[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fE3yfaVJbETrgAiD9zFBtRG8BwKiu0rfWsDKsUC7yk2g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":132,"fingerprints":213},"loyalty-links","Loyalty Links","1.0.1","Jose Mortellaro","https:\u002F\u002Fprofiles.wordpress.org\u002Fgiuse\u002F","\u003Cp>Loyalty Links is a WordPress plugin that implements a “give and take” approach to external linking. The plugin tracks which external domains have sent visitors to your site via referrers, and only allows links to those domains to remain functional. Links to domains that haven’t recently referred visitors are “broken” (href changed to “#”) while remaining visible on the page.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Referrer Tracking\u003C\u002Fstrong>: Automatically tracks external domains that send visitors to your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dynamic Link Breaking\u003C\u002Fstrong>: Links to domains without recent referrers are automatically disabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selective Monitoring\u003C\u002Fstrong>: Only monitor specific domains you choose – other external links remain untouched\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Retention\u003C\u002Fstrong>: Set how many days to retain referrer records (default: 30 days)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Test Mode\u003C\u002Fstrong>: Add test domains to verify functionality without waiting for actual referrals\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache-Friendly\u003C\u002Fstrong>: Uses REST API endpoints for dynamic data, compatible with WP Rocket, WP Fastest Cache, and other caching plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance Optimized\u003C\u002Fstrong>: Asynchronous script loading and efficient database operations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\u003Cstrong>Track Referrers\u003C\u002Fstrong>: When a visitor arrives from an external domain (in your monitored list), JavaScript sends the referrer information to a REST API endpoint which records the domain, timestamp, and increments the visit count\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Approve Domains\u003C\u002Fstrong>: Domains that have sent referrers within your retention period are considered “approved”\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Break Links\u003C\u002Fstrong>: Links pointing to non-approved domains have their \u003Ccode>href\u003C\u002Fcode> changed to \u003Ccode>#\u003C\u002Fcode> and \u003Ccode>pointer-events: none\u003C\u002Fcode> applied\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Updates\u003C\u002Fstrong>: Approved domains are fetched dynamically via REST API, ensuring cache compatibility\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Use Cases\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Encourage reciprocal linking by only allowing functional links to sites that link back to you\u003C\u002Fli>\n\u003Cli>Create a “loyalty” system where sites that send traffic get link benefits\u003C\u002Fli>\n\u003Cli>Test link management strategies without manual intervention\u003C\u002Fli>\n\u003Cli>Maintain link quality by prioritizing domains that drive traffic\u003C\u002Fli>\n\u003C\u002Ful>\n","Conditionally break external links based on referrer history.",0,172,"2026-02-14T07:16:00.000Z","6.9.4","5.0","7.4",[18,19,20,21],"external-links","link-management","links","referrer","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floyalty-links.1.0.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"giuse",56,26370,99,62,87,"2026-04-03T23:32:39.451Z",[37,55,73,92,114],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":11,"downloaded":45,"rating":11,"num_ratings":11,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":53,"download_link":54,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"exit-links-manager","Exit Links Manager","1.0.0","Christopher Ocen","https:\u002F\u002Fprofiles.wordpress.org\u002Focenchris\u002F","\u003Cp>Easily manage links to external websites. This lightweight plugin create an intent page that notifies users when they try to visit a link to an external website. With a user-friendly interface, it is perfect for blogs, news sites etc that often reference other sources. Simple to set up and fully responsive, visitors have a choice to continue to the next page or stay on the same website.\u003C\u002Fp>\n\u003Ch3>Github Repo\u003C\u002Fh3>\n\u003Cp>[https:\u002F\u002Fgithub.com\u002Fchrisjrocen\u002Fexit-links-manager]\u003C\u002Fp>\n","Handle external link redirects with ease. Show notification to users when they visit an external link.",164,"2025-10-18T11:37:00.000Z","6.8.5","4.7","7.2",[18,19,51,52],"redirects","warnings","https:\u002F\u002Focenchris\u002Fexit-links-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexit-links-manager.1.0.0.