[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f7i8lfVYDNFN0Nb21DtcQEfiPgTi-apzKV2hD4Sjeibs":3,"$fgXKKU7otOcB4NFToqqOgsYgHnQyVozgS3ndof21BNSY":287,"$fWc3Jrxpixklt0AD2TdWs2fV_RA1Y8r8QReluFlFgm4E":292},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":138,"fingerprints":257},"madtek-entrusans","MadTek Entrusans ™ IDS client","2.0.6","jee@madtek.com","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeemadtekcom\u002F","\u003Cp>Effective website security requires a combination of tools and best practices to operate WordPress safely on today’s internet. MadTek’s Entrusans IDS security plugin adds tamper-resistance to your security tool set.\u003C\u002Fp>\n\u003Cp>Sophisticated hackers scan WordPress websites 24X7 looking for vulnerabilities and they know how to delete or disable security plugins to avoid detection. Whether a breach is due to a Zero-Day attack or a known vulnerability, once hackers gain access to your website, they own it.\u003C\u002Fp>\n\u003Cp>Tamper-resistance is essential to expose hackers who disable your website’s security plugins. Until you remove all malicious code and remediate all malicious file deletions or changes your website remains compromised.\u003C\u002Fp>\n\u003Cp>MadTek developed the Entrusans IDS plugin to help WordPress website owners restore their websites quickly after a breach. Remediating a hacked website can be a complex and costly forensic job. The Entrusans system gives you the tamper-resistant file change history you need to quickly identify deleted, added and changed files. MadTek encrypts and stores your file-change data on remote servers denying hackers the ability to go undetected.\u003C\u002Fp>\n\u003Cp>If you have a mission-critical website e.g. eCommerce, you need to know ASAP if a hacker penetrates your website.\u003C\u002Fp>\n\u003Ch3>Manual Install\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the madtek-entrusans.zip file from the link in the order complete email or from the account download webpage at http:\u002F\u002Fservices.madtek.com. Login is required to reach the download page.\u003C\u002Fli>\n\u003Cli>Create the directory madtek-entrusans in the wp-content\u002Fplugins directory.\u003C\u002Fli>\n\u003Cli>Upload madtek-entrusans plugin files to the \u002Fwp-content\u002Fplugins\u002Fmadtek-entrusans directory.\u003C\u002Fli>\n\u003Cli>Go to the Plugins screen on the WordPress dashboard and find the newly uploaded Entrusans IDS plugin.\u003C\u002Fli>\n\u003Cli>Click Activate under the Entrusans IDS plugin.\u003C\u002Fli>\n\u003Cli>Following successful WordPress activation find the Entrusans IDS menu item on the left navigation menu of the WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Click the Entrusans IDS menu item and when presented with the activation form enter the license key and email address from the order confirmation email received following purchase.\u003C\u002Fli>\n\u003Cli>Click the activate button.\u003C\u002Fli>\n\u003Cli>A First Poll email will signal the site has successfully been scanned for the first time.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>WordPress Dashboard Install\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Download the madtek-entrusans.zip file from the link in the order complete email or from the account download webpage at http:\u002F\u002Fservices.madtek.com. Login is required to reach the download page.\u003C\u002Fli>\n\u003Cli>Proceed through the standard WordPress new plugin install steps in the WordPress plugins screen.\u003C\u002Fli>\n\u003Cli>Find the newly uploaded Entrusans IDS plugin in the list of plugins.\u003C\u002Fli>\n\u003Cli>Activate the plugin via the Activate link under the Entrusans IDS plugin entry.\u003C\u002Fli>\n\u003Cli>Following successful WordPress activation find the Entrusans IDS menu item on the left navigation menu of the WordPress dashboard.\u003C\u002Fli>\n\u003Cli>Click the Entrusans IDS menu item and when presented with the activation form enter the license key and email address from the order confirmation email received following purchase.