[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fofROkrplazA7bajCe5xpAqeEnVt60mi5u0-jrrRL8Cg":3,"$f-YJzixLxiA9KGGj85D68vH4F29M-_0ALaZRsIEz4rfc":327,"$fXMRDVUlIVnmAg8fqGULcrvx6_Mt0FIVZAebdCSjXB98":331},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":128,"fingerprints":281},"patchwing","Patchwing – Essential Debug Tools","1.0.1","Nafiz","https:\u002F\u002Fprofiles.wordpress.org\u002Furnafiz\u002F","\u003Cp>Patchwing is a lightweight, powerful tool designed to make WordPress debugging simple and effective for site administrators. Instead of wasting time digging through complicated configuration files, Patchwing provides clear debug data right when you need it. Whether you are fixing the infamous white screen of death or working to boost site performance, Patchwing helps you debug issues quickly and keep your WordPress site running smoothly.\u003C\u002Fp>\n\u003Cp>The plugin provides a overview of your environment while allowing deep dives into specific areas like database engine and load times.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>System Dashboard:\u003C\u002Fstrong> At a glance view of WordPress version, PHP version, MySQL, cURL, GD Library status, Multisite status, active\u002Finactive plugin counts and WP Memory Limit.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real time Server Metrics:\u003C\u002Fstrong> Monitor your system health with live tracking of CPU load and actual RAM usage, featuring visual status indicators alongside your IP address and web server type for complete transparency.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced PHP Info:\u003C\u002Fstrong> Detailed breakdown of key configuration settings including \u003Ccode>memory_limit\u003C\u002Fcode>, \u003Ccode>upload_max_filesize\u003C\u002Fcode>, \u003Ccode>max_execution_time\u003C\u002Fcode> and active PHP extensions.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Integrated Debug Log:\u003C\u002Fstrong> Monitor, filter and manage your PHP error logs directly from WordPress admin. Includes one click “Clear Log” and “Enable\u002FDisable Log” functionality.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Audit:\u003C\u002Fstrong> View all database tables, storage engines, collation and data\u002Findex lengths. Includes engine migration tool.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance Monitoring:\u003C\u002Fstrong> Track baseline load times, peak memory usage and specific load times for your active theme. Visualizes performance data through interactive charts.\u003C\u002Fli>\n\u003C\u002Ful>\n","A developer tool for WordPress that provides real time server metrics, PHP configuration insights, error logging and performance monitoring.",0,150,"2026-04-04T18:10:00.000Z","6.9.4","5.9","7.4",[18,19,20,21,22],"database","debug","developer","logs","performance","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpatchwing\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpatchwing.1.0.1.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"urnafiz",1,30,94,"2026-05-19T19:59:02.119Z",[37,54,71,92,110],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":25,"downloaded":45,"rating":25,"num_ratings":46,"last_updated":47,"tested_up_to":14,"requires_at_least":15,"requires_php":48,"tags":49,"homepage":52,"download_link":53,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"dev-debug-tools","Developer Debug Tools","3.0.2.1","PluginRx","https:\u002F\u002Fprofiles.wordpress.org\u002Fapos37\u002F","\u003Cp>The “Developer Debug Tools” WordPress plugin is a powerhouse for developers and site administrators! It’s a FREE comprehensive toolkit that helps you identify, troubleshoot, and resolve issues in your WordPress site, making debugging a breeze. No premium version available.\u003C\u002Fp>\n\u003Cp>This plugin offers a suite of features to aid in debugging, including, but not limited to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Dashboard with \u003Cstrong>important site information and server metrics\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced log viewer\u003C\u002Fstrong> for \u003Ccode>debug.log\u003C\u002Fcode>, error logs, custom logs, and an activity log\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Config file\u003C\u002Fstrong> viewers and editors for \u003Ccode>wp-config.php\u003C\u002Fcode> and \u003Ccode>.htaccess\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Meta Data\u003C\u002Fstrong> viewer and editor for users, posts, tax terms, comments, and media\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database Table records\u003C\u002Fstrong> viewer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Options\u003C\u002Fstrong> viewer and editor\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Globals\u003C\u002Fstrong> viewer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Defined Constants\u003C\u002Fstrong> viewer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Transients, Cookies, and Sessions\u003C\u002Fstrong> management\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API\u003C\u002Fstrong> viewer and status checker\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Types and Taxonomies\u003C\u002Fstrong> viewers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto-Draft\u003C\u002Fstrong> viewer and clearer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Finder\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cron Jobs\u003C\u002Fstrong> viewer\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP Info\u003C\u002Fstrong> and \u003Cstrong>php.ini\u003C\u002Fstrong> viewers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Discord Notifications\u003C\u002Fstrong> of fatal errors and when users with certain roles log in\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Discord Messenger\u003C\u002Fstrong> for testing connections with Discord\u003C\u002Fli>\n\u003Cli>\u003Cstrong>See who’s online\u003C\u002Fstrong> and \u003Cstrong>last online\u003C\u002Fstrong> dates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Heartbeat Monitor\u003C\u002Fstrong> for testing WP Heartbeat API sitewide\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Plugins Page Enhancements\u003C\u002Fstrong> with addt plugin data and notes