[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMu04uomOVwZqyjR4GC-tvBOwtIIp0AMcCT5ALWCYTCA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":140,"fingerprints":336},"open-lazy","Open Lazy","2.6","Link","https:\u002F\u002Fprofiles.wordpress.org\u002Fplayes\u002F","\u003Cp>A handy toolkit can easily tweak up and speed up your wordpress, more simple, more natural. Including pack the resources, unload the unnecessary, maintenance mode, etc.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Resource Packer\u003C\u002Fli>\n\u003Cli>HTML Coder\u003C\u002Fli>\n\u003Cli>UI Tweaker\u003C\u002Fli>\n\u003Cli>Unwanted Unloader\u003C\u002Fli>\n\u003Cli>Maintenance Mode\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>More\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.xiaomac.com\u002F2015101692.html\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.xiaomac.com\u002F2015101692.html\u003C\u002Fa>\u003C\u002Fp>\n","A handy toolkit can easily tweak up and speed up your wordpress, more simple, more natural. Including pack the resources, unload the unnecessary, main &hellip;",10,1770,100,1,"2019-08-15T06:18:00.000Z","5.2.24","",[19,20,21,22,23],"link","pack","speed","toolkit","tweak","https:\u002F\u002Fwww.xiaomac.com\u002F2015101692.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopen-lazy.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"playes",4,90,89,30,86,"2026-04-04T18:12:42.821Z",[40,63,85,103,121],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":13,"num_ratings":11,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":14,"unpatched_count":27,"last_vuln_date":62,"fetched_at":29},"falcon","Falcon – WordPress Optimizations & Tweaks","2.9.3","Anh Tran","https:\u002F\u002Fprofiles.wordpress.org\u002Frilwis\u002F","\u003Cp>\u003Cstrong>Falcon\u003C\u002Fstrong> is lightweight WordPress plugin that provide a list of optimizations and tweaks that help you improve the performance and user experience for your WordPress sites.\u003C\u002Fp>\n\u003Ch3>FEATURES & MODULES\u003C\u002Fh3>\n\u003Cp>Falcon offers a comprehensive list modules for you to tweak and optimize your WordPress websites. These options are divided into the following categories:\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\u002Ffeatures\u002Fdisable-components\u002F\" rel=\"nofollow ugc\">Disable components\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>General components:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetabox.io\u002Fdisable-gutenberg-without-using-plugins\u002F\" rel=\"nofollow ugc\">Disable Gutenberg\u003C\u002Fa> (the block editor)\u003C\u002Fli>\n\u003Cli>Disable heartbeat\u003C\u002Fli>\n\u003Cli>Disable embeds, e.g. prevent others from embedding your site and vise-versa\u003C\u002Fli>\n\u003Cli>Disable comments & remove website field from comment form\u003C\u002Fli>\n\u003Cli>Disable revisions\u003C\u002Fli>\n\u003Cli>Disable self pings\u003C\u002Fli>\n\u003Cli>Disable privacy tools\u003C\u002Fli>\n\u003Cli>Disable cron\u003C\u002Fli>\n\u003Cli>Disable auto updates\u003C\u002Fli>\n\u003Cli>Block external requests\u003C\u002Fli>\n\u003Cli>Disable replacing text with formatted entities like smart quotes, dashes, ellipses, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Media components:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove jQuery Migrate\u003C\u002Fli>\n\u003Cli>Disable emojis\u003C\u002Fli>\n\u003Cli>Disable scaling down big images\u003C\u002Fli>\n\u003Cli>Disable automatic image rotation based on EXIF data\u003C\u002Fli>\n\u003Cli>Disable thumbnail generation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\u002Ffeatures\u002Fheader-cleanup\u002F\" rel=\"nofollow ugc\">Header cleanup\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Remove feed links\u003C\u002Fli>\n\u003Cli>Remove RSD link\u003C\u002Fli>\n\u003Cli>Remove wlwmanifest link\u003C\u002Fli>\n\u003Cli>Remove adjacent posts links\u003C\u002Fli>\n\u003Cli>Remove WordPress version number\u003C\u002Fli>\n\u003Cli>Remove shortlink\u003C\u002Fli>\n\u003Cli>Remove REST API link\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\u002Ffeatures\u002Femail\u002F\" rel=\"nofollow ugc\">Email\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Remove admin email confirmation\u003C\u002Fli>\n\u003Cli>Disable auto update email notification\u003C\u002Fli>\n\u003Cli>Disable admin email notification when a new user is registered\u003C\u002Fli>\n\u003Cli>Disable admin email notification when users reset passwords\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeluxeblogtips.com\u002Fchange-wordpress-default-email\u002F\" rel=\"nofollow