[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fUNeRLxst7BUNf2fAiGODBeYyk8QoLPFq0GmDWG6fDE4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":151,"fingerprints":483},"manuall-dofollow","SMu Manual DoFollow","1.8.1","Stefan M.","https:\u002F\u002Fprofiles.wordpress.org\u002Fstefan-m-1\u002F","\u003Cp>This plugin will set all Trackbacks and Pingbacks automatically to DoFollow Links.\u003C\u002Fp>\n\u003Cp>The user comments will get after \u003Ccode>X\u003C\u002Fcode> comments from a unique mailaddress automatically DoFollow status. All other comments have NoFollow, except the Admin enable manually the DoFollow Status. The status which is set manual (if DoFollow or NoFollow) will overrides the automatical process. So, you have the control if someone gets sooner the DoFollow status, or never maybe. Of corse, the automatism can be disabled to do the hole work manually.\u003C\u002Fp>\n\u003Cp>You get an support automatism, that you don’t need to check daily, but have the full control power.\u003C\u002Fp>\n\u003Cp>Additonal this plugin validated all DoFollow URLs and will notice if there are broken links. Broken Links are very bad the Rank in the Search Engines (SEO).\u003C\u002Fp>\n\u003Cp>Home Page of the Plugin: \u003Ca href=\"http:\u002F\u002Fblog.murawski.ch\u002F2010\u002F09\u002Fwordpress-manual-dofollow-plugin\u002F\" title=\"IT Bl&ouml;gg - WordPress Manual DoFollow Plugin\" rel=\"nofollow ugc\">IT Bl&ouml;gg – WordPress Manual DoFollow Plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you have a wish for new functions, please contact me.\u003C\u002Fp>\n","SMu DoFollow has many DoFollow Options (Manual or Automatism) and included URL Validator (Manual, WP-Cron or Cronjob).",100,10570,86,3,"2015-12-21T09:46:00.000Z","4.1.42","3.0.0","",[20,21,22,23,24],"comments","dofollow","nofollow","pingback","trackback","http:\u002F\u002Fblog.murawski.ch\u002F2010\u002F09\u002Fwordpress-manual-dofollow-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanuall-dofollow.zip",63,1,"2025-07-07 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"CVE-2025-49031","smu-manual-dofollow-reflected-cross-site-scripting","SMu Manual DoFollow \u003C= 1.8.1 - Reflected Cross-Site Scripting","The SMu Manual DoFollow plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.8.1","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-07-17 12:51:40",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F59390594-494d-47ed-8550-8fe33dd53a18?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"stefan-m-1",2,110,74,30,76,"2026-04-03T21:32:03.456Z",[55,79,98,117,134],{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":65,"num_ratings":66,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":73,"download_link":74,"security_score":75,"vuln_count":76,"unpatched_count":77,"last_vuln_date":78,"fetched_at":30},"dofollow-case-by-case","DoFollow Case by Case","3.6.0","apasionados","https:\u002F\u002Fprofiles.wordpress.org\u002Fapasionados\u002F","\u003Cp>\u003Cstrong>This WordPress plugin gives you the possibility to remove the “nofollow” attribute from your wordpress blog’s comments\u003C\u002Fstrong>: from the author’s links and\u002For from the comments text links. This can be done either case by case (editing each comment) or through a white-list of commenters emails, whose comments will allways be dofollow.\u003C\u002Fp>\n\u003Cp>And don’t forget:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Don’t use this plugin if you are using another plugin with similar funcionality. Please read the information about it in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdofollow-case-by-case\u002Ffaq\u002F\" title=\"FAQ section\" rel=\"ugc\">FAQ section\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>What can I do with this plugin?\u003C\u002Fh4>\n\u003Cp>This plugin allows you to set links in comments to be dofollow instead of nofollow. When editing a comment, now you have the option to remove the rel=”nofollow” attributes from the links contained in them.\u003Cbr \u002F>\nTo make it easier, you can also setup commenters emails whose links in comments should always be dofollow and you can even set their Author URL when commenting to be dofollow.