[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fbHL3GFJwcNXnIkFmoYp6x04ev3OQZJwZLt43KOVIJww":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":135,"fingerprints":361},"multisite-plugin-manager","Multisite Plugin Manager","3.1.6","Aaron Edwards","https:\u002F\u002Fprofiles.wordpress.org\u002Fuglyrobot\u002F","\u003Cp>Plugin management for WordPress Multisite that supports the native plugins page and the WPMU DEV Pro Sites plugin! Used on thousands of multisite installs across the web.\u003Cbr \u002F>\nPreviously known as \u003Cstrong>WPMU Plugin Manager\u003C\u002Fstrong>, it uses a backend options page to adjust plugin permissions for all the sites in your network.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select what plugins sites have access to\u003C\u002Fli>\n\u003Cli>Choose plugins to Auto-Activate for all new blogs\u003C\u002Fli>\n\u003Cli>Mass activate\u002Fdeactivate a plugin on all sites in your network (Very Handy!)\u003C\u002Fli>\n\u003Cli>Assign special plugin access permissions for specific sites in your network\u003C\u002Fli>\n\u003Cli>And as Super Admin, you can override all these to activate specific plugins on the sites you choose!\u003C\u002Fli>\n\u003Cli>Removes the plugin meta row links (Version, Author, Plugin) and any update messages for blog admins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Also, if you use the excellent \u003Ca href=\"https:\u002F\u002Fpremium.wpmudev.org\u002Fproject\u002Fpro-sites\u002F\" rel=\"nofollow ugc\">Pro Sites plugin from WPMU DEV\u003C\u002Fa> you will be able to charge for access to certain plugins!\u003C\u002Fp>\n\u003Cp>A free plugin by Aaron Edwards of \u003Ca href=\"http:\u002F\u002Fuglyrobot.com\u002F\" rel=\"nofollow ugc\">UglyRobot Web Development\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuglyrobot\u002Fmultisite-plugin-manager\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","The essential plugin for every multisite install! Manage plugin access permissions across your entire multisite network.",200,107575,84,23,"2020-08-18T01:52:00.000Z","4.9.29","3.7.3","",[20,21,22],"multisite","plugins","wpmu","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmultisite-plugin-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-plugin-manager.3.1.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"uglyrobot",4,520,91,30,88,"2026-04-04T02:39:18.981Z",[39,60,79,99,116],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":49,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"plugin-report","Plugin Report","2.2.2","Torsten Landsiedel","https:\u002F\u002Fprofiles.wordpress.org\u002Fzodiac1978\u002F","\u003Cp>A WordPress plugin that provides detailed information about currently installed plugins.\u003C\u002Fp>\n\u003Ch3>Plugin Report will allow you to:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Spot plugins that are no longer maintained.\u003C\u002Fli>\n\u003Cli>Get a quick overview of the “plugin health” of your site.\u003C\u002Fli>\n\u003Cli>Provide clients with a detailed report, right from their own dashboard, or as CSV spreadsheet.\u003C\u002Fli>\n\u003Cli>Find plugins that are no longer active on multisite installs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to Roy Tanck for trusting me to adopt this great plugin. Hartelijk bedankt!\u003C\u002Fp>\n\u003Cp>Special thanks go to \u003Ca href=\"http:\u002F\u002Ftristen.ca\u002F\" rel=\"nofollow ugc\">Tristen Forsythe Brown\u003C\u002Fa> for the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftristen\u002Ftablesort\" rel=\"nofollow ugc\">tablesort JavaScript library\u003C\u002Fa> licensed under the MIT License.\u003C\u002Fp>\n","A WordPress plugin that provides detailed information about currently installed plugins.",1000,26304,100,14,"2026-01-18T12:46:00.000Z","6.9.4","4.6","5.6",[56,20,57,21],"admin","plugin-info","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-report\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-report.2.2.2.