ugc\">Change default WordPress from name and email\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>SMTP configuration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\u002Ffeatures\u002Fadmin-cleanup\u002F\" rel=\"nofollow ugc\">Admin cleanup\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show site icon on login page\u003C\u002Fli>\n\u003Cli>Remove update nags\u003C\u002Fli>\n\u003Cli>Remove footer text\u003C\u002Fli>\n\u003Cli>Remove default dashboard widgets\u003C\u002Fli>\n\u003Cli>Remove WordPress logo in the admin bar\u003C\u002Fli>\n\u003Cli>Remove application passwords\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\u002Ffeatures\u002Fsecurity\u002F\" rel=\"nofollow ugc\">Security\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable REST API for unauthenticated requests\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdeluxeblogtips.com\u002Fdisable-xml-rpc-wordpress\u002F\" rel=\"nofollow ugc\">Disable XML-RPC\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Restrict upload file types\u003C\u002Fli>\n\u003Cli>Disable detailed login errors\u003C\u002Fli>\n\u003Cli>Block AI bots from crawling\u002Fstealing your content, which also affect the performance\u003C\u002Fli>\n\u003Cli>Force login to view the website\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\u002Ffeatures\u002Fcache\u002F\" rel=\"nofollow ugc\">Cache\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cp>Falcon’s cache feature creates static HTML files of your pages, serving them instantly to visitors without processing database queries, or loading WordPress, themes and all plugins on every request.\u003C\u002Fp>\n\u003Ch4>\u003Ca href=\"https:\u002F\u002Fwpfalcon.pro\u002Ffeatures\u002Ftweaks\u002F\" rel=\"nofollow ugc\">Tweaks\u003C\u002Fa>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Search only posts\u003C\u002Fli>\n\u003Cli>Enable maintenance mode\u003C\u002Fli>\n\u003Cli>Remove query string for JavaScript and CSS files\u003C\u002Fli>\n\u003Cli>Set scheme-less URLs for JavaScript and CSS files, e.g. remove \u003Ccode>http:\u003C\u002Fcode> and \u003Ccode>https:\u003C\u002Fcode> from URLs\u003C\u002Fli>\n\u003Cli>Remove styles for recent comments widget\u003C\u002Fli>\n\u003Cli>Cleanup nav menu item ID & classes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Asynchronous load CSS\u003C\u002Fstrong> to avoid blocking load of CSS files\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>You might also like\u003C\u002Fh3>\n\u003Cp>If you like this plugin, you might also like our other WordPress products:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmetabox.io\" rel=\"nofollow ugc\">Meta Box\u003C\u002Fa> – A powerful WordPress plugin for creating custom post types and custom fields.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpslimseo.com\" rel=\"nofollow ugc\">Slim SEO\u003C\u002Fa> – A fast, lightweight and full-featured SEO plugin for WordPress with minimal configuration.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgretathemes.com\" rel=\"nofollow ugc\">GretaThemes\u003C\u002Fa> – Free and premium WordPress themes that clean, simple and just work.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpautolistings.com\" rel=\"nofollow ugc\">Auto Listings\u003C\u002Fa> – A car sale and dealership plugin for WordPress.\u003C\u002Fli>\n\u003C\u002Ful>\n","A lightweight WordPress optimization and tweak plugin for a better performance",3000,57775,"2026-01-21T12:23:00.000Z","6.9.4","6.5","7.4",[55,56,57,21,58],"admin","optimize","performance","tweaks","https:\u002F\u002Fwpfalcon.pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffalcon.2.9.3.zip",99,"2024-12-11 00:00:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":71,"downloaded":72,"rating":13,"num_ratings":73,"last_updated":74,"tested_up_to":75,"requires_at_least":76,"requires_php":17,"tags":77,"homepage":83,"download_link":84,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"jetpack-shortlinks-for-sharing-buttons","Shortlinks for Jetpack sharing buttons","1.0","Jeremy Herve","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeherve\u002F","\u003Cp>Use shortlinks instead of permalinks in Jetpack sharing buttons\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you haven’t set up any shortlink plugin on your site, the sharing buttons will use the default numerical permalinks\u003C\u002Fli>\n\u003Cli>If you have enabled WP.me Shortlinks in Jetpack, the sharing buttons will use them\u003C\u002Fli>\n\u003Cli>If you’ve installed another plugin to create custom shortlinks, the sharing buttons will use them\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Important: for this plugin to work, you must activate \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjetpack\u002F\" rel=\"ugc\">Jetpack\u003C\u002Fa> first, and activate the Sharing module.