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":11,"num_ratings":11,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":22,"tags":67,"homepage":22,"download_link":71,"security_score":72,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"external-links-modifier","External Links Modifier","1.0","Prabesh Shrestha","https:\u002F\u002Fprofiles.wordpress.org\u002Fprabeshstha\u002F","\u003Cp>External Links Modifier is a lightweight WordPress plugin that automatically modifies external links in your post content so that they open in a new tab and include the attributes \u003Ccode>rel=\"nofollow noreferrer\"\u003C\u002Fcode>. The plugin also provides a simple meta box in the post editor where you can toggle the functionality on or off for individual posts.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for bloggers who want to ensure that outbound links are handled consistently, improve user experience, and follow SEO best practices.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n","External Links Modifier automatically updates external links in your posts to open in a new tab with rel=\"nofollow noreferrer\".",452,"2025-03-10T08:29:00.000Z","6.7.5","6.2",[18,68,69,70],"meta-box","nofollow","noreferrer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fexternal-links-modifier.1.0.zip",92,{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":11,"downloaded":81,"rating":11,"num_ratings":11,"last_updated":82,"tested_up_to":47,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":90,"download_link":91,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"ndt-redirect","NDT Redirect","1.0.7","Tony Nguyen","https:\u002F\u002Fprofiles.wordpress.org\u002Fnguyenduytan\u002F","\u003Cp>NDT Redirect is a lightweight plugin designed to manage external links on your WordPress site. It intercepts external links, redirects them through an intermediate page with a customizable delay, and applies the \u003Ccode>no-referrer\u003C\u002Fcode> policy to protect user privacy. This plugin is ideal for site owners who want to ensure link safety and maintain control over outbound traffic.\u003C\u002Fp>\n\u003Cp>Key features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Adds a redirect page with a countdown timer for external links.\u003C\u002Fli>\n\u003Cli>Supports \u003Ccode>no-referrer\u003C\u002Fcode> meta tag to prevent referrer leakage.\u003C\u002Fli>\n\u003Cli>Allows administrators to enable\u002Fdisable the plugin and configure settings.\u003C\u002Fli>\n\u003Cli>Customizable redirect time and link target (\u003Ccode>_self\u003C\u002Fcode> or \u003Ccode>_blank\u003C\u002Fcode>).\u003C\u002Fli>\n\u003Cli>Option to exclude specific user roles (e.g., Administrators) from redirection.\u003C\u002Fli>\n\u003Cli>Compatible with pages, posts, comments, and WooCommerce products.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>NDT Redirect is developed and maintained by Tony Nguyễn and will be supported as long as necessary.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, please contact me via:\u003Cbr \u002F>\n– Email: admin@ndtan.net\u003Cbr \u002F>\n– Telegram: @nguyenduytan\u003Cbr \u002F>\n– Website: https:\u002F\u002Fnguyenduytan.com\u003C\u002Fp>\n","NDT Redirect helps manage external links by adding a no-referrer redirect page, enhancing security and user experience.",354,"2025-04-26T07:19:00.000Z","4.9","7.0",[18,86,87,88,89],"link-safety","no-referrer","redirect","wordpress-security","https:\u002F\u002Fnguyenduytan.com\u002F15-ndt-redirect-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fndt-redirect.1.0.7.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":100,"downloaded":101,"rating":102,"num_ratings":103,"last_updated":104,"tested_up_to":14,"requires_at_least":105,"requires_php":49,"tags":106,"homepage":110,"download_link":111,"security_score":32,"vuln_count":112,"unpatched_count":11,"last_vuln_date":113,"fetched_at":26},"wp-external-links","External Links – nofollow, noopener & new window","2.63","WebFactory","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebfactory\u002F","\u003Cp>\u003Cstrong>Manage all external & internal links on your site\u003C\u002Fstrong>. Control icons, nofollow, noopener, ugc (User Generated Content), sponsored and if links open in new window or new tab.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgetwplinks.com\u002F\" rel=\"nofollow ugc\">WP Links\u003C\u002Fa> plugin was completely rebuilt in v2 and has lots of new features, like noopener, ugc and sponsored values for rel; font icons, internal links options and full WPMU support.