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":70,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":77,"download_link":78,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"advanced-export-for-wp-wpmu","Advanced Export for WP & WPMU","2.9","Ron Rennick","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpmuguru\u002F","\u003Cp>\u003Cem>The functionality in this plugin was incorporated into the built in export feature in WordPress 3.0\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Working with a single large export file can be difficult. Use this plugin to create multiple export files that contain sections of your blog. This plugin has been tested on WP  & WPMU versions 2.7 – 2.8.4. The plugin may work on earlier versions of WP\u002FWPMU.\u003C\u002Fp>\n\u003Cp>All restriction options provided in the plugin are \u003Cem>optional\u003C\u002Fem>. If no restrictions are selected, this plugin generates the same export file as the export feature built into WP & WPMU.\u003C\u002Fp>\n\u003Cp>\u003Cem>Features\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Export by any optional combination of:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>Date Range\u003C\u002Fem> – Start & end month\u002Fyear\u003C\u002Fli>\n\u003Cli>\u003Cem>Author\u003C\u002Fem> – Same as WP\u002FWPMU built-in export\u003C\u002Fli>\n\u003Cli>\u003Cem>Category\u003C\u002Fem> – Export a specific category\u003C\u002Fli>\n\u003Cli>\u003Cem>Content type\u003C\u002Fem> – Choose either posts or pages\u003C\u002Fli>\n\u003Cli>\u003Cem>Post status\u003C\u002Fem> – Choose Draft, Published, Scheduled or Private\u003C\u002Fli>\n\u003Cli>\u003Cem>Blog Tag\u002FCategory Terms\u003C\u002Fem> – Choose whether to include the blog’s complete list of Tags and\u002For Categories\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Support can be obtained through:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Ftags\u002Fadvanced-export-for-wp-wpmu?forum_id=10#postform\" rel=\"ugc\">WordPress Forums\u003C\u002Fa>\u003C\u002Fp>\n","Adds an Advanced Export to the Tools menu which allows selective exporting of pages, posts, specific categories and\u002For post statuses by date.",800,52833,74,3,"2015-08-10T12:29:00.000Z","4.8.28","2.7",[76,20,22],"export","http:\u002F\u002Fwpmututorials.com\u002Fplugins\u002Fadvanced-export\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-export-for-wp-wpmu.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":49,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":18,"tags":93,"homepage":97,"download_link":98,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"multisite-cloner","Multisite Cloner","0.2.2.1","Manuel Razzari","https:\u002F\u002Fprofiles.wordpress.org\u002Fmanuelrazzari\u002F","\u003Cp>In WordPress Multisite, new sites get a boring default template, without any custom settings or starter content.\u003C\u002Fp>\n\u003Cp>This plugin allows you to select a specific blog on your network, a “master” one, that will be cloned every time a new blog is created.\u003C\u002Fp>\n\u003Cp>In this way, new blogs will contain all posts, uploads, theme settings and plugin options from the master blog.\u003C\u002Fp>\n\u003Ch4>How does it work?\u003C\u002Fh4>\n\u003Col>\n\u003Cli>It uses MySQL \u003Ccode>INSERT INTO ... SELECT\u003C\u002Fcode> to copy \u003Cem>every\u003C\u002Fem> table from the “master” blog into the new one. This is fast!\u003C\u002Fli>\n\u003Cli>Then it does a search and replace on the new blog’s tables, to replace the old URL with the new one.\u003Cbr \u002F>\nThis is done in a way that respects serialized arrays, so your plugin’s settings will be preserved.\u003Cbr \u002F>\n(We used a heavily trimmed down version of Interconnect\u002FIT’s \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Finterconnectit\u002FSearch-Replace-DB\" rel=\"nofollow ugc\">Search and Replace\u003C\u002Fa> tool for that, so go thank them for this!)\u003C\u002Fli>\n\u003Cli>It proceeds to copy all files from the \u003Ccode>wp-content\u002Fuploads\u003C\u002Fcode> dir of your master blog into the new one’s, so that all assets will work as expected.\u003C\u002Fli>\n\u003Cli>Finally it does some house clean-up, updating the new blog’s title, admin email, and user roles as needed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Go check the screenshots, it’s really simple and does what it says.\u003Cbr \u002F>\nGive it a try!\u003C\u002Fp>\n\u003Cp>\u003Cem>This plugin was handcrafted with love and ‘yerba mate’ by the team at \u003Ca href=\"http:\u002F\u002Fwww.tipit.net\u002F\" title=\"Sustainable Web development since 1996 in Austin, Texas\" rel=\"nofollow ugc\">Tipit.net\u003C\u002Fa>.