[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpz6VowddHCGUZCfRbnkUZycA7lKD4WWoGE5zel_3xzk":3},{"slug":4,"name":4,"version":5,"author":6,"author_profile":7,"description":8,"short_description":9,"active_installs":10,"downloaded":11,"rating":10,"num_ratings":10,"last_updated":12,"tested_up_to":13,"requires_at_least":14,"requires_php":12,"tags":15,"homepage":19,"download_link":20,"security_score":21,"vuln_count":10,"unpatched_count":10,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":32,"analysis":143,"fingerprints":217},"mi13-access-by-link","1.3","mi13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmi13\u002F","\u003Cp>Иногда существует необходимость показать пост удаленному человеку перед публикацией. С этим плагином Вы можете давать доступ к постам со статусом “на утверждении” по ссылке.\u003Cbr \u002F>\nПри этом не важно открыта или закрыта регистрация на вашем сайте.\u003Cbr \u002F>\nДоступ можно защитить ключем, для лучшей конфиденциальности. При этом ключ будет добавлен к ссылке.\u003Cbr \u002F>\nСам ключ храниться в произвольном поле (mi13-access-by-link-key) записи и автоматически удаляется при публикации.\u003C\u002Fp>\n\u003Cp>1) Создайте пост со статусом “на утверждении”.\u003Cbr \u002F>\n2) Перейдите на страницу плагина (Настройки > mi13 access by link).\u003Cbr \u002F>\n3) Настройте front end вывод на основе вашей темы (single.php и т.п.) и ваших функций форматирования (functions.php и др.)  либо оставьте всё как есть.\u003Cbr \u002F>\n4) При необходимости добавьте ключ поставив флажок.\u003Cbr \u002F>\n5) Сохраните изменения.\u003Cbr \u002F>\n6) Скопируйте ссылку для поста и перешлите ее вашему доверенному лицу.\u003C\u002Fp>\n","Доступ к Вашим постам (на утверждении) по ссылке для модераторов.",0,1362,"","6.9.4","6.4.0",[16,17,18],"access-by-link","pending","privacy-link","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmi13-access-by-link\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmi13-access-by-link.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":6,"display_name":6,"profile_url":7,"plugin_count":26,"total_installs":27,"avg_security_score":28,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},7,20,98,30,93,"2026-04-04T13:48:37.576Z",[33,57,80,101,123],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":43,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":53,"download_link":54,"security_score":55,"vuln_count":10,"unpatched_count":10,"last_vuln_date":22,"fetched_at":56},"delete-pending-comments","Delete Pending Comments","1.0.0","Sudar Muthu","https:\u002F\u002Fprofiles.wordpress.org\u002Fsudar\u002F","\u003Cp>This plugin is a quick way to delete all pending and spam comments. It’s useful for victims of spammer attacks.\u003C\u002Fp>\n\u003Cp>After installing the plugin go to Comments -> Delete Pending Comments and follow the instructions to delete all the pending comments.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>This plugin was originally developed by \u003Ca href=\"http:\u002F\u002Fwww.nkuttler.de\u002F\" rel=\"nofollow ugc\">Nicolas Kuttler\u003C\u002Fa> and he maintained it till June 24, 2020.\u003C\u002Fp>\n\u003Cp>From June 24, 2020, \u003Ca href=\"https:\u002F\u002Fsudarmuthu.com\" rel=\"nofollow ugc\">Sudar Muthu\u003C\u002Fa> took over the development and maintenance of the plugin.\u003C\u002Fp>\n","A quick way to delete all pending and spam comments. Useful for victims of spammer attacks.",10000,153468,94,"2024-01-28T17:10:00.000Z","6.4.8","2.7","5.3",[49,50,51,17,52],"comments","delete","mass-delete-comments","spam","https:\u002F\u002Fbulkwp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelete-pending-comments.1.0.0.zip",85,"2026-03-15T15:16:48.613Z",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":12,"tags":72,"homepage":78,"download_link":79,"security_score":55,"vuln_count":10,"unpatched_count":10,"last_vuln_date":22,"fetched_at":56},"pending-submission-notifications","Pending Submission Notifications","1.2","razvanh","https:\u002F\u002Fprofiles.wordpress.org\u002Frazvanh\u002F","\u003Cp>This enables email notifications of pending review submissions. By default the email goes to the admin email set on your Settings page.\u003C\u002Fp>\n\u003Cp>You can set the email(s) that should receive these notifications Under Settings>Pending Submission Notifications. You can add multiple email addresses, using commas to separate them.\u003C\u002Fp>\n\u003Cp>When a submission is approved by an admin, an email notification is sent to the contributor.