[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fW-DmmEF01l2eeyIJ3DFjoSlv-1mJ-YTxrEcj7jGUUjE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":130,"fingerprints":258},"mobile-wp-security","Mobile WP Security","1.2.0","dacalleg","https:\u002F\u002Fprofiles.wordpress.org\u002Fdacalleg\u002F","\u003Cp>This plugin allows you to interface wordpress with the \u003Ca href=\"https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=com.dacalleg.wordpressmobilesecurity\" rel=\"nofollow ugc\">“Mobile Security for WordPress”\u003C\u002Fa> app.\u003Cbr \u002F>\nAfter installing the plugin you will see a qr-code to frame with the app.\u003C\u002Fp>\n\u003Cp>The plugin will periodically collect data on:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Requests\u003C\u002Fli>\n\u003Cli>Status codes\u003C\u002Fli>\n\u003Cli>Errors\u003C\u002Fli>\n\u003Cli>Ip Addresses\u003C\u002Fli>\n\u003Cli>User-Agent\u003C\u002Fli>\n\u003Cli>Miscellaneous Statistics\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In addition to this information from the app will be possible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>View the version of WordPress\u003C\u002Fli>\n\u003Cli>View requests in real time\u003C\u002Fli>\n\u003Cli>View requests grouped by IP\u003C\u002Fli>\n\u003Cli>Assign a name to an IP address\u003C\u002Fli>\n\u003Cli>Lock IP addresses permanently\u003C\u002Fli>\n\u003Cli>Lock IP addresses temporarily\u003C\u002Fli>\n\u003Cli>Enable IP addresses\u003C\u002Fli>\n\u003Cli>Disable XMLRPC\u003C\u002Fli>\n\u003Cli>Disable login\u003C\u002Fli>\n\u003Cli>Enable login\u003C\u002Fli>\n\u003Cli>View statistics\u003C\u002Fli>\n\u003Cli>View how many Bots or Humans visit the site\u003C\u002Fli>\n\u003Cli>Enable maximum request quotas per ip address (in case the quota will be reached the ip address will be blocked for 15 minutes)\u003C\u002Fli>\n\u003Cli>View users\u003C\u002Fli>\n\u003Cli>Modify users\u003C\u002Fli>\n\u003Cli>View errors and where they occur\u003C\u002Fli>\n\u003Cli>Manage notifications\u003C\u002Fli>\n\u003Cli>Filter requests\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All communication between the app and the site is done in a secure way, to access the API exposed by the plugin you need a secret key that is\u003Cbr \u002F>\ngenerated when the plugin is installed and communicated to the app via QR Code. You can also replace the secret key by generating a new one from the plugin preferences.\u003C\u002Fp>\n\u003Cp>The Safe Login feature allows you to disable the login (showing a 403 screen). Very useful to avoid Brute Force attacks.\u003Cbr \u002F>\nLogin can be reactivated temporarily or permanently via the app.\u003C\u002Fp>\n","This plugin exposes the rest APIs to be able to control some aspects of wordpress security via the mobile app \"Mobile Security for Wordpress" …",0,936,"2020-06-30T14:35:00.000Z","5.2.24","4.5","5.6",[18,19,20],"mobile","security","smartphone","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmobile-wp-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmobile-wp-security.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":29,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},2,30,84,"2026-04-04T04:29:00.692Z",[33,54,76,92,111],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":28,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":52,"download_link":53,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"nginx-mobile-theme","Nginx Mobile Theme","1.8.2","Takayuki Miyauchi","https:\u002F\u002Fprofiles.wordpress.org\u002Fmiyauchi\u002F","\u003Cp>This plugin allows you to switch theme according to the User Agent on the Nginx reverse proxy.\u003C\u002Fp>\n\u003Cp>Nginx Mobile Theme’s requirements are as follows.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP 5.3 or later\u003C\u002Fli>\n\u003Cli>WordPress 3.7 or later\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnginx-champuru\u002F\" rel=\"ugc\">Nginx Cache Controller\u003C\u002Fa> 2.0.0 or later\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Some Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>You can flush mobile’s and pc’s each caches automatically via \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fnginx-champuru\u002F\" rel=\"ugc\">Nginx Cache Controller\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Allow you to switch theme according to the user-agent.\u003C\u002Fli>\n\u003Cli>Allow you to customize multiple mobile device support via filter-hook.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Nginx Configuration\u003C\u002Fh4>\n\u003Cp>Add mobile device detection to the nginx.conf.