\u003C\u002Fem>\u003C\u002Fp>\n","When creating a new blog on WordPress Multisite, copies all the posts, settings and files, from a selected blog into the new one.",35036,94,29,"2016-11-18T20:45:00.000Z","4.6.30","3.0",[94,95,96,20,22],"clone","copy","copy-blog","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultisite-cloner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-cloner.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":49,"downloaded":107,"rating":49,"num_ratings":71,"last_updated":108,"tested_up_to":73,"requires_at_least":109,"requires_php":18,"tags":110,"homepage":114,"download_link":115,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"multisite-user-role-manager","Multisite User Role Manager","1.0.7","OzTheGreat","https:\u002F\u002Fprofiles.wordpress.org\u002Fozthegreat\u002F","\u003Cp>For WordPress Multisite (WPMU) installs, allows Super Admins to easily manage each users roles and blogs from one\u003Cbr \u002F>\nscreen in the Network Admin menu.\u003C\u002Fp>\n\u003Cp>You no longer have to go to each blog to change the user’s role. It’s also\u003Cbr \u002F>\nmuch easier to see which sites a user is associated with.\u003C\u002Fp>\n","Manage user roles for each blog from a single screen on multisite (WPMU) setups",30215,"2017-11-07T14:04:00.000Z","4.0",[111,20,112,113,22],"management","roles","users","https:\u002F\u002Fwpartisan.me\u002Fplugins\u002Fmultisite-user-role-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-user-role-manager.1.0.7.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":49,"downloaded":124,"rating":49,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":132,"download_link":133,"security_score":134,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"network-username-restrictions-override","Network Username Restrictions Override","1.3","Daniel Westermann-Clark","https:\u002F\u002Fprofiles.wordpress.org\u002Fdwc\u002F","\u003Cp>By default, WordPress network usernames cannot contain anything but lowercase letters and numbers. This plugin adds network options to let you include hyphens, underscores, or uppercase letters, if desired.\u003C\u002Fp>\n\u003Cp>Furthermore, this plugin gives you the option to allow email addresses as usernames, or to allow all-numeric usernames (e.g. “1234”).\u003C\u002Fp>\n\u003Cp>Finally, this plugin lets you override the minimum length for usernames (which defaults to four characters).\u003C\u002Fp>\n\u003Cp>To follow updates to this plugin, visit:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdanieltwc.com\u002F\u003C\u002Fp>\n\u003Cp>For help with this version, visit:\u003C\u002Fp>\n\u003Cp>https:\u002F\u002Fdanieltwc.com\u002F2011\u002Fnetwork-username-restrictions-override-1-0\u002F\u003C\u002Fp>\n","Override restrictions on WordPress network usernames.",10464,2,"2024-04-24T14:02:00.000Z","6.5.8","3.4",[56,130,20,131,22],"authentication","network","https:\u002F\u002Fdanieltwc.com\u002F2011\u002Fnetwork-username-restrictions-override-1-0\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetwork-username-restrictions-override.1.3.zip",92,{"attackSurface":136,"codeSignals":197,"taintFlows":251,"riskAssessment":344,"analyzedAt":360},{"hooks":137,"ajaxHandlers":193,"restRoutes":194,"shortcodes":195,"cronEvents":196,"entryPointCount":26,"unprotectedCount":26},[138,144,149,154,159,163,167,171,175,179,182,184,185,186,187,188,189,190,191,192],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","network_admin_menu","add_menu","plugin-manager.php",33,{"type":139,"name":145,"callback":146,"priority":147,"file":142,"line":148},"wpmu_new_blog","new_blog",50,34,{"type":150,"name":151,"callback":152,"file":142,"line":153},"filter","all_plugins","remove_plugins",37,{"type":150,"name":155,"callback":156,"priority":157,"file":142,"line":158},"plugin_action_links","action_links",10,40,{"type":139,"name":160,"callback":161,"file":142,"line":162},"admin_notices","supporter_message",42,{"type":139,"name":164,"callback":165,"file":142,"line":166},"plugins_loaded","localization",43,{"type":139,"name":168,"callback":169,"file":142,"line":170},"wpmueditblogaction","blog_options_form",46,{"type":139,"name":172,"callback":173,"file":142,"line":174},