[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3kH34HuZBpuhcNNffm1ALGPwqsqMZ6fLa9mGSuCMY1U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":151,"fingerprints":326},"mi-libreria","Mi librería","1.3","Yes We Work","https:\u002F\u002Fprofiles.wordpress.org\u002Fyeswework\u002F","\u003Cp>Mi librería te permite añadir automáticamente a los artículos de tu blog o página web una selección de los mejores libros sobre el tema de tu artículo y otros similares y aportar así más contenidos y utilidad a tus lectores. Una vez activado y configurado, tus usuarios verán un pequeño estante de libros recomendados justo después del contenido de cada artículo.\u003C\u002Fp>\n\u003Cp>El plugin te ofrece una lista de categorías generales para mejorar la relevancia de las sugerencias, y una lista de tiendas internacionales y nacionales para enlazarlas. Si estás dado de alta en el programa de afiliados de la tienda elegida, el plugin te permite especificar tu código personal.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Si tienes alguna duda o pregunta sobre este plugin, contacta con webmaster@penguinrandomhouse.com\u003C\u002Fp>\n","Mi librería te permite añadir automáticamente a los artículos de tu blog una selección de los mejores libros sobre el tema de tu artículo",10,2621,70,2,"2016-01-06T09:12:00.000Z","4.4.34","4.0","",[20,21,22,23,24],"biblioteca","lector","libreria","libro","libros","http:\u002F\u002Fmegustaleer.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmi-libreria.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"yeswework",3,380,89,12,86,"2026-04-05T02:05:30.337Z",[41,62,88,108,129],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":11,"downloaded":49,"rating":28,"num_ratings":28,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"holnix","Holnix","1.1.3","Iberpixel","https:\u002F\u002Fprofiles.wordpress.org\u002Fiberpixel\u002F","\u003Cp>Holnix conecta editoriales y librerías transformando metadata ONIX en productos listos para WooCommerce.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>Este plugin se conecta con una API para recibir la información de los distintos productos mostrados.\u003Cbr \u002F>\nNo se envía ninguna información del usuario. Este servicio es proporcionado por Iberpixel.\u003Cbr \u002F>\nPolítica de privacidad: https:\u002F\u002Fwww.holnix.com\u002Fpolitica-de-privacidad\u002F\u003Cbr \u002F>\nAviso legal: https:\u002F\u002Fwww.holnix.com\u002Faviso-legal\u002F\u003C\u002Fp>\n","Holnix permite a las librerías importar catálogos editoriales (metadata ONIX) directamente a WooCommerce.",272,"2026-02-13T14:05:00.000Z","6.8.5","5.8","7.4",[24,55,56,57,58],"metadata","onix","publishing","woocommerce","https:\u002F\u002Fwww.holnix.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fholnix.1.1.3.zip",100,{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":51,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":83,"download_link":84,"security_score":85,"vuln_count":86,"unpatched_count":28,"last_vuln_date":87,"fetched_at":30},"lenix-elementor-leads-addon","Lenix Leads Collector","2.0.0","yonifre","https:\u002F\u002Fprofiles.wordpress.org\u002Fyonifre\u002F","\u003Cp>Lenix Leads Collector is a powerful plugin that stores and manages leads from your Elementor,Cf7,WPForms and more with export to CSV.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Automatic capture of all Elementor form submissions\u003Cbr \u002F>\n* Automatic capture of all Hello Plus form submissions\u003Cbr \u002F>\n* Automatic capture of all Cf7 form submissions\u003Cbr \u002F>\n* Automatic capture of all WPForms form submissions\u003Cbr \u002F>\n* Centralized management interface in WordPress admin panel\u003Cbr \u002F>\n* Quick and easy export of leads to CSV format\u003Cbr \u002F>\n* Support for global forms\u003Cbr \u002F>\n* Multi-language support (including English, Hebrew, French and more)\u003Cbr \u002F>\n* User-friendly and intuitive interface\u003Cbr \u002F>\n* Date-based filtering for exports\u003Cbr \u002F>\n* Secure data handling\u003Cbr \u002F>\n* Each lead is a post in WordPress, so you can use all the features of WordPress to manage them\u003C\u002Fp>\n\u003Cp>No need to install any other plugin, just install and use, no configuration needed.