[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f10C8xKV-K78E425K5N9HsWdzUQ00Vcu7dOxJ68ly8q0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":34,"analysis":127,"fingerprints":283},"mb-topbar","MB Topbar","1.0.0","Tihi321","https:\u002F\u002Fprofiles.wordpress.org\u002Ftihi321\u002F","\u003Cp>This plugin adds demo bar on top of the page. It is suitable for web designers and web developers. If you are theme designer or developer and if you would like to showcase your designs this plugin could help.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Responsive Test Tool.\u003C\u002Fstrong> Change website width on the fly., Visible only on desktop.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Social Share Button.\u003C\u002Fstrong> Share to Facebook, Twitter and Linkedin.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Logo Upload.\u003C\u002Fstrong> Change the logo.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Background Color.\u003C\u002Fstrong> Choose background color of the showcase item topbar.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Showcase Name.\u003C\u002Fstrong> Select item name.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Slug.\u003C\u002Fstrong> Slug for the address bar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Contribute:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin is open source software, and you may actively contribute on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FTihi321\u002F\u002Fmb-topbar\" title=\"MB Topbar\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>Note:\u003C\u002Fem> Currently, the plugin is available only in English. But, the plugin is localized and you can translate it to your language easy.\u003C\u002Fp>\n","This is a theme demo bar that allow developers \u002F designers to showcase their designs \u002F websites.",0,3267,"2019-09-12T23:11:00.000Z","5.2.24","5.0","7.0",[18,19,20],"demo","switch","topbar","https:\u002F\u002Fgithub.com\u002FTihi321\u002Fmbwp-topbar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmb-topbar.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":23,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"tihi321",2,10,30,84,"2026-04-05T14:41:10.595Z",[35,57,76,92,108],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":30,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":55,"download_link":56,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"demonstrator","Demonstrator","1.3.0","Andrei Surdu","https:\u002F\u002Fprofiles.wordpress.org\u002F_smartik_\u002F","\u003Cp>More than a theme switcher!\u003C\u002Fp>\n\u003Cp>Demonstrator allows to build a list of demo sites with or without demo styles. It was initially intended to be used only by web developers, but now it’s possible to be used by everyone. Also you have the freedom to create an unlimited number on switchers, just because one bascket is not for all egs :).\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The possibility to manage an unlimited number of themes directly from an admin page.\u003C\u002Fli>\n\u003Cli>The possibility to add an unlimited number of styles to each theme.\u003C\u002Fli>\n\u003Cli>Setup your own logo.\u003C\u002Fli>\n\u003Cli>Setup your own URL that will wrap the logo in a link.\u003C\u002Fli>\n\u003Cli>Display the themes and styles in a grid from 1 to 4 columns.\u003C\u002Fli>\n\u003Cli>Setup the usernames for Envato and CreativeMarket referal program.\u003C\u002Fli>\n\u003Cli>Short “purchase URL”. The real purchase URL will be hidden in a local URL, so nobody will be able to access the purchase page without your referal ID.\u003C\u002Fli>\n\u003Cli>The frame is not closed, but instead is collapsed on top. This actually is a bonus because the visitors never lose the purchase URL and the acces to other themes\u002Fstyles.\u003C\u002Fli>\n\u003Cli>Use the homepage and ignore the full site content, or setup a custom endpoint name.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How it works:\u003C\u002Fh3>\n\u003Cp>You must create a switcher that will keep all demo sites. You can create more than one, but at least one is required. By default on first plugin installation a switcher is created, so you can focus on more important things. Go to “Demonstrator” page from admin side to add or edit a switcher.