[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9vtYIlEA3Uiuj186eCKrvqp4R4T5tYha88Egmx7PcBw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":124,"fingerprints":195},"multisite-plugin-stats","Multisite Plugin Stats","1.1","ljg3","https:\u002F\u002Fprofiles.wordpress.org\u002Fljg3\u002F","\u003Cp>This plugin was designed to let you know a little bit more about what plugins your users are running on your multisite install. It’s useful it you’re trying to clean up unused plugins, or determine plugin popularity.\u003C\u002Fp>\n","A multisite plugin to show plugin activations across all your sites.",40,6481,100,2,"2012-06-22T19:25:00.000Z","3.4.2","3.1","",[20,21],"multisite","plugins","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmultisite-plugin-stats\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-plugin-stats.1.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T03:42:42.712Z",[35,55,73,90,107],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":13,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":53,"download_link":54,"security_score":13,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"plugin-report","Plugin Report","2.2.2","Torsten Landsiedel","https:\u002F\u002Fprofiles.wordpress.org\u002Fzodiac1978\u002F","\u003Cp>A WordPress plugin that provides detailed information about currently installed plugins.\u003C\u002Fp>\n\u003Ch3>Plugin Report will allow you to:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Spot plugins that are no longer maintained.\u003C\u002Fli>\n\u003Cli>Get a quick overview of the “plugin health” of your site.\u003C\u002Fli>\n\u003Cli>Provide clients with a detailed report, right from their own dashboard, or as CSV spreadsheet.\u003C\u002Fli>\n\u003Cli>Find plugins that are no longer active on multisite installs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to Roy Tanck for trusting me to adopt this great plugin. Hartelijk bedankt!\u003C\u002Fp>\n\u003Cp>Special thanks go to \u003Ca href=\"http:\u002F\u002Ftristen.ca\u002F\" rel=\"nofollow ugc\">Tristen Forsythe Brown\u003C\u002Fa> for the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftristen\u002Ftablesort\" rel=\"nofollow ugc\">tablesort JavaScript library\u003C\u002Fa> licensed under the MIT License.\u003C\u002Fp>\n","A WordPress plugin that provides detailed information about currently installed plugins.",1000,26304,14,"2026-01-18T12:46:00.000Z","6.9.4","4.6","5.6",[51,20,52,21],"admin","plugin-info","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-report\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-report.2.2.2.zip",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":32,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":71,"download_link":72,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"multisite-plugin-manager","Multisite Plugin Manager","3.1.6","Aaron Edwards","https:\u002F\u002Fprofiles.wordpress.org\u002Fuglyrobot\u002F","\u003Cp>Plugin management for WordPress Multisite that supports the native plugins page and the WPMU DEV Pro Sites plugin! Used on thousands of multisite installs across the web.\u003Cbr \u002F>\nPreviously known as \u003Cstrong>WPMU Plugin Manager\u003C\u002Fstrong>, it uses a backend options page to adjust plugin permissions for all the sites in your network.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select what plugins sites have access to\u003C\u002Fli>\n\u003Cli>Choose plugins to Auto-Activate for all new blogs\u003C\u002Fli>\n\u003Cli>Mass activate\u002Fdeactivate a plugin on all sites in your network (Very Handy!)\u003C\u002Fli>\n\u003Cli>Assign special plugin access permissions for specific sites in your network\u003C\u002Fli>\n\u003Cli>And as Super Admin, you can override all these to activate specific plugins on the sites you choose!\u003C\u002Fli>\n\u003Cli>Removes the plugin meta row links (Version, Author, Plugin) and any update messages for blog admins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Also, if you use the excellent \u003Ca href=\"https:\u002F\u002Fpremium.wpmudev.org\u002Fproject\u002Fpro-sites\u002F\" rel=\"nofollow ugc\">Pro Sites plugin from WPMU DEV\u003C\u002Fa> you will be able to charge for access to certain plugins!\u003C\u002Fp>\n\u003Cp>A free plugin by Aaron Edwards of \u003Ca href=\"http:\u002F\u002Fuglyrobot.com\u002F\" rel=\"nofollow ugc\">UglyRobot Web Development\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuglyrobot\u002Fmultisite-plugin-manager\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","The essential plugin for every multisite install! Manage plugin access permissions across your entire multisite network.",200,107575,23,"2020-08-18T01:52:00.000Z","4.9.29","3.7.3",[20,21,70],"wpmu","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmultisite-plugin-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-plugin-manager.3.1.6.