\u003C\u002Fp>\n\u003Cp>The plugin provides a seamless way to track, manage, and export all leads received through your forms, organizing them similarly to WordPress posts for easy access and management.\u003C\u002Fp>\n\u003Cp>Perfect for Websites and organizations looking to efficiently manage their form submissions and lead data in one central location.\u003C\u002Fp>\n\u003Ch4>Maspik – Spam Protection\u003C\u002Fh4>\n\u003Cp>For improved spam protection, check out our sister plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-forms-anti-spam\u002F\" rel=\"ugc\">Maspik\u003C\u002Fa>\u003Cbr \u002F>\nWe provide built-in spam protection and filtering. For enhanced spam prevention, we recommend using Maspik – an advanced anti-spam solution specifically designed for WordPress forms.\u003C\u002Fp>\n\u003Cp>With a 95%+ success rate, Maspik uses smart technology to block spam submissions while ensuring legitimate leads get through.\u003Cbr \u002F>\nThe plugin works instantly with no CAPTCHA required and includes features like smart blacklist system, IP blocking, and phone number validation.\u003C\u002Fp>\n\u003Cp>Compatible with all major form plugins including Elementor forms, you can set it up in just 2 minutes. \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-forms-anti-spam\u002F\" rel=\"ugc\">Learn more about Maspik\u003C\u002Fa>\u003C\u002Fp>\n","Leads Collector, Collects forms entries from Elementor,Cf7,WPForms and more with export to CSV.",10000,182611,88,25,"2025-06-12T06:39:00.000Z","5.0","7.0",[78,79,80,81,82],"contact-form-db","crm","form-collector","hello-plus","leads","https:\u002F\u002Flenix.co.il\u002Fplugin\u002Flenix-elementor-leads-addon\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flenix-elementor-leads-addon.2.0.0.zip",98,1,"2025-02-19 00:00:00",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":70,"downloaded":96,"rating":72,"num_ratings":97,"last_updated":98,"tested_up_to":99,"requires_at_least":17,"requires_php":18,"tags":100,"homepage":106,"download_link":107,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"plugins-garbage-collector","Plugins Garbage Collector (Database Cleanup)","0.14","Vladimir Garagulya","https:\u002F\u002Fprofiles.wordpress.org\u002Fshinephp\u002F","\u003Cp>Database Cleanup plugin scans the database and shows the tables beyond of core WordPress installation. Some WordPress plugins create and use its own database tables.\u003Cbr \u002F>\nThose tables are left in your database after plugin deactivation and deletion often.\u003Cbr \u002F>\nWith the help of this plugin you can check your database and discover if it is clean or not.\u003Cbr \u002F>\nExtra columns added to the core WordPress tables could be shown also.\u003Cbr \u002F>\nTo read more about ‘Plugins Garbage Collector’ visit this link at \u003Ca href=\"http:\u002F\u002Fwww.shinephp.com\u002Fplugins-garbage-collector-wordpress-plugin\u002F\" rel=\"nofollow ugc\">shinephp.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Additional Documentation\u003C\u002Fh3>\n\u003Cp>You can find more information about “Plugins Garbage Collector” plugin at this page\u003Cbr \u002F>\nhttp:\u002F\u002Fwww.shinephp.com\u002Fplugins-garbage-collector-wordpress-plugin\u002F\u003C\u002Fp>\n\u003Cp>I am ready to answer on your questions about this plugin usage. Use plugin page comments or site contact form for that please.