[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSMn967mPw6hMlDFRb2wr2VbapDPaq13Bu1bsLRng0YE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":143,"fingerprints":175},"old-post-alert","Old Post Alert","1.2.0","Crowd Favorite","https:\u002F\u002Fprofiles.wordpress.org\u002Fcrowdfavorite\u002F","\u003Cp>Old Post Alert shows a banner in your comments form for posts more than a month old. The banner reminds the commentor that there may be newer information available later in the blog. This may cut down on comments that are irrelevant due to more recent developments.\u003C\u002Fp>\n","Remind your visitors about the age of old posts in the comment area - might cut down in irrelevant comments.",10,6463,0,"2022-06-24T12:20:00.000Z","6.0.11","1.5","",[19,20,21,22],"age","comments","post","relevance","http:\u002F\u002Falexking.org\u002Fprojects\u002Fwordpress","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fold-post-alert.1.2.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":25,"computed_at":35},"crowdfavorite",7,2070,87,30,"2026-04-05T07:40:09.562Z",[37,62,84,106,125],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":17,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":13,"last_vuln_date":61,"fetched_at":27},"no-page-comment","No Page Comment","1.3.1","Seth Alling","https:\u002F\u002Fprofiles.wordpress.org\u002Fsethta\u002F","\u003Cp>Up until recently, WordPress gave two options: You could either disable comments and trackbacks by default for all pages and posts, or you could have them active by default. In WordPress version 4.3, this finally changed so comments are always disabled on new pages.\u003C\u002Fp>\n\u003Cp>While the new change makes it easier for many of the sites, it make it harder for people who need to get the reverse and enable comments on all pages, or if they need to change the default for a custom post type. This plugin allows you to choose whether comments are enabled or disabled by default on all new posts, pages and custom post types, while still giving the ability to individually enable comments on posts or pages.\u003C\u002Fp>\n\u003Cp>Also, this plugin provides a way to quickly disable all comments or pingbacks for a specific custom post type. It directly interacts with your database to modify the status, so it is highly recommended that you backup your database first. There shouldn’t be any issues using this feature, but it’s always good to play it safe.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\" title=\"No Page Comment Development on Github\" rel=\"nofollow ugc\">View No Page Comment Development on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsethta\u002Fno-page-comment\u002Fissues\" title=\"Report an Issue about No Page Comment on Github\" rel=\"nofollow ugc\">Please Report any Issues about No Page Comment on Github\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_s-xclick&hosted_button_id=5WWP2EDSCAJR4\" title=\"Donate to support the No Page Comment Plugin development\" rel=\"nofollow ugc\">Donate to Support No Page Comment Development\u003C\u002Fa>\u003C\u002Fp>\n","An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.",10000,250545,96,23,"2025-11-17T15:09:00.000Z","6.8.5","6.2","7.4",[20,54,55,56,57],"custom-post-types","discussion","pages","posts","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-page-comment.zip",99,2,"2022-09-21 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":70,"downloaded":71,"rating":72,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":82,"download_link":83,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"remove-noreferrer","Remove noreferrer","2.0.0","gruz0","https:\u002F\u002Fprofiles.wordpress.org\u002Fgruz0\u002F","\u003Cp>\u003Cstrong>“Remove noreferrer” automatically removes \u003Ccode>rel=\"noreferrer\"\u003C\u002Fcode> attribute from links on your website on-the-fly.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Plugin does not modify original links or content in the database.\u003C\u002Fp>\n\u003Ch3>Which kind of content supported?\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Blog page (homepage, etc.)