[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdQ3Wj9gLqp8Z1RacAmGGu5_xfR95KJxjwHhDBD---qM":3,"$ft9jRjjJzBjxnkEeoi7FxWxHJyv1dduhWoAU3S1Bh5aw":327,"$fRkKhMh9HiJbuQ1MIRIOfUyaQiT6ldNLIu_7hEERxcOw":331},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":134,"fingerprints":309},"mrqurban-emergency-rescue","MrQurban Emergency Rescue","1.1.0","Muhammad Qurban","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrqurban13\u002F","\u003Cp>\u003Cstrong>MrQurban Emergency Rescue\u003C\u002Fstrong> is a lightweight, life-saving plugin designed to help you recover your WordPress site when you are locked out of the admin panel due to a fatal error, “Critical Error,” or the dreaded White Screen of Death (WSOD).\u003C\u002Fp>\n\u003Cp>It provides a \u003Cstrong>Secret Rescue URL\u003C\u002Fstrong> that loads a minimal, fail-safe interface \u003Cem>before\u003C\u002Fem> your active plugins, allowing you to selectively disable problematic plugins or themes by renaming their folders without needing FTP access.\u003C\u002Fp>\n\u003Ch3>🌟 Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fail-Safe Recovery\u003C\u002Fstrong>: Loads early to bypass fatal errors caused by other plugins.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secret Access\u003C\u002Fstrong>: Protected by a unique, randomized secret key.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>One-Click Deactivation\u003C\u002Fstrong>: Instantly disable any plugin or theme.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Debug Tools\u003C\u002Fstrong>: Enable \u003Ccode>WP_DEBUG_LOG\u003C\u002Fcode> on the fly and view the log file directly in the rescue interface.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure\u003C\u002Fstrong>: Uses a secret key and verifies permissions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>⚠️ Important Usage Note\u003C\u002Fh3>\n\u003Cp>While this plugin works as a standard plugin, it is \u003Cstrong>highly recommended\u003C\u002Fstrong> to install it as a \u003Cstrong>Must-Use (MU) Plugin\u003C\u002Fstrong> to ensure it loads before any other plugin that might be causing a crash.\u003C\u002Fp>\n","Recover from fatal errors and White Screen of Death (WSOD) by disabling plugins or themes via a secret rescue URL.",0,283,"2026-03-16T18:39:00.000Z","6.9.4","5.0","7.0",[18,19,20,21,22],"debug","fatal-error","recovery","rescue","troubleshooting","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmrqurban-emergency-rescue.1.1.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"mrqurban13",1,30,94,"2026-05-19T22:14:02.765Z",[37,59,80,100,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-safe-mode","WP Safe Mode","1.3","Marcus (aka @msykes)","https:\u002F\u002Fprofiles.wordpress.org\u002Fnetweblogic\u002F","\u003Cp>WP Safe Mode allows you to view your site temporarily with certain plugins disabled\u002Fenabled as well as switching to another theme.\u003C\u002Fp>\n\u003Cp>This is particularly useful if you are experiencing problems with a specific plugin or theme and need troubleshoot without it affecting the rest of your site visitors.\u003C\u002Fp>\n\u003Cp>Additionally, a loader file can be directly installed via FTP to help you access an inaccessible site due to PHP errors (e.g. blank screens or white screen of death) to help restore it from the admin panel.\u003C\u002Fp>\n\u003Ch4>Main Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Enter Safe Mode for just yourself whilst logged in.\u003C\u002Fli>\n\u003Cli>Enable Safe Mode for the whole site.\u003C\u002Fli>\n\u003Cli>Admin Bar shortcuts for enabling\u002Fdisabling Safe Mode.\u003C\u002Fli>\n\u003Cli>Restrict Safe Mode to certain IP addresses.\u003C\u002Fli>\n\u003Cli>Automatic installation (if file permissions allow).\u003C\u002Fli>\n\u003Cli>Fallback to a default WordPress theme or one of your choice in Safe Mode.\u003C\u002Fli>\n\u003Cli>Prevent or allow Must-Use plugins from loading in Safe-Mode.\u003C\u002Fli>\n\u003Cli>Handy loader file via FTP when your site is completely inaccessible.