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":13,"downloaded":81,"rating":82,"num_ratings":45,"last_updated":83,"tested_up_to":67,"requires_at_least":84,"requires_php":18,"tags":85,"homepage":18,"download_link":89,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"plugin-activation-status","Plugin Activation Status","1.0.2.1","Curtiss Grymala","https:\u002F\u002Fprofiles.wordpress.org\u002Fcgrymala\u002F","\u003Cp>Plugin Activation Status makes it easier for owners of multisite and multi-network WordPress installations to perform plugin audits on their installations. The plugin generates a list of plugins that are not currently active on any sites or networks. It generates a separate list of plugins that are active somewhere within the installation, and provides details about where and how those plugins are activated.\u003C\u002Fp>\n\u003Cp>This plugin first retrieves a full list of all of the plugins that are network-activated throughout your installation. Then, it loops through all of the sites in your installation, retrieving a list of all of the active plugins on each site. Next, it runs a diff between the full list of installed plugins and the list of all active plugins.\u003C\u002Fp>\n\u003Cp>Once it retrieves all of that information, it outputs two separate lists.\u003C\u002Fp>\n\u003Cp>The first list is the list of Inactive Plugins; all plugins that are installed, but not activated anywhere within WordPress will be listed there. The second list shows all of the Active Plugins; all plugins that are installed and activated somewhere within WordPress are shown there.\u003C\u002Fp>\n\u003Cp>Within the Active Plugins list, each plugin also has a list of all of the places the plugin is active (at the top, a list of all of the places it’s network-active; at the bottom, all of the places it’s normally-activated).\u003C\u002Fp>\n\u003Cp>When the plugin generates the lists of plugins, it stores those lists as site options in the database, so the lists can be retrieved for reference without using any additional server resources. If you would like to remove those cached lists and generate new lists, you simply have to click the Continue button on the admin page.\u003C\u002Fp>\n","Scans a multisite or multi-network installation to identify all plugins that are active or not.",26167,92,"2018-04-03T19:04:00.000Z","3.8",[86,87,20,88,21],"active","multi-network","network-active","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-activation-status.1.0.2.1.zip",{"slug":91,"name":92,"version":6,"author":93,"author_profile":94,"description":95,"short_description":96,"active_installs":31,"downloaded":97,"rating":13,"num_ratings":98,"last_updated":99,"tested_up_to":100,"requires_at_least":101,"requires_php":18,"tags":102,"homepage":105,"download_link":106,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"multi-site-plugins-add-new","Multi Site Plugins Add New","Pippin Williamson","https:\u002F\u002Fprofiles.wordpress.org\u002Fmordauk\u002F","\u003Cp>Adds an “Add New” sub menu item to the Plugins menu of all sites inside of a network for network admins.\u003C\u002Fp>\n","Adds an \"Add New\" sub menu item to the Plugins menu of all sites inside of a network for network admins.",6126,7,"2018-10-21T15:17:00.000Z","5.0.25","3.3",[103,104,20,21],"add-new","multi-site","http:\u002F\u002Fpippinsplugins.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmulti-site-plugins-add-new.1.1.zip",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":115,"downloaded":116,"rating":117,"num_ratings":98,"last_updated":118,"tested_up_to":119,"requires_at_least":17,"requires_php":18,"tags":120,"homepage":122,"download_link":123,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"proper-network-activation","Proper Network Activation","1.0.5","scribu","https:\u002F\u002Fprofiles.wordpress.org\u002Fscribu\u002F","\u003Cp>When running WordPress MultiSite, you have a very handy feature called network activation. It allows you to activate a plugin for the entire network of sites. The trouble is that it only does half the job.\u003C\u002Fp>\n\u003Cp>Some plugins have an install procedure that is meant to be run only on activation. However, when you do a network activation, that install procedure is only run for the current site. So, you end up with plugins not working properly on all the other sites.