\u003C\u002Fli>\n\u003Cli>Comments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Also it supports standard WordPress widgets:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>“Text”\u003C\u002Fli>\n\u003Cli>“Custom HTML”\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Docs & Support\u003C\u002Fh4>\n\u003Cp>This plugin is an open source project and we would love you to help us make it better. If you want a new feature will be implemented in this plugin, you can open a \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgruz0\u002Fremove-noreferrer\u002Fissues\u002Fnew\" rel=\"nofollow ugc\">GitHub Issue\u003C\u002Fa>. If you don’t have a GitHub Account you can send me email to \u003Ca href=\"mailto:alexander@kadyrov.dev\" rel=\"nofollow ugc\">alexander@kadyrov.dev\u003C\u002Fa>. You can find more detailed information about plugin on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgruz0\u002Fremove-noreferrer\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002Fgruz0\" rel=\"nofollow ugc\">Buy Me a Coffee\u003C\u002Fa>\u003C\u002Fp>\n","\"Remove noreferrer\" automatically removes rel=\"noreferrer\" attribute from links on your website on-the-fly.",5000,15740,100,14,"2021-01-04T11:56:00.000Z","5.6.17","5.1","5.6",[20,79,80,21,81],"noreferrer","page","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-noreferrer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-noreferrer.2.0.0.zip",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":13,"num_ratings":13,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":17,"download_link":104,"security_score":105,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"disable-rss-feeds-and-comments","Disable Feeds and Comments","1.5.1","Haseeb Asghar","https:\u002F\u002Fprofiles.wordpress.org\u002Fhaseebasghar\u002F","\u003Cp>This WordPress plugin, “Disable RSS Feeds and Comments,” gives you the ability to turn off both the RSS feeds and comments on pages and\u002For posts with a few simple clicks. The plugin adds an option under the WordPress Settings menu with a checkbox to disable the RSS feeds. Additionally, it provides two more checkboxes to disable comments on either pages or posts, or both.\u003C\u002Fp>\n\u003Cp>This plugin is ideal for website owners who want to restrict access to their site’s content via RSS feeds and\u002For comments. It provides a quick and simple solution for those looking to enhance the privacy and security of their website. Additionally, the plugin is compatible with the latest version of WordPress, ensuring that it will work seamlessly with your website.\u003C\u002Fp>\n\u003Cp>\u003Cem>It takes lots of efforts to develop and support a plugin. Please send us your feedback and questions to fix your issue before leaving a bad review.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>How it works?\u003C\u002Fh3>\n\u003Cp>Just Click on options that you want this plugin to add into your website like disabling feeds or comments on pages\u002Fposts under the Disable Feeds and Comments Menu\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable Feeds on your website\u003C\u002Fli>\n\u003Cli>Disable Comments on your Pages\u003C\u002Fli>\n\u003Cli>Disable Comments on your Posts\u003C\u002Fli>\n\u003Cli>Restrict content access via RSS Feeds\u002FComments\u003C\u002Fli>\n\u003C\u002Ful>\n","This WordPress plugin, \"Disable RSS Feeds and Comments,\" gives you the ability to turn off both the RSS feeds and comments on pages and\u002For p …",400,4218,"2024-12-01T21:06:00.000Z","6.7.5","4.7","7.0",[99,100,101,102,103],"disable-comments","disable-comments-on-pages","disable-comments-on-posts","disable-feeds","disable-rss-feeds","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-rss-feeds-and-comments.1.5.zip",92,{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":105,"num_ratings":31,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":119,"tags":120,"homepage":123,"download_link":124,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"move-comments","Move Comments","2.4","apostolis","https:\u002F\u002Fprofiles.wordpress.org\u002Fapostolis\u002F","\u003Cp>This plugin allows you to move comments between posts in a simple and easy way by adding a page under (\\’Move\\’) under the \\’Comments\\’ section in the admin Dashboard.\u003C\u002Fp>\n\u003Cp>Enjoy the plugin!\u003C\u002Fp>\n","This plugin allows you to move comments between posts in a simple and easy way by adding a page under (\\'Move\\') under the \\'Comments\\& …",70,11360,"2018-09-04T21:39:00.000Z","4.9.29","4.6","7.0.0",[20,121,80,21,122],"move","spam","http:\u002F\u002Fwww.dountsis.com\u002Fprojects\u002Fmove-comments\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmove-comments.2.4.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":114,"downloaded":133,"rating":134,"num_ratings":60,"last_updated":135,"tested_up_to":136,"requires_at_least":118,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":72,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"moving-contents","Moving Contents","1.13","Katsushi Kawamori","https:\u002F\u002Fprofiles.wordpress.org\u002Fkatsushi-kawamori\u002F","\u003Cp>Supports the transfer of Contents between servers.