[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTe0PPUmpXojrTmnRAkdH3rOxCFb8a0IQafby82WUxR8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":139,"fingerprints":245},"matcha-extra","Matcha Extra","1.0.3","wpmatcha","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmatcha\u002F","\u003Cp>Used for adding extra features to WP Matcha Themes.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and documentation, please visit our website or contact our support team.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by WP Matcha to enhance WordPress themes with additional functionality.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPL v2 or later.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\n  it under the terms of the GNU General Public License, version 2, as\u003Cbr \u002F>\n  published by the Free Software Foundation.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\n  but WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\n  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\u003Cbr \u002F>\n  GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\n  along with this program; if not, write to the Free Software\u003Cbr \u002F>\n  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Used for adding extra features to WP Matcha Themes.",0,205,"2026-01-09T15:08:00.000Z","6.9.4","5.0","7.4",[18,19,20,21,22],"companion","custom-post-types","shortcodes","theme","widgets","https:\u002F\u002Fwpmatcha.com\u002Fmatcha-extra","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmatcha-extra.1.0.3.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},2,30,94,"2026-04-05T09:42:58.833Z",[35,58,79,97,115],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":25,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":53,"download_link":54,"security_score":55,"vuln_count":56,"unpatched_count":11,"last_vuln_date":57,"fetched_at":27},"apollo13-framework-extensions","Apollo13 Framework Extensions","1.9.9","apollo13themes","https:\u002F\u002Fprofiles.wordpress.org\u002Fapollo13themes\u002F","\u003Cp>\u003Cstrong>Apollo13 Framework Extensions\u003C\u002Fstrong> adds few features to themes build on Apollo13 Framework. These are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Designs Importer,\u003C\u002Fli>\n\u003Cli>shortcodes based on Apollo13 Framework features: writtng effect, count down, socials, scroller, slider, galleries, post grid,\u003C\u002Fli>\n\u003Cli>support for WPBakery Page Builder elements added by Apollo13 Framework,\u003C\u002Fli>\n\u003Cli>custom post types: albums, works & people,\u003C\u002Fli>\n\u003Cli>Export\u002FImport of theme options,\u003C\u002Fli>\n\u003Cli>Custom Sidebar,\u003C\u002Fli>\n\u003Cli>Custom CSS,\u003C\u002Fli>\n\u003Cli>Meta options that are creating content for posts, pages, albums and works,\u003C\u002Fli>\n\u003Cli>Responsive Image resizing ,\u003C\u002Fli>\n\u003Cli>Maintenance mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin requires one of themes build on \u003Cstrong>Apollo13 Framework\u003C\u002Fstrong> theme to be installed.\u003C\u002Fp>\n\u003Cp>It is mostly used for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree\u002F\" rel=\"nofollow ugc\">Rife Free\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fapollo13themes.com\u002Frife\u002F\" rel=\"nofollow ugc\">Rife Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits & Copyright\u003C\u002Fh3>\n\u003Ch4>Anime.js, Copyright 2019 Julian Garnier\u003C\u002Fh4>\n\u003Cp>Licenses: MIT\u003Cbr \u002F>\nSource: https:\u002F\u002Fanimejs.com\u002F\u003C\u002Fp>\n","Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.",20000,534616,1,"2025-12-04T08:12:00.000Z","6.5.8","4.7","5.4.0",[19,51,20,52],"elementor-widgets","wpbakery-page-builder-support","https:\u002F\u002Fapollo13themes.com\u002Frife\u002Ffree","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapollo13-framework-extensions.zip",95,6,"2026-02-18 15:32:44",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":25,"num_ratings":68,"last_updated":69,"tested_up_to":47,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":74,"download_link":75,"security_score":76,"vuln_count":77,"unpatched_count":11,"last_vuln_date":78,"fetched_at":27},"weaverx-theme-support","Weaver Xtreme Theme Support","6.5.1","wpweaver","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpweaver\u002F","\u003Cp>This is the theme support for the Weaver Xtreme Theme. This plugin provides a collection of useful shortcodes and widgets designed to complement the Weaver Xtreme theme. These shortcodes have been selected and developed based on requests and feedback from thousands of users of the Weaver Xtreme and previous versions of Weaver.