\u003C\u002Fp>\n\u003Cp>After the switcher is created, you can access it from a subpage under “Demonstrator” menu item.\u003C\u002Fp>\n\u003Cp>There complete all fields and save.\u003C\u002Fp>\n\u003Cp>Now you can access the switcher using “http:\u002F\u002Fyoursiteadress.com\u002F{switcher_id}”. Where {switcher_id} is the ID used when the switcher was created.\u003C\u002Fp>\n\u003Ch3>Live example:\u003C\u002Fh3>\n\u003Cp>Here are some links that will show the plugin in action. The switcher ID in this case is \u003Ccode>tf\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Switcher base url:\u003C\u002Fstrong>    http:\u002F\u002Fthemes.market\u002Ftf\u002F\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Single site URL:\u003C\u002Fstrong>      http:\u002F\u002Fthemes.market\u002Ftf\u002Fgustoswp\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shorten purchase URL:\u003C\u002Fstrong> http:\u002F\u002Fthemes.market\u002F?buy=tf:gustoswp\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cem>More demos coming soon.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Completed TODOs:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Make themes and styles sortable( in admin panel ).\u003C\u002Fli>\n\u003Cli>Display the price and description.\u003C\u002Fli>\n\u003Cli>Make a theme unlisted. This is usefull when you have to show the demo, but you don;t have the purchase URL yet. Example: You submitted for review and the theme should be visible only to reviewer, but not to other users. This will be possible only by using a direct link.\u003C\u002Fli>\n\u003Cli>Do not allow to collapse the top bar and hide the dropdown(themes list) if no theme has been selected.\u003C\u002Fli>\n\u003Cli>Hide “Purchase” button if a purchase URL is not available.\u003C\u002Fli>\n\u003Cli>Private themes. Just like unlisted, but instead do not allow access to demo using direct link for user without administrative rights.\u003C\u002Fli>\n\u003Cli>Do not hide the dropdown if no theme is selected.\u003C\u002Fli>\n\u003Cli>Lazy-load images. We must wait for demo site from iframe to complete loading, not for images from top window.\u003C\u002Fli>\n\u003Cli>Include a link to WP admin in top bar.\u003C\u002Fli>\n\u003Cli>Pretty links.\u003C\u002Fli>\n\u003Cli>Multiple switchers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>TODO:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Import, Export and Backup settings(with images\u002Ffiles). This requires a lot of work.\u003C\u002Fli>\n\u003Cli>Add an option to specify the frame size(width&height) from admin panel. Then this will be available on frontend as dropdown.\u003C\u002Fli>\n\u003Cli>Add an upload field to each style. This may be handy if you want to include the demo data.\u003C\u002Fli>\n\u003Cli>Implement custom colors for each category. Currently this is hardcoded for \u003Ccode>WordPress\u003C\u002Fcode> and \u003Ccode>HTML\u003C\u002Fcode> categories only.\u003C\u002Fli>\n\u003Cli>Make possible to change the text of all elements directly from admin panel.\u003C\u002Fli>\n\u003Cli>Add the possibility to ignore the ‘purchase URL’ in favor to a ‘download URL’. Just in case if you want to provide free files.\u003C\u002Fli>\n\u003Cli>Display an icon that will allow to preview the the theme outside the iframe. An alternative to \u003Ccode>collapse\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Lazy-load items. Right now are loaded all themes and styles regardless if they are needed or not. It’s needed to load to load each theme and style just when needed(probably using ajax). Ideas are welcome.\u003C\u002Fli>\n\u003Cli>Add the possibility to customize the design of the switcher itself.\u003C\u002Fli>\n\u003Cli>Add the possibility to activate google analytics.\u003C\u002Fli>\n\u003Cli>Anonymous URL. Allow to open a link in switcher frame even if it not registered under a theme style. This may be usefull for other use cases.\u003C\u002Fli>\n\u003Cli>Add an iframe loader, so it does not show up an incomplete site.\u003C\u002Fli>\n\u003Cli>Style separators. Sometimes you may have too many demos that may need to be separated somehow. This one should allow to add sections of text that will serve as an intro to a styles set.