\u003C\u002Fp>\n\u003Cp>For more info visit http:\u002F\u002Flifeofadesigner.com\u002F\u003C\u002Fp>\n","Email notifications for pending review content submission.",1000,22451,72,12,"2018-02-21T17:05:00.000Z","4.9.29","4.6",[73,74,75,76,77],"email-notification","notifications","pending-notification","pending-submissions","submit-for-review","http:\u002F\u002Flifeofadesigner.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpending-submission-notifications.1.2.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":65,"downloaded":88,"rating":21,"num_ratings":89,"last_updated":90,"tested_up_to":13,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":99,"download_link":100,"security_score":21,"vuln_count":10,"unpatched_count":10,"last_vuln_date":22,"fetched_at":56},"publishpress-statuses","PublishPress Statuses – Custom Post Status and Workflow","1.2.4","PublishPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fpublishpress\u002F","\u003Cp>Have you ever wanted to label a WordPress post something other than “Draft” or “Pending Review”? The \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fstatuses\u002F\" rel=\"nofollow ugc\">PublishPress Statuses\u003C\u002Fa> plugin can help.\u003C\u002Fp>\n\u003Cp>PublishPress Statuses allows you to create additional statuses for your posts. For example, you can add statuses such as “In Progress”, “Needs Work”, or “Rejected”. You can also control which users can move posts to each status.\u003C\u002Fp>\n\u003Ch3>Why Use PublishPress Statuses?\u003C\u002Fh3>\n\u003Cp>WordPress provides you with only two statuses for your post: “Draft” or “Pending Review”. This means that before your content is published it can only be labeled as “Draft” or “Pending Review”.\u003C\u002Fp>\n\u003Cp>Those statuses are too limiting for many publishers. For example, what label should you use for content that is assigned to a writer? What label should you use for a post that needs work, or has been rejected? With the PublishPress Statuses plugin, you can add new statuses that accurately describe the stages of your publishing process.\u003C\u002Fp>\n\u003Cp>There are two types of statuses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Pre-Publication Statues\u003C\u002Fstrong>: For posts that are unpublished.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visibility Statuses\u003C\u002Fstrong>: For posts that are published.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pre-Publication Statuses\u003C\u002Fh3>\n\u003Cp>Go to the “Statuses” area in your WordPress site and you’ll six different statuses. This is the \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fmain-workflow\u002F\" rel=\"nofollow ugc\">main workflow\u003C\u002Fa>. Every post on your site must use this workflow. However, with PublishPress Statuses, you can move, rearrange and add to this workflow.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Draft\u003C\u002Fstrong>: This is the WordPress default status and can not be modified. \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pitch\u003C\u002Fstrong>: This is a new status. You can use this status to indicate the post is just an idea.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Assigned\u003C\u002Fstrong>: This is a new status. You can use this status to show the post has been given to a writer.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>In Progress\u003C\u002Fstrong>: This is a new status. You can use this status to if the post is being worked on.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Approved\u003C\u002Fstrong>: This is a new status. You can use this status to when the post has been accepted and it ready for publication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pending Review\u003C\u002Fstrong>: This is a core WordPress status and can not be modified.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fstart-statuses\u002F\" rel=\"nofollow ugc\">Click here to see how to create and use statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In addition to the default workflow, PublishPress Statuses allows you to create \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Falternate-workflow\u002F\" rel=\"nofollow ugc\">alternate workflows\u003C\u002Fa>. These statuses are for content that is not on a direct path to publication. Examples of these alternate workflows include “Deferred”, “Needs Work” and “Rejected”.\u003C\u002Fp>\n\u003Ch3>Custom Permissions for Pre-Published Statuses\u003C\u002Fh3>\n\u003Cp>PublishPress Statuses allows to decide which users can move content to which statuses. Go to “Statuses” then “Settings” and click the “Roles” tab. This allows you to choose which user roles can move a post to this status.