\u003C\u002Fli>\n\u003Cli>When presented with the activation form enter the license key and email address from the\u003Cbr \u002F>\nthe email received following purchase.\u003C\u002Fli>\n\u003Cli>Click the activate button.\u003C\u002Fli>\n\u003Cli>A First Poll email will signal the site has successfully been scanned for the first time.\u003C\u002Fli>\n\u003C\u002Fol>\n","Effective website security requires a combination of tools and best practices to operate WordPress safely on today’s internet.",0,1167,"2019-06-22T12:38:00.000Z","5.2.24","4.7.7","5.6",[18,19,20,21,22],"file-integrity","fim","ids","intrusion-detection-system","website-security","https:\u002F\u002Fmadtek.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmadtek-entrusans.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"jeemadtekcom",1,30,84,"2026-05-19T20:42:42.968Z",[37,62,77,98,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":61},"catch-ids","Catch IDs","2.8.1","Catch Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fcatchthemes\u002F","\u003Cp>Catch IDs is a simple and light weight plugin to show the Post ID, Page ID, Media ID, Links ID, Category ID, Tag ID and User ID in the Admin Section Table. This plugin was initially develop to support our themes features slider. Then we thought that this will be helpful to all the WordPress Admin Users. Just activate and catch IDs in your page, post, category, tag and media pages.\u003C\u002Fp>\n\u003Cp>Check out our new modular plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcatch-web-tools\u002F\" rel=\"ugc\">Catch Web Tools\u003C\u002Fa>. Power up your WordPress site with powerful features that were till now only available to Catch Themes users. We currently offer Webmaster Tools, Open Graph, Custom CSS, Social Icons, Catch IDs and basic SEO Optimization modules and will be adding more.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Just install and activate.\u003C\u002Fli>\n\u003C\u002Fol>\n","What this plugin does is to shows the IDs on admin section.",20000,797615,96,20,"2026-02-17T15:17:00.000Z","6.9.4","5.9","",[54,38,55,56,57],"admin","show","simple","wp-admin","https:\u002F\u002Fcatchplugins.com\u002Fplugins\u002Fcatch-ids\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcatch-ids.2.8.1.zip",100,"2026-04-16T10:56:18.058Z",{"slug":63,"name":64,"version":65,"author":41,"author_profile":42,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":60,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":51,"requires_php":52,"tags":73,"homepage":74,"download_link":75,"security_score":60,"vuln_count":32,"unpatched_count":11,"last_vuln_date":76,"fetched_at":61},"catch-web-tools","Catch Web Tools","3.2.1","\u003Cp>Catch Web Tools is a modular plugin that powers up your WordPress site with simple and utilitarian features. It currently offers Webmaster Tool, Open Graph, Custom CSS, Social Icons, Security, Updator and Basic SEO optimization modules with more addition in updates to come.\u003C\u002Fp>\n\u003Ch4>Here are some quick reasons why you should check these out!\u003C\u002Fh4>\n\u003Cp>Let’s begin with how easy the setup process is. It’s just a matter of clicks.\u003C\u002Fp>\n\u003Cp>One usual assumption people have is like when a plugin offers multiple features and facilities, it loads slow. However, Catch Web Tools offers modular plugins that you activate manually. Which simply means, that if there are 50 different facilities the plugin offers, your site won’t take the load of those 50 features unless you activate them. You have the option of activating manually the exact feature’s you need and not unnecessarily overload your site.\u003C\u002Fp>\n\u003Cp>Catch Web Tools is available for free downloads at this point. Which means, you will get a lot of advanced features that would make your site interesting, efficient and professional – for free!\u003C\u002Fp>\n\u003Cp>Catch Web Tools use clean coding that follows WordPress’s standard guideline. Which means, zero hassles and perfect compatibility with your themes!