[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1KaUI5SfbHG3qTmxjTIEoIRf52x0umTdl9uFCVKGjew":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":133,"fingerprints":237},"open-search-document","Open Search","4.1.3","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>The plugin creates an OpenSearch Document for your blog.\u003C\u002Fp>\n\u003Cp>It supports Google Chromes \u003Ca href=\"https:\u002F\u002Fwww.chromium.org\u002Ftab-to-search\" rel=\"nofollow ugc\">“Tab to Search”\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FMozilla\u002FAdd-ons\u002FWebExtensions\u002Fmanifest.json\u002Fchrome_settings_overrides\" rel=\"nofollow ugc\">“search_provider” WebExtension\u003C\u002Fa>, Firefox’ \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FOpenSearch\" rel=\"nofollow ugc\">“OpenSearch plugins”\u003C\u002Fa>, Safaris \u003Ca href=\"https:\u002F\u002Fdeveloper.apple.com\u002Flibrary\u002Fcontent\u002Freleasenotes\u002FGeneral\u002FWhatsNewInSafari\u002FArticles\u002FSafari_8_0.html\" rel=\"nofollow ugc\">“Quick Website Search”\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fsupport.microsoft.com\u002Fen-us\u002Fmicrosoft-edge\u002Fchange-your-default-search-engine-in-microsoft-edge-cccaf51c-a4df-a43e-8036-d4d2c527a791\" rel=\"nofollow ugc\">“custom searches”\u003C\u002Fa> for Microsofts Edge browser.\u003C\u002Fp>\n\u003Cp>From the \u003Ca href=\"http:\u002F\u002Fwww.opensearch.org\u002FSpecifications\u002FOpenSearch\u002F1.1\" rel=\"nofollow ugc\">spec\u003C\u002Fa>:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Search clients can use OpenSearch description documents to learn about the public interface of a search engine. These description documents contain parameterized URL templates that indicate how the search client should make search requests. Search engines can use the OpenSearch response elements to add search metadata to results in a variety of content formats.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Other integrations and extensions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Extension links for \u003Ca href=\"http:\u002F\u002Fwww.opensearch.org\u002FSpecifications\u002FOpenSearch\u002F1.1#Autodiscovery_in_HTML.2FXHTML\" rel=\"nofollow ugc\">HTML\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.opensearch.org\u002FSpecifications\u002FOpenSearch\u002F1.1#Autodiscovery_in_RSS.2FAtom\" rel=\"nofollow ugc\">Atom and RSS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Autodiscovery via \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fxrds-simple\u002F\" rel=\"ugc\">XRDS-Simple\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhost-meta\u002F\" rel=\"ugc\">host-meta\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwebfinger\u002F\" rel=\"ugc\">WebFinger\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.opensearch.org\u002FSpecifications\u002FOpenSearch\u002F1.1#Examples_of_OpenSearch_responses\" rel=\"nofollow ugc\">RSS and Atom search responses\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.opensearch.org\u002FSpecifications\u002FOpenSearch\u002FExtensions\u002FSuggestions\u002F1.0\" rel=\"nofollow ugc\">OpenSearch Suggestions extension\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Create an OpenSearch Document for your blog.",200,11034,100,4,"2025-12-07T17:45:00.000Z","6.9.4","4.6","",[20,4,21,22,23],"open-search","opensearch","osd","search","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-open-search-document\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopen-search-document.4.1.3.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"pfefferle",8,3470,98,321,78,"2026-04-04T06:35:46.413Z",[39,57,73,94,109],{"slug":21,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":26,"num_ratings":26,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"OpenSearch","1.0","Jeff Waugh","https:\u002F\u002Fprofiles.wordpress.org\u002Fjdub\u002F","\u003Cp>Add OpenSearch discovery and querying to your WordPress site, based on the\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.opensearch.org\u002FHome\" rel=\"nofollow ugc\">OpenSearch\u003C\u002Fa> specification, version 1.1.\u003C\u002Fp>\n\u003Cp>After activating the plugin, your WordPress site will expose a standardised\u003Cbr \u002F>\nsearch interface, accessible to OpenSearch clients such as the \u003Ca href=\"http:\u002F\u002Fwww.mozilla.com\u002Ffirefox\u002Fsearch.html\" rel=\"nofollow ugc\">Firefox\u003Cbr \u002F>\nsearch bar\u003C\u002Fa>.