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support & Donate:\u003C\u002Fh3>\n\u003Cp>Hi.\u003Cbr \u002F>\nI invested a considerable amount of time in this product. And I still have a lot of work to do on it. See the above ‘TODO’ list.\u003Cbr \u002F>\nConsider making a donation if you find this product useful. Don’t ignore this message. Your donation will make a difference.\u003Cbr \u002F>\nI would like to improve it as much as I can, but your support is needed.\u003C\u002Fp>\n\u003Cp>Donate link: https:\u002F\u002Fpaypal.me\u002Fzerowp\u003C\u002Fp>\n\u003Ch3>Issues tracker:\u003C\u002Fh3>\n\u003Cp>Please report bugs on: https:\u002F\u002Fgithub.com\u002FZeroWP\u002Fdemonstrator\u002Fissues\u003C\u002Fp>\n","More than a theme switcher!",2027,20,1,"2018-07-05T12:36:00.000Z","4.9.29","4.7","",[51,18,52,53,54],"connect","switcher","theme","themeforest","http:\u002F\u002Fzerowp.com\u002Fdemonstrator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdemonstrator.1.3.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":30,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":49,"tags":71,"homepage":74,"download_link":75,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"ijm-theme-bar","IJM Theme Switcher Bar","2.0","ijmccallum","https:\u002F\u002Fprofiles.wordpress.org\u002Fijmccallum\u002F","\u003Cp>This theme demo \u002F theme switcher plugin will add a bar to the top of your WordPress site listing every theme you have installed.  It gives visitors the ability to switch between themes and try out their look on your live site.\u003C\u002Fp>\n\u003Cp>After installation it requires no set up, it just works.\u003C\u002Fp>\n\u003Cp>If you would like to see any extensions to this theme switcher please don’t hesitate to contact me from my website or post something in the support section.  And, if you like it – please leave something nice in the review section!  The more popular this becomes the more likely I’ll be to work on giving it lots more extra awesome.\u003C\u002Fp>\n\u003Ch4>Why another theme switcher?\u003C\u002Fh4>\n\u003Cp>I built this theme switcher primarily for myself.  There are a number of other theme switchers out there but they all require visitors to click on a drop down menu then select a theme to demo or have some other complication and none of them had the clean, simple, minimal way of switching that I was hoping for in a theme switcher.  So I built this theme switcher to give visitors an instant list of all the themes I hope to develop which they will be able to demo in a single click, also it doesn’t need any set up so it’s very easy!\u003C\u002Fp>\n\u003Cp>So, I imagine most of the people interested in this theme switcher would be theme developers but if there are any people who are really indecisive about how they want their website to look, I guess this could provide them with an interesting solution to the website design problem.  Let me know if you can think of any other uses for a theme switcher!\u003C\u002Fp>\n","Add a theme switcher \u002F theme demo bar to your site. Allows users to switch the theme they see on your site.",5561,96,9,"2013-12-03T13:31:00.000Z","3.7.41","2.9",[18,52,53,72,73],"theme-switcher","themes","http:\u002F\u002Fiainjmccallum.com\u002Fwordpress\u002Flive-demo-theme-bar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fijm-theme-bar.2.0.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":30,"downloaded":84,"rating":85,"num_ratings":45,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":49,"tags":89,"homepage":90,"download_link":91,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"jp-theme-bar","JP Theme Switcher Bar","0.1.0","Josh Pollock","https:\u002F\u002Fprofiles.wordpress.org\u002Fshelob9\u002F","\u003Cp>Use this plugin to create a demo site for your themes, or use it to allow users to customize the presentation of your site.\u003C\u002Fp>\n\u003Cp>The JP Theme Bar Plugin adds a theme switching bar to the bottom of your site, perfect for theme preview sites.  The settings page for the plugin lets the end user choose which themes to add, as well as set the colors for the theme bar. You can see it in action on this site.