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fstatuses-options\u002F\" rel=\"nofollow ugc\">See how control access to statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can take this further and decide who assign, edit, and delete content in each status. This is possible if you also use the PublishPress Permissions Pro plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fextended-capabilities-statuses\u002F\" rel=\"nofollow ugc\">Click here to see add advanced capabilities to statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Visibility Statuses\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcustom-visibility-statuses\u002F\" rel=\"nofollow ugc\">Visibility Statuses\u003C\u002Fa> allow you to control who can access published content on your WordPress site.\u003C\u002Fp>\n\u003Cp>The PublishPress Statuses plugin integrates with the \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\u002F\" rel=\"nofollow ugc\">PublishPress Permissions Pro\u003C\u002Fa> plugin. This integration allows you to create custom visibility statuses and control who can access the content on the front of your WordPress site.\u003C\u002Fp>\n\u003Cp>We call this feature “Custom Visibility Statuses” because WordPress has three core visibility statuses:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Scheduled\u003C\u002Fstrong>: This post is scheduled for future publication.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Published\u003C\u002Fstrong>: This post is available to general public.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Private\u003C\u002Fstrong>: This post is published for users logged in to your WordPress site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Using PublishPress Statuses and PublishPress Permissions Pro together, you can add your own custom visibility statuses.\u003C\u002Fp>\n\u003Ch3>Custom Permissions for Visibility Statuses\u003C\u002Fh3>\n\u003Cp>The PublishPress Statuses plugin integrates with the PublishPress Permissions Pro plugins and PublishPress Capabilities Pro plugins. These allow you to control capabilities for each visibility status. You can decide who can assign, read, edit and delete content in each status.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fknowledge-base\u002Fcustom-capabilities-visibility-statuses\u002F\" rel=\"nofollow ugc\">See how control access to visibility statuses\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>You can take this further and decide who assign, edit, and delete content in each status. This is possible if you also use the PublishPress Permissions Pro plugin.\u003C\u002Fp>\n\u003Ch3>Join PublishPress and get the Pro plugins\u003C\u002Fh3>\n\u003Cp>The Pro versions of the PublishPress plugins are well worth your investment. The Pro versions have extra features and faster support. \u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Click here to join PublishPress\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Join PublishPress and you’ll get access to these ten Pro plugins:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fauthors\" rel=\"nofollow ugc\">PublishPress Authors Pro\u003C\u002Fa> allows you to add multiple authors and guest authors to WordPress posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fblocks\" rel=\"nofollow ugc\">PublishPress Blocks Pro\u003C\u002Fa> has everything you need to build professional websites with the WordPress block editor.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fcapabilities\" rel=\"nofollow ugc\">PublishPress Capabilities Pro\u003C\u002Fa> is the plugin to manage your WordPress user roles, permissions, and capabilities.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fchecklists\" rel=\"nofollow ugc\">PublishPress Checklists Pro\u003C\u002Fa> enables you to define tasks that must be completed before content is published.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Ffuture\" rel=\"nofollow ugc\">PublishPress Future Pro\u003C\u002Fa> is the plugin for scheduling changes to your posts.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpermissions\" rel=\"nofollow ugc\">PublishPress Permissions Pro\u003C\u002Fa>  is the plugin for restricted content and advanced WordPress permissions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fpublishpress\" rel=\"nofollow ugc\">PublishPress Planner Pro\u003C\u002Fa> is the plugin for managing and scheduling WordPress content.