\u003C\u002Fp>\n","Add OpenSearch discovery and querying to your WordPress site.",30,3377,"2008-09-28T08:00:00.000Z","2.6","2.1",[52,21,22,53,23],"firefox","query","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fopensearch\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopensearch.1.0.zip",85,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":26,"num_ratings":26,"last_updated":67,"tested_up_to":68,"requires_at_least":49,"requires_php":18,"tags":69,"homepage":71,"download_link":72,"security_score":56,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"add-browser-search","Add Browser Search","1.24","gfazioli","https:\u002F\u002Fprofiles.wordpress.org\u002Fgfazioli\u002F","\u003Cp>Add WordPress standard search address into the browser menu, follow OpenSearch.org standard.\u003Cbr \u002F>\nThe OpenSearch standard is supported by all browsers, in different way…\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Unnecessary\u003C\u002Fp>\n","Add Wordpress standard search address into the browser menu, follow OpenSearch.org standard.",10,2875,"2009-03-05T23:24:00.000Z","2.7.1",[70,21,23],"browser","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fadd-browser-search\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadd-browser-search.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":65,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":18,"tags":87,"homepage":92,"download_link":93,"security_score":56,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"opensearchserver-search","OpenSearchServer Search","1.5.10","ekeller","https:\u002F\u002Fprofiles.wordpress.org\u002Fekeller\u002F","\u003Ch4>OpenSearchServer plugin\u003C\u002Fh4>\n\u003Cp>The OpenSearchServer Search Plugin enables \u003Ca href=\"http:\u002F\u002Fwww.opensearchserver.com\u002F\" rel=\"nofollow ugc\">OpenSearchServer\u003C\u002Fa>  full-text search in WordPress-based websites.\u003Cbr \u002F>\nOpenSearchServer is an \u003Cstrong>high-performance search engine that includes spell-check, facets, filters, phonetic search, and auto-completion\u003C\u002Fstrong>.\u003Cbr \u002F>\nThis plugin automatically replaces the WordPress built-in search function.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Full-text search with phonetic support\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Queries can be fully customized and the \u003Cstrong>relevancy of each field (title, author, …) can be precisely tuned\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Search results can be filtered using \u003Cstrong>facets\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Automatic search suggestions through \u003Cstrong>autocompletion\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Spell-checking\u003C\u002Fstrong> with automatic substitution,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Search into your files\u003C\u002Fstrong>: .docx, .doc, .pdf, .rtf, etc. The plugin will extract text from your attachments and index it.\u003C\u002Fli>\n\u003Cli>Automatic indexing of content as soon as it gets published, edited or deleted,\u003C\u002Fli>\n\u003Cli>Can index and search through \u003Cstrong>all type of content\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Can index and search \u003Cstrong>every taxonomies\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Can be easily set up and tweaked through web form page\u003C\u002Fli>\n\u003Cli>Supports \u003Cstrong>multi-sites installation\u003C\u002Fstrong>,\u003C\u002Fli>\n\u003Cli>Supports a \u003Cstrong>WPML plugin\u003C\u002Fstrong> for translation,\u003C\u002Fli>\n\u003Cli>Includes \u003Cstrong>several filters and actions\u003C\u002Fstrong> to allow for more customization via other plugins or themes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>See the screenshots page for more!\u003C\u002Fp>\n","The OpenSearchServer Search Plugin enables OpenSearchServer full-text search in WordPress-based websites.",9455,84,5,"2015-05-05T08:07:00.000Z","4.1.42","3.0.1",[88,89,90,23,91],"full-text","opensearchserver","phonetic","search-engine","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fopensearchserver-search\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fopensearchserver-search.1.5.10.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":65,"downloaded":102,"rating":26,"num_ratings":26,"last_updated":103,"tested_up_to":104,"requires_at_least":86,"requires_php":18,"tags":105,"homepage":107,"download_link":108,"security_score":56,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wp-opensearch-advance","WP Opensearch Advance","1.0.0","Duoc Nguyen","https:\u002F\u002Fprofiles.wordpress.org\u002Fnguyenvanduocit\u002F","\u003Cp>OpenSearch is a collection of simple formats for the sharing of search results.