\u003C\u002Fp>\n\u003Ch4>Premium Support\u003C\u002Fh4>\n\u003Cp>Catch Plugins team does not provide support for the Catch Web Tools plugin on the WordPress.org forums. Support is provided at \u003Ca href=\"https:\u002F\u002Fcatchplugins.com\u002Fsupport-forum\u002Fforum\u002Fcatch-web-tools\u002F\" rel=\"nofollow ugc\">Catch Web Tools Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cp>Catch Web Tools plugin is translation ready.\u003Cbr \u002F>\nAdded Translation for Brazilian Portuguese by Valdir Trombini\u003Cbr \u002F>\nAdded Translation for Serbo-Croatian by Andrijana Nikolic\u003C\u002Fp>\n","A top-notch modular plugin that can greatly enhance the capabilities of a WordPress website with its powerful features.",10000,562397,3,"2026-04-11T17:22:00.000Z","7.0",[54,38,55,56,57],"https:\u002F\u002Fcatchplugins.com\u002Fplugins\u002Fcatch-web-tools\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcatch-web-tools.3.2.1.zip","2022-01-24 00:00:00",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":68,"downloaded":85,"rating":86,"num_ratings":87,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":52,"tags":91,"homepage":96,"download_link":97,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":61},"lockdown-wp-admin","Lockdown WP Admin","2.3.2","Sean Fisher","https:\u002F\u002Fprofiles.wordpress.org\u002Fsean212\u002F","\u003Cp>This plugin will hide WordPress Admin (\u002Fwp-admin\u002F) when a user isn’t logged in. If a user isn’t logged in and they attempt to access WP Admin directly, they will be unable to and it will return a 404. It can also rename the login URL.\u003C\u002Fp>\n\u003Cp>Also, you can add HTTP authentication directly from WP Admin and add custom username\u002Fpassword combinations for the HTTP auth or use the WordPress credentials.\u003C\u002Fp>\n\u003Cp>This doesn’t touch any .htaccess files or change the WordPress core files. All the CSS\u002FImages under \u002Fwp-admin\u002F are still accessible, just not the .php ones.\u003C\u002Fp>\n\u003Cp>If you enable HTTP authentication, it will add HTTP authentication to the PHP files in \u002Fwp-admin\u002F.\u003C\u002Fp>\n\u003Cp>To contribute to the development, check out \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsrtfisher\u002FLockdown-WPAdmin\" rel=\"nofollow ugc\">the GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n","Lockdown WP Admin conceals the administration and login screen from intruders. It can hide WordPress Admin (\u002Fwp-admin\u002F) and and login (\u002Fwp-login.",340612,78,54,"2017-11-28T06:00:00.000Z","4.3.34","3.6",[92,93,94,95,22],"lockdown","secure","security","vulnerability","http:\u002F\u002Fseanfisher.co\u002Flockdown-wp-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flockdown-wp-admin.2.3.2.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":68,"downloaded":106,"rating":60,"num_ratings":107,"last_updated":108,"tested_up_to":50,"requires_at_least":109,"requires_php":110,"tags":111,"homepage":117,"download_link":118,"security_score":60,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":61},"show-posts-and-pages-id","Show Pages IDs","1.5.6","yydevelopment","https:\u002F\u002Fprofiles.wordpress.org\u002Fyydevelopment\u002F","\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F5fWD-kcZ9EM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>Show Pages IDs is a plugin that will show allow you to view the IDs of pages and posts in wordpress.\u003C\u002Fp>\n\u003Cp>With Show Pages IDs plugin you will be able to views the pages and posts IDs in the top admin menu bar and in the back-end admin panel as well.