-updates.php",36,{"type":163,"name":228,"callback":229,"file":230,"line":233},44,{"type":163,"name":235,"callback":236,"file":237,"line":238},"init","load_plugin_textdomain","public\\class-lock-your-updates.php",64,[240,246,250,254,258],{"action":241,"nopriv":242,"callback":243,"hasNonce":244,"hasCapCheck":242,"file":166,"line":245},"lock_your_updates_get_item_data",false,"wp_ajax_get_item_data",true,121,{"action":247,"nopriv":242,"callback":248,"hasNonce":242,"hasCapCheck":242,"file":166,"line":249},"lock_your_updates_get_theme_action_buttons","wp_ajax_get_theme_action_buttons",124,{"action":251,"nopriv":242,"callback":252,"hasNonce":244,"hasCapCheck":242,"file":166,"line":253},"lock_your_updates_save_item_notes","wp_ajax_save_item_notes",127,{"action":255,"nopriv":242,"callback":256,"hasNonce":242,"hasCapCheck":242,"file":166,"line":257},"lock_your_updates_get_item_preview_notes_row","wp_ajax_get_item_preview_notes_row",130,{"action":259,"nopriv":242,"callback":260,"hasNonce":242,"hasCapCheck":242,"file":166,"line":261},"lock_your_updates_get_themes_preview_notes_area","wp_ajax_get_themes_preview_notes_area",133,[],[],[],{"dangerousFunctions":266,"sqlUsage":267,"outputEscaping":281,"fileOperations":78,"externalRequests":78,"nonceChecks":331,"capabilityChecks":132,"bundledLibraries":332},[],{"prepared":78,"raw":151,"locations":268},[269,272,274,277],{"file":166,"line":270,"context":271},245,"$wpdb->get_var() with variable interpolation",{"file":166,"line":273,"context":271},246,{"file":237,"line":275,"context":276},103,"$wpdb->get_col() with variable interpolation",{"file":278,"line":279,"context":280},"uninstall.php",35,"$wpdb->get_results() with variable interpolation",{"escaped":282,"rawEcho":283,"locations":284},12,26,[285,288,290,291,293,295,296,297,299,301,303,304,306,308,310,312,314,316,318,320,322,323,324,326,327,329],{"file":166,"line":286,"context":287},557,"raw output",{"file":166,"line":289,"context":287},558,{"file":166,"line":289,"context":287},{"file":166,"line":292,"context":287},580,{"file":166,"line":294,"context":287},582,{"file":166,"line":294,"context":287},{"file":166,"line":294,"context":287},{"file":166,"line":298,"context":287},626,{"file":166,"line":300,"context":287},660,{"file":166,"line":302,"context":287},824,{"file":166,"line":302,"context":287},{"file":166,"line":305,"context":287},825,{"file":166,"line":307,"context":287},828,{"file":166,"line":309,"context":287},839,{"file":166,"line":311,"context":287},857,{"file":166,"line":313,"context":287},934,{"file":166,"line":315,"context":287},1754,{"file":166,"line":317,"context":287},1759,{"file":166,"line":319,"context":287},1845,{"file":166,"line":321,"context":287},1881,{"file":166,"line":321,"context":287},{"file":166,"line":321,"context":287},{"file":166,"line":325,"context":287},1899,{"file":166,"line":325,"context":287},{"file":166,"line":328,"context":287},1924,{"file":166,"line":330,"context":287},2000,8,[],[334,350,364,375],{"entryPoint":335,"graph":336,"unsanitizedCount":65,"severity":39},"wp_ajax_get_theme_action_buttons (admin\\class-lock-your-updates-admin.php:1860)",{"nodes":337,"edges":348},[338,343],{"id":339,"type":340,"label":341,"file":166,"line":342},"n0","source","$_POST (x2)",1863,{"id":344,"type":345,"label":346,"file":166,"line":321,"wp_function":347},"n1","sink","echo() [XSS]","echo",[349],{"from":339,"to":344,"sanitized":242},{"entryPoint":351,"graph":352,"unsanitizedCount":78,"severity":363},"process_bulk_actions (admin\\class-lock-your-updates-admin.php:1225)",{"nodes":353,"edges":361},[354,357],{"id":339,"type":340,"label":355,"file":166,"line":356},"$_POST (x4)",1257,{"id":344,"type":345,"label":358,"file":166,"line":359,"wp_function":360},"wp_redirect() [Open Redirect]",1319,"wp_redirect",[362],{"from":339,"to":344,"sanitized":244},"low",{"entryPoint":365,"graph":366,"unsanitizedCount":78,"severity":363},"lock_unlock_plugins_themes (admin\\class-lock-your-updates-admin.php:1571)",{"nodes":367,"edges":373},[368,371],{"id":339,"type":340,"label":369,"file":166,"line":370},"$_REQUEST (x5)",1607,{"id":344,"type":345,"label":358,"file":166,"line":372,"wp_function":360},1619,[374],{"from":339,"to":344,"sanitized":244},{"entryPoint":376,"graph":377,"unsanitizedCount":78,"severity":363},"\u003Cclass-lock-your-updates-admin> (admin\\class-lock-your-updates-admin.php:0)",{"nodes":378,"edges":395},[379,380,381,383,385,387,389,393],{"id":339,"type":340,"label":355,"file":166,"line":356},{"id":344,"type":345,"label":358,"file":166,"line":359,"wp_function":360},{"id":382,"type":340,"label":369,"file":166,"line":370},"n2",{"id":384,"type":345,"label":358,"file":166,"line":372,"wp_function":360},"n3",{"id":386,"type":340,"label":341,"file":166,"line":342},"n4",{"id":388,"type":345,"label":346,"file":166,"line":321,"wp_function":347},"n5",{"id":390,"type":340,"label":391,"file":166,"line":392},"n6","$_REQUEST",1580,{"id":394,"type":345,"label":346,"file":166,"line":321,"wp_function":347},"n7",[396,397,398,399],{"from":339,"to":344,"sanitized":244},{"from":382,"to":384,"sanitized":244},{"from":386,"to":388,"sanitized":244},{"from":390,"to":394,"sanitized":244},{"summary":401,"deductions":402},"The lock-your-updates plugin v1.1 presents a mixed security posture. While it shows strengths in avoiding dangerous functions, file operations, and external HTTP requests, significant concerns arise from its attack surface and SQL handling. The plugin exposes 5 AJAX handlers, with 3 lacking any authentication checks, creating a substantial entry point for unauthorized actions. Furthermore, all 4 SQL queries are executed without prepared statements, leaving the plugin vulnerable to SQL injection attacks. The vulnerability history is also concerning, with a known medium-severity Cross-Site Scripting (XSS) vulnerability that remains unpatched from April 2025. This suggests a pattern of potential input validation issues and a lack of timely security updates.  Despite the absence of critical taint flows and some proper output escaping, the combination of an exposed attack surface, insecure SQL practices, and an unpatched XSS vulnerability indicates a moderate to high risk for users.",[403,406,408,410],{"reason":404,"points":405},"Unpatched CVE (Medium Severity)",15,{"reason":407,"points":132},"AJAX Handlers Without Auth Checks",{"reason":409,"points":132},"SQL Queries Without Prepared Statements",{"reason":411,"points":412},"Low Percentage of Proper Output Escaping",6,"2026-03-16T19:57:46.249Z",{"wat":415,"direct":424},{"assetPaths":416,"generatorPatterns":419,"scriptPaths":420,"versionParams":421},[417,418],"\u002Fwp-content\u002Fplugins\u002Flock-your-updates\u002Fadmin\u002Fcss\u002Flock-your-updates-admin.css","\u002Fwp-content\u002Fplugins\u002Flock-your-updates\u002Fadmin\u002Fjs\u002Flock-your-updates-admin.js",[],[418],[422,423],"lock-your-updates\u002Fadmin\u002Fcss\u002Flock-your-updates-admin.css?ver=","lock-your-updates\u002Fadmin\u002Fjs\u002Flock-your-updates-admin.js?ver=",{"cssClasses":425,"htmlComments":428,"htmlAttributes":430,"restEndpoints":434,"jsGlobals":435,"shortcodeOutput":437},[426,427],"lock-your-updates-notes-container","lock-your-updates-notes-trigger",[429],"\u003C!-- lock-your-updates -->",[431,432,433],"data-lyu-item-type","data-lyu-item-id","data-lyu-nonce",[],[436],"lock_your_updates_admin_params",[]]