\u003C\u002Fp>\n\u003Cp>Simply, This plugin help you to make browser’s addressbar become your search form. After install this plugin, you go to yout website onetime, after that, you open tab, and type you url, then press “tab” key. tadaaa…\u003C\u002Fp>\n\u003Cp>Feature:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin Setting Page supported\u003C\u002Fli>\n\u003Cli>Insert Searc metatab on your page’s head.\u003C\u002Fli>\n\u003Cli>Add rewrite for opensearch.xml\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Cộng đồng wordpress Việt Nam\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Flaptrinh.senviet.org\" rel=\"nofollow ugc\">Sen Việt\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fpages\u002FWordpress-Vi%E1%BB%87t-Nam\u002F1531229807110426\" rel=\"nofollow ugc\">Facebook page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F112246631672323028789?prsrc=5\" rel=\"nofollow ugc\">Google plus\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Dành cho nhà phát triển\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Hướng dẫn\u003C\u002Fstrong> : \u003Ca href=\"http:\u002F\u002Flaptrinh.senviet.org\u002Fwordpress-plugin\u002Fviet-plugin-them-opensearch-vao-wordpress\u002F\" rel=\"nofollow ugc\">VIẾT PLUGIN THÊM OPENSEARCH VÀO WORDPRESS\u003C\u002Fa>\u003Cbr \u002F>\n\u003Cstrong>Github\u003C\u002Fstrong> : \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsenviet\u002F355_wp_Opensearch\" rel=\"nofollow ugc\">Source code on Github\u003C\u002Fa>\u003C\u002Fp>\n","Add Open Search to your website has never been so easy.",1557,"2014-09-17T04:23:00.000Z","4.0.38",[21,106],"seo","http:\u002F\u002Flaptrinh.senviet.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-opensearch-advance.zip",{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":117,"downloaded":118,"rating":82,"num_ratings":119,"last_updated":120,"tested_up_to":16,"requires_at_least":121,"requires_php":122,"tags":123,"homepage":129,"download_link":130,"security_score":13,"vuln_count":131,"unpatched_count":26,"last_vuln_date":132,"fetched_at":28},"google-site-kit","Site Kit by Google – Analytics, Search Console, AdSense, Speed","1.174.0","Google","https:\u002F\u002Fprofiles.wordpress.org\u002Fgoogle\u002F","\u003Cp>Site Kit is the official WordPress plugin from Google for insights about how people find and use your site. Site Kit is the one-stop solution to deploy, manage, and get insights from critical Google tools to make the site successful on the web. It provides authoritative, up-to-date insights from multiple Google products directly on the WordPress dashboard for easy access, all for free.\u003C\u002Fp>\n\u003Ch4>Bringing the best of Google tools to WordPress\u003C\u002Fh4>\n\u003Cp>Site Kit includes powerful features that make using these Google products seamless and flexible:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Easy-to-understand stats directly on your WordPress dashboard\u003C\u002Fli>\n\u003Cli>Official stats from multiple Google tools, all in one dashboard\u003C\u002Fli>\n\u003Cli>Quick setup for multiple Google tools without having to edit the source code of your site\u003C\u002Fli>\n\u003Cli>Metrics for your entire site and for individual posts\u003C\u002Fli>\n\u003Cli>Easy-to-manage, granular permissions across WordPress and different Google products\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Google tools\u003C\u002Fh4>\n\u003Cp>Site Kit shows key metrics and insights from different Google products:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Search Console:\u003C\u002Fstrong> Understand how Google Search discovers and displays your pages in Google Search. Track how many people saw your site in Search results, and what query they used to search for your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Analytics:\u003C\u002Fstrong> Explore how users navigate your site and track goals you’ve set up for your users to complete.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>AdSense:\u003C\u002Fstrong> Keep track of how much your site is earning you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PageSpeed Insights:\u003C\u002Fstrong> See how your pages perform compared to other real-world sites. Improve performance with actionable tips from PageSpeed Insights.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Tag Manager:\u003C\u002Fstrong> Use Site Kit to easily set up Tag Manager- no code editing required. Then, manage your tags in Tag Manager.