\u003C\u002Fp>\n\u003Ch4>Link Scanner – PRO feature\u003C\u002Fh4>\n\u003Cp>Check every single link on your site! See if it’s broken or not, if it’s redirected, what’s the target and rel attribute and what page exactly it’s linking to. This feature is a part of the \u003Ca href=\"https:\u002F\u002Fgetwplinks.com\u002F\" rel=\"nofollow ugc\">WP Links PRO\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Manage external and internal links\u003C\u002Fli>\n\u003Cli>Open links in new window or tab\u003C\u002Fli>\n\u003Cli>Add follow or nofollow (for SEO)\u003C\u002Fli>\n\u003Cli>Add noopener and noreferrer (for security)\u003C\u002Fli>\n\u003Cli>Add ugc (User Generated Content) and sponsored values to rel (\u003Ca href=\"https:\u002F\u002Fwebmasters.googleblog.com\u002F2019\u002F09\u002Fevolving-nofollow-new-ways-to-identify.html\" rel=\"nofollow ugc\">Google announcement\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Add link icons (FontAwesome and Dashicons)\u003C\u002Fli>\n\u003Cli>Set other attributes like title and CSS classes\u003C\u002Fli>\n\u003Cli>Scan complete page (or just posts, comments, widgets)\u003C\u002Fli>\n\u003Cli>SEO friendly\u003C\u002Fli>\n\u003Cli>Link Scanner – check all links on your site – PRO feature\u003C\u002Fli>\n\u003Cli>Exit Confirmation – protect visitors and traffic when external links are clicked – PRO feature\u003C\u002Fli>\n\u003Cli>Link Rules – create advanced link rules for chosen link groups – PRO feature\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>And more…\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Network Settings (WPMU support)\u003C\u002Fli>\n\u003Cli>Use template tag to apply plugin settings on specific contents\u003C\u002Fli>\n\u003Cli>Set data-attribute to change how individual links will be treated\u003C\u002Fli>\n\u003Cli>Use built-in actions and filters to implement your specific needs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Easy to use\u003C\u002Fh4>\n\u003Cp>After activating you can set all options for external and internal links on the plugins admin page.\u003C\u002Fp>\n\u003Ch4>On the fly\u003C\u002Fh4>\n\u003Cp>The plugin filters the output and changes the links on the fly. The real contents (posts, pages, widget etcetera) will not be changed in the database.\u003Cbr \u002F>\nWhen deactivating the plugin, all contents will be the same as it was before.\u003C\u002Fp>\n\u003Ch4>GDPR compatibility\u003C\u002Fh4>\n\u003Cp>We are not lawyers. Please do not take any of the following as legal advice.\u003Cbr \u002F>\nWP External Links does not track, collect or process any user data. Nothing is logged or pushed to any 3rd parties. We also don’t use any 3rd party services or CDNs. Based on that, we feel it’s GDPR compatible, but again, please, don’t take this as legal advice.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Like the plugin?\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Fwp-external-links\" rel=\"ugc\">Rate it\u003C\u002Fa> to support the development.\u003C\u002Fp>\n\u003Cp>If you’re having \u003Cstrong>problems with SSL or HTTPS\u003C\u002Fstrong> try our free \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-force-ssl\u002F\" rel=\"ugc\">WP Force SSL\u003C\u002Fa> plugin. It’s a great way to enable SSL and fix SSL problems.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>After activating you can set all options for external and internal links.\u003C\u002Fp>\n\u003Ch4>Data attribute “data-wpel-link”\u003C\u002Fh4>\n\u003Cp>Links being processed by this plugin will also contain the data-attribute \u003Ccode>data-wpel-link\u003C\u002Fcode>.\u003Cbr \u002F>\nThe plugin could set the value to \u003Ccode>external\u003C\u002Fcode>, \u003Ccode>internal\u003C\u002Fcode> or \u003Ccode>exclude\u003C\u002Fcode>, meaning how the\u003Cbr \u002F>\nlink was processed.\u003C\u002Fp>\n\u003Cp>You can also set the data-attribute yourself. This way you can force how the plugin will process\u003Cbr \u002F>\ncertain links.\u003C\u002Fp>\n\u003Cp>When you add the value \u003Ccode>ignore\u003C\u002Fcode>, the link will be completely ignored by the plugin:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Ca href=\"http:\u002F\u002Fsomedomain.com\" data-wpel-link=\"ignore\">Go to somedomain\u003C\u002Fa>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Action “wpel_link”\u003C\u002Fh4>\n\u003Cp>Use this action to change the link object after all plugin settings have been applied.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action( 'wpel_link', ( $link_object ) {\n    if ( $link_object->is_external() ) {\n        \u002F\u002F get current url\n        $url = $link_object->getAttribute( 'href' );\n\n        \u002F\u002F set redirect url\n        $redirect_url = '\u002F\u002Fsomedom.com?url='. urlencode( $url );\n        $link_object->setAttribute( 'href', $redirect_url );\n    }\n}, 10, 1 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The link object is an instance of \u003Ccode>WPEL_Link\u003C\u002Fcode> class.