\u003C\u002Fli>\n\u003Cli>MultiSite Support\n\u003Cul>\n\u003Cli>Network-wide Safe Mode (for just you, or everyone)\u003C\u002Fli>\n\u003Cli>Restrict Network-wide Safe Mode to certain IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>MultiSite Site-Specific Safe Modes\n\u003Cul>\n\u003Cli>Override Network-wide Safe Mode settings for an individual site\u003C\u002Fli>\n\u003Cli>Network Admins can deactivate Network-Active and Must-Use plugins.\u003C\u002Fli>\n\u003Cli>Allow individual site admins from enabling safe mode for their own site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Data Privacy and GDPR Compliance\u003C\u002Fh4>\n\u003Cp>No personal data is used or stored by this plugin. For those entering user-only mode, a cookie is loaded to identify that user.\u003C\u002Fp>\n","Disable plugins or switch themes for just you or the whole site for debugging, troubleshooting or accessing and restoring a broken website.",2000,24440,86,8,"2025-04-23T09:57:00.000Z","6.8.5","4.6","5.2.6",[18,54,20,55,22],"debugging","safe-mode","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-safe-mode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-safe-mode.1.3.zip",92,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":25,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-mail-debugger","WP Mail Debugger","1.1","Timothy Jacobs","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimothyblynjacobs\u002F","\u003Cp>WP Mail Debugger captures and displays all emails sent through wp_mail() for debugging and troubleshooting. A new admin menu, WP Mail Debugger, is added under the Tools menu.\u003C\u002Fp>\n\u003Cp>Get the \u003Ca href=\"https:\u002F\u002Fapps.apple.com\u002Fus\u002Fapp\u002Fwp-mail-debugger\u002Fid1547093438?mt=12\" rel=\"nofollow ugc\">Mac App\u003C\u002Fa> to connect to multiple WordPress websites from one convenient location.\u003C\u002Fp>\n","WP Mail Debugger captures and displays all emails sent through wp_mail() for debugging and troubleshooting.",300,9089,2,"2024-07-22T02:23:00.000Z","6.6.5","6.3.0","7.2.0",[18,75,76,22,77],"email","email-log","wp-mail","https:\u002F\u002Fwpmaildebugger.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-mail-debugger.1.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":25,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":14,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":23,"download_link":99,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"conflict-finder-wp-fix-it","Conflict Finder","7.2","WP Fix It - WordPress Experts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfixit\u002F","\u003Cp>Conflict Finder is a comprehensive troubleshooting plugin designed for WordPress administrators, developers, and support professionals who need to identify the root cause of site issues.\u003C\u002Fp>\n\u003Cp>From a single interface, Conflict Finder allows you to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable and manage WP_DEBUG without manually editing files\u003C\u002Fli>\n\u003Cli>View, download, and clear the WordPress debug log\u003C\u002Fli>\n\u003Cli>Temporarily disable plugins to identify conflicts\u003C\u002Fli>\n\u003Cli>Switch themes to test theme-related issues\u003C\u002Fli>\n\u003Cli>Test WordPress email delivery using \u003Ccode>wp_mail()\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong>\u003Cbr \u002F>\nConflict Finder \u003Cstrong>does temporarily affect site behavior\u003C\u002Fstrong> while troubleshooting is active. This may include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disabled plugins\u003C\u002Fli>\n\u003Cli>A different active theme\u003C\u002Fli>\n\u003Cli>Debug notices or errors being displayed\u003C\u002Fli>\n\u003Cli>Changes visible to logged-out visitors\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For this reason, troubleshooting should be performed during maintenance windows or on staging sites whenever possible.\u003C\u002Fp>\n\u003Cp>Conflict Finder automatically tracks your original configuration and allows you to restore plugins, themes, and debugging settings once testing is complete.