\u003C\u002Fp>\n\u003Ch4>Show Pages IDs Plugin Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Reveal pages and posts ID in the top admin bar\u003C\u002Fli>\n\u003Cli>Reveal ID for posts in the admin area\u003C\u002Fli>\n\u003Cli>Find ID for pages in the admin area\u003C\u002Fli>\n\u003Cli>Find ID for media elements and images in the admin area\u003C\u002Fli>\n\u003Cli>Show ID for comments in the admin area\u003C\u002Fli>\n\u003Cli>Show ID for categories in the admin area\u003C\u002Fli>\n\u003Cli>Display ID for tags in the admin area\u003C\u002Fli>\n\u003Cli>Display ID for woocommerce products, products category and products tags\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>About the author & license\u003C\u002Fh4>\n\u003Cp>This plugin was brought to you for free by \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002F\" rel=\"nofollow ugc\">YYDevelopment\u003C\u002Fa> under GPLv2 license.\u003C\u002Fp>\n\u003Cp>The plugin is 100% free and we intend to keep it that way in the future as well. You are free to use this plugin and all our other \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002Fyydevelopment-wordpress-plugins\u002F\" rel=\"nofollow ugc\">free wordpress plugins\u003C\u002Fa> for your projects, your client’s projects or for anything else you need.\u003C\u002Fp>\n\u003Cp>If this plugin was helpful for you please share it online and if you get a chance to give it a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshow-posts-and-pages-id\u002F#reviews\" rel=\"ugc\">positive review\u003C\u002Fa> we will appreciate that.\u003C\u002Fp>\n\u003Cp>If have any problems or questions regarding our show pages id plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fshow-posts-and-pages-id\u002F\" rel=\"ugc\">submit a ticket\u003C\u002Fa> and we will be happy to help.\u003C\u002Fp>\n\u003Cp>By the way, we are based in Israel so we welcome you to visit our Hebrew site as well \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.co.il\u002F\" rel=\"nofollow ugc\">YYDevelopment Israel\u003C\u002Fa> if you are fellow Israeli.\u003C\u002Fp>\n\u003Ch4>Help support us with a coffee donation\u003C\u002Fh4>\n\u003Cp>Don’t you just hate it when you download a plugin and you find out that in order to use it you have to buy a pro version?\u003C\u002Fp>\n\u003Cp>Even bigger problem is when you use a plugin and then just out of the blue the developer decides to add a pro version and he either changes the way the plugin works or he converts some of the free functions to paid ones.\u003C\u002Fp>\n\u003Cp>We sure did hate that and a few years back we decided to start creating some of the plugins ourselves and we decided to share them all with the WordPress community \u003Cstrong>100% FREE\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Nowadays we have more than 15 plugins and you can download and use them all for free by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsearch\u002Fyydevelopment\u002F\" rel=\"ugc\">Clicking Here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>If you liked this plugin and you want to help support our cause, \u003Ca href=\"https:\u002F\u002Fwww.yydevelopment.com\u002Fcoffee-break\u002F?plugin=show-posts-and-pages-id\" rel=\"nofollow ugc\">buy us a coffee\u003C\u002Fa>. Studies show that coffee helps with creating WordPress plugins.\u003C\u002Fp>\n","This plugin will show the IDs of posts and pages on the admin bar and on the admin panel.",76045,93,"2025-12-10T03:51:00.000Z","5.0","5.2.4",[112,113,114,115,116],"find-ids","pages-id","posts-id","reveal-id","show-id","https:\u002F\u002Fwww.yydevelopment.com\u002Fyydevelopment-wordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-posts-and-pages-id.1.5.6.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":60,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":52,"tags":133,"homepage":136,"download_link":137,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":61},"simply-show-ids","Simply Show IDs","1.3.3","Matt Martz","https:\u002F\u002Fprofiles.wordpress.org\u002Fsivel\u002F","\u003Cp>Simply shows the ID of Posts, Pages, Media, Links, Categories, Tags and Users in the admin tables for easy access. Very lightweight.\u003C\u002Fp>\n\u003Cp>A common complaint about the edit posts, pages, media, links, categories, tags and users pages is that there is no easy way to see the ID of the specific item. This plugin will add a new column titled ‘ID’ that will display each items ID.