\u003C\u002Fp>\n\u003Ch4>Action hook “wpel_before_apply_link”\u003C\u002Fh4>\n\u003Cp>Use this action to change the link object before the plugin settings will be applied on the link.\u003Cbr \u002F>\nYou can use this filter f.e. to ignore individual links from being processed. Or change dynamically how\u003Cbr \u002F>\nthey will be treated by this plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_action( 'wpel_before_apply_link', function ( $link ) {\n    \u002F\u002F ignore links with class \"some-cls\"\n    if ( $link->has_attr_value( 'class', 'some-cls' ) ) {\n        $link->set_ignore();\n    }\n\n    \u002F\u002F mark and treat links with class \"ext-cls\" as external link\n    if ( $link->has_attr_value( 'class', 'ext-cls' ) ) {\n        $link->set_external();\n    }\n}, 10 );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter hook “wpel_apply_settings”\u003C\u002Fh4>\n\u003Cp>When filter returns false the plugin settings will not be applied. Can be used when f.e. certain posts or pages should be ignored by this plugin.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'wpel_apply_settings', '__return_false' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>See \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-external-links\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more info.\u003C\u002Fp>\n","Internal links & external links manager: open in new window or tab, control nofollow, ugc, sponsored & noopener. SEO friendly.",90000,1641157,86,247,"2025-12-03T19:28:00.000Z","4.2",[18,107,108,69,109],"new-tab","new-window","noopener","https:\u002F\u002Fgetwplinks.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-external-links.2.63.zip",3,"2023-03-08 00:00:00",{"slug":115,"name":116,"version":117,"author":96,"author_profile":97,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":104,"tested_up_to":14,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":128,"download_link":129,"security_score":32,"vuln_count":130,"unpatched_count":11,"last_vuln_date":131,"fetched_at":26},"open-external-links-in-a-new-window","External Links in New Window \u002F New Tab","1.45","\u003Cp>Opens external links in a new tab or a or new window. You can set URLs that should either be forced to open in a new window or ignored.\u003C\u002Fp>\n\u003Cp>The plugin produces XHTML Strict compliant code and is search engine optimized (SEO).\u003Cbr \u002F>\nThis is done using JavaScript’s \u003Ccode>window.open()\u003C\u002Fcode>-function. It adds only a few lines of vanilla JavaScript to the page, and does not require any external libraries like jQuery.\u003C\u002Fp>\n\u003Cp>Most other plugins perform a hack by altering the \u003Ccode>target\u003C\u002Fcode> parameter (i.e. \u003Ccode>\u003Ca href=\"http:\u002F\u002Fsomewhere.example\" target=\"_blank\">\u003C\u002Fcode>). That method is not XHTML Strict compliant.\u003Cbr \u002F>\nThis plugin handles the links client-side, which lets search engines follow the links properly. Also, if a browser does not support JavaScript, the plugin is simply inactive, and does not result in any errors.\u003C\u002Fp>\n\u003Cp>If you need a more advanced plugin, with more options try our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-external-links\u002F\" rel=\"ugc\">free WP External Links\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Credits\u003C\u002Fstrong>\u003Cbr \u002F>\nInspired by the \u003Ca href=\"http:\u002F\u002Fwww.zappelfillip.de\u002F2005-12-05\u002Fzap_newwindow\u002F\" rel=\"nofollow ugc\">Zap_NewWindow\u003C\u002Fa> plugin by \u003Ca href=\"http:\u002F\u002Fwww.zappelfillip.de\u002F\" title=\"His website is mostly in German\" rel=\"nofollow ugc\">Tom K&ouml;hler\u003C\u002Fa>.\u003Cbr \u002F>\nThe banner is a \u003Ca href=\"http:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fmonja\u002F1367946568\u002Fin\u002Fphotostream\u002F\" rel=\"nofollow ugc\">photo\u003C\u002Fa> by \u003Ca href=\"http:\u002F\u002Fwww.monja.it\u002F\" rel=\"nofollow ugc\">Monja Da Riva\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Translations\u003C\u002Fstrong>\u003Cbr \u002F>\nDanish by \u003Ca href=\"https:\u002F\u002Fkristianrisagerlarsen.dk\" rel=\"nofollow ugc\">Kristian Risager Larsen\u003C\u002Fa>\u003Cbr \u002F>\nDutch by \u003Ca href=\"http:\u002F\u002Fwww.collectief-it.nl\u002F\" rel=\"nofollow ugc\">Paul Staring\u003C\u002Fa>\u003Cbr \u002F>\nLithuanian by \u003Ca href=\"http:\u002F\u002FHost1Free.com\" rel=\"nofollow ugc\">Vincent G\u003C\u002Fa>\u003Cbr \u002F>\nOther translations will be appreciated!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Known bugs\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin conflicts with other plugins that change the links’ `onClick´ attribute.