\u003C\u002Fp>\n\u003Ch4>Export\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Outputs the database as a JSON format file.\u003C\u002Fli>\n\u003Cli>Send the exported JSON file by e-mail.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Import\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It reads the exported JSON format file and outputs it to the database.\u003C\u002Fli>\n\u003Cli>Have the option to replace contents user IDs with the current user IDs.\u003C\u002Fli>\n\u003Cli>Have the option to replace all contents URLs.\u003C\u002Fli>\n\u003Cli>Have the option to replace all guid URLs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Maintain the following\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>ID\u003C\u002Fli>\n\u003Cli>user ID\u003C\u002Fli>\n\u003Cli>Date and time\u003C\u002Fli>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Pages\u003C\u002Fli>\n\u003Cli>Comments\u003C\u002Fli>\n\u003Cli>Categories\u003C\u002Fli>\n\u003Cli>Tags\u003C\u002Fli>\n\u003Cli>Taxonomy\u003C\u002Fli>\n\u003Cli>Media Library(Database only)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Sibling plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmoving-users\u002F\" rel=\"ugc\">Moving Users\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmoving-media-library\u002F\" rel=\"ugc\">Moving Media Library\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Supports the transfer of Contents between servers.",8690,90,"2025-11-25T21:58:00.000Z","6.9.4","8.0",[20,139,140,56,57],"media","moving","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmoving-contents\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmoving-contents.1.13.zip",{"attackSurface":144,"codeSignals":156,"taintFlows":167,"riskAssessment":168,"analyzedAt":174},{"hooks":145,"ajaxHandlers":152,"restRoutes":153,"shortcodes":154,"cronEvents":155,"entryPointCount":13,"unprotectedCount":13},[146],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","comment_form","ak_old_post_alert","old-post-alert.php",60,[],[],[],[],{"dangerousFunctions":157,"sqlUsage":158,"outputEscaping":160,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":166},[],{"prepared":13,"raw":13,"locations":159},[],{"escaped":13,"rawEcho":161,"locations":162},1,[163],{"file":150,"line":164,"context":165},57,"raw output",[],[],{"summary":169,"deductions":170},"Based on the static analysis, \"old-post-alert\" v1.2.0 exhibits a strong security posture in several key areas. The plugin has no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly minimizes its attack surface. Furthermore, the code signals indicate no dangerous functions, no raw SQL queries (all are prepared), no file operations, no external HTTP requests, and a complete absence of insecure bundled libraries. This suggests a development process that prioritizes secure coding practices and relies on WordPress's built-in security mechanisms.\n\nHowever, a significant concern arises from the output escaping analysis. With one total output and 0% properly escaped, this indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users that originates from user input or external sources without proper sanitization and escaping is susceptible to malicious injection. While the taint analysis found no flows with unsanitized paths, this may be an artifact of the analysis scope or the limited attack surface. The absence of vulnerability history is positive, but it does not negate the identified risk in output escaping.\n\nIn conclusion, while \"old-post-alert\" v1.2.0 has commendable strengths in its minimal attack surface and secure handling of SQL and external interactions, the complete lack of output escaping presents a critical security weakness. This deficiency makes the plugin vulnerable to XSS attacks, which could lead to session hijacking, credential theft, or defacement of the website. Addressing this output escaping issue should be the immediate priority for improving the plugin's security.",[171],{"reason":172,"points":173},"Unescaped output detected",8,"2026-03-17T00:31:44.802Z",{"wat":176,"direct":181},{"assetPaths":177,"generatorPatterns":178,"scriptPaths":179,"versionParams":180},[],[],[],[],{"cssClasses":182,"htmlComments":184,"htmlAttributes":185,"restEndpoints":186,"jsGlobals":187,"shortcodeOutput":188},[183],"old_post_alert",[],[],[],[],[]]