[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiLdbsIYtYYeKCODfQZ8Lg2Hgj2jM2mbsspMmbMJ87g4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":56,"analysis":157,"fingerprints":678},"modify-profile-fields-dashboard-menu-buttons","Profile & Dashboard fields [Modify\u002FDisable\u002FRemove]","1.07","Puvox Software","https:\u002F\u002Fprofiles.wordpress.org\u002Fpuvoxsoftware\u002F","\u003Ch4>[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍 ] :\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>• Revised for security to be reliable and free of vulnerability holes.\u003Cbr \u002F>\n  • Efficient, not to add any extra load\u002Fslowness to site.\u003Cbr \u002F>\n  • Don’t collect private data.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Plugin Description\u003C\u002Fh4>\n\u003Cp>Activate the plugin to prevent users from changing their Profile or Dashboard fields. Only admins (with role “create_users”) can change the selected fields.\u003C\u002Fp>\n\u003Ch4>Available Options\u003C\u002Fh4>\n\u003Cp>See available options and their description on plugin’s settings page.\u003C\u002Fp>\n","[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍 ]  Prevent users from modifying specific Profile & Dashboard fields.",300,4519,100,4,"2024-10-30T11:24:00.000Z","6.5.8","6.0","",[20,21,22,23,24],"dashboard","disable","disallow","prevent","profile","https:\u002F\u002Fpuvox.software\u002Fsoftware\u002Fwordpress-plugins\u002F?plugin=modify-profile-dashboard-fields","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmodify-profile-fields-dashboard-menu-buttons.zip",92,1,0,"2022-08-01 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"WF-272fd463-8e81-4041-9ab8-b2770d698a5f-modify-profile-fields-dashboard-menu-buttons","profile-dashboard-fields-reflected-cross-site-scripting","Profile & Dashboard fields \u003C= 1.03 - Reflected Cross-Site Scripting","The Profile & Dashboard fields plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.03 due to the use of add_query_arg\u002Fremove_query_arg with insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages via a URL that executes if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.03","1.04","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F272fd463-8e81-4041-9ab8-b2770d698a5f?source=api-prod",540,{"slug":50,"display_name":7,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":53,"avg_patch_time_days":48,"trust_score":54,"computed_at":55},"puvoxsoftware",16,51190,94,75,"2026-04-04T05:38:41.623Z",[57,69,93,114,136],{"slug":58,"name":59,"version":60,"author":7,"author_profile":8,"description":61,"short_description":62,"active_installs":29,"downloaded":63,"rating":29,"num_ratings":29,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":64,"homepage":67,"download_link":68,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31},"modify-comment-fields","Comment Fields [Modify\u002FDisable\u002FRemove]","1.08","\u003Ch4>[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍 ] :\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>• Revised for security to be reliable and free of vulnerability holes.\u003Cbr \u002F>\n  • Efficient, not to add any extra load\u002Fslowness to site.\u003Cbr \u002F>\n  • Don’t collect private data.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Plugin Description\u003C\u002Fh4>\n\u003Cp>Remove fields in comment, like URL or EMAIL. The only correct way of doing that.\u003C\u002Fp>\n\u003Ch4>Available Options\u003C\u002Fh4>\n\u003Cp>See available options and their description on plugin’s settings page.\u003C\u002Fp>\n","[ ✅ 𝐒𝐄𝐂𝐔𝐑𝐄 𝐏𝐋𝐔𝐆𝐈𝐍𝐒 b𝓎 𝒫𝓊𝓋𝑜𝓍 ]  Remove fields in comment, like URL or EMAIL",1288,[65,21,22,23,66],"comment","remove","https:\u002F\u002Fpuvox.software\u002Fsoftware\u002Fwordpress-plugins\u002F?plugin=modify-comment-fields","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmodify-comment-fields.