\u003C\u002Fp>\n\u003Cp>IDs for categories, tags and users will only display when using WordPress 2.8 or newer.\u003C\u002Fp>\n\u003Cp>This plugin is very simplistic and thus very lightweight. To facilitate the need of a lightweight alternative to other plugins of its type this plugin was created.\u003C\u002Fp>\n\u003Cp>Props to \u003Ca href=\"http:\u002F\u002Fflushinc.com\u002F\" rel=\"nofollow ugc\">Joel Fisher\u003C\u002Fa> for getting me moving on this plugin.\u003C\u002Fp>\n\u003Ch3>Upgrade\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Use the plugin updater in WordPress or…\u003C\u002Fli>\n\u003Cli>Delete the previous \u003Ccode>simply-show-ids\u003C\u002Fcode> folder from the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Upload the new \u003Ccode>simply-show-ids\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Just install and activate.\u003C\u002Fli>\n\u003C\u002Fol>\n","Simply shows the ID of Posts, Pages, Media, Links, Categories, Tags and Users in the admin tables for easy access.",3000,103170,6,"2017-11-28T12:27:00.000Z","3.0.5","3.0",[134,20,55,135,120],"id","simply","http:\u002F\u002Fsivel.net\u002Fwordpress\u002Fsimply-show-ids\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-show-ids.1.3.3.zip",{"attackSurface":139,"codeSignals":177,"taintFlows":200,"riskAssessment":241,"analyzedAt":256},{"hooks":140,"ajaxHandlers":166,"restRoutes":167,"shortcodes":175,"cronEvents":176,"entryPointCount":32,"unprotectedCount":32},[141,145,151,156,159,161,164],{"type":142,"name":143,"callback":143,"file":144,"line":87},"action","admin_menu","admin\u002Fclass-madtek-entrusans-admin.php",{"type":142,"name":146,"callback":147,"priority":148,"file":149,"line":150},"rest_api_init","register_rest_routes",10,"includes\u002Fapi\u002Fclass-madtek-entrusans-rest-scan-controller.php",56,{"type":142,"name":152,"callback":153,"file":154,"line":155},"plugins_loaded","anonymous","includes\u002Fclass-madtek-entrusans.php",143,{"type":142,"name":157,"callback":153,"file":154,"line":158},"admin_enqueue_scripts",158,{"type":142,"name":157,"callback":153,"file":154,"line":160},159,{"type":142,"name":162,"callback":153,"file":154,"line":163},"wp_enqueue_scripts",174,{"type":142,"name":162,"callback":153,"file":154,"line":165},175,[],[168],{"namespace":169,"route":170,"methods":171,"callback":173,"permissionCallback":26,"file":149,"line":174},"madtek\u002Fentrusans\u002F","v1",[172],"GET","handle_api_request",61,[],[],{"dangerousFunctions":178,"sqlUsage":179,"outputEscaping":181,"fileOperations":11,"externalRequests":32,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":199},[],{"prepared":11,"raw":11,"locations":180},[],{"escaped":32,"rawEcho":182,"locations":183},7,[184,187,189,191,193,195,197],{"file":144,"line":185,"context":186},150,"raw output",{"file":144,"line":188,"context":186},173,{"file":144,"line":190,"context":186},197,{"file":144,"line":192,"context":186},220,{"file":144,"line":194,"context":186},221,{"file":144,"line":196,"context":186},284,{"file":144,"line":198,"context":186},297,[],[201,230],{"entryPoint":202,"graph":203,"unsanitizedCount":228,"severity":229},"entrusans_admin_page (admin\u002Fclass-madtek-entrusans-admin.php:129)",{"nodes":204,"edges":224},[205,210,215,219],{"id":206,"type":207,"label":208,"file":144,"line":209},"n0","source","$_POST (x3)",171,{"id":211,"type":212,"label":213,"file":144,"line":188,"wp_function":214},"n1","sink","echo() [XSS]","echo",{"id":216,"type":207,"label":217,"file":144,"line":218},"n2","$_SERVER",191,{"id":220,"type":212,"label":221,"file":144,"line":222,"wp_function":223},"n3","wp_remote_get() [SSRF]",193,"wp_remote_get",[225,227],{"from":206,"to":211,"sanitized":226},false,{"from":216,"to":220,"sanitized":226},4,"medium",{"entryPoint":231,"graph":232,"unsanitizedCount":228,"severity":229},"\u003Cclass-madtek-entrusans-admin> (admin\u002Fclass-madtek-entrusans-admin.php:0)",{"nodes":233,"edges":238},[234,235,236,237],{"id":206,"type":207,"label":208,"file":144,"line":209},{"id":211,"type":212,"label":213,"file":144,"line":188,"wp_function":214},{"id":216,"type":207,"label":217,"file":144,"line":218},{"id":220,"type":212,"label":221,"file":144,"line":222,"wp_function":223},[239,240],{"from":206,"to":211,"sanitized":226},{"from":216,"to":220,"sanitized":226},{"summary":242,"deductions":243},"The \"madtek-entrusans\" v2.0.6 plugin exhibits a concerning security posture primarily due to its unprotected REST API route and a lack of output escaping. While the plugin avoids dangerous functions, SQL injection via prepared statements, and file operations, the single unprotected REST API endpoint represents a significant attack vector that could be exploited by unauthenticated users. The analysis also indicates that a high percentage of output operations are not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities.  The absence of any recorded vulnerability history might suggest a lack of past exploitation or disclosure, but this should not be relied upon as an indicator of current security. The plugin's strengths lie in its use of prepared statements for SQL queries and the absence of known CVEs, but these are overshadowed by the critical issues in its entry points and output handling. \n\n The taint analysis, while showing no critical or high severity unsanitized paths, did reveal two flows with unsanitized paths. Combined with the unprotected REST API, this suggests a potential for unintended data processing or injection. The complete lack of nonce and capability checks further exacerbates these risks, meaning that actions performed through the unprotected REST API are not protected against CSRF or unauthorized access based on user roles.  Overall, the plugin requires immediate attention to address the unprotected REST API and improve output escaping to mitigate potential security threats.",[244,246,249,252,254],{"reason":245,"points":148},"Unprotected REST API route",{"reason":247,"points":248},"Low output escaping percentage",8,{"reason":250,"points":251},"Missing nonce checks",5,{"reason":253,"points":251},"Missing capability checks",{"reason":255,"points":228},"Taint flows with unsanitized paths","2026-04-16T13:29:27.900Z",{"wat":258,"direct":267},{"assetPaths":259,"generatorPatterns":262,"scriptPaths":263,"versionParams":264},[260,261],"\u002Fwp-content\u002Fplugins\u002Fmadtek-entrusans\u002Fadmin\u002Fcss\u002Fmadtek-entrusans-admin.css","\u002Fwp-content\u002Fplugins\u002Fmadtek-entrusans\u002Fadmin\u002Fjs\u002Fmadtek-entrusans-admin.js",[],[261],[265,266],"madtek-entrusans-admin.css?ver=","madtek-entrusans-admin.js?ver=",{"cssClasses":268,"htmlComments":270,"htmlAttributes":280,"restEndpoints":281,"jsGlobals":282,"shortcodeOutput":283},[269],"entrusans-info",[271,272,273,274,275,276,277,278,279]," This function is provided for demonstration purposes only. "," An instance of this class should be passed to the run() function "," defined in Plugin_Name_Loader as all of the hooks are defined "," in that particular class. "," The Plugin_Name_Loader will then create the relationship "," between the defined hooks and the functions defined in this "," class. "," This function is used to put up the admin page for Entrusans activation. "," This function is used to put up the Entrusans admin page for activation. ",[],[],[],[284,285,286],"\u003Ch3>Entrusans™ Intrusion Detection Service\u003C\u002Fh3>","\u003Ch4>Status: Active\u003C\u002Fh4>","\u003Ch4>License Key: ",{"error":288,"url":289,"statusCode":290,"statusMessage":291,"message":291},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmadtek-entrusans\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":32,"versions":293},[294],{"version":295,"download_url":296,"svn_tag_url":297,"released_at":26,"has_diff":226,"diff_files_changed":298,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":299,"is_current":226},"2.0.5","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmadtek-entrusans.2.0.5.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmadtek-entrusans\u002Ftags\u002F2.0.5\u002F",[],[]]