[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fsf8nSM5l3k3SXPrR0VDsFzzDWTM2bq9vGs5uR_tlXAM":3,"$fGQCr1xTmFtHnHTz4k8gzzNAYtQvjgCqhA-T6HiVVc1E":346,"$f6q_VlUDn2V8yPm5BMcG81VDz12ieho1XDthAb8BQ7Ww":350},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"discovery_status":31,"vulnerabilities":32,"developer":33,"crawl_stats":29,"alternatives":40,"analysis":132,"fingerprints":309},"more-privacy-options","More Privacy Options","4.6","David Sader","https:\u002F\u002Fprofiles.wordpress.org\u002Fdsader\u002F","\u003Cp>Adds three more levels of privacy(visibility) to the Settings–>Reading page.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Site visible to any logged in community member – “Network Users Only”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Site visible only to registered users of blog – “Site Members Only”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Site visible only to administrators – “Site Admins Only”.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FCreate_A_Network\" rel=\"nofollow ugc\">Multisite\u003C\u002Fa> Network Admin can set an override on site privacy at “Network Visibility Selector” on Network Settings page\u003C\u002Fp>\n\u003Cp>Multisite Network Admin can set privacy options at Network-Sites-Edit under “Settings Tab” as well.\u003C\u002Fp>\n\u003Cp>Network Admin receives an email when blog privacy changes.\u003C\u002Fp>\n\u003Cp>RSS feeds require authentication.\u003C\u002Fp>\n\u003Cp>robots.txt updates accordingly.\u003C\u002Fp>\n\u003Cp>Ping sites filters correctly.\u003C\u002Fp>\n\u003Cp>Privacy status reflected in Dashboard “Right Now” box.\u003C\u002Fp>\n\u003Cp>Uses WP3+ functions auth_redirect(), network_home_url(), and home_url() for SSL login redirects.\u003C\u002Fp>\n\u003Cp>Login message has link to sign-up page of a “Network Users Only” blog or a link the blog admin email if user is logged in but not a member of a “Members Only” blog.\u003C\u002Fp>\n\u003Cp>Localization ready.\u003C\u002Fp>\n","Adds three more levels of privacy(visibility) to the Settings-->Reading page.",40,86675,78,14,"2016-08-08T21:21:00.000Z","4.6.30","3.7.1","",[20,21,22,23,24],"members-only","multisite","privacy","private-blog","visibility","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmore-privacy-options\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmore-privacy-options.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":35,"total_installs":36,"avg_security_score":27,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"dsader",6,210,30,84,"2026-05-19T19:23:34.466Z",[41,59,78,95,113],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":51,"num_ratings":52,"last_updated":53,"tested_up_to":18,"requires_at_least":18,"requires_php":18,"tags":54,"homepage":18,"download_link":58,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"buddypress-activity-privacy","BuddyPress Activity Privacy","1.3.8","meg@info","https:\u002F\u002Fprofiles.wordpress.org\u002Fmegainfo\u002F","\u003Cp>BuddyPress Activity Privacy plugin add a privacy level to activity stream component.\u003C\u002Fp>\n\u003Cp>The plugin add the ability for members to choose who can read his activity (Anyone, Logged In Users, My Friends, Admins Only, Only me, My Friends in Group , Group Members …etc).\u003C\u002Fp>\n\u003Ch4>What’s news In Buddypress Activity Privacy 1.3.x ?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Admin have abitility to enable\u002Fdisable FontAwsome icons.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility to enable\u002Fdisable viewing and editing the privacy of all activities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility to enable\u002Fdisable editing the privacy of posts for all members.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility show\u002Fhide the privacy label in selexbox.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin have abitility show\u002Fhide the privacy in activity meta.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Integration with Buddypress Media plugin\u003C\u002Fstrong> (https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbuddypress-media\u002F).\u003C\u002Fp>\n\u003Cp>Make sure to :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set the privacy settings to \u003Cstrong>OFF\u003C\u002Fstrong> in rtMedia settings.\u003C\u002Fli>\n\u003Cli>A new select-box (Privacy) is added to Edit Media form under Description Textarea.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The plugin work now on multi site Netowork.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>A New privacy level (@mentioned only). When a member choose this privacy level, only mentioned members (and admin of course) can see the activity.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Remark: Members mentioned in activity can see it’s content whatever the privacy level.