\u003C\u002Fp>\n\u003Cp>This plugin also provides the Legacy Weaver Xtreme Admin Dashboard interface. The Legacy Admin is an old style interface alternative to the Customizer interface. The Legacy Interface has been updated for compatibility with Weaver Xtreme Version 5, and will automatically update and convert .wxt settings files from Weaver Xtreme 4.\u003C\u002Fp>\n\u003Cp>Includes complete documentation help file. Instructions for using the shortcodes and widgets are in the help file.\u003C\u002Fp>\n\u003Ch4>Shortcodes included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>[tab_group]\u003C\u002Fstrong> – Display content in a tabbed box.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!--YouTube Error: bad URL entered-->\u003C\u002Fstrong> – Show your YouTube videos responsively, and with the capability to use any of the YouTube custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003C!-- vimeo error: not a vimeo video -->\u003C\u002Fstrong> –  Show your Vimeo videos responsively, and with the capability to use any of the Vimeo custom display options.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[iframe]\u003C\u002Fstrong> – Quick and easy display of content in an iframe.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[div]\u003C\u002Fstrong>, \u003Cstrong>[span]\u003C\u002Fstrong>, \u003Cstrong>[html]\u003C\u002Fstrong> – Add div, span, and other html to pages\u002Fposts without the need to switch to Text view.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[hide\u002Fshow_if]\u003C\u002Fstrong> – Show or hide content depending upon options: device, page ID, user capability, logged in status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[bloginfo]\u003C\u002Fstrong> – Display any information available from WordPress bloginfo function.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[user_can]\u003C\u002Fstrong> – Display content base on logged-in user role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_title]\u003C\u002Fstrong> – Display Site title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>[site_tagline]\u003C\u002Fstrong> – Display Site tag line.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Widgets Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Weaver 2 Column Text Widget\u003C\u002Fstrong> – Add text into two columns in a widget\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Per Page Text Widget\u003C\u002Fstrong> – Add a text widget on a per-page basis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weaver Login\u003C\u002Fstrong> – Simplified login widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Licenses\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The Weaver Xtreme Theme Support plugin is licensed under the terms of the GNU GENERAL PUBLIC LICENSE, Version 2,\u003Cbr \u002F>\nJune 1991. (GPL) The full text of the license is in the license.txt file.\u003C\u002Fli>\n\u003Cli>All images included with this plugin are either original works of the author which\u003Cbr \u002F>\nhave been placed into the public domain, or have been derived from other public domain sources,\u003Cbr \u002F>\nand thus need no license. (This does not include the images provided with any of the\u003Cbr \u002F>\nbelow listed scripts and libraries. Those images are covered by their respective licenses.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin also includes several scripts and libraries that are covered under the terms\u003Cbr \u002F>\nof their own licenses in the listed files in the plugin distribution:\u003C\u002Fp>\n","A useful shortcode and widget collection for Weaver Xtreme",9000,382934,4,"2024-05-31T18:31:00.000Z","6.0","7.2",[20,73,22],"weaver-xtreme-theme","http:\u002F\u002Fweavertheme.com\u002Fplugins","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fweaverx-theme-support.6.5.1.zip",89,3,"2024-06-04 19:18:53",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":11,"num_ratings":11,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":94,"download_link":95,"security_score":96,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"bonkers-addons","Bonkers Addons","1.0.1","colorlibplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fcolorlibplugins\u002F","\u003Cp>This plugins adds several options in the customizer to use with your theme.