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>set $mobile '';\nif ($http_user_agent ~* '(iPhone|iPod|incognito|webmate|Android|dream|CUPCAKE|froyo|BlackBerry|webOS|s8000|bada|IEMobile|Googlebot\\-Mobile|AdsBot\\-Google)') {\n set $mobile \"@smartphone\";\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Set proxy_cache_key.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>proxy_cache_key \"$mobile$scheme:\u002F\u002F$host$request_uri\";\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Send custom request header to the backend.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>proxy_set_header X-UA-Detect $mobile;\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Nginx Mobile Theme will switch theme when ‘@smartphone’ is received in the \u003Ccode>$_SERVER['HTTP_X_UA_DETECT']\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>How to use\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Please access to the theme-customizer in the WordPress admin area.\u003C\u002Fli>\n\u003Cli>Please select Mobile Theme in the drop-down.\u003C\u002Fli>\n\u003Cli>Click “Save & Publish” button to save.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Multiple mobile device support\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Add custom mobile detection to the nginx.conf.\u003C\u002Fli>\n\u003Cli>Add custom mobile detection to the WordPress via \u003Ccode>nginxmobile_mobile_detects\u003C\u002Fcode> filter-hook.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>nginx.conf:\u003Cbr \u002F>\n set $mobile ”;\u003Cbr \u002F>\n if ($http_user_agent ~* ‘(iPhone|iPod)’) {\u003Cbr \u002F>\n set $mobile “@smartphone”;\u003Cbr \u002F>\n }\u003Cbr \u002F>\n if ($http_user_agent ~* ‘iPad’) {\u003Cbr \u002F>\n set $mobile “@tablet”;\u003Cbr \u002F>\n }\u003C\u002Fp>\n\u003Cp>In your custom plugin:\u003Cbr \u002F>\n add_filter(‘nginxmobile_mobile_detects’, function(){\u003Cbr \u002F>\n return array(‘@smartphone’, ‘@tablet’);\u003Cbr \u002F>\n });\u003C\u002Fp>\n\u003Cul>\n\u003Cli>As a result, allow you to select theme for @smartphone and @tablet individually in the theme-customizer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Amimoto Support\u003C\u002Fh4>\n\u003Cp>The \u003Ca href=\"http:\u002F\u002Fmegumi-cloud.com\u002F\" rel=\"nofollow ugc\">Amimoto\u003C\u002Fa> is a full-tuned WordPress AMI on the AWS EC2.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Uncomment \u002Fetc\u002Fnginx\u002Fconf.d\u002Fdefault.conf in line 17\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>before:\u003Cbr \u002F>\n #include \u002Fetc\u002Fnginx\u002Fmobile-detect;\u003C\u002Fp>\n\u003Cp>after:\u003Cbr \u002F>\n include \u002Fetc\u002Fnginx\u002Fmobile-detect;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add line to \u002Fetc\u002Fnginx\u002Fnginx.conf like following.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>before:\u003Cbr \u002F>\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\u003Cbr \u002F>\n proxy_set_header Accept-Encoding “”;\u003C\u002Fp>\n\u003Cp>after:\u003Cbr \u002F>\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\u003Cbr \u002F>\n proxy_set_header Accept-Encoding “”;\u003Cbr \u002F>\n proxy_set_header X-UA-Detect $mobile; # add new line\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Define constant in the wp-config.php\u003C\u002Fp>\n\u003Cp>define(‘IS_AMIMOTO’, true);\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin allows you to switch theme according to the User Agent on the Nginx reverse proxy.",200,221126,100,"2018-10-17T09:01:00.000Z","4.9.29","3.7.1","",[18,49,20,50,51],"nginx","tablet","theme","https:\u002F\u002Famimooto-ami.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnginx-mobile-theme.1.8.2.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":43,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":47,"requires_php":67,"tags":68,"homepage":73,"download_link":74,"security_score":75,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"xmlrpc-lockdown","XMLRPC Lockdown by AO Digital","2.0","aodigitalau","https:\u002F\u002Fprofiles.wordpress.org\u002Faodigitalau\u002F","\u003Cp>XMLRPC Lockdown by AO Digital is an advanced security plugin for WordPress. It blocks access to \u003Ccode>xmlrpc.php\u003C\u002Fcode> for all requests except those explicitly allowed, such as requests from Jetpack, the WordPress mobile app, and other specified services. With the latest enhancements, users can customize the list of allowed services and create custom allowances for specific IPs, URLs, or referrers directly from the WordPress admin dashboard.