\u003Cbr \u002F>\nOn the other side you can also define URLs that when contained in a comment are always dofollow, so that you can setup links to your own sites to be always dofollow.\u003C\u002Fp>\n\u003Cp>In order to add commenter’s emails or URLs to the white list, please go to \u003Cstrong>DoFollow > DoFollow\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DoFollow > White List Email\u003C\u002Fstrong>: The Email White List contains a list of emails of commenters, whose links in comments are allways dofollow. And you can also choose to make the Author URL dofollow. By default the Author URL is not followed.\u003Cbr \u002F>\nHere you can add for example the email addresses of your staff and collaborators.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>DoFollow > White List URL\u003C\u002Fstrong>: The URL White List contains a list of URLs that when linked to in a comment, are always dofollow, nevertheless who links to them.\u003Cbr \u002F>\nHere you can setup for example links from your sites or from other sites.\u003C\u002Fp>\n\u003Ch4>What ideas is this plugin based on?\u003C\u002Fh4>\n\u003Cp>We were looking for a plugin like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnofollow-case-by-case\u002F\" title=\"Nofollow Case by Case\" rel=\"ugc\">Nofollow Case by Case\u003C\u002Fa> but that worked the other way round. Instead of removing the re=”nofollow” from all comments links and have the possibilty to add the rel=”nofollow” case by case, we wanted to leave the rel=”nofollow” and all comments and have the possibility to remove them only from some comments.\u003C\u002Fp>\n\u003Cp>And the last plugin we liked is \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-dofollow\u002F\" title=\"Smart DoFollow\" rel=\"ugc\">Smart DoFollow\u003C\u002Fa> which lets you automatically give DoFollow links to authors of comments that are longer than a given number of chars. This is intersting, but very dangerous as today all comment spam is quite long and has many characters.\u003C\u002Fp>\n\u003Ch4>DoFollow Case by Case Plugin in your Language!\u003C\u002Fh4>\n\u003Cp>This first release is avaliable in English and Spanish. In the i18n we have included the necessarry files to translate this plugin.\u003C\u002Fp>\n\u003Cp>If you would like the plugin in your language and you’re good at translating, please drop us a line at \u003Ca href=\"http:\u002F\u002Fapasionados.es\u002Fcontacto\u002Findex.php?desde=wordpress-org-dofollow-home\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>You can access the description of the plugin in Spanish at: \u003Ca href=\"http:\u002F\u002Fapasionados.es\u002Fblog\u002Fdofollow-case-by-case-1676\u002F\" rel=\"nofollow ugc\">DoFollow Case by Case en castellano\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>For further information please send us an \u003Ca href=\"http:\u002F\u002Fapasionados.es\u002Fcontacto\u002Findex.php?desde=wordpress-org-dofollow-contact\" rel=\"nofollow ugc\">email\u003C\u002Fa>.\u003C\u002Fp>\n","DoFollow Case by Case allows you to selectively apply dofollow to comments and make links in pages or posts nofollow.",1000,25579,80,8,"2026-02-01T15:11:00.000Z","6.9.4","4.0",[71,20,21,22,72],"comment","rel-nofollow","https:\u002F\u002Fapasionados.es\u002F#utm_source=wpadmin&utm_medium=plugin&utm_campaign=wpdofollowplugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdofollow-case-by-case.3.6.0.zip",95,4,0,"2025-10-26 00:00:00",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":68,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":96,"download_link":97,"security_score":11,"vuln_count":77,"unpatched_count":77,"last_vuln_date":37,"fetched_at":30},"hide-trackbacks","Hide Trackbacks","1.1.7","Sander van Dragt","https:\u002F\u002Fprofiles.wordpress.org\u002Fpacifika\u002F","\u003Cp>Introducing \u003Cem>Hide Trackbacks\u003C\u002Fem> – keep the benefits of track- and pingbacks (know when someone writes about posts) while keeping the comments clean and uncluttered.\u003C\u002Fp>\n\u003Cp>After enabling the plugin, trackbacks and pingbacks are no longer shown on your posts and the comment count is updated correctly to reflect this. They remain accessible via the admin panel.