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Troubleshooting Dashboard\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Central overview of debugging and conflict states\u003C\u002Fli>\n\u003Cli>Environment snapshot including WordPress, PHP, memory, and server software\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>WP_DEBUG Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable WP_DEBUG with a single switch\u003C\u002Fli>\n\u003Cli>Control error display and logging behavior\u003C\u002Fli>\n\u003Cli>Load unminified scripts for debugging\u003C\u002Fli>\n\u003Cli>View, download, or clear \u003Ccode>wp-content\u002Fdebug.log\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Safely updates \u003Ccode>wp-config.php\u003C\u002Fcode> as needed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Plugin Conflict Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Temporarily deactivate all active plugins\u003C\u002Fli>\n\u003Cli>Save and restore original plugin states\u003C\u002Fli>\n\u003Cli>Activate plugins one at a time to identify conflicts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Theme Conflict Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Temporarily switch to another installed theme\u003C\u002Fli>\n\u003Cli>Identify theme-related layout or functionality issues\u003C\u002Fli>\n\u003Cli>Restore the original theme instantly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Email Delivery Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Send a real test email using WordPress mail\u003C\u002Fli>\n\u003Cli>Confirm whether the server can successfully send email\u003C\u002Fli>\n\u003Cli>Helps identify SMTP or hosting mail issues\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>When to Use Conflict Finder\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Diagnosing white screens or fatal errors\u003C\u002Fli>\n\u003Cli>Identifying plugin conflicts\u003C\u002Fli>\n\u003Cli>Testing theme-related layout or functionality issues\u003C\u002Fli>\n\u003Cli>Investigating PHP notices or warnings\u003C\u002Fli>\n\u003Cli>Verifying WordPress email delivery\u003C\u002Fli>\n\u003Cli>Support and development workflows\u003C\u002Fli>\n\u003C\u002Ful>\n","Conflict Finder is a WordPress troubleshooting toolkit that helps diagnose plugin conflicts, theme issues, debugging errors, and email delivery proble &hellip;",8971,90,4,"2026-01-27T14:26:00.000Z","4.9","5.6",[95,96,97,22,98],"debug-log","plugin-conflict","theme-conflict","wp_debug","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fconflict-finder-wp-fix-it.7.2.zip",{"slug":101,"name":102,"version":62,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":25,"downloaded":107,"rating":108,"num_ratings":69,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":23,"tags":112,"homepage":115,"download_link":116,"security_score":117,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"phpinfo","Phpinfo","Roland Rust","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdprx\u002F","\u003Cp>Prints out your webservers php settings as well as other information about your WordPress installation.\u003Cbr \u002F>\nImportant for posting at various WordPress support forums.\u003C\u002Fp>\n","Prints out your webservers php settings as well as other information about your WordPress installation.",16371,70,"2007-09-14T07:38:00.000Z","2.2.2","1.5",[113,54,101,114,22],"configuration","server","http:\u002F\u002Fwordpress.designpraxis.at","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphpinfo.zip",85,{"slug":55,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":25,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":23,"tags":131,"homepage":23,"download_link":133,"security_score":117,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"Safe Mode","1.1.3","Uffe Fey","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkonsulent\u002F","\u003Cp>This plugin enables safe mode for WordPress. This means:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No plugins will be loaded.\u003C\u002Fli>\n\u003Cli>A default theme will be temporarily activated (if it is installed).