\u003C\u002Fp>\n","Find unused database tables from deactivated or deleted plugins. You can delete unused database tables to reduce database volume and enhance site perf &hellip;",470986,92,"2022-04-03T03:52:00.000Z","5.9.13",[101,102,103,104,105],"clear","collector","database","garbage","unused-tables","http:\u002F\u002Fwww.shinephp.com\u002Fplugins-garbage-collector-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugins-garbage-collector.0.14.zip",{"slug":109,"name":110,"version":111,"author":112,"author_profile":113,"description":114,"short_description":115,"active_installs":70,"downloaded":116,"rating":85,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":18,"tags":121,"homepage":127,"download_link":128,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wpml-widgets","WPML Widgets","1.0.6","Jeroen Sormani","https:\u002F\u002Fprofiles.wordpress.org\u002Fsormano\u002F","\u003Cp>WPML Widgets is a simple to use extension to add a language selector dropdown to your widgets.\u003C\u002Fp>\n\u003Cp>This plugin is the easiest way to add multilingual widgets to your website.\u003C\u002Fp>\n\u003Cp>WPML Widgets is a ultra lightweight plugin, so there will be (about) zero extra loading time.\u003C\u002Fp>\n","WPML Widgets is a simple to use extension to add a language selector dropdown to your widgets.",171698,36,"2017-11-28T08:13:00.000Z","4.7.32","3.6",[122,123,124,125,126],"wordpress-multilanguage","wordpress-multilanguage-widget","wpml","wpml-widget","wpml-widget-selector","http:\u002F\u002Fjeroensormani.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpml-widgets.1.0.6.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":11,"last_updated":140,"tested_up_to":51,"requires_at_least":141,"requires_php":53,"tags":142,"homepage":147,"download_link":148,"security_score":149,"vuln_count":14,"unpatched_count":86,"last_vuln_date":150,"fetched_at":30},"libro-de-reclamaciones-y-quejas","Libro de Reclamaciones y Quejas","1.2","Renzo Tejada","https:\u002F\u002Fprofiles.wordpress.org\u002Frenzotejada\u002F","\u003Cul>\n\u003Cli>Email the customer with a copy of their complaint.\u003C\u002Fli>\n\u003Cli>You send an email to the site administrator with the complaint.\u003C\u002Fli>\n\u003Cli>The site administrator cannot delete or edit the information sent by the customer.\u003C\u002Fli>\n\u003Cli>The “Complaint Book” plugin generates a unique correlative ID in the database which makes it difficult to modify and edit.\u003C\u002Fli>\n\u003Cli>All complaints are viewed in the same WordPress dashboard in a clear way.\u003C\u002Fli>\n\u003Cli>WE ARE NOT RESPONSIBLE FOR COMPLAINTS THAT YOU MAY HAVE, ALWAYS CHECK YOUR CLAIMS BOOK WITH YOUR LEGAL AREA OR A LAWYER, AS NOT ALL COMPANIES THAT PROVIDE PRODUCTS OR SERVICES HAVE THE SAME FORMAT FIELDS.\u003C\u002Fli>\n\u003Cli>THIS PLUGIN IS A GENERIC PLUGIN THAT DOES THE BASICS (HAVE THE FORM ONLINE, NOTIFY THE ADMINISTRATOR AND THE USER OF A NEW CLAIM).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We also have a premium plugin which has the following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The plugin generates a unique correlative ID in the database which makes it difficult to modify and edit. \u003C\u002Fli>\n\u003Cli>All complaints are seen in the same WordPress dashboard in a clear way. \u003C\u002Fli>\n\u003Cli>You will be able to answer the claim or complaint from the same WordPress dashboard.\u003C\u002Fli>\n\u003Cli>You will be able to attach evidence of the complaint from within the WordPress dashboard. You will be able to activate Google reCaptcha v2.