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Blocks unauthorized access to \u003Ccode>xmlrpc.php\u003C\u002Fcode>, enhancing WordPress security.\u003Cbr \u002F>\n– Allows specific services like Jetpack and the WordPress mobile app to work seamlessly.\u003Cbr \u002F>\n– New settings page for managing allowed plugins and custom allowances.\u003Cbr \u002F>\n– AJAX-powered options saving for a smooth user experience.\u003Cbr \u002F>\n– Fully compatible with PHP 8.0+ and tested up to WordPress 6.7.2.\u003C\u002Fp>\n\u003Cp>Whether you’re looking to secure your site or fine-tune \u003Ccode>xmlrpc.php\u003C\u002Fcode> access, XMLRPC Lockdown by AO Digital offers a robust, user-friendly solution.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For assistance with XMLRPC Lockdown by AO Digital, please visit \u003Ca href=\"http:\u002F\u002Faodigital.com.au\" rel=\"nofollow ugc\">AO Digital Support\u003C\u002Fa> or email us at support@aodigital.com.au.\u003C\u002Fp>\n","XMLRPC Lockdown by AO Digital is an advanced security plugin for WordPress. It blocks access to xmlrpc.php for all requests except those explicitly al …",80,2134,1,"2024-12-10T10:03:00.000Z","6.7.5","8.0",[69,70,19,71,72],"jetpack","mobile-app","wordpress","xmlrpc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxmlrpc-lockdown\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fxmlrpc-lockdown.2.0.zip",92,{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":11,"num_ratings":11,"last_updated":86,"tested_up_to":47,"requires_at_least":47,"requires_php":47,"tags":87,"homepage":90,"download_link":91,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"appsgeyser-plug-in","AppsGeyser Plugin","1.0.0","appsgeyser","https:\u002F\u002Fprofiles.wordpress.org\u002Fappsgeyser\u002F","\u003Cp>Use AppsGeyser Plugin to convert your blog to a native Android app. Make your blog easy to read on mobile devices. Submit your app to Android Market and increase your audience.\u003C\u002Fp>\n\u003Cp>AppsGeyser is the web platform that allows you to convert any web content to an Android App. With AppsGeyser you can convert any web content or widget into an App in 2 simple steps\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F-kA6miefsfM?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>This Plug-in utilizes AppsGeyser API that allows creating Android Apps on-the-fly from any third-party software.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F2el7_PO0Xpw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","AppsGeyser Plug-in for WordPress allows you to convert your blog into a native Android app. Make your blog easy to read on mobile devices.",10,5219,"2011-09-29T10:51:00.000Z",[88,89,80,18,20],"android","app","http:\u002F\u002Fappsgeyser.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fappsgeyser-plug-in.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":84,"downloaded":100,"rating":11,"num_ratings":11,"last_updated":101,"tested_up_to":102,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":109,"download_link":110,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"cloud-rebue-wpsms","cloudrebuesms","1.0.9","cloudrebue","https:\u002F\u002Fprofiles.wordpress.org\u002Fcloudrebue\u002F","\u003Cp>This plugin enables you to Send Woocomerce Notifications Via SMS straight from the WordPress backend or via the programmers API.\u003C\u002Fp>\n\u003Cp>All you need is the plugin and [bulk.cloudrebue.co.ke] (https:\u002F\u002Fbulk.cloudrebue.co.ke) account.\u003C\u002Fp>\n\u003Cp>Main features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>📱 Send Woocomerce Order Notifications Via SMS\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📱 Two Factor Authentication (2FA) for wordpress and Woocomerce Login\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>Easy programmers API.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Easy to get started:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live chat support and mail support from bulk.cloudrebue.co.ke\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Backed by high quality, lowest pricing SMS-gateway:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Ch4>Most users: User Guide\u003C\u002Fh4>\n\u003Cp>The user interface is quite intuitive and straightforward.