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why is this useful?\u003C\u002Fh4>\n\u003Cp>Whenever something’s wrong with a WordPress site, the first rule of thumb is to disable plugins and revert to the default theme if possible. Depending on the nature of the error, that is not always an option. The back end (dashboard) may also be down or you may not have FTP access to manually disable plugins and themes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enter Safe Mode\u003C\u002Fstrong>. Safe Mode will completely disable all plugins and the active theme temporarily for a single page view – ultimately enabling you to log in and remove the offending plugin. (This is not guaranteed to work in all scenarios, please read the disclaimer)\u003C\u002Fp>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Cp>If your site crashes due to an upsetting plugin or theme, all you have to do is add a querystring parameter to the URL. Doing that will temporarily disable all plugins for that single page view, as well as temporarily activate a default theme if one is installed.\u003C\u002Fp>\n\u003Cp>Let’s say you’re the owner of www.example.com. To enable safe mode for one particular page, you add this to the URL: “?safe_mode=1”.\u003C\u002Fp>\n\u003Cp>Bear in mind that you have to do this for every view. The querystring parameter isn’t carried on automatically. So, for instance:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you need to log in, go to: www.example.com\u002Fwp-admin\u002F?safe_mode=1\u003C\u002Fli>\n\u003Cli>If you need to go to plugin management, go to: www.example.com\u002Fwp-admin\u002Fplugins.php?safe_mode=1\u003C\u002Fli>\n\u003Cli>If you need to go to theme management, go to: www.example.com\u002Fwp-admin\u002Fthemes.php?safe_mode=1\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When you go to plugin management, all plugins will seem to be deactivated (due to the way Safe Mode works), but you’ll still be able to explicitly deactivate each plugin. Just use the “Deactivate (safe mode)” option.\u003C\u002Fp>\n\u003Ch4>What are default themes?\u003C\u002Fh4>\n\u003Cp>By default theme, I’m referring to the themes that ships with WordPress, you know, the Twenty “something” ones.\u003C\u002Fp>\n\u003Cp>The plugin checks if any of these themes are installed, and if so, activates the first theme it encounters. Thus I highly recommend that you keep one of those themes installed at all times. If you don’t, safe mode will keep your current active theme, and that theme may just be the offender – leaving safe mode useless. Keep this in mind.\u003C\u002Fp>\n\u003Ch4>Disclaimer\u003C\u002Fh4>\n\u003Cp>This plugin will be able to handle many scenarios, but not all. If your site’s crash is caused by a database crash, or something that simply brings down the PHP parser, like a call to an undefined function, Safe Mode won’t be able to do anything about that.\u003C\u002Fp>\n","Makes it possible to enable safe mode for WordPress. In safe mode, plugins will not be loaded and the default theme (if installed) will be activated.",7841,84,5,"2018-12-20T10:23:00.000Z","5.0.25","3.0.1",[18,132,20,55],"error","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsafe-mode.zip",{"attackSurface":135,"codeSignals":161,"taintFlows":185,"riskAssessment":301,"analyzedAt":308},{"hooks":136,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":11,"unprotectedCount":11},[137,142,145,149,153],{"type":138,"name":139,"callback":140,"file":141,"line":33},"action","admin_init","generate_key_if_missing","mrqurban-emergency-rescue.php",{"type":138,"name":139,"callback":143,"file":141,"line":144},"handle_admin_actions",31,{"type":138,"name":146,"callback":147,"file":141,"line":148},"admin_notices","show_secret_key",32,{"type":138,"name":150,"callback":151,"file":141,"line":152},"admin_menu","register_menu_page",33,{"type":138,"name":154,"callback":155,"file":141,"line":156},"admin_enqueue_scripts","enqueue_admin_styles",34,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":172,"outputEscaping":174,"fileOperations":182,"externalRequests":11,"nonceChecks":90,"capabilityChecks":183,"bundledLibraries":184},[163,167,169],{"fn":164,"file":141,"line":165,"context":166},"ini_set",99,"@ini_set('log_errors', 