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Original developer\u003C\u002Fstrong>\u003Cbr \u002F>\nKristian Risager Larsen – \u003Ca href=\"http:\u002F\u002Fkezze.dk\" rel=\"nofollow ugc\">kezze.dk\u003C\u002Fa>\u003C\u002Fp>\n","Open external links in a new window or new tab. SEO optimized and XHTML Strict compliant.",30000,488005,90,77,"4.0","5.2",[18,20,107,108,127],"target-blank","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fopen-external-links-in-a-new-window\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopen-external-links-in-a-new-window.1.45.zip",2,"2022-05-09 00:00:00",{"attackSurface":133,"codeSignals":181,"taintFlows":202,"riskAssessment":203,"analyzedAt":212},{"hooks":134,"ajaxHandlers":163,"restRoutes":164,"shortcodes":179,"cronEvents":180,"entryPointCount":130,"unprotectedCount":130},[135,141,145,150,154,160],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","add_settings_page","includes\\class-loyalty-links-settings.php",60,{"type":136,"name":142,"callback":143,"file":139,"line":144},"admin_init","register_settings",61,{"type":136,"name":146,"callback":147,"file":148,"line":149},"wp","maybe_cleanup_referrers","loyalty-links.php",78,{"type":136,"name":151,"callback":152,"file":148,"line":153},"wp_enqueue_scripts","enqueue_scripts",81,{"type":155,"name":156,"callback":157,"priority":158,"file":148,"line":159},"filter","script_loader_tag","add_async_to_script",10,84,{"type":136,"name":161,"callback":162,"file":148,"line":34},"rest_api_init","register_rest_routes",[],[165,173],{"namespace":166,"route":167,"methods":168,"callback":170,"permissionCallback":171,"file":148,"line":172},"loyalty-links\u002Fv1","\u002Fapproved-domains",[169],"GET","rest_get_approved_domains","__return_true",470,{"namespace":166,"route":174,"methods":175,"callback":177,"permissionCallback":171,"file":148,"line":178},"\u002Ftrack-referrer",[176],"POST","rest_track_referrer",481,[],[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":11,"externalRequests":11,"nonceChecks":112,"capabilityChecks":200,"bundledLibraries":201},[],{"prepared":11,"raw":11,"locations":184},[],{"escaped":186,"rawEcho":187,"locations":188},29,5,[189,192,194,196,198],{"file":139,"line":190,"context":191},377,"raw output",{"file":139,"line":193,"context":191},378,{"file":139,"line":195,"context":191},379,{"file":139,"line":197,"context":191},536,{"file":139,"line":199,"context":191},607,1,[],[],{"summary":204,"deductions":205},"The loyalty-links plugin, version 1.0.1, exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output.  The absence of file operations and external HTTP requests is also a strong indicator of a secure design. The presence of nonce checks and capability checks, though limited, suggests an awareness of security fundamentals.\n\nHowever, there are significant concerns. The plugin exposes two REST API routes without any permission callbacks, creating a direct and unprotected attack surface. This is the most critical finding from the static analysis, as unauthenticated access to these endpoints could lead to various vulnerabilities depending on their functionality. The lack of taint analysis data might be due to the static analysis tool's limitations or the plugin's simplicity, but the significant attack surface without authentication is a clear risk.\n\nThe plugin's vulnerability history is notably clean, with no recorded CVEs. This is a positive indicator, suggesting that the plugin has historically been developed with security in mind or has not been a significant target for attackers. However, the clean history should not overshadow the identified security weaknesses in the current version, particularly the unprotected REST API endpoints.",[206,208,210],{"reason":207,"points":158},"REST API routes without permission callbacks",{"reason":209,"points":187},"2 unprotected entry points in attack surface",{"reason":211,"points":112},"Low number of capability checks relative to entry points","2026-03-17T06:56:02.070Z",{"wat":214,"direct":223},{"assetPaths":215,"generatorPatterns":218,"scriptPaths":219,"versionParams":220},[216,217],"\u002Fwp-content\u002Fplugins\u002Floyalty-links\u002Fassets\u002Fcss\u002Floyalty-links.css","\u002Fwp-content\u002Fplugins\u002Floyalty-links\u002Fassets\u002Fjs\u002Floyalty-links.js",[],[217],[221,222],"loyalty-links\u002Fassets\u002Fcss\u002Floyalty-links.css?ver=","loyalty-links\u002Fassets\u002Fjs\u002Floyalty-links.js?ver=",{"cssClasses":224,"htmlComments":226,"htmlAttributes":227,"restEndpoints":228,"jsGlobals":230,"shortcodeOutput":232},[225],"loyalty-links-notice",[],[],[229],"\u002Fwp-json\u002Floyalty-links\u002Fv1\u002Ftrack-referrer",[231],"loyaltyLinks",[]]