\u003C\u002Fp>\n\u003Cp>This plugin is a work in progress. You can report issues \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fjetpack-shortlinks-for-sharing-buttons\u002F\" rel=\"ugc\">here\u003C\u002Fa>, or submit a pull request \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjeherve\u002Fjp-sd-custshortlink\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Use shortlinks instead of permalinks in Jetpack sharing buttons",200,8640,5,"2020-08-04T16:35:00.000Z","5.5.18","3.9",[78,79,80,81,82],"jetpack","sharedaddy","sharing","shortlinks","wordpress-com","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fjetpack-shortlinks-for-sharing-buttons\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjetpack-shortlinks-for-sharing-buttons.1.0.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":13,"downloaded":93,"rating":13,"num_ratings":33,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":17,"tags":97,"homepage":17,"download_link":102,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"traction-external-links-speed-bump","Traction External Links Speed Bump","1.9.8","Traction","https:\u002F\u002Fprofiles.wordpress.org\u002Ftractionokc\u002F","\u003Cp>Some websites for compliance reasons or just because they want to need to provide the user with a notice when a link is clicked that is not in that websites control. Traction External Links Speed Bump is a simple no frills plugin that provides a basic speed bump overlay when a link is clicked on a site that doesn’t match the site host’s domain name.\u003C\u002Fp>\n\u003Cp>The plugin offers the following customization options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Omitted Domains – Enter a comma separated list of domain names that you don’t want to trigger the speed bump.\u003C\u002Fli>\n\u003Cli>Omitted Links – Enter a comma separated list of links that you don’t want to trigger the speed bump.\u003C\u002Fli>\n\u003Cli>Customize Text – Customize the speed bump text as well as the continue and cancel button text.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Read the FAQ for information on how to customize the CSS used in this plugin.\u003C\u002Fp>\n","Activates a speed bump on all external links and gives site owner the ability to enter a list of domains or specific links that when clicked will not  &hellip;",4171,"2025-07-07T16:59:00.000Z","6.8.5","3.0.1",[98,99,100,101],"compliance","external-links","speed-bump","traction","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftraction-external-links-speed-bump.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":34,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":76,"requires_php":17,"tags":116,"homepage":119,"download_link":120,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"instantclick","InstantClick","1.0.3","Erica Franz","https:\u002F\u002Fprofiles.wordpress.org\u002Fericakfranz\u002F","\u003Cp>InstantClick dramatically speeds up your website, making navigation effectively instant in most cases. This plugin is the easiest way of adding InstantClick to your WordPress theme.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Before visitors click on a link, they hover over that link. Between these two events, 200 ms to 300 ms usually pass by (\u003Ca href=\"http:\u002F\u002Finstantclick.io\u002Fclick-test\" rel=\"nofollow ugc\">test yourself here\u003C\u002Fa>). InstantClick makes use of that time to preload the page, so that the page is already there when you click.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>See \u003Ca href=\"http:\u002F\u002Finstantclick.io\u002F\" rel=\"nofollow ugc\">InstantClick.io\u003C\u002Fa> for more information on InstantClick.\u003C\u002Fp>\n\u003Cp>This plugin simply adds InstantClick to your website using the WordPress scripts API. Some customization may be required.\u003C\u002Fp>\n","Dramatically speed up your WordPress site and make navigation effectively instant by loading the next link on hover.",6636,80,6,"2023-01-29T22:30:00.000Z","6.1.10",[104,117,118,57],"links","pagespeed","https:\u002F\u002Ffatpony.me\u002Fplugins\u002Finstantclick","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Finstantclick.1.0.3.