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Frevisions\" rel=\"nofollow ugc\">PublishPress Revisions Pro\u003C\u002Fa> allows you to update your published pages with teamwork and precision.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Series Pro\u003C\u002Fa> enables you to group content together into a series.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpublishpress.com\u002Fseries\" rel=\"nofollow ugc\">PublishPress Statuses Pro\u003C\u002Fa> enables you to create additional publishing steps for your posts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Together, these plugins are a suite of powerful publishing tools for WordPress. If you need to create a professional workflow in WordPress, with moderation, revisions, permissions and more, then you should try PublishPress.\u003C\u002Fp>\n\u003Ch3>Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports for PublishPress Statuses are welcomed in our \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpublishpress\u002Fpublishpress-statuses\" rel=\"nofollow ugc\">repository on GitHub\u003C\u002Fa>. Please note that GitHub is not a support forum, and that issues that are not properly qualified as bugs will be closed.\u003C\u002Fp>\n","The PublishPress Statuses plugin allows you to create additional statuses for your posts. You can use each status to create publishing workflows.",37920,4,"2026-02-19T18:04:00.000Z","5.5","7.2.5",[94,95,96,97,98],"archived-status","custom-statuses","pending-review","status-manager","workflow","https:\u002F\u002Fpublishpress.com\u002Fstatuses","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpublishpress-statuses.1.2.4.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":10,"num_ratings":10,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":121,"download_link":122,"security_score":21,"vuln_count":10,"unpatched_count":10,"last_vuln_date":22,"fetched_at":56},"affiliatewp-force-pending-referrals","AffiliateWP – Force Pending Referrals","1.2.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cblockquote>\n\u003Cp>This plugin requires \u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa>\u003Cstrong>It will NOT function without it.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Once activated, all referrals created by AffiliateWP will be forced to a status of “pending”.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is AffiliateWP?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Faffiliatewp.com\u002F\" title=\"AffiliateWP\" rel=\"nofollow ugc\">AffiliateWP\u003C\u002Fa> provides a complete affiliate management system for your WordPress website that seamlessly integrates with all major WordPress e-commerce and membership platforms. It aims to provide everything you need in a simple, clean, easy to use system that you will love to use.\u003C\u002Fp>\n","Force all referrals to a \"pending\" status.",600,14931,"2025-05-08T19:56:00.000Z","6.8.5","5.2","7.4",[116,117,118,119,120],"affiliatewp","force-pending","manual-referral-approval","pending-referrals","referral-status","https:\u002F\u002Faffiliatewp.com\u002Faddons\u002Fforce-pending-referrals\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faffiliatewp-force-pending-referrals.1.2.0.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":131,"downloaded":132,"rating":21,"num_ratings":89,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":12,"tags":136,"homepage":141,"download_link":142,"security_score":55,"vuln_count":10,"unpatched_count":10,"last_vuln_date":22,"fetched_at":56},"pending-inidicator","Pending Indicator","1.1","keha","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeha76\u002F","\u003Cp>Show the number of pending posts waiting for approval in the admin menu, if any. Also automatically supports custom post types. Blends nicely with the admin color schemes. Extremely lightweight, only 2 Kb of code.\u003C\u002Fp>\n\u003Ch3>Contributors\u003C\u002Fh3>\n\u003Ch4>Project Lead\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Kenth Hagström\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Known Bugs\u003C\u002Fh3>\n\u003Cp>None\u003C\u002Fp>\n","Show the number of pending posts waiting for approval in the admin menu, if any. Also automatically supports custom post