'On');",{"fn":164,"file":141,"line":25,"context":168},"@ini_set('display_errors', 'Off'); \u002F\u002F Ensure we don't break the rescue UI with browser errors.",{"fn":164,"file":141,"line":170,"context":171},103,"@ini_set('error_log', $log_file);",{"prepared":69,"raw":11,"locations":173},[],{"escaped":175,"rawEcho":69,"locations":176},146,[177,180],{"file":141,"line":178,"context":179},254,"raw output",{"file":141,"line":181,"context":179},592,6,7,[],[186,205,217,230,262],{"entryPoint":187,"graph":188,"unsanitizedCount":32,"severity":204},"list_items (mrqurban-emergency-rescue.php:589)",{"nodes":189,"edges":201},[190,195],{"id":191,"type":192,"label":193,"file":141,"line":194},"n0","source","$_SERVER",626,{"id":196,"type":197,"label":198,"file":141,"line":199,"wp_function":200},"n1","sink","echo() [XSS]",635,"echo",[202],{"from":191,"to":196,"sanitized":203},false,"medium",{"entryPoint":206,"graph":207,"unsanitizedCount":11,"severity":216},"render_settings_page (mrqurban-emergency-rescue.php:180)",{"nodes":208,"edges":213},[209,212],{"id":191,"type":192,"label":210,"file":141,"line":211},"$_GET",251,{"id":196,"type":197,"label":198,"file":141,"line":178,"wp_function":200},[214],{"from":191,"to":196,"sanitized":215},true,"low",{"entryPoint":218,"graph":219,"unsanitizedCount":11,"severity":216},"handle_admin_actions (mrqurban-emergency-rescue.php:315)",{"nodes":220,"edges":228},[221,224],{"id":191,"type":192,"label":222,"file":141,"line":223},"$_POST",336,{"id":196,"type":197,"label":225,"file":141,"line":226,"wp_function":227},"update_option() [Settings Manipulation]",340,"update_option",[229],{"from":191,"to":196,"sanitized":215},{"entryPoint":231,"graph":232,"unsanitizedCount":11,"severity":216},"render_rescue_page (mrqurban-emergency-rescue.php:491)",{"nodes":233,"edges":257},[234,237,239,243,245,249,251,254],{"id":191,"type":192,"label":235,"file":141,"line":236},"$_SERVER (x2)",537,{"id":196,"type":197,"label":198,"file":141,"line":238,"wp_function":200},541,{"id":240,"type":192,"label":241,"file":141,"line":242},"n2","$_GET['msg']",557,{"id":244,"type":197,"label":198,"file":141,"line":242,"wp_function":200},"n3",{"id":246,"type":192,"label":247,"file":141,"line":248},"n4","$_GET['error']",562,{"id":250,"type":197,"label":198,"file":141,"line":248,"wp_function":200},"n5",{"id":252,"type":192,"label":210,"file":141,"line":253},"n6",575,{"id":255,"type":197,"label":198,"file":141,"line":256,"wp_function":200},"n7",578,[258,259,260,261],{"from":191,"to":196,"sanitized":215},{"from":240,"to":244,"sanitized":215},{"from":246,"to":250,"sanitized":215},{"from":252,"to":255,"sanitized":215},{"entryPoint":263,"graph":264,"unsanitizedCount":11,"severity":216},"\u003Cmrqurban-emergency-rescue> (mrqurban-emergency-rescue.php:0)",{"nodes":265,"edges":293},[266,268,269,270,271,273,274,275,276,278,280,283,288,290],{"id":191,"type":192,"label":267,"file":141,"line":211},"$_GET (x2)",{"id":196,"type":197,"label":198,"file":141,"line":178,"wp_function":200},{"id":240,"type":192,"label":222,"file":141,"line":223},{"id":244,"type":197,"label":225,"file":141,"line":226,"wp_function":227},{"id":246,"type":192,"label":272,"file":141,"line":236},"$_SERVER (x3)",{"id":250,"type":197,"label":198,"file":141,"line":238,"wp_function":200},{"id":252,"type":192,"label":241,"file":141,"line":242},{"id":255,"type":197,"label":198,"file":141,"line":242,"wp_function":200},{"id":277,"type":192,"label":247,"file":141,"line":248},"n8",{"id":279,"type":197,"label":198,"file":141,"line":248,"wp_function":200},"n9",{"id":281,"type":192,"label":193,"file":141,"line":282},"n10",690,{"id":284,"type":197,"label":285,"file":141,"line":286,"wp_function":287},"n11","header() [Header