[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fR-bslem1MAL4oOVp3MnW_IdEWv8lVQyYWjPalXPkEKg":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":129,"fingerprints":186},"nostr-verify","Nostr Verify","1.2.0","Jeremy Herve","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeherve\u002F","\u003Cp>Nostr Verify is a WordPress plugin that allows you to verify yourself with Nostr, using NIP-05, just like described in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnostr-protocol\u002Fnips\u002Fblob\u002Fmaster\u002F05.md\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Verify yourself with Nostr, using NIP-05",60,2694,100,1,"2024-11-12T07:12:00.000Z","6.7.5","6.2","7.2",[20,21,22,23],"discovery","jrd","nostr","well-known","https:\u002F\u002Fjeremy.hu\u002Fnostr-verify-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnostr-verify.1.2.0.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"jeherve",11,2450,94,30,90,"2026-04-04T07:06:38.517Z",[40,61,75,92,110],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":59,"download_link":60,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"webfinger","WebFinger","4.0.1","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>WebFinger allows you to be discovered on the web using an identifier like \u003Ccode>you@yourdomain.com\u003C\u002Fcode> — similar to how email works, but for your online identity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why is this useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fediverse & Mastodon:\u003C\u002Fstrong> WebFinger is essential for federation. It allows Mastodon and other ActivityPub-powered platforms to find and follow your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Decentralized Identity:\u003C\u002Fstrong> People can look you up using your WordPress domain, making your site the canonical source for your online identity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with other plugins:\u003C\u002Fstrong> This plugin provides the foundation that other plugins (like the ActivityPub plugin) build upon.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How it works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When someone searches for \u003Ccode>@you@yourdomain.com\u003C\u002Fcode> on Mastodon or another federated service, their server asks your WordPress site: “Who is this person?” WebFinger answers that question by providing information about you and links to your profiles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Technical details:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebFinger is an open standard (\u003Ca href=\"http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7033\" rel=\"nofollow ugc\">RFC 7033\u003C\u002Fa>) that enables discovery of information about people and resources on the internet. It works by responding to requests at \u003Ccode>\u002F.well-known\u002Fwebfinger\u003C\u002Fcode> on your domain.\u003C\u002Fp>\n","WebFinger for WordPress",1000,21454,74,3,"2025-12-16T11:02:00.000Z","6.9.4","4.2","",[57,20,21,58,41],"activitypub","ostatus","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webfinger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebfinger.4.0.1.zip",{"slug":62,"name":62,"version":63,"author":44,"author_profile":45,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":27,"num_ratings":27,"last_updated":68,"tested_up_to":53,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":73,"download_link":74,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"host-meta","1.3.2","\u003Cp>This plugin provides a host-meta – file for WordPress (RFC: http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc6415).\u003C\u002Fp>\n\u003Cp>From the RFC:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Web-based protocols often require the discovery of host policy or metadata, where host is not a single resource but the entity controlling the collection of resources identified by URIs with a common host as defined.  While these protocols have a wide range of metadata needs, they often define metadata that is concise, has simple syntax requirements, and can benefit from storing its metadata in a common location used by other related protocols.\u003C\u002Fp>\n\u003Cp>Because there is no URI or a resource available to describe a host, many of the methods used for associating per-resource metadata (such as HTTP headers) are not available.  This often leads to the overloading of the root HTTP resource (e.g. ‘http:\u002F\u002Fexample.com\u002F’) with host metadata that is not specific to the root resource (e.g. a home page or web application), and which often has nothing to do it.\u003C\u002Fp>\n\u003Cp>This memo registers the “well-known” URI suffix ‘host-meta’ in the Well-Known URI Registry established by, and specifies a simple, general-purpose metadata document for hosts, to be used by multiple Web-based protocols.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Logo by \u003Ca href=\"http:\u002F\u002Fhueniverse.com\u002F2009\u002F11\u002F23\u002Fhost-meta-aka-site-meta-and-well-known-uris\u002F\" rel=\"nofollow ugc\">Eran Hammer\u003C\u002Fa>\u003C\u002Fp>\n","host-meta for WordPress!",80,8283,"2025-12-07T18:30:00.000Z","3.0.5","5.2",[20,62,21,58,72],"xrd","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-host-meta","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhost-meta.1.3.2.