\u003C\u002Fp>\n","This plugins adds several options in the customizer to use with your theme.",60,5950,"2021-07-28T13:42:00.000Z","5.8.13","3.7","",[18,20,22],"https:\u002F\u002Fcolorlib.com\u002Fwp\u002Fthemes\u002Fbonkers\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbonkers-addons.1.0.1.zip",85,{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":11,"num_ratings":11,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":92,"tags":109,"homepage":113,"download_link":114,"security_score":96,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"steed-companion","Steed Companion","1.2.1","TallyThemes","https:\u002F\u002Fprofiles.wordpress.org\u002Ftallythemes\u002F","\u003Cp>Enhances Steed themes with extra functionalities. This plugin supply some Widgets, Shortccode and Customize settings. Please note that you need Steed WordPress theme installed to get proper support of the plugin.\u003C\u002Fp>\n","Enhances Steed’s themes with extra functionalities.",1333,"2017-09-25T18:18:00.000Z","4.8.28","4.4",[110,111,98,112,22],"shortcode","steed","tallythemes","http:\u002F\u002Ftallythemes.com\u002Fproduct\u002Fsteed-companion\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsteed-companion.1.2.1.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":123,"downloaded":124,"rating":125,"num_ratings":126,"last_updated":127,"tested_up_to":128,"requires_at_least":129,"requires_php":16,"tags":130,"homepage":135,"download_link":136,"security_score":137,"vuln_count":30,"unpatched_count":11,"last_vuln_date":138,"fetched_at":27},"one-click-demo-import","One Click Demo Import","3.4.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The best feature of this plugin is, that theme authors can define import files in their themes and so all you (the user of the theme) have to do is click on the “Import Demo Data” button.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you a theme author?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Setup One Click Demo Imports for your theme and your users will thank you for it!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fquick-integration-guide\u002F\" rel=\"nofollow ugc\">Follow this easy guide on how to setup this plugin for your themes!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are you a theme user?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact the author of your theme and \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F\" rel=\"nofollow ugc\">let them know about this plugin\u003C\u002Fa>. Theme authors can make any theme compatible with this plugin in 15 minutes and make it much more user-friendly.\u003C\u002Fp>\n\u003Cp>“\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F#how-can-you-contact-your-theme-author\" rel=\"nofollow ugc\">Where can I find the theme author contact?\u003C\u002Fa>“\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Please take a look at our \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fuser-guide\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> for more information on how to import your demo content.\u003C\u002Fp>\n\u003Cp>This plugin is using the modified version of the improved WP import 2.0 that is still in development and can be found here: https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Cp>NOTE: There is no setting to “connect” authors from the demo import file to the existing users in your WP site (like there is in the original WP Importer plugin). All demo content will be imported under the current user.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please refer to our official \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fawesomemotive\u002Fone-click-demo-import\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.",1000000,19902961,86,79,"2025-09-11T09:36:00.000Z","6.8.5","5.5",[131,132,133,134,22],"content","import","settings","theme-options","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-demo-import.3.4.0.zip",97,"2024-05-07 00:00:00",{"attackSurface":140,"codeSignals":199,"taintFlows":233,"riskAssessment":234,"analyzedAt":244},{"hooks":141,"ajaxHandlers":181,"restRoutes":191,"shortcodes":192,"cronEvents":198,"entryPointCount":77,"unprotectedCount":45},[142,148,151,157,162,166,170,173,177],{"type":143,"name":144,"callback":145,"file":146,"line":147},"action","after_switch_theme","matcha_extra_set_default_customizer_values","inc\\pawfect\\customizer\\matcha-extra-customizer-default.php",135,{"type":143,"name":149,"callback":145,"file":146,"line":150},"matcha_extra_activated",138,{"type":143,"name":152,"callback":153,"priority":154,"file":155,"line":156},"customize_register","matcha_extra_frontpage_sections_settings",15,"inc\\pawfect\\customizer\\matcha-extra-customizer-options.php",121,{"type":143,"name":158,"callback":159,"file":160,"line":161},"matcha_extra_frontpage","matcha_extra_frontpage_sections","inc\\pawfect\\pawfect.php",54,{"type":143,"name":163,"callback":164,"file":160,"line":165},"wp_enqueue_scripts","matcha_extra_enqueue_assets",61,{"type":143,"name":167,"callback":168,"file":160,"line":169},"init","matcha_extra_integrate_sections",66,{"type":143,"name":171,"callback":172,"file":160,"line":25},"admin_notices","matcha_extra_admin_notice",{"type":143,"name":167,"callback":174,"file":175,"line":176},"matcha_maybe_create_wishlist_table","inc\\pawfect\\wishlist-functions.php",42,{"type":143,"name":167,"callback":178,"file":179,"line":180},"matcha_extra_init","matcha-extra.php",51,[182,188],{"action":183,"nopriv":184,"callback":185,"hasNonce":186,"hasCapCheck":184,"file":175,"line":187},"matcha_toggle_wishlist",false,"matcha_toggle_wishlist_ajax",true,208,{"action":183,"nopriv":186,"callback":189,"hasNonce":184,"hasCapCheck":184,"file":175,"line":190},"matcha_toggle_wishlist_ajax_nopriv",209,[],[193],{"tag":194,"callback":195,"file":196,"line":197},"pawfect_wishlist","matcha_extra_pawfect_wishlist_shortcode","inc\\pawfect\\wishlist-shortcode.php",25,[],{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":207,"fileOperations":11,"externalRequests":11,"nonceChecks":45,"capabilityChecks":11,"bundledLibraries":232},[],{"prepared":202,"raw":45,"locations":203},8,[204],{"file":196,"line":205,"context":206},76,"$wpdb->get_var() with variable interpolation",{"escaped":208,"rawEcho":209,"locations":210},65,10,[211,214,216,218,220,222,224,226,228,230],{"file":196,"line":212,"context":213},43,"raw output",{"file":196,"line":215,"context":213},57,{"file":196,"line":217,"context":213},59,{"file":196,"line":219,"context":213},102,{"file":196,"line":221,"context":213},112,{"file":196,"line":223,"context":213},114,{"file":196,"line":225,"context":213},125,{"file":196,"line":227,"context":213},131,{"file":196,"line":229,"context":213},144,{"file":196,"line":231,"context":213},146,[],[],{"summary":235,"deductions":236},"The \"matcha-extra\" v1.0.3 plugin exhibits a generally good security posture with some notable exceptions. The plugin demonstrates strong adherence to secure coding practices by utilizing prepared statements for the vast majority of its SQL queries and properly escaping most of its output.  The absence of file operations and external HTTP requests further reduces potential attack vectors.  Furthermore, the plugin has no recorded vulnerability history, suggesting a history of responsible development and maintenance.\n\nHowever, a significant concern arises from the presence of an unprotected AJAX handler. This creates a direct entry point for unauthenticated attackers to potentially interact with the plugin's functionality, which could lead to various security issues if not handled with extreme care.  While the plugin has a nonce check, it's only present for one of the entry points, leaving the other susceptible. The lack of capability checks on any entry points further exacerbates this risk.\n\nIn conclusion, while \"matcha-extra\" v1.0.3 shows strengths in data handling and output sanitization, the unprotected AJAX handler represents a critical weakness.  Addressing this vulnerability is paramount to improving the plugin's overall security.  The plugin's clean vulnerability history is a positive indicator, but it does not negate the risks posed by actively exploitable code flaws.",[237,239,242],{"reason":238,"points":202},"Unprotected AJAX handler",{"reason":240,"points":241},"No capability checks on entry points",5,{"reason":243,"points":241},"Only 1 nonce check for 2 AJAX handlers","2026-03-17T06:10:53.415Z",{"wat":246,"direct":255},{"assetPaths":247,"generatorPatterns":250,"scriptPaths":251,"versionParams":252},[248,249],"\u002Fwp-content\u002Fplugins\u002Fmatcha-extra\u002Finc\u002Fpawfect\u002Fcustomizer\u002Fjs\u002Fcustomizer.js","\u002Fwp-content\u002Fplugins\u002Fmatcha-extra\u002Finc\u002Fpawfect\u002Fcustomizer\u002Fcss\u002Fcustomizer.css",[],[248],[253,254],"matcha-extra\u002Finc\u002Fpawfect\u002Fcustomizer\u002Fjs\u002Fcustomizer.js?ver=","matcha-extra\u002Finc\u002Fpawfect\u002Fcustomizer\u002Fcss\u002Fcustomizer.css?ver=",{"cssClasses":256,"htmlComments":271,"htmlAttributes":272,"restEndpoints":274,"jsGlobals":275,"shortcodeOutput":277},[257,258,259,260,261,262,263,264,265,266,267,268,269,270],"repeater-wrapper","repeater-items","repeater-item","repeater-item-header","repeater-item-title","repeater-item-toggle","repeater-item-remove","repeater-item-content","repeater-field","upload-field","upload-button","remove-image","image-preview","repeater-add-item",[],[273],"data-field",[],[276],"Matcha_Extra_Repeater_Control",[]]