\u003C\u002Fli>\n\u003C\u002Ful>\n","Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.",5000000,243881054,980,"2026-03-10T15:16:00.000Z","5.2","7.4",[124,125,126,127,128],"adsense","analytics","google","pagespeed-insights","search-console","https:\u002F\u002Fsitekit.withgoogle.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-site-kit.1.174.0.zip",1,"2020-05-21 00:00:00",{"attackSurface":134,"codeSignals":201,"taintFlows":225,"riskAssessment":226,"analyzedAt":236},{"hooks":135,"ajaxHandlers":186,"restRoutes":187,"shortcodes":198,"cronEvents":199,"entryPointCount":200,"unprotectedCount":200},[136,142,146,149,152,156,159,163,167,171,174,178,182],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","atom_ns","add_atom_namespace","includes\\class-discovery.php",17,{"type":143,"name":144,"callback":144,"file":140,"line":145},"filter","site_icon_image_sizes",19,{"type":137,"name":147,"callback":147,"file":140,"line":148},"osd_xml",20,{"type":143,"name":150,"callback":150,"file":140,"line":151},"web_app_manifest",21,{"type":137,"name":153,"callback":154,"file":140,"line":155},"wp_head","add_head",24,{"type":137,"name":157,"callback":154,"file":140,"line":158},"atom_head",25,{"type":137,"name":160,"callback":161,"file":140,"line":162},"rss2_head","add_rss_head",26,{"type":143,"name":164,"callback":165,"file":140,"line":166},"xrds_simple","add_xrds_simple_links",27,{"type":143,"name":168,"callback":169,"file":140,"line":170},"host_meta","add_xrd_links",28,{"type":143,"name":172,"callback":169,"file":140,"line":173},"webfinger_user_data",29,{"type":137,"name":175,"callback":176,"file":177,"line":141},"rest_api_init","register_routes","includes\\class-wp-rest-controller.php",{"type":143,"name":179,"callback":180,"priority":181,"file":177,"line":148},"rest_pre_serve_request","serve_request",9,{"type":137,"name":183,"callback":184,"file":185,"line":166},"init","OpenSearchDocument\\init","open-search-document.php",[],[188,194],{"namespace":189,"route":190,"methods":191,"callback":193,"permissionCallback":27,"file":177,"line":166},"opensearch\u002F1.1","\u002Fdocument",[192],"GET","anonymous",{"namespace":189,"route":195,"methods":196,"callback":193,"permissionCallback":27,"file":177,"line":197},"\u002Fsuggestions",[192],39,[],[],2,{"dangerousFunctions":202,"sqlUsage":203,"outputEscaping":205,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":224},[],{"prepared":26,"raw":26,"locations":204},[],{"escaped":26,"rawEcho":32,"locations":206},[207,210,212,214,217,219,221,222],{"file":140,"line":208,"context":209},125,"raw output",{"file":140,"line":211,"context":209},126,{"file":140,"line":213,"context":209},127,{"file":215,"line":216,"context":209},"includes\\functions.php",33,{"file":215,"line":218,"context":209},72,{"file":220,"line":200,"context":209},"templates\\open-search-document.php",{"file":220,"line":65,"context":209},{"file":220,"line":223,"context":209},11,[],[],{"summary":227,"deductions":228},"The 'open-search-document' plugin v4.1.3 presents a mixed security posture.  While it demonstrates good practices by avoiding dangerous functions, raw SQL queries, file operations, and external HTTP requests, significant concerns arise from its unprotected entry points. The static analysis reveals two REST API routes that lack any permission callbacks, creating a direct attack surface for unauthenticated users. Furthermore, none of the output within the plugin is properly escaped, making it highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. The absence of any recorded vulnerabilities in its history is a positive indicator, but it does not negate the immediate risks posed by the identified code weaknesses.\n\nIn conclusion, the plugin's lack of essential security checks on its entry points and its failure to escape output are critical flaws that expose users to significant risks, primarily XSS. The absence of vulnerability history is encouraging but should not lead to complacency, as the code analysis clearly indicates exploitable weaknesses. The overall security posture is compromised by these readily identifiable flaws, despite some positive coding practices.",[229,231,234],{"reason":230,"points":65},"Unprotected REST API routes",{"reason":232,"points":233},"Unescaped output",6,{"reason":235,"points":83},"No capability checks","2026-03-17T05:37:13.869Z",{"wat":238,"direct":243},{"assetPaths":239,"generatorPatterns":240,"scriptPaths":241,"versionParams":242},[],[],[],[],{"cssClasses":244,"htmlComments":245,"htmlAttributes":246,"restEndpoints":247,"jsGlobals":250,"shortcodeOutput":251},[],[],[],[248,249],"\u002Fopensearch\u002F1.1\u002Fdocument","\u002Fopensearch\u002F1.1\u002Fsuggestions",[],[]]