"wpmu_update_blog_options","blog_options_form_process",47,{"type":150,"name":176,"callback":177,"priority":157,"file":142,"line":178},"plugin_row_meta","remove_plugin_meta",49,{"type":139,"name":180,"callback":181,"file":142,"line":147},"admin_init","remove_plugin_update_row",{"type":139,"name":140,"callback":141,"file":183,"line":143},"trunk\\plugin-manager.php",{"type":139,"name":145,"callback":146,"priority":147,"file":183,"line":148},{"type":150,"name":151,"callback":152,"file":183,"line":153},{"type":150,"name":155,"callback":156,"priority":157,"file":183,"line":158},{"type":139,"name":160,"callback":161,"file":183,"line":162},{"type":139,"name":164,"callback":165,"file":183,"line":166},{"type":139,"name":168,"callback":169,"file":183,"line":170},{"type":139,"name":172,"callback":173,"file":183,"line":174},{"type":150,"name":176,"callback":177,"priority":157,"file":183,"line":178},{"type":139,"name":180,"callback":181,"file":183,"line":147},[],[],[],[],{"dangerousFunctions":198,"sqlUsage":199,"outputEscaping":206,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":125,"bundledLibraries":250},[],{"prepared":32,"raw":125,"locations":200},[201,204],{"file":142,"line":202,"context":203},320,"$wpdb->get_col() with variable interpolation",{"file":142,"line":205,"context":203},343,{"escaped":157,"rawEcho":207,"locations":208},24,[209,212,214,216,218,220,222,224,226,228,230,232,234,235,236,237,238,239,240,241,243,245,247,248],{"file":142,"line":210,"context":211},129,"raw output",{"file":142,"line":213,"context":211},130,{"file":142,"line":215,"context":211},131,{"file":142,"line":217,"context":211},134,{"file":142,"line":219,"context":211},167,{"file":142,"line":221,"context":211},170,{"file":142,"line":223,"context":211},171,{"file":142,"line":225,"context":211},273,{"file":142,"line":227,"context":211},276,{"file":142,"line":229,"context":211},277,{"file":142,"line":231,"context":211},278,{"file":142,"line":233,"context":211},417,{"file":183,"line":210,"context":211},{"file":183,"line":213,"context":211},{"file":183,"line":215,"context":211},{"file":183,"line":217,"context":211},{"file":183,"line":219,"context":211},{"file":183,"line":221,"context":211},{"file":183,"line":223,"context":211},{"file":183,"line":242,"context":211},271,{"file":183,"line":244,"context":211},274,{"file":183,"line":246,"context":211},275,{"file":183,"line":227,"context":211},{"file":183,"line":249,"context":211},413,[],[252,287,311,326],{"entryPoint":253,"graph":254,"unsanitizedCount":125,"severity":286},"process_form (plugin-manager.php:201)",{"nodes":255,"edges":280},[256,261,265,271,274,277],{"id":257,"type":258,"label":259,"file":142,"line":260},"n0","source","$_GET",205,{"id":262,"type":263,"label":264,"file":142,"line":260},"n1","transform","→ mass_activate()",{"id":266,"type":267,"label":268,"file":183,"line":269,"wp_function":270},"n2","sink","echo() [XSS]",325,"echo",{"id":272,"type":258,"label":259,"file":142,"line":273},"n3",209,{"id":275,"type":263,"label":276,"file":142,"line":273},"n4","→ mass_deactivate()",{"id":278,"type":267,"label":268,"file":183,"line":279,"wp_function":270},"n5",348,[281,283,284,285],{"from":257,"to":262,"sanitized":282},false,{"from":262,"to":266,"sanitized":282},{"from":272,"to":275,"sanitized":282},{"from":275,"to":278,"sanitized":282},"medium",{"entryPoint":288,"graph":289,"unsanitizedCount":125,"severity":286},"\u003Cplugin-manager> (plugin-manager.php:0)",{"nodes":290,"edges":304},[291,294,296,297,298,299,300,302],{"id":257,"type":258,"label":292,"file":142,"line":293},"$_GET (x2)",208,{"id":262,"type":267,"label":268,"file":142,"line":295,"wp_function":270},327,{"id":266,"type":258,"label":259,"file":142,"line":260},{"id":272,"type":263,"label":264,"file":142,"line":260},{"id":275,"type":267,"label":268,"file":183,"line":269,"wp_function":270},{"id":278,"type":258,"label":259,"file":142,"line":273},{"id":301,"type":263,"label":276,"file":142,"line":273},"n6",{"id":303,"type":267,"label":268,"file":183,"line":279,"wp_function":270},"n7",[305,307,308,309,310],{"from":257,"to":262,"sanitized":306},true,{"from":266,"to":272,"sanitized":282},{"from":272,"to":275,"sanitized":282},{"from":278,"to":301,"sanitized":282},{"from":301,"to":303,"sanitized":282},{"entryPoint":312,"graph":313,"unsanitizedCount":125,"severity":286},"process_form (trunk\\plugin-manager.php:201)",{"nodes":314,"edges":321},[315,316,317,318,319,320],{"id":257,"type":258,"label":259,"file":183,"line":260},{"id":262,"type":263,"label":264,"file":183,"line":260},{"id":266,"type":267,"label":268,"file":183,"line":269,"wp_function":270},{"id":272,"type":258,"label":259,"file":183,"line":273},{"id":275,"type":263,"label":276,"file":183,"line":273},{"id":278,"type":267,"label":268,"file":183,"line":279,"wp_function":270},[322,323,324,325],{"from":257,"to":262,"sanitized":282},{"from":262,"to":266,"sanitized":282},{"from":272,"to":275,"sanitized":282},{"from":275,"to":278,"sanitized":282},{"entryPoint":327,"graph":328,"unsanitizedCount":125,"severity":286},"\u003Cplugin-manager> (trunk\\plugin-manager.php:0)",{"nodes":329,"edges":338},[330,331,332,333,334,335,336,337],{"id":257,"type":258,"label":292,"file":183,"line":293},{"id":262,"type":267,"label":268,"file":183,"line":269,"wp_function":270},{"id":266,"type":258,"label":259,"file":183,"line":260},{"id":272,"type":263,"label":264,"file":183,"line":260},{"id":275,"type":267,"label":268,"file":183,"line":269,"wp_function":270},{"id":278,"type":258,"label":259,"file":183,"line":273},{"id":301,"type":263,"label":276,"file":183,"line":273},{"id":303,"type":267,"label":268,"file":183,"line":279,"wp_function":270},[339,340,341,342,343],{"from":257,"to":262,"sanitized":306},{"from":266,"to":272,"sanitized":282},{"from":272,"to":275,"sanitized":282},{"from":278,"to":301,"sanitized":282},{"from":301,"to":303,"sanitized":282},{"summary":345,"deductions":346},"The multisite-plugin-manager v3.1.6 plugin exhibits a generally good security posture with no known historical vulnerabilities or identified critical or high-severity issues in the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the plugin avoids dangerous functions, file operations, and external HTTP requests, which are common sources of vulnerabilities.\n\nHowever, there are some areas for concern. The static analysis revealed a concerning 4 out of 4 analyzed taint flows with unsanitized paths, although these did not reach a critical or high severity. This indicates a potential for sensitive data to be processed without adequate sanitization, which could be exploited under specific conditions, especially if combined with other weaknesses. Additionally, a low rate of output escaping (29%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, particularly if user-supplied data is displayed without proper encoding. The complete lack of nonce checks and limited capability checks (2) on entry points is also a significant oversight, as it leaves potential avenues for unauthorized actions or data manipulation if any unintended entry points are discovered or introduced.\n\nIn conclusion, while the plugin benefits from a small attack surface and a clean vulnerability history, the presence of unsanitized paths in taint flows and poor output escaping are notable weaknesses. The absence of nonce checks and limited capability checks further compounds these risks. While not currently posing an immediate critical threat based on the provided data, these issues warrant attention to improve the overall security robustness of the plugin and prevent potential future vulnerabilities.",[347,350,353,355,358],{"reason":348,"points":349},"Unsanitized paths in taint flows (4\u002F4)",12,{"reason":351,"points":352},"Low output escaping rate (29%)",8,{"reason":354,"points":157},"No nonce checks",{"reason":356,"points":357},"Limited capability checks (2)",5,{"reason":359,"points":357},"SQL queries not using prepared statements (33%)","2026-03-16T20:20:22.151Z",{"wat":362,"direct":371},{"assetPaths":363,"generatorPatterns":365,"scriptPaths":366,"versionParams":368},[364],"\u002Fwp-content\u002Fplugins\u002Fmultisite-plugin-manager\u002Fcss\u002Fstyle.css",[],[367],"\u002Fwp-content\u002Fplugins\u002Fmultisite-plugin-manager\u002Fjs\u002Fpm-admin.js",[369,370],"multisite-plugin-manager\u002Fcss\u002Fstyle.css?ver=","multisite-plugin-manager\u002Fjs\u002Fpm-admin.js?ver=",{"cssClasses":372,"htmlComments":374,"htmlAttributes":375,"restEndpoints":377,"jsGlobals":378,"shortcodeOutput":380},[373],"donate-message",[],[376],"data-plugin-manager",[],[379],"plugin_manager_params",[]]