\u003C\u002Fp>\n\u003Cp>Original code created by  \u003Ca href=\"http:\u002F\u002Fwww.honeytechblog.com\u002Fhow-to-remove-tracbacks-and-pings-from-wordpress-posts\u002F\" rel=\"nofollow ugc\">Honey Singh\u003C\u002Fa> (used with permission of the author).\u003C\u002Fp>\n","Prevents trackbacks and pingbacks from showing up as comments on posts.",400,17591,94,6,"2025-12-07T10:00:00.000Z","5.8","7.0",[20,23,95,24],"spam","http:\u002F\u002Fwp.me\u002Fp1vXha-4u","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-trackbacks.1.1.7.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":11,"num_ratings":48,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":77,"unpatched_count":77,"last_vuln_date":37,"fetched_at":30},"nofollow-case-by-case","Nofollow Case by Case","1.5.6","fob","https:\u002F\u002Fprofiles.wordpress.org\u002Ffob\u002F","\u003Cp>For unmodified links Nofollow Case by Case works like a (do)follow plugin for WordPress. It simply removes rel=”nofollow” from your comment links.\u003C\u002Fp>\n\u003Cp>Whenever you get the feeling that one of your comment links might be able to harm your own website reputation, if you think about SEO and found a link that looks a bit like spam but should not be deleted, you can replace nofollow to every single comment link at any time. If you want to replace nofollow for a link like that you simply add \u002Fdontfollow at the end of the link. You can do this for author links in comments as well as for the links you find in the text.\u003C\u002Fp>\n\u003Ch4>This is what the plugin will do automatically:\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>1. Clean up some code:\u003C\u002Fstrong>\u003Cbr \u002F>\nIt tries to remove all variants of rel=”nofollow”, target=”blank” and rel=”external” from comment author links and other links in comments first. A link will become a “real link” no matter if it is a pingback, a trackback or a “real comment”.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Fix semantical incorrectness:\u003C\u002Fstrong>\u003Cbr \u002F>\nThe plugin now applies rel=”external” – but ONLY for external links!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. jQuery functions of Nofollow Case by Case:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>a) The plugin detects rel=”external” in comments and opens those links in a new window.\u003Cbr \u002F>\nNo need for target=”_blank” which would not validate in XMTML. jQuery replacement does.\u003C\u002Fp>\n\u003Cp>b) The plugin tries to correct author urls that could not be fully replaced before.\u003Cbr \u002F>\nThis has something to do with template development. Find more information on this within the FAQ.\u003C\u002Fp>\n\u003Ch4>Add on\u003C\u002Fh4>\n\u003Cp>You can try this \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fnfcbc-seo-plugin-add-on\u002F\" title=\"NFCBC SEO Plugin Add-on\" rel=\"ugc\">NFCBC SEO Plugin ADD-on\u003C\u002Fa> for easier comment management. The plugin is an old one using javascript but still works. I currently do not have the time to rebuild it. A new version should later support Ajax and nonces and on the other hand will not support old versions of WordPress anymore.\u003C\u002Fp>\n\u003Ch4>Alternative Tool\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fnfcbc-seo-light\u002F\" title=\"NFCBC SEO Light\" rel=\"ugc\">NFCBC SEO Light\u003C\u002Fa> could be used alternatively. It suggests “follow” or “nofollow” or “no link” automatically, depending on comments length. This plugin might be updated soon. I personally prefer Nofollow Case by Case.\u003C\u002Fp>\n\u003Ch4>Need more information?\u003C\u002Fh4>\n\u003Cp>I have updated the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fnofollow-case-by-case\u002Ffaq\u002F\" title=\"FAQ for Nofollow Case by Case\" rel=\"ugc\">FAQ for Nofollow Case by Case\u003C\u002Fa> and the German description can be found at the old place as well:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.fob-marketing.de\u002Fmarketing-seo-blog\u002Fwordpress-nofollow-seo-plugin-nofollow-case-by-case.html\" title=\"Nofollow Case by Case SEO Plugin\" rel=\"nofollow ugc\">Deutsche Plugin-Beschreibung auf fob-marketing.de\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.fob-marketing.de\u002Fmarketing-seo-blog\u002Fantworten-zu-nofollow-case-by-case-und-relexternal-nofollow.html\" title=\"FAQ bei fob marketing\" rel=\"nofollow ugc\">Deutsche FAQ auf fob-marketing.de\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>For further information please send me an \u003Ca href=\"http:\u002F\u002Fwww.fob-marketing.de\u002Ffob\u002Fueber-fob-marketing\u002Ffob-marketing-kontakt\u002F\" title=\"Send an email to Oliver Bockelmann\" rel=\"nofollow ugc\">email\u003C\u002Fa>.