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":18,"tags":84,"homepage":18,"download_link":90,"security_score":91,"vuln_count":28,"unpatched_count":28,"last_vuln_date":92,"fetched_at":31},"disable-right-click-for-wp","Disable Right Click For WP","1.1.6","Aftab Ali Muni","https:\u002F\u002Fprofiles.wordpress.org\u002Faftabmuni\u002F","\u003Cp>This plugin is used to disable right click on website to prevent cut, copy, paste, save image, view source, inspect element etc. \u003C\u002Fp>\n\u003Cp> \u003Cstrong>But when Administrator or Site Editor is logged in, he can access everything without any of the above restrictions.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>NOTE: Please do clear or purge website cache.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>Main Features For Free\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable Right Click.\u003C\u002Fli>\n\u003Cli>Disable View Source With Shortcut (CTRL+U).\u003C\u002Fli>\n\u003Cli>Disable Inspect Element With Shortcut (F12\u002FCTRL+SHIFT+I\u002FCTRL+SHIFT+K).\u003C\u002Fli>\n\u003Cli>Disable Copy (CTRL+C), Cut (CTRL+X), Paster( CTRL+V).\u003C\u002Fli>\n\u003Cli>Disable Text Selection.\u003C\u002Fli>\n\u003Cli>Disable Image drag-n-drop.\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin is used to disable right click on website to prevent cut, copy, paste, save image, view source, inspect element etc.",20000,157380,86,42,"2023-11-26T07:21:00.000Z","6.4.8","3.1",[85,86,87,88,89],"copyright-protection","disable-right-click","prevent-right-click","stop-image-saving-with-right-click","stop-right-click","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-right-click-for-wp.1.1.6.zip",64,"2022-05-04 12:11:00",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":101,"downloaded":102,"rating":79,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":17,"requires_php":18,"tags":106,"homepage":112,"download_link":113,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"disable-wp-notification","Disable WP Notification","3.4","Sourabh Agrawal","https:\u002F\u002Fprofiles.wordpress.org\u002Fsourabhasct\u002F","\u003Cp>Showing the notifications related to plugins and themes is not a good idea for all the user roles. Disable WP Notification helps you to disable all the spammy notifications from the entire wordpress dashboard.\u003C\u002Fp>\n\u003Cp>I know sometimes it is require to get the notifications, so considering this, Our experienced developers provide you the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable all notifications\u003C\u002Fli>\n\u003Cli>Disable Notifications for all users\u003C\u002Fli>\n\u003Cli>Disable Notifications for all users except admin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Disable WP Notification Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Disable all the spammy notifications and clean the Dashboard.\u003C\u002Fli>\n\u003Cli>A panel to show all the disabled notifications.\u003C\u002Fli>\n\u003Cli>Disable the notifications for all the users including admin.\u003C\u002Fli>\n\u003Cli>Disable the notifications for all the users excluding admin. That means, except admin this will work only on the other users.\u003C\u002Fli>\n\u003Cli>Disable theme updates and notification.\u003C\u002Fli>\n\u003Cli>Disable plugin updates.\u003C\u002Fli>\n\u003Cli>Only Admin can manage the settings.\u003C\u002Fli>\n\u003C\u002Ful>\n","Best wordpress plugin to remove all the admin panel notifications in just one click. Including the theme and plugin update notification.",10000,65716,12,"2026-03-10T05:53:00.000Z","6.9.4",[107,108,109,110,111],"disable-admin-notices","disable-dashboard-notifications","disable-plugin-update","disable-theme-update","remove-unwanted-notification","https:\u002F\u002Fsourabhagrawal.com\u002Fdisable-wp-notification","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-wp-notification.3.4.