\u003C\u002Fp>\n\u003Ch4>Advanced: Programmers API\u003C\u002Fh4>\n\u003Cp>Send an SMS to one or multiple recipients\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fcloudrebue\u002FPHP-BULK-SDK\" rel=\"nofollow ugc\">See our PHP SDK\u003C\u002Fa>\u003C\u002Fp>\n","Send Woocomerce Notifications, Access Bulk SMS Portal",1827,"2023-11-10T07:37:00.000Z","6.4.8","5.6.0","7.0",[106,18,19,107,108],"cloud-rebue","sms","woocommerce-sms","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcloud-rebue-wpsms","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcloud-rebue-wpsms.1.0.9.zip",{"slug":112,"name":113,"version":114,"author":115,"author_profile":116,"description":117,"short_description":118,"active_installs":84,"downloaded":119,"rating":11,"num_ratings":11,"last_updated":120,"tested_up_to":121,"requires_at_least":122,"requires_php":47,"tags":123,"homepage":128,"download_link":129,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"smartphone-location-lookup","Smartphone Location Lookup","1.0.1","rgubby","https:\u002F\u002Fprofiles.wordpress.org\u002Frgubby\u002F","\u003Cp>This plugin takes advantage of new GPS capabilities inside of the browser on your mobile phone.\u003C\u002Fp>\n\u003Cp>If you’ve added the Smartphone Location Lookup widget to your page and if you have an iPhone, or something new like an HTC Dream, every time you refresh your site on your phone, you’ll update a map in the sidebar telling your stalkers\u002Freaders where you are.\u003C\u002Fp>\n\u003Cp>You can choose from either Google Maps, or Bing Maps to display where you are and have all the choices that these two map providers offer (marker labels, etc).\u003C\u002Fp>\n\u003Cp>You can update your location manually from the Widget too if your phone doesn’t support GPS, just expand the widget and amend your latitude\u002Flongitude.\u003C\u002Fp>\n\u003Cp>In addition, most web browsers now have the same GPS capabilities, so if you allow Firefox\u002FChrome\u002Fetc to record your current location, it’ll update the map.\u003C\u002Fp>\n","This plugins displays a location based map on your sidebar. It tells visitors to your blog exactly where YOU are!",2776,"2010-12-19T18:25:00.000Z","3.0.5","3.0",[124,125,126,127,20],"google-maps","gps-lookup","location-lookup","mobile-gps-capabilities","http:\u002F\u002Fredyellow.co.uk\u002Fplugins\u002Fsmartphone-location-lookup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmartphone-location-lookup.1.0.1.zip",{"attackSurface":131,"codeSignals":199,"taintFlows":245,"riskAssessment":246,"analyzedAt":257},{"hooks":132,"ajaxHandlers":195,"restRoutes":196,"shortcodes":197,"cronEvents":198,"entryPointCount":11,"unprotectedCount":11},[133,139,143,146,150,153,157,161,165,169,173,177,181,185,191],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","plugins_loaded","update_db_check","includes\\Hooks\\Hooks.php",42,{"type":134,"name":140,"callback":141,"file":137,"line":142},"init","addIpAddressInLog",46,{"type":134,"name":140,"callback":144,"file":137,"line":145},"onInit",47,{"type":134,"name":147,"callback":148,"file":137,"line":149},"admin_init","register_settings",49,{"type":134,"name":147,"callback":151,"file":137,"line":152},"redirect_after_activation",50,{"type":134,"name":154,"callback":155,"file":137,"line":156},"admin_menu","register_options_page",51,{"type":134,"name":158,"callback":159,"priority":84,"file":137,"line":160},"wp_login_failed","onLoginFailed",55,{"type":134,"name":162,"callback":163,"priority":84,"file":137,"line":164},"wp_login","onLoginSuccess",56,{"type":134,"name":166,"callback":167,"priority":84,"file":137,"line":168},"save_post","onPostSavedOrUpdated",57,{"type":134,"name":170,"callback":171,"priority":84,"file":137,"line":172},"wp_logout","onLogOut",58,{"type":134,"name":174,"callback":175,"priority":84,"file":137,"line":176},"wp_mail_failed","onMailFailed",59,{"type":134,"name":178,"callback":179,"priority":84,"file":137,"line":180},"comment_post","onCommentAdded",60,{"type":134,"name":182,"callback":183,"file":137,"line":184},"rest_api_init","closure",63,{"type":186,"name":187,"callback":188,"file":189,"line":190},"filter","xmlrpc_enabled","__return_false","includes\\Repository\\DataRepository.php",48,{"type":134,"name":192,"callback":193,"file":194,"line":164},"wpmu_new_blog","mobile_wp_security_on_new_blog","mobile-wp-security.php",[],[],[],[],{"dangerousFunctions":200,"sqlUsage":201,"outputEscaping":232,"fileOperations":234,"externalRequests":64,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":244},[],{"prepared":202,"raw":203,"locations":204},5,11,[205,208,211,213,215,217,219,221,225,228,231],{"file":189,"line":206,"context":207},122,"$wpdb->get_row() with variable interpolation",{"file":189,"line":209,"context":210},208,"$wpdb->get_results() with variable