\u003C\u002Fp>\n","\"Dofollow\" but Nofollow Case by Case allows you to selectively apply nofollow to your comments as well.",200,38477,"2013-12-10T17:07:00.000Z","3.7.41","2.0",[112,20,21,113,22],"administration","links","http:\u002F\u002Fwww.fob-marketing.de\u002Fmarketing-blog-184-wordpress-nofollow-seo-plugin-nofollow-case-by-case.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnofollow-case-by-case.1.5.6.zip",85,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":106,"downloaded":125,"rating":77,"num_ratings":77,"last_updated":126,"tested_up_to":68,"requires_at_least":127,"requires_php":93,"tags":128,"homepage":132,"download_link":133,"security_score":11,"vuln_count":77,"unpatched_count":77,"last_vuln_date":37,"fetched_at":30},"really-simple-disable-comments","Really Simple Disable Comments","0.2.1","NEXTFLY® Web Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fnextfly\u002F","\u003Cp>Really Simple Disable Comments is a lightweight plugin that completely disables WordPress comments functionality with a single activation. No configuration needed!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disables comments on all post types\u003C\u002Fli>\n\u003Cli>Removes comment-related UI elements\u003C\u002Fli>\n\u003Cli>Disables trackbacks and pingbacks\u003C\u002Fli>\n\u003Cli>Removes comment-related admin menu items and dashboard widgets\u003C\u002Fli>\n\u003Cli>Hides comment counts from dashboard “At a Glance” widget\u003C\u002Fli>\n\u003Cli>Hides “Recent Comments” section from dashboard Activity widget\u003C\u002Fli>\n\u003Cli>Disables all comment-related Gutenberg blocks\u003C\u002Fli>\n\u003Cli>Clean and efficient code with no settings required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What Gets Disabled?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Comment forms and displays\u003C\u002Fli>\n\u003Cli>Admin menu items and dashboard widgets\u003C\u002Fli>\n\u003Cli>Comment-related Gutenberg blocks\u003C\u002Fli>\n\u003Cli>Trackbacks and pingbacks\u003C\u002Fli>\n\u003Cli>Comment-related UI elements in themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer Friendly\u003C\u002Fh4>\n\u003Cp>The plugin includes various filters and actions for developers to customize its behavior:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>rsdc_post_type\u003C\u002Fcode> – Filter the post type before removing comment support\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_comments_status\u003C\u002Fcode> – Filter the comments status\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_hide_existing_comments\u003C\u002Fcode> – Filter the hidden comments array\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_hide_ui_styles\u003C\u002Fcode> – Filter the CSS used to hide comment UI elements\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_block_editor_settings\u003C\u002Fcode> – Filter the block editor settings\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_allowed_blocks\u003C\u002Fcode> – Filter the allowed Gutenberg blocks\u003C\u002Fli>\n\u003C\u002Ful>\n","Effortlessly disable all comments and trackback functionality across your entire WordPress site by activating this plugin.",2437,"2025-12-09T15:20:00.000Z","5.0",[20,129,130,131],"disable-comments","disable-pingbacks","disable-trackbacks","https:\u002F\u002Fgithub.com\u002Fnextfly\u002Freally-simple-disable-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-disable-comments.0.2.1.zip",{"slug":135,"name":136,"version":137,"author":138,"author_profile":139,"description":140,"short_description":141,"active_installs":11,"downloaded":142,"rating":77,"num_ratings":77,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":149,"download_link":150,"security_score":116,"vuln_count":77,"unpatched_count":77,"last_vuln_date":37,"fetched_at":30},"pingback-killer","Pingback Killer","1.0","chrisguitarguy","https:\u002F\u002Fprofiles.wordpress.org\u002Fchrisguitarguy\u002F","\u003Cp>Hate Pingbacks and Trackbacks?  