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>New Drop down system with a nice icons (font awsome).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admin Option Area, Admin can update Enable\u002FDisable privacy level, Sort the privacy levels and change the default privacy level.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>What’s news In Buddypress Activity Privacy 1.x ?\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Members can now change the privacy of the activity already posted.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Admins can update the privacy of all activities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Integration with BuddyPress Follow Plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-followers\u002F ).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Integration With Buddypress Activity Plus Plugin (https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fbuddypress-activity-plus\u002F ).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>-The plugin is now extensible for new privacy levels !! ( Check the integration of BuddyPress Follow in bp-activity-privacy-integrations.php ).\u003C\u002Fp>\n","BuddyPress Activity Privacy plugin add a privacy level to activity stream component.",100,59919,74,23,"2015-11-27T00:08:00.000Z",[55,56,22,57,24],"activity","buddypress","stream","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-activity-privacy.1.3.8.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":28,"num_ratings":28,"last_updated":69,"tested_up_to":70,"requires_at_least":6,"requires_php":71,"tags":72,"homepage":76,"download_link":77,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"membership-lock","Membership Lock","2.5.0","uri","https:\u002F\u002Fprofiles.wordpress.org\u002Ficelayer\u002F","\u003Cp>Membership Lock down will lock all post content including attached images, video, docs, and everything else, everywhere.\u003C\u002Fp>\n\u003Cp>All who try to visit the site will be redirected to the login page.\u003C\u002Fp>\n\u003Cp>The administrator can enable and disable the lock down as needed.\u003Cbr \u002F>\nOnly registered website users will be able to access,\u003C\u002Fp>\n\u003Cp>If a user is not logged in we will redirect them to the login page.\u003C\u002Fp>\n","Membership Lock down lets you easily lock all post content including attached images, video, docs, and everything else.",20,2655,"2024-01-09T02:35:00.000Z","5.7.15","5.6",[73,20,74,75,22],"lock","membership","memberships","https:\u002F\u002Fwpbrisko.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmembership-lock.2.5.0.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":28,"num_ratings":28,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":18,"tags":91,"homepage":18,"download_link":93,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":94},"turn-on-blog-privacy","Turn on Blog Privacy","1.1.2","Ben Lobaugh (blobaugh)","https:\u002F\u002Fprofiles.wordpress.org\u002Fblobaugh\u002F","\u003Cp>If you have a public development site and desire for bots and crawlers not to visit your site until it is considered production this plugin can help you by\u003Cbr \u002F>\nautomagically settings the site to private.\u003C\u002Fp>\n\u003Cp>This Multisite compatible plugin will detect whether your site is running a single install or a multisite install of WordPress and react accordingly.\u003C\u002Fp>\n\u003Cp>When you enable this plugin it sets the site option for whether or not the site should tell search engines and other crawlers not to index the site.\u003Cbr \u002F>\nUpon activations bots will be asked not to crawl the site (Note: this is not a 100% solution, bots may ignore this directive, though most search engines honor it).\u003C\u002Fp>\n\u003Cp>When this plugin is deactivated the privacy setting will be turned off and bots will be freely allowed to crawl the website again.\u003C\u002Fp>\n\u003Cp>NOTE: Due to how WordPress Multisite handles network wide plugin activation you will currently need the Proper Network Activation plugin if you wish to turn on privacy immediately when enabling this plugin.\u003C\u002Fp>\n","Globally alters the site visibility settings to \"Ask search engines not to index this site\" when enabled. Upon deactivation it selects &quot &hellip;",10,2637,"2017-06-05T16:44:00.000Z","4.8.28","3.0",[92,21,22],"enable-privacy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fturn-on-blog-privacy.zip","2026-03-15T15:16:48.613Z",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":28,"downloaded":103,"rating":28,"num_ratings":28,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":18,"download_link":112,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"adamszokol-onion-service","Onion Service by Adam Szokol","1.0.2","Adam Szokol","https:\u002F\u002Fprofiles.wordpress.org\u002Fszokoladam\u002F","\u003Cp>The Onion Service by Adam Szokol plugin provides reliable functionality for integrating your WordPress site with the Tor network. It configures your site to handle .onion addresses, which can enhance accessibility and privacy for your visitors using the Tor Browser. This plugin is built to work effectively on both single-site and WordPress Multisite installations.