interpolation",{"file":189,"line":212,"context":210},306,{"file":189,"line":214,"context":207},418,{"file":189,"line":216,"context":207},465,{"file":189,"line":218,"context":210},490,{"file":189,"line":220,"context":207},516,{"file":222,"line":223,"context":224},"includes\\Settings\\PluginSettings.php",79,"$wpdb->query() with variable interpolation",{"file":226,"line":227,"context":224},"includes\\Updater\\Installer.php",146,{"file":194,"line":229,"context":230},35,"$wpdb->get_col() with variable interpolation",{"file":194,"line":184,"context":230},{"escaped":233,"rawEcho":234,"locations":235},3,4,[236,239,240,242],{"file":222,"line":237,"context":238},91,"raw output",{"file":222,"line":75,"context":238},{"file":222,"line":241,"context":238},93,{"file":222,"line":243,"context":238},94,[],[],{"summary":247,"deductions":248},"The \"mobile-wp-security\" v1.2.0 plugin presents a generally positive security posture based on the provided static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points indicates a limited attack surface. Furthermore, the lack of critical or high severity taint flows is a strong indicator that sensitive data is likely being handled with caution. The vulnerability history being clear of any known CVEs also contributes to a perception of low risk.\n\nHowever, several areas warrant attention and slightly temper the otherwise positive outlook. The moderate percentage of SQL queries not using prepared statements (69% not prepared) is a concern, as this could lead to SQL injection vulnerabilities if the inputs are not meticulously sanitized. Similarly, the low percentage of properly escaped output (57% not escaped) raises red flags for potential Cross-Site Scripting (XSS) vulnerabilities. The complete absence of nonce checks and capability checks on any entry points, although the entry points themselves are currently listed as zero, is a systemic weakness. If any entry points were to be introduced or discovered, they would likely be unprotected. The presence of file operations and external HTTP requests without explicit checks also suggests potential areas for further review.\n\nIn conclusion, while \"mobile-wp-security\" v1.2.0 benefits from a small attack surface and no known historical vulnerabilities, the static analysis reveals concerning practices regarding SQL query preparation and output escaping. The lack of fundamental security checks like nonces and capabilities is a significant weakness that should be addressed to ensure robust security against potential future threats.",[249,251,253,255],{"reason":250,"points":202},"SQL queries not using prepared statements",{"reason":252,"points":234},"Output escaping not properly handled",{"reason":254,"points":202},"Missing nonce checks",{"reason":256,"points":202},"Missing capability checks","2026-03-17T07:04:58.585Z",{"wat":259,"direct":268},{"assetPaths":260,"generatorPatterns":263,"scriptPaths":264,"versionParams":265},[261,262],"\u002Fwp-content\u002Fplugins\u002Fmobile-wp-security\u002Fincludes\u002Fcss\u002Fmobile-wp-security.css","\u002Fwp-content\u002Fplugins\u002Fmobile-wp-security\u002Fincludes\u002Fjs\u002Fmobile-wp-security.js",[],[262],[266,267],"mobile-wp-security\u002Fincludes\u002Fcss\u002Fmobile-wp-security.css?ver=","mobile-wp-security\u002Fincludes\u002Fjs\u002Fmobile-wp-security.js?ver=",{"cssClasses":269,"htmlComments":271,"htmlAttributes":273,"restEndpoints":274,"jsGlobals":289,"shortcodeOutput":290},[270],"mobile-wp-security-settings-page",[272],"mobile-wp-security plugin",[],[275,276,277,278,279,280,281,282,283,284,285,286,287,288],"\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fadd-permanent-ban-ip","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fremove-permanent-ban-ip","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fadd-temporary-ban-ip","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fremove-temporary-ban-ip","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fenable-ban","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fget-ip-log","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fwebsite-data","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fget-ip-rules","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fget-ip-names","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fset-ip-name","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fremove-ip-name","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fget-users","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fget-roles","\u002Fwp-json\u002Fmobile-wp-security\u002Fv1\u002Fcreate-user",[],[]]