Me too.  Pingback Killer disables of of WordPress’ built in pingback functionality.\u003C\u002Fp>\n\u003Cp>This is a very simple plugin that…\u003Cbr \u002F>\n1. Removes the \u003Ccode>X-Pingback\u003C\u002Fcode> header WordPress sends\u003Cbr \u002F>\n2. Causes any \u003Ccode>bloginfo('ping_backurl')\u003C\u002Fcode> call to return an empty string\u003Cbr \u002F>\n3. Hijacks the two options relating to pingbacks\u003Cbr \u002F>\n4. Removes the \u002Ftrackback\u002F rewrite rules\u003C\u002Fp>\n\u003Cp>There are no options pages, it just works.\u003C\u002Fp>\n\u003Cp>Bugs?  Problems?  \u003Ca href=\"http:\u002F\u002Fpmg.co\u002Fcontact\" rel=\"nofollow ugc\">Get in touch\u003C\u002Fa>.\u003C\u002Fp>\n","Pingback Killer disables all of WordPress' pingback functionality.",6345,"2011-10-28T21:10:00.000Z","3.3.2","3.2",[20,147,148],"pingbacks","trackbacks","http:\u002F\u002Fpmg.co\u002Fpingback-killer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpingback-killer.1.0.zip",{"attackSurface":152,"codeSignals":190,"taintFlows":368,"riskAssessment":465,"analyzedAt":482},{"hooks":153,"ajaxHandlers":186,"restRoutes":187,"shortcodes":188,"cronEvents":189,"entryPointCount":77,"unprotectedCount":77},[154,161,164,169,173,177,182],{"type":155,"name":156,"callback":157,"priority":158,"file":159,"line":160},"filter","get_comment_author_link","smu_nodofollow",15,"manual_dofollow.php",649,{"type":155,"name":162,"callback":157,"priority":158,"file":159,"line":163},"comment_text",650,{"type":165,"name":166,"callback":167,"file":159,"line":168},"action","preprocess_comment","smu_wp_new_comment",651,{"type":165,"name":170,"callback":171,"file":159,"line":172},"comment_form","show_dofollow_status",652,{"type":165,"name":174,"callback":175,"file":159,"line":176},"admin_menu","smu_add_pages",655,{"type":155,"name":178,"callback":179,"priority":180,"file":159,"line":181},"plugin_action_links","SMuPluginLink",10,656,{"type":155,"name":183,"callback":184,"file":159,"line":185},"comment_row_actions","smu_comment_row_actions",657,[],[],[],[],{"dangerousFunctions":191,"sqlUsage":192,"outputEscaping":240,"fileOperations":366,"externalRequests":48,"nonceChecks":77,"capabilityChecks":77,"bundledLibraries":367},[],{"prepared":76,"raw":193,"locations":194},21,[195,198,200,202,205,207,209,211,213,215,217,219,221,223,225,227,229,231,234,237,239],{"file":159,"line":196,"context":197},62,"$wpdb->get_row() with variable interpolation",{"file":159,"line":27,"context":199},"$wpdb->get_results() with variable interpolation",{"file":159,"line":201,"context":197},68,{"file":159,"line":203,"context":204},218,"$wpdb->get_var() with variable interpolation",{"file":159,"line":206,"context":197},246,{"file":159,"line":208,"context":197},253,{"file":159,"line":210,"context":204},308,{"file":159,"line":212,"context":197},310,{"file":159,"line":214,"context":197},311,{"file":159,"line":216,"context":199},420,{"file":159,"line":218,"context":199},482,{"file":159,"line":220,"context":199},486,{"file":159,"line":222,"context":199},516,{"file":159,"line":224,"context":199},520,{"file":159,"line":226,"context":197},572,{"file":159,"line":228,"context":197},573,{"file":159,"line":230,"context":204},628,{"file":232,"line":233,"context":199},"pages\\main.php",40,{"file":235,"line":236,"context":197},"smucron.php",14,{"file":235,"line":238,"context":199},16,{"file":235,"line":193,"context":197},{"escaped":77,"rawEcho":241,"locations":242},65,[243,246,247,249,251,253,255,257,259,261,263,265,267,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,300,302,303,304,305,306,308,310,312,314,316,318,320,322,323,325,327,329,330,332,334,336,338,340,342,344,346,348,350,352,354,356,358,360,362,364,365],{"file":159,"line":244,"context":245},90,"raw