\u003C\u002Fp>\n\u003Cp>New in version 0.0.3 -> Themes will update theme mods when changing themes allowing for individual theme settings to be previewed properly.\u003C\u002Fp>\n\u003Cp>This plugin is based on the \u003Ca href=\"http:\u002F\u002Fiainjmccallum.com\u002Fwordpress\u002Flive-demo-theme-bar\u002F\" rel=\"nofollow ugc\">IJM Theme Switcher Bar v2.0\u003C\u002Fa> by \u003Ca href=\"http:\u002F\u002Fwww.iainjmccallum.com\u002F\" rel=\"nofollow ugc\">Iain J McCallum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>IMPORTANT- The plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-test-drive\u002F\" rel=\"ugc\">Theme Test Drive\u003C\u002Fa> by \u003Ca href=\"http:\u002F\u002Fwww.prelovac.com\u002Fvladimir\u002F\" rel=\"nofollow ugc\">Vladimir Prelovac\u003C\u002Fa> must be installed and activated in order for the theme switching to work.\u003C\u002Fp>\n","Adds a theme switcher\u002F theme demo bar to the bottom of your site to allow users to switch the theme they see on your site.",3007,100,"2014-09-04T19:15:00.000Z","4.0.38","3.8",[18,52,53,72,73],"http:\u002F\u002Fjpwp.me\u002Fjptb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjp-theme-bar.zip",{"slug":93,"name":94,"version":6,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":100,"num_ratings":29,"last_updated":101,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":102,"homepage":106,"download_link":107,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"arya-switch-theme","Arya Switch Theme","Arya Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Faryathemes\u002F","\u003Cp>Allows users to choose and preview all WordPress themes installed without\u003Cbr \u002F>\nactivation or deactivation for demonstration purposes.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fexample.com\u002F?theme=slug-theme\nhttps:\u002F\u002Fexample.com\u002F?theme=slug-theme&child=slug-child-theme\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allows users to choose and preview all WordPress themes installed without",1231,60,"2019-05-22T19:03:00.000Z",[18,103,104,72,105],"preview","switch-theme","utility","https:\u002F\u002Fgithub.com\u002Faryathemes\u002Farya-switch-theme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farya-switch-theme.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":11,"downloaded":116,"rating":11,"num_ratings":11,"last_updated":117,"tested_up_to":47,"requires_at_least":118,"requires_php":49,"tags":119,"homepage":125,"download_link":126,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"cp-demo-switcher","Theme Demo Switcher and Page Switch Bar","1.0","CodePassenger","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodepassenger\u002F","\u003Ch4>Overview\u003C\u002Fh4>\n\u003Cp>This Theme Demo Switcher Plugin is for showing theme demo and internal demo pages to vistors. Customers can see all of your theme demo from one place when customers visits one of your demo site.\u003C\u002Fp>\n\u003Cp>CP Demo Switch Bar is easy to use and not required detailed documentation for use it. It can be used in any WordPress Theme. It features responsive testing tool, purchase button, iframe remove button, Theme Switch, Page Switch, Custom Logo, etc.\u003C\u002Fp>\n","Showcase your product demo to your website beautifully into one place using CP Theme Demo Switch Bar. No coding required.",1285,"2018-09-22T06:56:00.000Z","4.5",[120,121,122,123,124],"demo-bar","demo-switch-bar","demo-switcher","page-switch-bar","responsive-demo-bar","https:\u002F\u002Fcodepassenger.com\u002Fwp\u002Fdemo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcp-demo-switcher.1.0.zip",{"attackSurface":128,"codeSignals":188,"taintFlows":248,"riskAssessment":267,"analyzedAt":282},{"hooks":129,"ajaxHandlers":178,"restRoutes":179,"shortcodes":186,"cronEvents":187,"entryPointCount":45,"unprotectedCount":45},[130,136,140,145,149,154,159,163,166,170,174],{"type":131,"name":132,"callback":133,"file":134,"line":135},"action","admin_menu","addAdminMenu","inc\\Api\\SettingsApi.php",22,{"type":131,"name":137,"callback":138,"file":134,"line":139},"admin_init","registerCustomFields",26,{"type":131,"name":141,"callback":142,"file":143,"line":144},"admin_enqueue_scripts","enqueueAdmin","inc\\Base\\Enqueue.php",12,{"type":131,"name":146,"callback":