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":53,"num_ratings":124,"last_updated":125,"tested_up_to":105,"requires_at_least":17,"requires_php":126,"tags":127,"homepage":133,"download_link":134,"security_score":13,"vuln_count":28,"unpatched_count":29,"last_vuln_date":135,"fetched_at":31},"admin-bar-dashboard-control","Admin Bar & Dashboard Access Control","1.2.9","Collins Agbonghama","https:\u002F\u002Fprofiles.wordpress.org\u002Fcollizo4sky\u002F","\u003Cp>Simple plugin for disabling admin bar and preventing access to WordPress dashboard based on a user’s roles.\u003C\u002Fp>\n\u003Cp>It is that simple 😀\u003C\u002Fp>\n\u003Ch3>Plugins you will like:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Ffusewp.com\u002F\" rel=\"nofollow ugc\">FuseWP\u003C\u002Fa>\u003C\u002Fstrong>: Connect wordPress to marketing platforms and sync users to your email list.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-user-avatar\u002F\" rel=\"ugc\">ProfilePress\u003C\u002Fa>\u003C\u002Fstrong>: A simple yet powerful eCommerce and paid membership plugin for accepting one-time and recurring payments and selling subscriptions via Stripe & PayPal, restrict content and control user access. \u003Ca href=\"https:\u002F\u002Fprofilepress.com\u002F\" rel=\"nofollow ugc\">Learn more\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmailoptin.io\u002F\" rel=\"nofollow ugc\">MailOptin\u003C\u002Fa>\u003C\u002Fstrong> – The best WordPress email optin forms, email automation & newsletters plugin in the market.\u003C\u002Fli>\n\u003C\u002Ful>\n","Disable admin bar and control users access to WordPress dashboard.",3000,70187,18,"2025-12-04T13:26:00.000Z","5.4",[128,129,130,131,132],"admin-bar","admin-dashboard","disable-admin-bar","disable-toolbar","toolbar","https:\u002F\u002Fprofilepress.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-bar-dashboard-control.1.2.9.zip","2023-10-31 00:00:00",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":122,"downloaded":144,"rating":13,"num_ratings":145,"last_updated":146,"tested_up_to":105,"requires_at_least":147,"requires_php":148,"tags":149,"homepage":155,"download_link":156,"security_score":13,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"disable-email-notification-for-auto-updates","Disable Auto Update Emails and Block Updates for Plugins, WP Core, and Themes","1.0.5","ideasToCode","https:\u002F\u002Fprofiles.wordpress.org\u002Fideastocode\u002F","\u003Cp>Key Features:\u003Cbr \u002F>\n– Disable Email Notifications for Auto-Updates\u003Cbr \u002F>\n– Block\u002Fhide Specific Plugin Updates: You can choose plugins to block\u002Fhide (plugin’s list)\u003Cbr \u002F>\n– Block WordPress Core and Theme Updates\u003Cbr \u002F>\n– Remove Update Buttons from Admin Panel (under Dashboard menu)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Check Our Another Plugin\u003C\u002Fstrong>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F\" rel=\"ugc\">Improve Website Security\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fimprove-website-security\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F\" rel=\"ugc\">Enable SVG, WebP, and ICO Upload\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fenable-svg-webp-ico-upload\u002F?preview=1\" rel=\"ugc\">Live Preview It\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable Email Notifications for Auto-Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nWith the introduction of WordPress 5.5, the auto-update feature was enabled, and email notifications started being sent for every update made. By simply installing this plugin, you can stop receiving these annoying notifications for every auto-update made to plugins, themes, or even the WordPress core. Please note that this plugin will not affect the auto-update feature of WordPress if it is enabled.