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":13,"num_ratings":33,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":17,"tags":134,"homepage":138,"download_link":139,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"turbolinks","Turbolinks","1.0.0","justnorris","https:\u002F\u002Fprofiles.wordpress.org\u002Fjustnorris\u002F","\u003Cp>Instead of reloading the full page every time a user navigates your site, enable Turbolinks! Turbolinks will reload only the necessary parts of the site and even pull in additional JavaScipt and CSS.\u003C\u002Fp>\n\u003Cp>The concept of Turbolinks has been around for a very long time, but it has never been so easy to implement as it is today! Just install the plugin – and that’s it – you\\’re done!\u003C\u002Fp>\n\u003Cp>Because this plugin is going to prevent full page reloads, you may experience some compatibility issues with other themes or plugins. After installing the plugin, \u003Cstrong>I highly recommend that you test your site thoroughly\u003C\u002Fstrong> and make sure if everything works.\u003C\u002Fp>\n\u003Cp>If something is broken – you’ll probably have to fix it on your own, most probably with JavaScript. Have a look at the Turbolinks project documentation for more info: https:\u002F\u002Fgithub.com\u002Fturbolinks\u002Fturbolinks\u003C\u002Fp>\n\u003Ch3>1.0.0\u003C\u002Fh3>\n\u003Cp>The absolutely first release.\u003C\u002Fp>\n","Easily speed up your site by making all your links into Turbolinks.",50,4400,"2017-05-23T09:46:00.000Z","4.7.32","4.6",[135,136,137,21,122],"ajax","cache","pjax","https:\u002F\u002Fjustnorris.com\u002Fturbolinks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fturbolinks.1.0.0.zip",{"attackSurface":141,"codeSignals":271,"taintFlows":323,"riskAssessment":324,"analyzedAt":335},{"hooks":142,"ajaxHandlers":267,"restRoutes":268,"shortcodes":269,"cronEvents":270,"entryPointCount":27,"unprotectedCount":27},[143,149,153,158,161,164,167,172,175,180,184,187,190,193,196,199,202,206,210,215,220,224,228,232,237,240,243,247,251,254,256,259,263],{"type":144,"name":145,"callback":146,"priority":14,"file":147,"line":148},"action","init","open_lazy_init","open-lazy.php",18,{"type":144,"name":150,"callback":151,"file":147,"line":152},"get_header","open_lazy_get_header",20,{"type":144,"name":154,"callback":155,"priority":156,"file":147,"line":157},"wp_enqueue_scripts","open_lazy_pack_action_cache",10000,42,{"type":144,"name":154,"callback":159,"priority":156,"file":147,"line":160},"open_lazy_pack_action_clear",45,{"type":144,"name":154,"callback":162,"priority":156,"file":147,"line":163},"open_lazy_pack_action",48,{"type":144,"name":165,"callback":162,"priority":156,"file":147,"line":166},"login_enqueue_scripts",49,{"type":168,"name":169,"callback":170,"file":147,"line":171},"filter","login_headertext","closure",53,{"type":168,"name":173,"callback":170,"file":147,"line":174},"login_headerurl",54,{"type":168,"name":176,"callback":177,"priority":178,"file":147,"line":179},"gettext_with_context","open_lazy_ui_open_sans_action",888,57,{"type":168,"name":181,"callback":182,"file":147,"line":183},"the_content","open_lazy_html_action",60,{"type":144,"name":185,"callback":170,"file":147,"line":186},"wp_head",61,{"type":144,"name":188,"callback":170,"file":147,"line":189},"wp_footer",62,{"type":144,"name":191,"callback":170,"file":147,"line":192},"login_head",63,{"type":144,"name":188,"callback":194,"file":147,"line":195},"open_lazy_html_load_action",66,{"type":168,"name":197,"callback":170,"file":147,"line":198},"script_loader_src",69,{"type":168,"name":200,"callback":170,"file":147,"line":201},"style_loader_src",70,{"type":168,"name":203,"callback":204,"priority":11,"file":147,"line":205},"wp_revisions_to_keep","open_lazy_ext_disable_revision_action",74,{"type":168,"name":207,"callback":208,"file":147,"line":209},"widget_text","do_shortcode",78,{"type":168,"name":211,"callback":212,"priority":213,"file":147,"line":214},"wp_resource_hints","open_lazy_prefecth_action",11,81,{"type":144,"name":216,"callback":217,"priority":218,"file":147,"line":219},"template_redirect","open_lazy_ext_attachment_redirect_action",2,84,{"type":144,"name":221,"callback":222,"priority":14,"file":147,"line":223},"admin_init","open_lazy_admin_init",91,{"type":168,"name":225,"callback":226,"priority":11,"file":147,"line":227},"pre_update_option_olop","open_lazy_admin_options_save",95,{"type":168,"name":229,"callback":230,"priority":11,"file":147,"line":231},"pre_set_site_transient_update_plugins","open_lazy_inactive_update",96,{"type":144,"name":233,"callback":234,"priority":235,"file":147,"line":236},"admin_bar_menu","open_lazy_admin_bar_action