147,"file":143,"line":148},"wp_enqueue_scripts","enqueueFront",13,{"type":131,"name":150,"callback":151,"priority":30,"file":152,"line":153},"plugins_loaded","load_plugin_textdomain","inc\\Modules\\Languages\\Internationalization.php",23,{"type":155,"name":156,"callback":157,"file":158,"line":139},"filter","page_attributes_dropdown_pages_args","register_project_templates","inc\\Modules\\Topbar\\PageTemplater.php",{"type":155,"name":160,"callback":161,"file":158,"line":162},"theme_page_templates","add_new_template",34,{"type":155,"name":164,"callback":157,"file":158,"line":165},"wp_insert_post_data",41,{"type":155,"name":167,"callback":168,"file":158,"line":169},"template_include","view_project_template",49,{"type":131,"name":150,"callback":171,"file":172,"line":173},"registerPageTemplate","inc\\Modules\\Topbar\\TopbarController.php",25,{"type":131,"name":175,"callback":176,"file":172,"line":177},"rest_api_init","closure",29,[],[180],{"namespace":181,"route":182,"methods":183,"callback":185,"permissionCallback":24,"file":172,"line":31},"mbwp-topbar\u002Fv1","\u002Fapi",[184],"GET","routeApiCallback",[],[],{"dangerousFunctions":189,"sqlUsage":190,"outputEscaping":193,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":247},[],{"prepared":191,"raw":11,"locations":192},4,[],{"escaped":194,"rawEcho":173,"locations":195},7,[196,199,201,203,205,207,209,211,213,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246],{"file":197,"line":165,"context":198},"inc\\Api\\Callbacks\\DashboardCallbacks.php","raw output",{"file":197,"line":200,"context":198},42,{"file":197,"line":202,"context":198},44,{"file":197,"line":204,"context":198},45,{"file":197,"line":206,"context":198},46,{"file":197,"line":208,"context":198},62,{"file":197,"line":210,"context":198},77,{"file":197,"line":212,"context":198},78,{"file":214,"line":215,"context":198},"inc\\Api\\Callbacks\\TopbarCallbacks.php",51,{"file":214,"line":217,"context":198},79,{"file":214,"line":219,"context":198},80,{"file":214,"line":221,"context":198},98,{"file":214,"line":223,"context":198},99,{"file":214,"line":225,"context":198},109,{"file":214,"line":227,"context":198},112,{"file":214,"line":229,"context":198},115,{"file":214,"line":231,"context":198},118,{"file":214,"line":233,"context":198},121,{"file":214,"line":235,"context":198},134,{"file":214,"line":237,"context":198},135,{"file":214,"line":239,"context":198},136,{"file":214,"line":241,"context":198},137,{"file":214,"line":243,"context":198},141,{"file":214,"line":245,"context":198},147,{"file":158,"line":241,"context":198},[],[249],{"entryPoint":250,"graph":251,"unsanitizedCount":265,"severity":266},"\u003CTopbarCallbacks> (inc\\Api\\Callbacks\\TopbarCallbacks.php:0)",{"nodes":252,"edges":262},[253,257],{"id":254,"type":255,"label":256,"file":214,"line":206},"n0","source","$_POST (x3)",{"id":258,"type":259,"label":260,"file":214,"line":215,"wp_function":261},"n1","sink","echo() [XSS]","echo",[263],{"from":254,"to":258,"sanitized":264},false,3,"low",{"summary":268,"deductions":269},"The \"mb-topbar\" v1.0.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids file operations and external HTTP requests. Its vulnerability history is clean, with no recorded CVEs, suggesting a potentially stable and well-maintained codebase in the past.\n\nHowever, significant security concerns arise from the static analysis. The plugin has a single entry point exposed via the REST API that lacks any permission callbacks. Furthermore, there is a identified taint flow with an unsanitized path, which could potentially be exploited if an attacker can control the data flowing through it. The absence of nonce checks and capability checks across all entry points is also a critical oversight, leaving the plugin vulnerable to CSRF and privilege escalation attacks in conjunction with other identified weaknesses.