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":83,"downloaded":84,"rating":27,"num_ratings":27,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":55,"tags":88,"homepage":89,"download_link":90,"security_score":91,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"well-known-uris","\u002Fwell-known-uris\u002F","1.0.3","mrose17","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrose17\u002F","\u003Cp>This plugin enables “Well-Known URIs” support for WordPress (RFC 5785: http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc5785).\u003C\u002Fp>\n\u003Cp>From the RFC:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>It is increasingly common for Web-based protocols to require the\u003Cbr \u002F>\n  discovery of policy or other information about a host (“site-wide\u003Cbr \u002F>\n  metadata”) before making a request.  For example, the Robots\u003Cbr \u002F>\n  Exclusion Protocol \u003Ca href=\"http:\u002F\u002Fwww.robotstxt.org\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.robotstxt.org\u002F\u003C\u002Fa> specifies a way for\u003Cbr \u002F>\n  automated processes to obtain permission to access resources;\u003Cbr \u002F>\n  likewise, the Platform for Privacy Preferences\u003Cbr \u002F>\n  tells user-agents how to discover privacy policy beforehand.\u003C\u002Fp>\n\u003Cp>While there are several ways to access per-resource metadata (e.g.,\u003Cbr \u002F>\n  HTTP headers, WebDAV’s PROPFIND [RFC4918]), the perceived overhead\u003Cbr \u002F>\n  (either in terms of client-perceived latency and\u002For deployment\u003Cbr \u002F>\n  difficulties) associated with them often precludes their use in these\u003Cbr \u002F>\n  scenarios.\u003C\u002Fp>\n\u003Cp>When this happens, it is common to designate a “well-known location”\u003Cbr \u002F>\n  for such data, so that it can be easily located.  However, this\u003Cbr \u002F>\n  approach has the drawback of risking collisions, both with other such\u003Cbr \u002F>\n  designated “well-known locations” and with pre-existing resources.\u003C\u002Fp>\n\u003Cp>To address this, this memo defines a path prefix in HTTP(S) URIs for\u003Cbr \u002F>\n  these “well-known locations”, “\u002F.well-known\u002F”.  Future specifications\u003Cbr \u002F>\n  that need to define a resource for such site-wide metadata can\u003Cbr \u002F>\n  register their use to avoid collisions and minimise impingement upon\u003Cbr \u002F>\n  sites’ URI space.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>You will need ‘manage_options’ capability in order to use the Settings\u003Cbr \u002F>\npage for this plugin.\u003C\u002Fp>\n","\"Well-Known URIs\" for WordPress!",70,2672,"2016-11-03T13:20:00.000Z","4.6.30","3.5.1",[20,23,76],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwell-known-uris\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwell-known-uris.zip",85,{"slug":93,"name":94,"version":95,"author":94,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":27,"num_ratings":27,"last_updated":101,"tested_up_to":102,"requires_at_least":70,"requires_php":55,"tags":103,"homepage":107,"download_link":108,"security_score":13,"vuln_count":14,"unpatched_count":27,"last_vuln_date":109,"fetched_at":29},"taboola","Taboola","3.0.2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaboolawordpress\u002F","\u003Cp>This plugin provides an easy way to integrate Taboola content into your WordPress pages.\u003Cbr \u002F>\nUsing Taboola’s mix of sponsored and editorial content, you can generate revenue and drive engagement.\u003Cbr \u002F>\n(Requires an account with Taboola. For more detail, see the \u003Ca href=\"https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin\u002F\" rel=\"nofollow ugc\">Taboola Dev Center\u003C\u002Fa>.)\u003C\u002Fp>\n","Use the Taboola plugin to generate revenue from native ads and drive engagement with editorial content.",3000,51300,"2025-10-29T11:42:00.000Z","6.8.0",[104,105,106,20,93],"ad-networks","ads","content-recommendations","https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaboola.zip","2023-07-24 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":13,"downloaded":118,"rating":27,"num_ratings":27,"last_updated":119,"tested_up_to":53,"requires_at_least":120,"requires_php":18,"tags":121,"homepage":127,"download_link":128,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"jumpsuitai-llms-txt","JumpsuitAI – llms.txt + Markdown Endpoints","1.1.4","Brad Phillips","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradphillips\u002F","\u003Cp>JumpsuitAI – llms.txt + Markdown Endpoints automatically publishes:\u003C\u002Fp>\n\u003Cp>Plugin website: https:\u002F\u002Fjumpsuitai.com\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u002Fllms.txt\u003C\u002Fstrong> — a structured list of links to your public content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u002Fllms-full.txt\u003C\u002Fstrong> — the entire documentation in a single file (optional, enable in settings)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>.md endpoints\u003C\u002Fstrong> — request