",999,97,{"type":144,"name":238,"callback":239,"priority":213,"file":147,"line":61},"wp_dashboard_setup","open_lazy_unload_dashboard_action",{"type":144,"name":241,"callback":170,"file":147,"line":242},"admin_head",102,{"type":144,"name":244,"callback":245,"file":147,"line":246},"admin_menu","open_lazy_admin_add_page",118,{"type":144,"name":248,"callback":249,"file":147,"line":250},"current_screen","open_lazy_setting_screen",136,{"type":144,"name":154,"callback":252,"priority":13,"file":147,"line":253},"open_lazy_script_style_action",193,{"type":144,"name":165,"callback":252,"priority":13,"file":147,"line":255},194,{"type":144,"name":257,"callback":252,"priority":13,"file":147,"line":258},"admin_enqueue_scripts",195,{"type":144,"name":260,"callback":261,"priority":11,"file":147,"line":262},"http_api_curl","open_lazy_http_api_curl",390,{"type":168,"name":264,"callback":265,"file":147,"line":266},"locale","open_lazy_locale",398,[],[],[],[],{"dangerousFunctions":272,"sqlUsage":273,"outputEscaping":275,"fileOperations":33,"externalRequests":218,"nonceChecks":27,"capabilityChecks":14,"bundledLibraries":322},[],{"prepared":27,"raw":27,"locations":274},[],{"escaped":276,"rawEcho":277,"locations":278},15,23,[279,281,282,283,285,286,288,290,292,294,296,298,300,302,304,306,308,310,312,314,316,318,320],{"file":147,"line":186,"context":280},"raw output",{"file":147,"line":189,"context":280},{"file":147,"line":192,"context":280},{"file":147,"line":284,"context":280},471,{"file":147,"line":284,"context":280},{"file":147,"line":287,"context":280},486,{"file":147,"line":289,"context":280},487,{"file":147,"line":291,"context":280},489,{"file":147,"line":293,"context":280},490,{"file":147,"line":295,"context":280},493,{"file":147,"line":297,"context":280},494,{"file":147,"line":299,"context":280},496,{"file":147,"line":301,"context":280},499,{"file":147,"line":303,"context":280},500,{"file":147,"line":305,"context":280},501,{"file":147,"line":307,"context":280},516,{"file":147,"line":309,"context":280},527,{"file":147,"line":311,"context":280},541,{"file":147,"line":313,"context":280},542,{"file":147,"line":315,"context":280},556,{"file":147,"line":317,"context":280},557,{"file":147,"line":319,"context":280},571,{"file":147,"line":321,"context":280},577,[],[],{"summary":325,"deductions":326},"The \"open-lazy\" plugin v2.6 exhibits a generally strong security posture based on the static analysis provided.  The complete absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the plugin's attack surface.  Furthermore, the code signals show no dangerous functions, no raw SQL queries (all prepared statements), and no critical or high severity taint flows.  The plugin also demonstrates some good practices with file operations and external HTTP requests, and importantly, the presence of at least one capability check.\n\nHowever, several areas warrant attention. The output escaping is a significant concern, with only 39% of outputs being properly escaped, leaving a considerable number of opportunities for cross-site scripting (XSS) vulnerabilities. The lack of any nonce checks on its entry points, coupled with a capability check that is not guaranteed to cover all potential attack vectors for its file operations or external requests, suggests a potential for privilege escalation or unauthorized actions if these entry points are indeed exposed. The vulnerability history being clear is a positive sign, indicating a lack of publicly disclosed security flaws in the past, but it does not negate the risks identified in the static analysis. The plugin's strengths lie in its minimal attack surface and secure database interactions, but the poor output escaping and absence of robust authentication\u002Fauthorization on its limited entry points are notable weaknesses.",[327,330,333],{"reason":328,"points":329},"Low output escaping percentage",8,{"reason":331,"points":332},"No nonce checks on entry points",7,{"reason":334,"points":73},"Limited capability checks","2026-03-17T01:07:25.204Z",{"wat":337,"direct":346},{"assetPaths":338,"generatorPatterns":341,"scriptPaths":342,"versionParams":343},[339,340],"\u002Fwp-content\u002Fplugins\u002Fopen-lazy\u002Fopen-lazy.css","\u002Fwp-content\u002Fplugins\u002Fopen-lazy\u002Fopen-lazy.js",[],[340],[344,345],"open-lazy\u002Fopen-lazy.css?ver=","open-lazy\u002Fopen-lazy.js?ver=",{"cssClasses":347,"htmlComments":349,"htmlAttributes":350,"restEndpoints":353,"jsGlobals":354,"shortcodeOutput":356},[348],"olop-indicator",[],[351,352],"data-olop-img-id","data-olop-placeholder",[],[355],"open_lazy",[]]