\u003C\u002Fp>\n\u003Cp>A core feature is its administrative helper functionality. On activation, the plugin checks for and creates a necessary sunrise.php file for domain mapping support. It also attempts to add the required define( ‘SUNRISE’, true ); constant to your wp-config.php file, which is often the most complex step in the setup process. This modification is only attempted if file permissions allow it.\u003C\u002Fp>\n\u003Cp>The settings interface is available only to administrators (or Super Admins on Multisite), allowing you to easily map your .onion domains and manage the service status.\u003C\u002Fp>\n\u003Cp>Key Features:\u003C\u002Fp>\n\u003Cp>Automatic sunrise.php Creation: Handles the creation and placement of sunrise.php for reliable domain mapping.\u003C\u002Fp>\n\u003Cp>Optional wp-config.php Modification: Attempts to safely add the SUNRISE constant to your configuration file, providing a setup assist.\u003C\u002Fp>\n\u003Cp>Unified Architecture: Works consistently across single WordPress sites and Multisite networks.\u003C\u002Fp>\n\u003Cp>Onion-Location Header: Automatically informs Tor Browser users that a private .onion version of your site is available.\u003C\u002Fp>\n\u003Cp>Full Domain Mapping: Assign unique .onion domains to specific sites in your installation.\u003C\u002Fp>\n\u003Cp>Service Status Control: Easily disable the onion service and display a custom maintenance message.\u003C\u002Fp>\n","A focused plugin designed to enable Onion Service & Mapping support for your WordPress site.",306,"2025-12-22T11:27:00.000Z","6.9.4","5.8","7.4",[21,109,22,110,111],"onion","security","tor","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadamszokol-onion-service.1.0.2.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":28,"downloaded":121,"rating":28,"num_ratings":28,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":129,"download_link":130,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":131},"surbma-gdpr-multisite-privacy","Surbma | GDPR Multisite Privacy","2.0","Surbma","https:\u002F\u002Fprofiles.wordpress.org\u002Fsurbma\u002F","\u003Cp>This plugin is only for Multisite networks! It will give special privileges to every subsite administrator, that has the same email address, what is set as the main email address for that particular subsite. So every subsite can set their own privacy settings and they will have the option to export or remove personal data if required by the user. This is a very important feature if you want to compile with GDPR.\u003C\u002Fp>\n\u003Cp>Only one user will get the special capabilities to set and edit the privacy policy page and get access to user data export or removal pages. The user must be an administrator and the user’s email address must match with the default email address under Settings page.\u003C\u002Fp>\n\u003Ch3>The Problem…\u003C\u002Fh3>\n\u003Cp>By default, the new Privacy settings introduced in WordPress 4.9.6 is available only for single install Administrators or if you use a Multsiite install, it is available only for Super Admins. There is no default option to enable Privacy settings for subsites. It can be a big problem for you subsite users, because they can not meet the GDPR rules.\u003C\u002Fp>\n\u003Ch3>…and the solution\u003C\u002Fh3>\n\u003Cp>This plugin will give subsite Administrators access to these new privacy features. Only one administrator will get these new privileges per subsite, who has the same email, that is set under Settings page.\u003C\u002Fp>\n\u003Ch3>Other GDPR related plugins by Surbma\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsurbma-gdpr-proof-google-analytics\u002F\" rel=\"ugc\">Surbma | GDPR Proof Cookie Consent & Notice Bar\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsurbma-gdpr-proof-gravity-forms\u002F\" rel=\"ugc\">Surbma | GDPR Proof Gravity Forms\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>About Surbma\u003C\u002Fh3>\n\u003Ch4>Other Surbma plugins\u003C\u002Fh4>\n\u003Cp>I have more, than 30 fantastic, FREE plugins in the official WordPress plugin directory. Please check them too here: \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsurbma#content-plugins\" rel=\"nofollow ugc\">Surbma plugins\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Do you want to contribute or help improving this plugin?