output",{"file":159,"line":89,"context":245},{"file":159,"line":248,"context":245},313,{"file":159,"line":250,"context":245},351,{"file":159,"line":252,"context":245},411,{"file":159,"line":254,"context":245},412,{"file":159,"line":256,"context":245},425,{"file":159,"line":258,"context":245},426,{"file":159,"line":260,"context":245},427,{"file":159,"line":262,"context":245},443,{"file":159,"line":264,"context":245},457,{"file":159,"line":266,"context":245},474,{"file":159,"line":268,"context":245},491,{"file":159,"line":270,"context":245},494,{"file":159,"line":272,"context":245},495,{"file":159,"line":274,"context":245},510,{"file":159,"line":276,"context":245},512,{"file":159,"line":278,"context":245},527,{"file":159,"line":280,"context":245},532,{"file":159,"line":282,"context":245},539,{"file":159,"line":284,"context":245},551,{"file":159,"line":286,"context":245},555,{"file":159,"line":288,"context":245},556,{"file":159,"line":290,"context":245},557,{"file":159,"line":292,"context":245},570,{"file":159,"line":294,"context":245},575,{"file":159,"line":296,"context":245},639,{"file":298,"line":299,"context":245},"pages\\commtemplate.php",5,{"file":298,"line":301,"context":245},34,{"file":298,"line":27,"context":245},{"file":298,"line":201,"context":245},{"file":232,"line":76,"context":245},{"file":232,"line":299,"context":245},{"file":232,"line":307,"context":245},73,{"file":232,"line":309,"context":245},78,{"file":232,"line":311,"context":245},87,{"file":313,"line":48,"context":245},"pages\\options.php",{"file":313,"line":315,"context":245},51,{"file":313,"line":317,"context":245},54,{"file":313,"line":319,"context":245},61,{"file":313,"line":321,"context":245},69,{"file":313,"line":52,"context":245},{"file":313,"line":324,"context":245},84,{"file":313,"line":326,"context":245},91,{"file":313,"line":328,"context":245},92,{"file":313,"line":89,"context":245},{"file":313,"line":331,"context":245},124,{"file":313,"line":333,"context":245},139,{"file":313,"line":335,"context":245},162,{"file":313,"line":337,"context":245},166,{"file":313,"line":339,"context":245},167,{"file":313,"line":341,"context":245},168,{"file":313,"line":343,"context":245},171,{"file":313,"line":345,"context":245},172,{"file":313,"line":347,"context":245},173,{"file":313,"line":349,"context":245},177,{"file":313,"line":351,"context":245},181,{"file":313,"line":353,"context":245},189,{"file":313,"line":355,"context":245},194,{"file":313,"line":357,"context":245},203,{"file":313,"line":359,"context":245},210,{"file":313,"line":361,"context":245},212,{"file":313,"line":363,"context":245},224,{"file":313,"line":363,"context":245},{"file":313,"line":363,"context":245},9,[],[369,385,405,433],{"entryPoint":370,"graph":371,"unsanitizedCount":28,"severity":39},"smu_man_urlchk (manual_dofollow.php:81)",{"nodes":372,"edges":382},[373,377],{"id":374,"type":375,"label":376,"file":159,"line":311},"n0","source","$_GET",{"id":378,"type":379,"label":380,"file":159,"line":244,"wp_function":381},"n1","sink","echo() [XSS]","echo",[383],{"from":374,"to":378,"sanitized":384},false,{"entryPoint":386,"graph":387,"unsanitizedCount":14,"severity":404},"smu_com (manual_dofollow.php:304)",{"nodes":388,"edges":401},[389,391,394,397],{"id":374,"type":375,"label":390,"file":159,"line":210},"$_GET['c']",{"id":378,"type":379,"label":392,"file":159,"line":210,"wp_function":393},"get_var() [SQLi]","get_var",{"id":395,"type":375,"label":396,"file":159,"line":210},"n2","$_GET (x2)",{"id":398,"type":379,"label":399,"file":159,"line":212,"wp_function":400},"n3","get_row() [SQLi]","get_row",[402,403],{"from":374,"to":378,"sanitized":384},{"from":395,"to":398,"sanitized":384},"high",{"entryPoint":406,"graph":407,"unsanitizedCount":76,"severity":404},"SMuDoList (manual_dofollow.php:435)",{"nodes":408,"edges":428},[409,411,412,415,416,419,423,426],{"id":374,"type":375,"label":410,"file":159,"line":262},"$_GET['edititem']",{"id":378,"type":379,"label":380,"file":159,"line":262,"wp_function":381},{"id":395,"type":375,"label":413,"file":159,"line":414},"$_GET['infomail']",461,{"id":398,"type":379,"label":380,"file":159,"line":264,"wp_function":381},{"id":417,"type":375,"label":418,"file":159,"line":218},"n4","$_GET['delitem']",{"id":420,"type":379,"label":421,"file":159,"line":218,"wp_function":422},"n5","get_results() [SQLi]","get_results",{"id":424,"type":375,"label":425,"file":159,"line":220},"n6","$_POST['newstring']",{"id":427,"type":379,"label":421,"file":159,"line":220,"wp_function":422},"n7",[429,430,431,432],{"from":374,"to":378,"sanitized":384},{"from":395,"to":398,"sanitized":384},{"from":417,"to":420,"sanitized":384},{"from":424,"to":427,"sanitized":384},{"entryPoint":434,"graph":435,"unsanitizedCount":366,"severity":404},"\u003Cmanual