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Specific Plugin Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nIn the “Block Plugin Updates” tab, the plugin will list all installed plugins on your website. If there are specific plugins you do not want to update, you can disable updates for those particular plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block WordPress Core and Theme Updates:\u003C\u002Fstrong>\u003Cbr \u002F>\nYou also have the option to block updates for the WordPress core and themes. However, this is not recommended for security reasons.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Update Buttons from Admin Panel:\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you do not want to see the “Updates” menu under the Dashboard, you can easily hide it from the admin panel menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Default Settings:\u003C\u002Fstrong>\u003Cbr \u002F>\nBy default, only the email notification feature is turned on; other settings must be configured manually.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Tutorial video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F3U4QM7UZ6D8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>If you want to learn more and see how this plugin works – please check our\u003Ca href=\"https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F\" rel=\"nofollow ugc\"> website – ideastocode.com.\u003C\u002Fa>\u003C\u002Fp>\n","This plugin disables email notifications for auto-updates and blocks updates for specific plugins, hide plugins, WordPress core, and themes.",15949,2,"2025-12-04T21:10:00.000Z","5.5","7.0",[150,151,152,153,154],"block-specific-plugin-updates","block-themes-updates","block-wordpress-core-updates","disable-update-notification-emails","hide-updates-from-dashboard","https:\u002F\u002Fideastocode.com\u002Fplugins\u002Fdisable-automatic-update-email-notification-in-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-email-notification-for-auto-updates.1.0.5.zip",{"attackSurface":158,"codeSignals":321,"taintFlows":532,"riskAssessment":661,"analyzedAt":677},{"hooks":159,"ajaxHandlers":317,"restRoutes":318,"shortcodes":319,"cronEvents":320,"entryPointCount":29,"unprotectedCount":29},[160,166,171,174,177,180,183,186,189,192,195,198,203,207,211,213,217,219,225,228,231,234,236,240,243,246,249,251,254,257,259,262,265,268,271,274,278,282,286,288,292,295,298,302,305,308,310,314],{"type":161,"name":162,"callback":163,"file":164,"line":165},"action","admin_init","enable_disable_other_things","index.php",70,{"type":161,"name":167,"callback":168,"priority":169,"file":164,"line":170},"user_profile_update_errors","admin_color_change_BACKEND",10,93,{"type":161,"name":167,"callback":172,"priority":169,"file":164,"line":173},"toolbar_change_backend",98,{"type":161,"name":167,"callback":175,"priority":169,"file":164,"line":176},"username_change_backend",103,{"type":161,"name":167,"callback":178,"priority":169,"file":164,"line":179},"first_name_change_backend",108,{"type":161,"name":167,"callback":181,"priority":169,"file":164,"line":182},"last_name_change_backend",113,{"type":161,"name":167,"callback":184,"priority":169,"file":164,"line":185},"nickname_change_backend",118,{"type":161,"name":167,"callback":187,"priority":169,"file":164,"line":188},"display_name_change_backend",123,{"type":161,"name":167,"callback":190,"priority":169,"file":164,"line":191},"url_change_BACKEND",128,{"type":161,"name":167,"callback":193,"priority":169,"file":164,"line":194},"description_change_BACKEND",133,{"type":161,"name":167,"callback":196,"priority":169,"file":164,"line":197},"profile_picture_change_BACKEND",138,{"type":161,"name":199,"callback":200,"priority":201,"file":164,"line":202},"personal_options_update","mail_change_BACKEND",5,146,{"type":161,"name":204,"callback":205,"priority":169,"file":164,"line":206},"check_passwords","password_change_BACKEND",152,{"type":161,"name":208,"callback":209,"file":164,"line":210},"admin_head","closure",318,{"type":161,"name":208,"callback":209,"file":164,"line":212},328,{"type":161,"name":214,"callback":209,"priority":28,"file":215,"line":216},"wp_head","library.php",4768,{"type":161,"name":208,"callback":209,"priority":28,"file":215,"line":218},4769,{"type":161,"name":220,"callback":221,"priority":222,"file":223,"line":224},"wp_enqueue_scripts","my_styles_hook",9,"library_wp.php",73,{"type":161,"name":226,"callback":221,"priority":222,"file":223,"line":227},"admin_enqueue_scripts",74,{"type":161,"name":229,"callback":209,"file":223,"line":230},"admin_footer",148,{"type":161,"name":232,"callback":209,"file":223,"line":233},"init",163,{"type":161,"name":162,"callback":209,"file":223,"line":235},210,{"type":237,"name":238,"callback":209,"file":223,"line":239},"filter","mce_external_plugins",212,{"type":237,"name":241,"callback":209,"file":223,"line":242},"mce_buttons_2",213,{"type":237,"name":244,"callback":209,"file":223,"line":245},"tiny_mce_version",215,{"type":161,"name":247,"callback":209,"priority":28,"file":223,"line":248},"wp",231,{"type":161,"name":250,"callback":209,"priority":28,"file":223,"line":48},"plugins_loaded",{"type":161,"name":247,"callback":252,"file":223,"line":253},"my_flush__rewrite",550,{"type":161,"name":255,"callback":209,"file":223,"line":256},"wp_footer",700,{"type":161,"name":232,"callback":209,"file":223,"line":258},711,{"type":161,"name":260,"callback":209,"file":223,"line":261},"wp_loaded",854,{"type":161,"name":263,"callback":209,"file":223,"line":264},"shutdown",859,{"type":161,"name":232,"callback":266,"file":223,"line":267},"load_textdomain",1732,{"type":161,"name":208,"callback":269,"file":223,"line":270},"admin_head_func",1743,{"type":161,"name":272,"callback":209,"file":223,"line":273},"current_screen",1744,{"type":161,"name":247,"callback":275,"priority":276,"file":223,"line":277},"flush_checkpoint",999,1753,{"type":237,"name":279,"callback":280,"priority":28,"file":223,"line":281},"upload_mimes","upload_mimes_filter",1759,{"type":237,"name":283,"callback":284,"priority":169,"file":223,"line":285},"wp_handle_upload","wp_handle_upload_filter",1760,{"type":161,"name":232,"callback":209,"file":223,"line":287},1822,{"type":161,"name":289,"callback":290,"file":223,"line":291},"network_admin_menu","plugin__add_menu_or_submenu",1912,{"type":161,"name":293,"callback":290,"file":223,"line":294},"admin_menu",1914,{"type":161,"name":296,"callback":209,"file":223,"line":297},"activated_plugin",1916,{"type":161,"name":299,"callback":300,"file":223,"line":301},"network_admin_notices","admin_error_notice_pro",2103,{"type":161,"name":303,"callback":300,"file":223,"line":304},"admin_notices",2104,{"type":237,"name":306,"callback":209,"priority":169,"file":223,"line":307},"wp_php_error_message",2187,{"type":161,"name":255,"callback":209,"file":223,"line":309},2375,{"type":237,"name":311,"callback":312,"file":223,"line":313},"widget_text","do_shortcode",2399,{"type":237,"name":315,"callback":209,"file":223,"line":316},"site_transient_update_plugins",3266,[],[],[],[],{"dangerousFunctions":322,"sqlUsage":327,"outputEscaping":362,"fileOperations":529,"externalRequests":14,"nonceChecks":201,"capabilityChecks":530,"bundledLibraries":531},[323],{"fn":324,"file":215,"line":325,"context":326},"unserialize",3813,"if ( @unserialize($serialized_string) !