\u003C\u002Fp>\n\u003Cp>What this plugin does:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>when doing a network de\u002Factivation, it triggers the de\u002Factivation hook on all sites in the network\u003C\u002Fli>\n\u003Cli>when creating a new site, it triggers the activation hook for all active network plugins on that site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fscribu.net\u002Fwordpress\u002Fproper-network-activation\" rel=\"nofollow ugc\">Plugin News\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fscribu.net\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contribute Code at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscribu\u002Fwp-proper-network-activation\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fscribu\u002Fwp-proper-network-activation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contribute Translations at \u003Ca href=\"https:\u002F\u002Ftranslate.foe-services.de\u002Fprojects\u002Fproper-network-activation\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.foe-services.de\u002Fprojects\u002Fproper-network-activation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Avoid errors when using WordPress MultiSite network activation",20,32400,86,"2013-03-14T12:57:00.000Z","3.5.2",[121,51,20,21],"activation","http:\u002F\u002Fscribu.net\u002Fwordpress\u002Fproper-network-activation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproper-network-activation.zip",{"attackSurface":125,"codeSignals":149,"taintFlows":180,"riskAssessment":181,"analyzedAt":194},{"hooks":126,"ajaxHandlers":145,"restRoutes":146,"shortcodes":147,"cronEvents":148,"entryPointCount":25,"unprotectedCount":25},[127,133,137,141],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","network_admin_menu","add_menu","multisite-plugin-stats.php",32,{"type":128,"name":134,"callback":135,"file":131,"line":136},"admin_head","custom_css",33,{"type":128,"name":138,"callback":139,"file":131,"line":140},"admin_enqueue_scripts","register_admin_scripts",34,{"type":128,"name":142,"callback":143,"file":131,"line":144},"plugins_loaded","localization",35,[],[],[],[],{"dangerousFunctions":150,"sqlUsage":151,"outputEscaping":156,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":179},[],{"prepared":25,"raw":30,"locations":152},[153],{"file":131,"line":154,"context":155},70,"$wpdb->get_col() with variable interpolation",{"escaped":25,"rawEcho":157,"locations":158},10,[159,161,163,165,167,169,171,173,175,177],{"file":131,"line":13,"context":160},"raw output",{"file":131,"line":162,"context":160},104,{"file":131,"line":164,"context":160},111,{"file":131,"line":166,"context":160},118,{"file":131,"line":168,"context":160},119,{"file":131,"line":170,"context":160},120,{"file":131,"line":172,"context":160},124,{"file":131,"line":174,"context":160},126,{"file":131,"line":176,"context":160},137,{"file":131,"line":178,"context":160},141,[],[],{"summary":182,"deductions":183},"The \"multisite-plugin-stats\" v1.1 plugin exhibits a seemingly strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the potential attack surface. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests is a positive sign. However, the analysis reveals critical weaknesses in how data is handled.  The fact that 100% of SQL queries are not using prepared statements, combined with 100% of outputs not being properly escaped, presents a high risk of SQL injection and Cross-Site Scripting (XSS) vulnerabilities. Despite the clean vulnerability history, these code-level issues are substantial concerns that could be exploited if any of the entry points (even if currently zero) were to be introduced or become accessible.\n\nWhile the plugin's limited attack surface and lack of known vulnerabilities are strengths, the complete disregard for prepared statements in SQL and proper output escaping are significant vulnerabilities. These fundamental security practices are missing, creating a substantial risk of data compromise and arbitrary code execution if any data processed by the plugin is ever user-supplied or exposed to the public web. The plugin's current state is precarious; it may be secure by obscurity due to its lack of exposed functionality, but the underlying code is insecure.",[184,187,189,192],{"reason":185,"points":186},"SQL queries do not use prepared statements",8,{"reason":188,"points":98},"Output not properly escaped",{"reason":190,"points":191},"No nonce checks",5,{"reason":193,"points":191},"No capability checks","2026-03-16T22:19:50.024Z",{"wat":196,"direct":202},{"assetPaths":197,"generatorPatterns":199,"scriptPaths":200,"versionParams":201},[198],"\u002Fwp-content\u002Fplugins\u002Fmultisite-plugin-stats\u002Fjs\u002Fadmin.js",[],[198],[],{"cssClasses":203,"htmlComments":207,"htmlAttributes":208,"restEndpoints":211,"jsGlobals":212,"shortcodeOutput":213},[204,205,206],"plugin_list","plugin_count","plugin_site_list",[],[209,210],"id=\"plugin_count_\"","id=\"site_list_\"",[],[],[]]