\u003C\u002Fh4>\n\u003Cp>You can find it on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSurbma\u002Fsurbma-gdpr-multisite-privacy\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FSurbma\u002Fsurbma-gdpr-multisite-privacy\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>You can find my other plugins and projects on GitHub\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FSurbma\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FSurbma\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please feel free to contribute, help or recommend any new features for my plugins, themes and other projects.\u003C\u002Fp>\n\u003Ch4>Do you want to know more about me?\u003C\u002Fh4>\n\u003Cp>Visit my webpage: \u003Ca href=\"https:\u002F\u002Fsurbma.com\u002F\" rel=\"nofollow ugc\">Surbma.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Do you like and use my free plugins?\u003C\u002Fh4>\n\u003Cp>You can donate me for FREE here: \u003Ca href=\"https:\u002F\u002Fsurbma.com\u002Fdonate\u002F\" rel=\"nofollow ugc\">Surbma.com\u003C\u002Fa>\u003C\u002Fp>\n","A GDPR Multisite plugin, that adds special privileges to a subsite Administrator for Privacy settings.",1724,"2023-04-08T13:11:00.000Z","6.2.9","5.1","7.0",[21,22,110,127,128],"surbma","user","https:\u002F\u002Fsurbma.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsurbma-gdpr-multisite-privacy.2.0.zip","2026-04-06T09:54:40.288Z",{"attackSurface":133,"codeSignals":227,"taintFlows":270,"riskAssessment":299,"analyzedAt":308},{"hooks":134,"ajaxHandlers":223,"restRoutes":224,"shortcodes":225,"cronEvents":226,"entryPointCount":28,"unprotectedCount":28},[135,140,144,148,152,156,160,164,168,173,177,180,183,186,189,192,195,198,201,205,209,212,216,220],{"type":136,"name":137,"callback":138,"file":139,"line":49},"action","all_admin_notices","display_not_multisite_notice","ds_wp3_private_blog.php",{"type":136,"name":141,"callback":142,"file":139,"line":143},"init","ds_localization_init",109,{"type":136,"name":145,"callback":146,"file":139,"line":147},"update_wpmu_options","sitewide_privacy_update",111,{"type":136,"name":149,"callback":150,"file":139,"line":151},"wpmu_options","sitewide_privacy_options_page",112,{"type":136,"name":153,"callback":154,"file":139,"line":155},"wpmueditblogaction","wpmu_blogs_add_privacy_options",115,{"type":136,"name":157,"callback":158,"file":139,"line":159},"blog_privacy_selector","add_privacy_options",121,{"type":136,"name":161,"callback":162,"file":139,"line":163},"template_redirect","ds_users_authenticator",129,{"type":136,"name":165,"callback":166,"file":139,"line":167},"login_form","registered_users_login_message",131,{"type":169,"name":170,"callback":171,"file":139,"line":172},"filter","privacy_on_link_title","registered_users_header_title",132,{"type":169,"name":174,"callback":175,"file":139,"line":176},"privacy_on_link_text","registered_users_header_link",133,{"type":136,"name":161,"callback":178,"file":139,"line":179},"ds_members_authenticator",136,{"type":136,"name":165,"callback":181,"file":139,"line":182},"registered_members_login_message",138,{"type":169,"name":170,"callback":184,"file":139,"line":185},"registered_members_header_title",139,{"type":169,"name":174,"callback":187,"file":139,"line":188},"registered_members_header_link",140,{"type":136,"name":161,"callback":190,"file":139,"line":191},"ds_admins_authenticator",144,{"type":136,"name":165,"callback":193,"file":139,"line":194},"registered_admins_login_message",146,{"type":169,"name":170,"callback":196,"file":139,"line":197},"registered_admins_header_title",147,{"type":169,"name":174,"callback":199,"file":139,"line":200},"registered_admins_header_link",148,{"type":136,"name":202,"callback":202,"priority":203,"file":139,"line":204},"do_robots",1,152,{"type":136,"name":206,"callback":207,"priority":28,"file":139,"line":208},"wp_head","noindex",155,{"type":136,"name":210,"callback":207,"priority":203,"file":139,"line":211},"login_head",156,{"type":169,"name":213,"callback":214,"priority":203,"file":139,"line":215},"option_ping_sites","privacy_ping_filter",159,{"type":136,"name":217,"callback":218,"file":139,"line":219},"update_blog_public","ds_mail_super_admin",161,{"type":136,"name":221,"callback":158,"file":139,"line":222},"signup_blogform",163,[],[],[],[],{"dangerousFunctions":228,"sqlUsage":229,"outputEscaping":231,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":203,"bundledLibraries":269},[],{"prepared":28,"raw":28,"locations":230},[],{"escaped":232,"rawEcho":233,"locations":234},2,19,[235,238,240,242,244,246,247,249,250,251,253,255,257,258,259,261,263,265,267],{"file":139,"line":236,"context":237},168,"raw output",{"file":139,"line":239,"context":237},228,{"file":139,"line":241,"context":237},391,{"file":139,"line":243,"context":237},415,{"file":139,"line":245,"context":237},439,{"file":139,"line":245,"context":237},{"file":139,"line":248,"context":237},461,{"file":139,"line":248,"context":237},{"file":139,"line":248,"context":237},{"file":139,"line":252,"context":237},484,{"file":139,"line":254,"context":237},487,{"file":139,"line":256,"context":237},520,{"file":139,"line":256,"context":237},{"file":139,"line":256,"context":237},{"file":139,"line":260,"context":237},539,{"file":139,"line":262,"context":237},559,{"file":139,"line":264,"context":237},560,{"file":139,"line":266,"context":237},566,{"file":139,"line":268,"context":237},571,[],[271,289],{"entryPoint":272,"graph":273,"unsanitizedCount":203,"severity":288},"ds_feed_login (ds_wp3_private_blog.php:344)",{"nodes":274,"edges":285},[275,280],{"id":276,"type":277,"label":278,"file":139,"line":279},"n0","source","$_SERVER['SERVER_NAME']",364,{"id":281,"type":282,"label":283,"file":139,"line":279,"wp_function":284},"n1","sink","header() [Header Injection]","header",[286],{"from":276,"to":281,"sanitized":287},false,"medium",{"entryPoint":290,"graph":291,"unsanitizedCount":28,"severity":298},"\u003Cds_wp3_private_blog> (ds_wp3_private_blog.php:0)",{"nodes":292,"edges":295},[293,294],{"id":276,"type":277,"label":278,"file":139,"line":279},{"id":281,"type":282,"label":283,"file":139,"line":279,"wp_function":284},[296],{"from":276,"to":281,"sanitized":297},true,"low",{"summary":300,"deductions":301},"The plugin \"more-privacy-options\" v4.6 exhibits a generally positive security posture, with a notably clean vulnerability history and a complete absence of known CVEs. The static analysis reveals a minimal attack surface, with no discovered AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited. Furthermore, the plugin demonstrates good practices regarding SQL queries, with 100% utilizing prepared statements, and no file operations or external HTTP requests were detected.  However, a significant concern lies in the output escaping, where only 10% of the 21 identified outputs are properly escaped, leaving a substantial risk of cross-site scripting (XSS) vulnerabilities. The taint analysis also identified one flow with unsanitized paths, which, while not classified as critical or high severity, still represents a potential vector for attack if exploited in conjunction with other weaknesses. The lack of explicit nonce checks is also a point of concern, although this is mitigated by the absence of AJAX handlers.  The plugin's strength lies in its clean history and minimal attack surface, but the significant output escaping issues and the unsanitized path flow present clear risks that need to be addressed.",[302,305],{"reason":303,"points":304},"Low percentage of properly escaped output",8,{"reason":306,"points":307},"Taint flow with unsanitized path",5,"2026-04-16T11:13:16.452Z",{"wat":310,"direct":317},{"assetPaths":311,"generatorPatterns":313,"scriptPaths":314,"versionParams":315},[312],"\u002Fwp-content\u002Fplugins\u002Fmore-privacy-options\u002Fstyle.css",[],[],[316],"more-privacy-options\u002Fstyle.css?ver=",{"cssClasses":318,"htmlComments":320,"htmlAttributes":340,"restEndpoints":342,"jsGlobals":343,"shortcodeOutput":345},[319],"ds-privacy-options-settings",[321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339],"\u003C!-- This program is free software; you can redistribute it and\u002For modify","Tips:","?????????? Notes\u002FQuestions about allowing wp-activate.php on a private site ????????????????????","First, but using string matching is dumb and easily bypasses login page. Adding \"?wp-activate.php\" to any url","Second, allow activate.php on the main page, but PHP_SELF url string matching may have the same drawbacks as REQUEST_URI. Could be done to main page with a plugin\u002Ffunction.","Finally, changing the hook to fire at send_headers rather than template_redirect allows the activation page on every site. Still shows template pages with headers\u002Fsidebars etc - so not ideal either. Hence my preference to redirect to the main site.","So, I have the private functions the way I actually use them on my private sites\u002Fnetworks. I also do many activations as the SiteAdmin manually using other plugins.","Therefore, the code in this revision may make blogs more private, but somewhat more inconvenient to activate, both features I desire.","We'll see how the feedback trickles in on this issue.","---Hooks-----------------------------------------------------------------\u002F\u002F","hooks into Misc Blog Actions in Network->Sites->Edit","hooks into Blog Columns views Network->Sites","hook into options-reading.php Dashboard->Settings->Reading.","all three add_privacy_option get a redirect and a message in the Login form","fixes robots.txt rules","fixes noindex meta as well","no pings unless public either","email SuperAdmin when privacy changes","hook into signup form?",[341],"data-sitewide-privacy",[],[344],"DS_MORE_PRIVACY_OPTIONS_NETWORK_SETTINGS",[],{"error":297,"url":347,"statusCode":348,"statusMessage":349,"message":349},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmore-privacy-options\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":28,"versions":351},[]]