\n\nIn conclusion, while the plugin has a clean vulnerability history and uses prepared statements, the presence of an unprotected REST API endpoint, an unsanitized taint flow, and a complete lack of authorization checks on its entry points present substantial risks. These issues indicate a need for immediate attention and remediation to secure the plugin against potential exploits.",[270,272,274,277,279],{"reason":271,"points":30},"Unprotected REST API route",{"reason":273,"points":30},"Flow with unsanitized path",{"reason":275,"points":276},"No nonce checks",8,{"reason":278,"points":276},"No capability checks",{"reason":280,"points":281},"Low output escaping coverage",5,"2026-03-17T06:20:51.269Z",{"wat":284,"direct":297},{"assetPaths":285,"generatorPatterns":290,"scriptPaths":291,"versionParams":292},[286,287,288,289],"\u002Fwp-content\u002Fplugins\u002Fmb-topbar\u002Fskin\u002Fpublic\u002Fstyles\u002FadminTopBar.css","\u002Fwp-content\u002Fplugins\u002Fmb-topbar\u002Fskin\u002Fpublic\u002Fscripts\u002FadminTopBar.js","\u002Fwp-content\u002Fplugins\u002Fmb-topbar\u002Fskin\u002Fpublic\u002Fstyles\u002FapplicationTopBar.css","\u002Fwp-content\u002Fplugins\u002Fmb-topbar\u002Fskin\u002Fpublic\u002Fscripts\u002FapplicationTopBar.js",[],[287,289],[293,294,295,296],"mb-topbar\u002Fskin\u002Fpublic\u002Fstyles\u002FadminTopBar.css?ver=","mb-topbar\u002Fskin\u002Fpublic\u002Fscripts\u002FadminTopBar.js?ver=","mb-topbar\u002Fskin\u002Fpublic\u002Fstyles\u002FapplicationTopBar.css?ver=","mb-topbar\u002Fskin\u002Fpublic\u002Fscripts\u002FapplicationTopBar.js?ver=",{"cssClasses":298,"htmlComments":301,"htmlAttributes":346,"restEndpoints":348,"jsGlobals":350,"shortcodeOutput":354},[299,300],"mb_topbar_admin_topbar","mb_topbar_admin_topbar_wrapper",[302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345],"\u003C!-- Plugin Name: MB Topbar -->","\u003C!-- Plugin URI: https:\u002F\u002Fgithub.com\u002FTihi321\u002Fmbwp-topbar -->","\u003C!-- Description: This plugin implements topbar -->","\u003C!-- Version: 1.0.0 -->","\u003C!-- Author: Tihomir Selak -->","\u003C!-- Author URI: https:\u002F\u002Fwww.tihomir-selak.from.hr -->","\u003C!-- License: GPLv2 or later -->","\u003C!-- Text Domain: mb-topbar -->","\u003C!-- If this file is called firectly, abort!!! -->","\u003C!-- Require once the Composer Autoload -->","\u003C!-- The code that runs during plugin activation -->","\u003C!-- The code that runs during plugin deactivation -->","\u003C!-- Initialize all the core classes of the plugin -->","\u003C!-- enqueue only on setting page -->","\u003C!-- load only on topbar page template -->","\u003C!-- The array of templates that this plugin tracks. -->","\u003C!-- Initializes the plugin by setting filters and administration functions. -->","\u003C!-- Add a filter to the attributes metabox to inject template into the cache. -->","\u003C!-- 4.6 and older -->","\u003C!-- Add a filter to the wp 4.7 version attributes metabox -->","\u003C!-- Add a filter to the save post to inject out template into the page cache -->","\u003C!-- Add a filter to the template include to determine if the page has our -->","\u003C!-- template assigned and return it's path -->","\u003C!-- Add your templates to this array. -->","\u003C!-- Adds our template to the page dropdown for v4.7+ -->","\u003C!-- Adds our template to the pages cache in order to trick WordPress -->","\u003C!-- into thinking the template file exists where it doens't really exist. -->","\u003C!-- Create the key used for the themes cache -->","\u003C!-- Retrieve the cache list. -->","\u003C!-- If it doesn't exist, or it's empty prepare an array -->","\u003C!-- New cache, therefore remove the old one -->","\u003C!-- Now add our template to the list of templates by merging our templates -->","\u003C!-- with the existing templates array from the cache. -->","\u003C!-- Add the modified cache to allow WordPress to pick it up for listing -->","\u003C!-- available templates -->","\u003C!-- Checks if the template is assigned to the page -->","\u003C!-- Return the search template if we're searching (instead of the template for the first result) -->","\u003C!-- Get global post -->","\u003C!-- Return template if post is empty -->","\u003C!-- Return default template if we don't have a custom one defined -->","\u003C!-- Allows filtering of file path -->","\u003C!-- Just to be safe, we check if the file exist first -->","\u003C!-- Template Name: Topbar Frontpage -->","\u003C!-- Description: Topbar Frontpage. -->",[347],"data-wp-i18n-messages",[349],"\u002Fmbwp-topbar\u002Fv1\u002Fapi",[351,352,353,351],"topbarOptions","mbwpAdminScripts","mbwpScripts",[]]