\u003C\u002Fli>\n\u003Cli>You will be able to change the email to notify when a complaint is created. \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>More information about the plugin in \u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Flibro-de-reclamaciones-y-quejas-pro\u002F\" title=\"Libro de Reclamaciones y Quejas PRO\" rel=\"nofollow ugc\">Libro de Reclamaciones y Quejas PRO\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>View more plugins\u003C\u002Fh4>\n\u003Cp>For additional functionality, check out our companion plugin, such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fubigeo-peru\u002F\" rel=\"ugc\">Ubigeo Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flibro-de-reclamaciones-y-quejas\u002F\" rel=\"ugc\">Libro de Reclamaciones y Quejas\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcomprobante-de-pago-peru\u002F\" rel=\"ugc\">Comprobante de Pago Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftipo-documento-peru\u002F\" rel=\"ugc\">Tipo Documento Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftransferencia-bancaria-peru\u002F\" rel=\"ugc\">Transferencia Bancaria Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-utils\u002F\" rel=\"ugc\">Utils para WooCommerce y WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmulti-link-in-bio\u002F\" rel=\"ugc\">Multi Link in Bio\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdisplay-price-free\u002F\" rel=\"ugc\">Display Price Free\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>View more plugins PREMIUM\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fcosto-de-envio-de-ubigeo-de-peru-para-woocommerce\u002F\" rel=\"nofollow ugc\">Costo de envío de Ubigeo Perú\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Flibro-de-reclamaciones-y-quejas-pro\u002F\" rel=\"nofollow ugc\">Libro de Reclamaciones y Quejas PRO\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwooyape-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooYape para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwoolukita-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooLukita para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwooplin-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooPlin para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwootunki-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooTunki para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugin\u002Fwoobilletera-para-woocommerce\u002F\" rel=\"nofollow ugc\">WooBilletera para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fplugins\u002Fcomprobante-de-pago-peru-pro-para-woocommerce\u002F\" rel=\"nofollow ugc\">Comprobante de Pago Perú PRO para WooCommerce\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Visit our \u003Ca href=\"https:\u002F\u002Frenzotejada.com\u002Fcategoria-producto\u002Fplugins\u002F\" rel=\"nofollow ugc\">plugins overview page\u003C\u002Fa> for more information.\u003C\u002Fp>\n","Libro de reclamaciones válido para Perú con los campos obligatorios exigidos por Indecopi.",4000,23524,76,"2025-06-03T20:11:00.000Z","6.8",[143,144,145,146],"libro-de-reclamaciones","libro-de-reclamaciones-peru","libro-de-reclamaciones-plugin","libro-de-reclamaciones-wordpress","https:\u002F\u002Frenzotejada.com\u002Flibro-de-reclamaciones-y-quejas\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flibro-de-reclamaciones-y-quejas.1.2.zip",77,"2025-06-05 00:00:00",{"attackSurface":152,"codeSignals":221,"taintFlows":275,"riskAssessment":309,"analyzedAt":325},{"hooks":153,"ajaxHandlers":193,"restRoutes":214,"shortcodes":215,"cronEvents":218,"entryPointCount":219,"unprotectedCount":220},[154,160,163,167,172,177,182,186,189],{"type":155,"name":156,"callback":157,"file":158,"line":159},"action","admin_notices","prh_ml_admin_notice","inc\\prh-ml-admin.php",13,{"type":155,"name":161,"callback":162,"file":158,"line":73},"admin_enqueue_scripts","prh_ml_enqueue_admin_scripts",{"type":155,"name":164,"callback":165,"file":158,"line":166},"widgets_init