types.",200,2663,"2013-12-18T19:12:00.000Z","3.7.41","3.5",[137,138,17,139,140],"admin-menu","indicator","pending-posts","posts","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpending-inidicator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpending-inidicator.1.1.zip",{"attackSurface":144,"codeSignals":181,"taintFlows":203,"riskAssessment":204,"analyzedAt":216},{"hooks":145,"ajaxHandlers":168,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":180,"unprotectedCount":180},[146,152,156,160,164],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","plugins_loaded","mi13_access_by_link_load_languages","mi13-access-by-link.php",21,{"type":147,"name":153,"callback":154,"file":150,"line":155},"publish_post","mi13_access_by_link_publish",78,{"type":147,"name":157,"callback":158,"file":150,"line":159},"add_meta_boxes","mi13_access_by_link_meta_box",83,{"type":147,"name":161,"callback":162,"file":150,"line":163},"admin_menu","mi13_access_by_link_menu",113,{"type":147,"name":165,"callback":166,"file":150,"line":167},"admin_init","mi13_access_by_link_init",136,[169,174],{"action":170,"nopriv":171,"callback":172,"hasNonce":171,"hasCapCheck":171,"file":150,"line":173},"mi13_access_by_link",false,"mi13_access_by_link_ajax",283,{"action":170,"nopriv":175,"callback":172,"hasNonce":171,"hasCapCheck":171,"file":150,"line":176},true,284,[],[],[],2,{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":10,"externalRequests":10,"nonceChecks":10,"capabilityChecks":201,"bundledLibraries":202},[],{"prepared":10,"raw":10,"locations":184},[],{"escaped":68,"rawEcho":186,"locations":187},6,[188,191,193,195,197,199],{"file":150,"line":189,"context":190},107,"raw output",{"file":150,"line":192,"context":190},165,{"file":150,"line":194,"context":190},188,{"file":150,"line":196,"context":190},201,{"file":150,"line":198,"context":190},206,{"file":150,"line":200,"context":190},280,1,[],[],{"summary":205,"deductions":206},"The mi13-access-by-link plugin v1.3 exhibits a mixed security posture. On the positive side, the absence of any known vulnerabilities in its history, coupled with the use of prepared statements for all SQL queries, suggests good development practices in those areas.  The code also shows some attention to security with a capability check implemented. However, the static analysis reveals significant concerns regarding its attack surface.  With two AJAX handlers identified, and crucially, both lacking authentication checks, this presents a direct and immediate risk.  This means that unauthenticated users can potentially interact with these handlers, opening the door for various attacks depending on their functionality. The lack of nonce checks on these AJAX endpoints further exacerbates this risk. The taint analysis showing zero flows is positive, but this might be influenced by the limited scope or complexity of the plugin's code and doesn't negate the identified attack vectors.",[207,210,213],{"reason":208,"points":209},"AJAX handlers without authentication checks",10,{"reason":211,"points":212},"Missing nonce checks on AJAX endpoints",8,{"reason":214,"points":215},"Unescaped output in 33% of outputs",5,"2026-03-17T05:48:19.351Z",{"wat":218,"direct":224},{"assetPaths":219,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[220],"\u002Fwp-content\u002Fplugins\u002Fmi13-access-by-link\u002Flanguages\u002F",[],[],[],{"cssClasses":225,"htmlComments":233,"htmlAttributes":234,"restEndpoints":251,"jsGlobals":252,"shortcodeOutput":253},[226,227,228,229,230,231,232],"content-area","site-main","entry-header","entry-title","entry-content","entry-footer","post-thumbnail",[],[235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250],"id=\"primary\"","id=\"main\"","role=\"main\"","class=\"content-area\"","class=\"site-main\"","class=\"post-thumbnail\"","class=\"entry-header\"","class=\"entry-title\"","class=\"entry-content\"","class=\"entry-footer\"","name=\"mi13_access_by_link[header]\"","name=\"mi13_access_by_link[filters]\"","name=\"mi13_access_by_link[html]\"","name=\"mi13_access_by_link[footer]\"","name=\"mi13_access_by_link[key]\"","name=\"mi13_access_by_link[publish]\"",[],[],[254],"\u003Cdiv id=\"primary\" class=\"content-area\">\n        \u003Cmain id=\"main\" class=\"site-main\" role=\"main\">\n            \u003Carticle>\n                \u003Cdiv class=\"post-thumbnail\">\n                    $thumbnail\n                \u003C\u002Fdiv>\n                \u003Cheader class=\"entry-header\">\n                    \u003Ch1 class=\"entry-title\">$title\u003C\u002Fh1>\n                \u003C\u002Fheader>\n                \u003Cdiv class=\"entry-content\">\n                    $content\n                \u003C\u002Fdiv>\n                \u003Cfooter class=\"entry-footer\">\n                    $cat\n                \u003C\u002Ffooter>\n            \u003C\u002Farticle>\n        \u003C\u002Fmain>\n    \u003C\u002Fdiv>"]