== false ) \treturn $serialized_string;",{"prepared":328,"raw":329,"locations":330},46,14,[331,334,336,338,340,343,345,347,349,351,354,356,358,360],{"file":215,"line":332,"context":333},645,"$wpdb->query() with variable interpolation",{"file":223,"line":335,"context":333},784,{"file":223,"line":337,"context":333},785,{"file":223,"line":339,"context":333},1023,{"file":223,"line":341,"context":342},1224,"$wpdb->get_var() with variable interpolation",{"file":223,"line":344,"context":333},1353,{"file":223,"line":346,"context":333},1355,{"file":223,"line":348,"context":333},1368,{"file":223,"line":350,"context":333},1420,{"file":223,"line":352,"context":353},1421,"$wpdb->get_results() with variable interpolation",{"file":223,"line":355,"context":333},1430,{"file":223,"line":357,"context":333},1434,{"file":223,"line":359,"context":353},3058,{"file":223,"line":361,"context":333},3074,{"escaped":363,"rawEcho":364,"locations":365},89,84,[366,369,371,373,374,376,377,379,381,383,385,387,389,391,393,395,397,399,401,403,405,407,409,411,413,415,417,419,421,423,425,427,429,431,433,435,436,437,439,441,443,445,447,448,450,452,454,456,457,459,461,463,465,467,469,471,473,475,477,479,481,483,485,487,489,491,493,495,497,499,501,503,505,507,509,511,513,515,517,519,521,523,525,527],{"file":164,"line":367,"context":368},344,"raw output",{"file":164,"line":370,"context":368},356,{"file":164,"line":372,"context":368},409,{"file":164,"line":372,"context":368},{"file":164,"line":375,"context":368},412,{"file":164,"line":375,"context":368},{"file":164,"line":378,"context":368},422,{"file":164,"line":380,"context":368},428,{"file":164,"line":382,"context":368},442,{"file":164,"line":384,"context":368},444,{"file":164,"line":386,"context":368},467,{"file":164,"line":388,"context":368},470,{"file":164,"line":390,"context":368},485,{"file":164,"line":392,"context":368},488,{"file":215,"line":394,"context":368},480,{"file":215,"line":396,"context":368},2316,{"file":215,"line":398,"context":368},2915,{"file":215,"line":400,"context":368},3231,{"file":215,"line":402,"context":368},3238,{"file":215,"line":404,"context":368},3278,{"file":215,"line":406,"context":368},3391,{"file":215,"line":408,"context":368},3646,{"file":215,"line":410,"context":368},4194,{"file":215,"line":412,"context":368},4195,{"file":215,"line":414,"context":368},4245,{"file":215,"line":416,"context":368},4247,{"file":215,"line":418,"context":368},4442,{"file":215,"line":420,"context":368},4451,{"file":215,"line":422,"context":368},4453,{"file":215,"line":424,"context":368},4602,{"file":215,"line":426,"context":368},4694,{"file":215,"line":428,"context":368},4698,{"file":215,"line":430,"context":368},4705,{"file":215,"line":432,"context":368},4716,{"file":215,"line":434,"context":368},4722,{"file":215,"line":216,"context":368},{"file":215,"line":218,"context":368},{"file":215,"line":438,"context":368},5119,{"file":215,"line":440,"context":368},5121,{"file":223,"line":442,"context":368},396,{"file":223,"line":444,"context":368},401,{"file":223,"line":446,"context":368},410,{"file":223,"line":382,"context":368},{"file":223,"line":449,"context":368},576,{"file":223,"line":451,"context":368},655,{"file":223,"line":453,"context":368},660,{"file":223,"line":455,"context":368},674,{"file":223,"line":455,"context":368},{"file":223,"line":458,"context":368},1312,{"file":223,"line":460,"context":368},1317,{"file":223,"line":462,"context":368},1328,{"file":223,"line":464,"context":368},2320,{"file":223,"line":466,"context":368},2499,{"file":223,"line":468,"context":368},2513,{"file":223,"line":470,"context":368},2551,{"file":223,"line":472,"context":368},2553,{"file":223,"line":474,"context":368},2554,{"file":223,"line":476,"context":368},2582,{"file":223,"line":478,"context":368},2586,{"file":223,"line":480,"context":368},2589,{"file":223,"line":482,"context":368},2636,{"file":223,"line":484,"context":368},2656,{"file":223,"line":486,"context":368},2666,{"file":223,"line":488,"context":368},2671,{"file":223,"line":490,"context":368},2673,{"file":223,"line":492,"context":368},2700,{"file":223,"line":494,"context":368},2707,{"file":223,"line":496,"context