","anonymous",61,{"type":155,"name":168,"callback":169,"file":170,"line":171},"template_redirect","prh_ml_enqueue_scripts","inc\\prh-ml-front.php",15,{"type":173,"name":174,"callback":175,"file":170,"line":176},"filter","the_content","prh_ml_insert",29,{"type":155,"name":178,"callback":179,"file":180,"line":181},"admin_init","prh_ml_meta_box_check","inc\\prh-ml-metabox.php",14,{"type":155,"name":183,"callback":184,"file":180,"line":185},"add_meta_boxes","prh_ml_add_meta_box",19,{"type":155,"name":178,"callback":187,"file":188,"line":37},"prh_ml_admin_init","inc\\prh-ml-options.php",{"type":155,"name":190,"callback":191,"file":188,"line":192},"admin_menu","prh_ml_admin_add_page",28,[194,200,202,206,210],{"action":195,"nopriv":196,"callback":197,"hasNonce":198,"hasCapCheck":198,"file":199,"line":171},"prh-ml-get-books-markup",true,"prh_ml_get_books_markup",false,"inc\\prh-ml-front-ajax.php",{"action":195,"nopriv":198,"callback":197,"hasNonce":198,"hasCapCheck":198,"file":199,"line":201},16,{"action":203,"nopriv":198,"callback":204,"hasNonce":198,"hasCapCheck":198,"file":205,"line":181},"prh-ml-metabox-get-books","prh_ml_metabox_get_books","inc\\prh-ml-metabox-ajax.php",{"action":207,"nopriv":198,"callback":208,"hasNonce":198,"hasCapCheck":198,"file":205,"line":209},"prh-ml-metabox-save-selection","prh_ml_metabox_save_selection",67,{"action":211,"nopriv":198,"callback":212,"hasNonce":198,"hasCapCheck":198,"file":205,"line":213},"prh-ml-metabox-save-display","prh_ml_metabox_save_display",95,[],[216],{"tag":4,"callback":217,"file":158,"line":139},"prh_ml_shortcode",[],6,5,{"dangerousFunctions":222,"sqlUsage":226,"outputEscaping":228,"fileOperations":86,"externalRequests":28,"nonceChecks":28,"capabilityChecks":86,"bundledLibraries":274},[223],{"fn":224,"file":158,"line":166,"context":225},"create_function","add_action('widgets_init', create_function('', 'return register_widget(\"wp_prh_ml\");'));",{"prepared":28,"raw":28,"locations":227},[],{"escaped":37,"rawEcho":73,"locations":229},[230,233,234,236,238,239,241,243,245,246,248,250,251,253,255,257,258,259,261,262,264,266,268,270,272],{"file":158,"line":231,"context":232},18,"raw output",{"file":158,"line":231,"context":232},{"file":158,"line":235,"context":232},56,{"file":158,"line":237,"context":232},81,{"file":199,"line":27,"context":232},{"file":205,"line":240,"context":232},60,{"file":205,"line":242,"context":232},87,{"file":205,"line":244,"context":232},119,{"file":180,"line":27,"context":232},{"file":180,"line":247,"context":232},114,{"file":180,"line":249,"context":232},115,{"file":180,"line":249,"context":232},{"file":180,"line":252,"context":232},116,{"file":188,"line":254,"context":232},45,{"file":188,"line":256,"context":232},73,{"file":188,"line":256,"context":232},{"file":188,"line":27,"context":232},{"file":188,"line":260,"context":232},93,{"file":188,"line":260,"context":232},{"file":188,"line":263,"context":232},126,{"file":188,"line":265,"context":232},127,{"file":188,"line":267,"context":232},129,{"file":188,"line":269,"context":232},130,{"file":188,"line":271,"context":232},131,{"file":188,"line":273,"context":232},147,[],[276,299],{"entryPoint":277,"graph":278,"unsanitizedCount":86,"severity":298},"prh_ml_get_books_markup (inc\\prh-ml-front-ajax.php:17)",{"nodes":279,"edges":295},[280,285,289],{"id":281,"type":282,"label":283,"file":199,"line":284},"n0","source","$_POST",33,{"id":286,"type":287,"label":288,"file":199,"line":284},"n1","transform","→ prh_ml_get_books()",{"id":290,"type":291,"label":292,"file":293,"line":237,"wp_function":294},"n2","sink","file_get_contents() [SSRF\u002FLFI]","inc\\prh-ml-functions.php","file_get_contents",[296,297],{"from":281,"to":286,"sanitized":198},{"from":286,"to":290,"sanitized":198},"medium",{"entryPoint":300,"graph":301,"unsanitizedCount":86,"severity":298},"\u003Cprh-ml-front-ajax> (inc\\prh-ml-front-ajax.php:0)",{"nodes":302,"edges":306},[303,304,305],{"id":281,"type":282,"label":283,"file":199,"line":284},{"id":286,"type":287,"label":288,"file":199,"line":284},{"id":290,"type":291,"label":292,"file":293,"line":237,"wp_function":294},[307,308],{"from":281,"to":286,"sanitized":198},{"from":286,"to":290,"sanitized":198},{"summary":310,"deductions":311},"The \"mi-libreria\" v1.3 plugin exhibits several concerning security weaknesses despite its clean vulnerability history. A significant portion of its attack surface, specifically 5 out of 6 entry points, lacks authentication checks. This means that any user, including unauthenticated ones, could potentially interact with these unprotected AJAX handlers. Furthermore, the code analysis revealed a critical vulnerability in the use of the `create_function` PHP function, which is known to be insecure and can lead to arbitrary code execution if user input is passed to it without proper sanitization. While SQL queries are properly prepared and there are no identified critical or high severity taint flows, the lack of output escaping on a substantial percentage of outputs (68%) indicates a risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on AJAX handlers is another critical oversight that exposes the plugin to CSRF attacks.\n\nDespite the lack of recorded CVEs, which is a positive sign, it does not negate the immediate risks identified in the static analysis. The plugin's current state suggests a general lack of robust security implementation. The presence of dangerous functions, unprotected entry points, and insufficient output escaping creates a fertile ground for exploitation. While the SQL query handling is commendable, it is overshadowed by other critical vulnerabilities. The plugin requires immediate attention to address the identified security flaws to mitigate potential risks to WordPress sites.\n\nIn conclusion, \"mi-libreria\" v1.3 has a weak security posture due to numerous unprotected entry points and the use of a dangerous function. The lack of output escaping and nonce checks further exacerbates these risks, making it vulnerable to XSS and CSRF attacks. While the absence of recorded vulnerabilities is a positive, it is overshadowed by the critical issues found in the static analysis. Immediate remediation is strongly recommended.",[312,314,316,319,321,323],{"reason":313,"points":11},"AJAX handlers without auth checks",{"reason":315,"points":171},"Dangerous function: create_function",{"reason":317,"points":318},"Output escaping: 68% not properly escaped",8,{"reason":320,"points":11},"Nonce checks: 0",{"reason":322,"points":34},"Capability checks: 1 (likely insufficient)",{"reason":324,"points":220},"Unsanitized paths in taint flows","2026-03-17T01:04:21.074Z",{"wat":327,"direct":338},{"assetPaths":328,"generatorPatterns":335,"scriptPaths":336,"versionParams":337},[329,330,331,332,333,334],"\u002Fwp-content\u002Fplugins\u002Fmi-libreria\u002Fcss\u002Fprh-ml-metabox.css","\u002Fwp-content\u002Fplugins\u002Fmi-libreria\u002Fjs\u002Fprh-ml-metabox.js","\u002Fwp-content\u002Fplugins\u002Fmi-libreria\u002Fcss\u002Fprh-ml-options.css","\u002Fwp-content\u002Fplugins\u002Fmi-libreria\u002Fjs\u002Fprh-ml-options.js","\u002Fwp-content\u002Fplugins\u002Fmi-libreria\u002Fcss\u002Fprh-ml-front.css","\u002Fwp-content\u002Fplugins\u002Fmi-libreria\u002Fjs\u002Fprh-ml-front.js",[],[330,332,334],[],{"cssClasses":339,"htmlComments":345,"htmlAttributes":346,"restEndpoints":348,"jsGlobals":350,"shortcodeOutput":352},[340,341,342,343,344],"prh_ml_container","prh_ml_book","prh_ml_book_container","prh_ml_cover","prh_ml_title",[],[347],"data-pid",[349],"wp-admin\u002Fadmin-ajax.php",[351],"prh_ml_ajax",[353],"\u003Cdiv data-pid=\""]