a public URL with \u003Cstrong>.md\u003C\u002Fstrong> appended to get a lightweight Markdown representation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It also includes a simple \u003Cstrong>Groups & Content\u003C\u002Fstrong> screen to keep your output organized with sensible defaults (Pages and Posts), plus per-item controls like \u003Cstrong>Hide from LLMs\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Pro (separate plugin)\u003C\u002Fh4>\n\u003Cp>JumpsuitAI – llms.txt + Markdown Endpoints Pro adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom groups and manual ordering\u003C\u002Fli>\n\u003Cli>Per-item short descriptions\u003C\u002Fli>\n\u003Cli>Optional section support\u003C\u002Fli>\n\u003Cli>Custom intro text and blockquote customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses Freemius for plugin updates and (optional) usage analytics. Any data collection is opt-in.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service: Freemius\u003C\u002Fli>\n\u003Cli>Terms: https:\u002F\u002Ffreemius.com\u002Fterms\u002F\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Ffreemius.com\u002Fprivacy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Generate \u002Fllms.txt, \u002Fllms-full.txt & .md endpoints for AI\u002FLLMs in WordPress. Works with Yoast SEO, Rank Math, SEOPress & All in One SEO.",653,"2026-02-17T01:43:00.000Z","5.0",[122,123,124,125,126],"ai","content-discovery","llms-txt","markdown","seo","https:\u002F\u002Fjumpsuitai.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjumpsuitai-llms-txt.1.1.4.zip",{"attackSurface":130,"codeSignals":165,"taintFlows":176,"riskAssessment":177,"analyzedAt":185},{"hooks":131,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":27,"unprotectedCount":27},[132,138,142,146,149,152,155,158],{"type":133,"name":134,"callback":135,"file":136,"line":137},"action","init","anonymous","nostr-verify.php",25,{"type":133,"name":139,"callback":135,"priority":140,"file":136,"line":141},"activated_plugin",10,56,{"type":133,"name":143,"callback":144,"file":136,"line":145},"query_vars","closure",84,{"type":133,"name":147,"callback":135,"file":136,"line":148},"parse_request",162,{"type":133,"name":150,"callback":135,"file":136,"line":151},"show_user_profile",238,{"type":133,"name":153,"callback":135,"file":136,"line":154},"edit_user_profile",239,{"type":133,"name":156,"callback":135,"file":136,"line":157},"personal_options_update",258,{"type":133,"name":159,"callback":135,"file":136,"line":160},"edit_user_profile_update",259,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":27,"externalRequests":27,"nonceChecks":14,"capabilityChecks":27,"bundledLibraries":175},[],{"prepared":27,"raw":27,"locations":168},[],{"escaped":170,"rawEcho":14,"locations":171},16,[172],{"file":136,"line":173,"context":174},157,"raw output",[],[],{"summary":178,"deductions":179},"The \"nostr-verify\" v1.2.0 plugin exhibits a very strong security posture based on the provided static analysis. The absence of any identified dangerous functions, raw SQL queries, file operations, or external HTTP requests is highly commendable. The plugin also demonstrates good output escaping practices with 94% of outputs properly escaped, and correctly utilizes nonce checks. The lack of known vulnerabilities in its history further reinforces this positive assessment.\n\nHowever, the absence of any taint analysis results (total flows analyzed: 0) and a complete lack of capability checks are areas that warrant attention. While no direct risks are currently identified, these omissions mean that the plugin has not been rigorously tested for potential injection vulnerabilities that might arise from user-supplied data, nor does it implement robust access control for its (currently non-existent) entry points. The very small attack surface (0 entry points) is a significant strength that currently mitigates most theoretical risks, but a more comprehensive security review would benefit from exploring these areas.\n\nIn conclusion, the \"nostr-verify\" plugin appears to be built with security in mind, demonstrating excellent handling of common web vulnerabilities. The lack of historical vulnerabilities and the clean code signals are significant strengths. The primary area for improvement, though not a current risk due to the minimal attack surface, would be to incorporate taint analysis and capability checks to ensure a robust security foundation should the plugin's functionality or attack surface expand in the future.",[180,183],{"reason":181,"points":182},"Taint analysis not performed",5,{"reason":184,"points":182},"No capability checks","2026-03-16T21:41:55.688Z",{"wat":187,"direct":192},{"assetPaths":188,"generatorPatterns":189,"scriptPaths":190,"versionParams":191},[],[],[],[],{"cssClasses":193,"htmlComments":198,"htmlAttributes":199,"restEndpoints":205,"jsGlobals":207,"shortcodeOutput":208},[194,195,196,197],"nostr-name-wrap","nostr-pubkey-wrap","nostr-name-description","nostr-key-description",[],[200,201,202,203,204],"name=\"nostr-name\"","id=\"nostr-name\"","name=\"nostr-key\"","id=\"nostr-key\"","aria-describedby=\"email-description\"",[206],"\u002F.well-known\u002Fnostr.json",[],[]]