":368},2754,{"file":223,"line":498,"context":368},2769,{"file":223,"line":500,"context":368},2782,{"file":223,"line":502,"context":368},2789,{"file":223,"line":504,"context":368},2790,{"file":223,"line":506,"context":368},2791,{"file":223,"line":508,"context":368},2796,{"file":223,"line":510,"context":368},2798,{"file":223,"line":512,"context":368},2806,{"file":223,"line":514,"context":368},2867,{"file":223,"line":516,"context":368},2981,{"file":223,"line":518,"context":368},2997,{"file":223,"line":520,"context":368},3006,{"file":223,"line":522,"context":368},3148,{"file":223,"line":524,"context":368},3393,{"file":223,"line":526,"context":368},3420,{"file":223,"line":528,"context":368},3423,19,3,[],[533,550,559,570,580,620,631,652],{"entryPoint":534,"graph":535,"unsanitizedCount":28,"severity":41},"force_redirect_to_https (library.php:103)",{"nodes":536,"edges":547},[537,542],{"id":538,"type":539,"label":540,"file":215,"line":541},"n0","source","$_SERVER['REQUEST_URI']",104,{"id":543,"type":544,"label":545,"file":215,"line":541,"wp_function":546},"n1","sink","header() [Header Injection]","header",[548],{"from":538,"to":543,"sanitized":549},false,{"entryPoint":551,"graph":552,"unsanitizedCount":28,"severity":41},"password_site (library.php:2312)",{"nodes":553,"edges":557},[554,556],{"id":538,"type":539,"label":540,"file":215,"line":555},2315,{"id":543,"type":544,"label":545,"file":215,"line":555,"wp_function":546},[558],{"from":538,"to":543,"sanitized":549},{"entryPoint":560,"graph":561,"unsanitizedCount":28,"severity":41},"redirect_to_https (library.php:3790)",{"nodes":562,"edges":568},[563,566],{"id":538,"type":539,"label":564,"file":215,"line":565},"$_SERVER",3793,{"id":543,"type":544,"label":545,"file":215,"line":567,"wp_function":546},3795,[569],{"from":538,"to":543,"sanitized":549},{"entryPoint":571,"graph":572,"unsanitizedCount":28,"severity":41},"redirect_to_nonwww (library.php:3800)",{"nodes":573,"edges":578},[574,576],{"id":538,"type":539,"label":564,"file":215,"line":575},3802,{"id":543,"type":544,"label":545,"file":215,"line":577,"wp_function":546},3804,[579],{"from":538,"to":543,"sanitized":549},{"entryPoint":581,"graph":582,"unsanitizedCount":222,"severity":41},"\u003Clibrary> (library.php:0)",{"nodes":583,"edges":614},[584,586,587,590,595,597,602,605,607,610],{"id":538,"type":539,"label":585,"file":215,"line":541},"$_SERVER['REQUEST_URI'] (x2)",{"id":543,"type":544,"label":545,"file":215,"line":541,"wp_function":546},{"id":588,"type":539,"label":564,"file":215,"line":589},"n2",256,{"id":591,"type":544,"label":592,"file":215,"line":593,"wp_function":594},"n3","wp_remote_get() [SSRF]",3066,"wp_remote_get",{"id":596,"type":539,"label":564,"file":215,"line":589},"n4",{"id":598,"type":544,"label":599,"file":215,"line":600,"wp_function":601},"n5","wp_remote_post() [SSRF]",3072,"wp_remote_post",{"id":603,"type":539,"label":604,"file":215,"line":565},"n6","$_SERVER (x2)",{"id":606,"type":544,"label":545,"file":215,"line":567,"wp_function":546},"n7",{"id":608,"type":539,"label":609,"file":215,"line":589},"n8","$_SERVER (x3)",{"id":611,"type":544,"label":612,"file":215,"line":414,"wp_function":613},"n9","echo() [XSS]","echo",[615,616,617,618,619],{"from":538,"to":543,"sanitized":549},{"from":588,"to":591,"sanitized":549},{"from":596,"to":598,"sanitized":549},{"from":603,"to":606,"sanitized":549},{"from":608,"to":611,"sanitized":549},{"entryPoint":621,"graph":622,"unsanitizedCount":29,"severity":630},"ajax_backend_call (library_wp.php:432)",{"nodes":623,"edges":627},[624,626],{"id":538,"type":539,"label":625,"file":223,"line":382},"$_POST['PRO_check_key']",{"id":543,"type":544,"label":612,"file":223,"line":382,"wp_function":613},[628],{"from":538,"to":543,"sanitized":629},true,"low",{"entryPoint":632,"graph":633,"unsanitizedCount":29,"severity":630},"\u003Clibrary_wp> (library_wp.php:0)",{"nodes":634,"edges":648},[635,636,637,640,644,647],{"id":538,"type":539,"label":625,"file":223,"line":382},{"id":543,"type":544,"label":612,"file":223,"line":382,"wp_function":613},{"id":588,"type":539,"label":638,"file":223,"line":639},"$_POST (x2)",1454,{"id":591,"type":544,"label":641,"file":223,"line":642,"wp_function":643},"get_var() [SQLi]",1456,"get_var",{"id":596,"type":539,"label":645,"file":223,"line":646},"$_POST",2527,{"id":598,"type":544,"label":612,"file":223,"line":498,"wp_function":613},[649,650,651],{"from":538,"to":543,"sanitized":629},{"from":588,"to":591,"sanitized":629},{"from":596,"to":598,"sanitized":629},{"entryPoint":653,"graph":654,"unsanitizedCount":145,"severity":660},"change_slug_2_old (library_wp.php:1451)",{"nodes":655,"edges":658},[656,657],{"id":538,"type":539,"label":638,"file":223,"line":639},{"id":543,"type":544,"label":641,"file":223,"line":642,"wp_function":643},[659],{"from":538,"to":543,"sanitized":549},"high",{"summary":662,"deductions":663},"The plugin 'modify-profile-fields-dashboard-menu-buttons' v1.07 presents a mixed security posture. On the positive side, there are no reported AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed without authentication, suggesting a limited attack surface.  The presence of capability checks and nonce checks, along with a high percentage of SQL queries using prepared statements, indicates good coding practices in many areas.\n\nHowever, the static analysis reveals significant concerns. The single instance of `unserialize` is a critical risk, as it can be exploited for remote code execution if not handled with extreme care and input validation. Furthermore, the taint analysis shows 6 out of 8 analyzed flows with unsanitized paths, including one of high severity, indicating potential vulnerabilities like cross-site scripting or insecure direct object references. The moderate output escaping (51%) also suggests a risk of XSS vulnerabilities.\n\nThe vulnerability history, while showing no currently unpatched vulnerabilities, does indicate a past medium-severity XSS vulnerability. This, combined with the taint analysis findings and moderate output escaping, suggests a recurring pattern of potential XSS vulnerabilities. While the plugin has strengths in its limited attack surface and use of prepared statements, the presence of `unserialize` and the significant number of unsanitized taint flows pose substantial risks that require immediate attention. The past vulnerability also warrants caution.",[664,667,669,671,674],{"reason":665,"points":666},"Dangerous function unserialize found",15,{"reason":668,"points":103},"High severity unsanitized taint flow",{"reason":670,"points":222},"6 flows with unsanitized paths",{"reason":672,"points":673},"Only 51% of outputs properly escaped",6,{"reason":675,"points":676},"Past medium severity vulnerability",8,"2026-03-16T20:05:51.455Z",{"wat":679,"direct":688},{"assetPaths":680,"generatorPatterns":683,"scriptPaths":684,"versionParams":685},[681,682],"\u002Fwp-content\u002Fplugins\u002Fmodify-profile-fields-dashboard-menu-buttons\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fmodify-profile-fields-dashboard-menu-buttons\u002Fjs\u002Fscript.js",[],[],[686,687],"modify-profile-fields-dashboard-menu-buttons\u002Fcss\u002Fstyle.css?ver=","modify-profile-fields-dashboard-menu-buttons\u002Fjs\u002Fscript.js?ver=",{"cssClasses":689,"htmlComments":702,"htmlAttributes":703,"restEndpoints":704,"jsGlobals":705,"shortcodeOutput":706},[690,691,692,693,694,695,696,697,698,699,700,701],"user-admin-color-wrap","user-admin-bar-front-wrap","user-user-login-wrap","user-first-name-wrap","user-last-name-wrap","user-nickname-wrap","user-display-name-wrap","user-email-wrap","user-url-wrap","user-description-wrap","user-pass1-wrap","user-pass2-wrap",[],[],[],[],[]]