Injection]",703,"header",{"id":289,"type":192,"label":210,"file":141,"line":211},"n12",{"id":291,"type":197,"label":225,"file":141,"line":292,"wp_function":227},"n13",729,[294,295,296,297,298,299,300],{"from":191,"to":196,"sanitized":215},{"from":240,"to":244,"sanitized":215},{"from":246,"to":250,"sanitized":215},{"from":252,"to":255,"sanitized":215},{"from":277,"to":279,"sanitized":215},{"from":281,"to":284,"sanitized":215},{"from":289,"to":291,"sanitized":215},{"summary":302,"deductions":303},"The \"mrqurban-emergency-rescue\" v1.1.0 plugin demonstrates a generally strong security posture, primarily due to its diligent use of prepared statements for SQL queries and robust output escaping. The absence of known CVEs and a clean vulnerability history further contribute to this positive assessment.  The plugin also incorporates a good number of nonce and capability checks, indicating an awareness of common WordPress security practices.\n\nHowever, the static analysis reveals a few potential areas for concern. The presence of `ini_set` in three instances, while not inherently a vulnerability, can sometimes be misused to alter sensitive PHP configurations if not handled with extreme care, especially in a security context. Furthermore, the taint analysis flagged one flow with an unsanitized path. While this didn't result in a critical or high-severity finding, it warrants attention as it represents a potential vector for unintended behavior or information disclosure if that path is ever exposed to user-controlled input without proper sanitization.\n\nOverall, the plugin is well-built from a security perspective, with few outright vulnerabilities detected. The focus on prepared statements and output escaping is commendable. The few red flags identified are minor in isolation but suggest that ongoing vigilance and careful code reviews for any future updates would be prudent, particularly concerning the use of `ini_set` and any paths that could potentially interact with untrusted data.",[304,306],{"reason":305,"points":48},"Unsanitized path in taint analysis",{"reason":307,"points":127},"Use of dangerous function ini_set","2026-04-16T15:08:18.249Z",{"wat":310,"direct":317},{"assetPaths":311,"generatorPatterns":313,"scriptPaths":314,"versionParams":315},[312],"\u002Fwp-content\u002Fplugins\u002Fmrqurban-emergency-rescue\u002Fassets\u002Fadmin.css",[],[],[316],"mrqurban-emergency-rescue\u002Fassets\u002Fadmin.css?ver=1.1.0",{"cssClasses":318,"htmlComments":320,"htmlAttributes":321,"restEndpoints":324,"jsGlobals":325,"shortcodeOutput":326},[319],"wper-card",[],[322,323],"onclick=\"this.select()\"","value=\"\u003C?php echo esc_attr($key); ?>\"",[],[],[],{"error":215,"url":328,"statusCode":329,"statusMessage":330,"message":330},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fmrqurban-emergency-rescue\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":332,"versions":333},3,[334,339,345],{"version":62,"download_url":24,"svn_tag_url":335,"released_at":26,"has_diff":203,"diff_files_changed":336,"diff_lines":26,"trac_diff_url":337,"vulnerabilities":338,"is_current":203},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmrqurban-emergency-rescue\u002Ftags\u002F1.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmrqurban-emergency-rescue%2Ftags%2F1.1.0&new_path=%2Fmrqurban-emergency-rescue%2Ftags%2F1.1",[],{"version":6,"download_url":340,"svn_tag_url":341,"released_at":26,"has_diff":203,"diff_files_changed":342,"diff_lines":26,"trac_diff_url":343,"vulnerabilities":344,"is_current":215},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmrqurban-emergency-rescue.1.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmrqurban-emergency-rescue\u002Ftags\u002F1.1.0\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fmrqurban-emergency-rescue%2Ftags%2F1.0&new_path=%2Fmrqurban-emergency-rescue%2Ftags%2F1.1.0",[],{"version":346,"download_url":347,"svn_tag_url":348,"released_at":26,"has_diff":203,"diff_files_changed":349,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":350,"is_current":203},"1.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmrqurban-emergency-rescue.1.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fmrqurban-emergency-rescue\u002Ftags\u002F1.0\u002F",[],[]]