_dofollow> (manual_dofollow.php:0)",{"nodes":436,"edges":457},[437,438,439,440,441,442,443,444,445,447,449,451,453,455],{"id":374,"type":375,"label":396,"file":159,"line":311},{"id":378,"type":379,"label":380,"file":159,"line":244,"wp_function":381},{"id":395,"type":375,"label":390,"file":159,"line":210},{"id":398,"type":379,"label":392,"file":159,"line":210,"wp_function":393},{"id":417,"type":375,"label":396,"file":159,"line":210},{"id":420,"type":379,"label":399,"file":159,"line":212,"wp_function":400},{"id":424,"type":375,"label":410,"file":159,"line":262},{"id":427,"type":379,"label":380,"file":159,"line":262,"wp_function":381},{"id":446,"type":375,"label":413,"file":159,"line":414},"n8",{"id":448,"type":379,"label":380,"file":159,"line":264,"wp_function":381},"n9",{"id":450,"type":375,"label":418,"file":159,"line":218},"n10",{"id":452,"type":379,"label":421,"file":159,"line":218,"wp_function":422},"n11",{"id":454,"type":375,"label":425,"file":159,"line":220},"n12",{"id":456,"type":379,"label":421,"file":159,"line":220,"wp_function":422},"n13",[458,459,460,461,462,463,464],{"from":374,"to":378,"sanitized":384},{"from":395,"to":398,"sanitized":384},{"from":417,"to":420,"sanitized":384},{"from":424,"to":427,"sanitized":384},{"from":446,"to":448,"sanitized":384},{"from":450,"to":452,"sanitized":384},{"from":454,"to":456,"sanitized":384},{"summary":466,"deductions":467},"The \"manuall-dofollow\" v1.8.1 plugin presents a mixed security posture. While it boasts a zero attack surface from common entry points like AJAX, REST API, and shortcodes, indicating a potentially minimal direct exposure, significant concerns arise from its code analysis and vulnerability history.  The complete lack of output escaping across all identified outputs is a critical flaw, exposing users to Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of such issues.\n\nThe taint analysis reveals three high-severity flows with unsanitized paths, directly pointing to potential injection vulnerabilities. Coupled with a notable percentage of SQL queries not using prepared statements, this suggests a susceptibility to SQL injection risks. The plugin also exhibits a concerning absence of nonce and capability checks, meaning that any functionality, if discovered, could be exploited without proper authorization.\n\nFurthermore, the plugin has a history of at least one known CVE, which is currently unpatched and was a medium-severity XSS vulnerability. This pattern of XSS vulnerabilities, combined with the lack of escaping in the current version, indicates a recurring and unaddressed security weakness. The presence of file operations and external HTTP requests, while not inherently insecure, adds to the overall complexity and potential for unintended consequences when combined with other identified weaknesses.\n\nIn conclusion, while the plugin has a limited direct attack surface, the severe lack of output escaping, high-severity taint flows, potential for SQL injection, and history of unpatched XSS vulnerabilities paint a worrying picture. The absence of critical security measures like nonce and capability checks further exacerbates these risks. Users should exercise extreme caution, and the developers should prioritize addressing the fundamental security flaws in output handling and input validation.",[468,471,474,476,478,480],{"reason":469,"points":470},"Unpatched CVE history",18,{"reason":472,"points":473},"High severity taint flows (3)",20,{"reason":475,"points":473},"No output escaping",{"reason":477,"points":158},"SQL queries without prepared statements (84%)",{"reason":479,"points":180},"No nonce checks",{"reason":481,"points":180},"No capability checks","2026-03-16T21:02:45.233Z",{"wat":484,"direct":493},{"assetPaths":485,"generatorPatterns":488,"scriptPaths":489,"versionParams":490},[486,487],"\u002Fwp-content\u002Fplugins\u002Fmanuall-dofollow\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmanuall-dofollow\u002Fjs\u002Fsmudofollow.js",[],[487],[491,492],"manuall-dofollow\u002Fcss\u002Fstyle.css?ver=","manuall-dofollow\u002Fjs\u002Fsmudofollow.js?ver=",{"cssClasses":494,"htmlComments":496,"htmlAttributes":497,"restEndpoints":498,"jsGlobals":499,"shortcodeOutput":501},[495],"misc-pub-section",[],[],[],[500],"jQuery",[]]