feature\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Options\u003C\u002Fstrong> for hiding the plugin and password protection to any admin page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin Bar Tools\u003C\u002Fstrong> such as seeing Post ID\u002Ftype\u002Fstatus, User ID, an interactive centering tool, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Quick Debug Links\u003C\u002Fstrong> for debugging users, posts, and comments\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Gravity Forms\u003C\u002Fstrong> integrations\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With “Developer Debug Tools”, you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Identify and fix errors, bugs, and conflicts\u003C\u002Fli>\n\u003Cli>Troubleshoot complex issues with ease\u003C\u002Fli>\n\u003Cli>Update user and post meta straight from the admin area\u003C\u002Fli>\n\u003Cli>Streamline your development and testing workflow\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is a must-have for any WordPress developer or site administrator who wants to ensure a stable, efficient, and high-performing website. It’s like having a trusty sidekick that helps you tackle even the most challenging debugging tasks!\u003C\u002Fp>\n\u003Ch3>Demo\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F36aebqdzHQw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Lots of debugging and testing tools for developers.",14411,4,"2026-04-10T17:56:00.000Z","8.0",[50,19,20,21,51],"config","testing","https:\u002F\u002Fpluginrx.com\u002Fplugin\u002Fdev-debug-tools\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdev-debug-tools.3.0.2.1.zip",{"slug":55,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":11,"num_ratings":11,"last_updated":64,"tested_up_to":14,"requires_at_least":65,"requires_php":48,"tags":66,"homepage":69,"download_link":70,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"dynamic-inspector-for-elementor","Dynamic Inspector for Elementor – Performance Profiler & Debugger","1.0.0","Dynamic.ooo","https:\u002F\u002Fprofiles.wordpress.org\u002Fdynamicooo\u002F","\u003Cp>Dynamic Inspector for Elementor is a developer tool that provides deep insights into your Elementor pages. Inspect the element tree, analyze performance, check Dynamic Visibility settings, and debug your layouts directly from the frontend.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Element Tree Inspector\u003C\u002Fstrong> – Navigate through all page elements (widgets, containers, sections, templates)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance Analysis\u003C\u002Fstrong> – See execution time for each element with cache indicators\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Highlight Elements\u003C\u002Fstrong> – Hover over elements in the inspector to highlight them on the page\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dynamic Content Detection\u003C\u002Fstrong> – Identify which elements are cached vs dynamically rendered\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Visibility Integration\u003C\u002Fstrong> – View Dynamic Visibility settings when using Dynamic.ooo plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Theme Builder Support\u003C\u002Fstrong> – Works with Elementor Pro single\u002Farchive templates\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean UI\u003C\u002Fstrong> – Dual-panel interface (tree navigator + detailed infobox)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Friendly\u003C\u002Fstrong> – Loading messages, smooth animations, responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Perfect for:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Elementor developers debugging complex layouts\u003C\u002Fli>\n\u003Cli>Performance optimization and analysis\u003C\u002Fli>\n\u003Cli>Understanding element hierarchy and structure\u003C\u002Fli>\n\u003Cli>Identifying slow widgets\u003C\u002Fli>\n\u003Cli>Checking visibility conditions\u003C\u002Fli>\n\u003Cli>Theme Builder template inspection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Tips\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Execution times are measured in real-time during inspection—your site’s normal caching is not affected\u003C\u002Fli>\n\u003Cli>Use the highlight feature to quickly locate elements on the page\u003C\u002Fli>\n\u003Cli>Compatible with all third-party Elementor plugins\u003C\u002Fli>\n\u003C\u002Ful>\n","A powerful frontend inspector and navigator for Elementor that helps developers debug, inspect elements, and analyze performance.",40,391,"2026-02-03T14:54:00.000Z","6.4",[19,20,67,68,22],"elementor","inspector","https:\u002F\u002Fwww.dynamic.ooo\u002Fdynamic-inspector-for-elementor?utm_source=wp-plugins&utm_campaign=plugin-uri&utm_medium=wp-dash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdynamic-inspector-for-elementor.1.0.0.zip",{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":79,"downloaded":80,"rating":81,"num_ratings":82,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":86,"download_link":90,"security_score":91,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"database-performance-monitor","Database Performance Monitor","1.1","Brad Parbs","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradparbs\u002F","\u003Cp>Outputs some database query information on page load for logged in admins. Output is located as an html comment in the footer and also in the console.\u003C\u002Fp>\n","Outputs some database query information on page load for logged in admins. Output is located as an html comment in the footer and also in the console.",10,4228,46,3,"2013-08-26T04:01:00.000Z","3.6.1","3.2","",[88,18,19,22,89],"admin","queries","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatabase-performance-monitor.zip",85,{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":79,"downloaded":100,"rating":25,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":86,"tags":105,"homepage":108,"download_link":109,"security_score":91,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"debug-bar-query-count-alert","Debug Bar Query Count Alert","0.1","Matthew Boynes","https:\u002F\u002Fprofiles.wordpress.org\u002Fmboynes\u002F","\u003Cp>Replaces the default text in the Debug Bar button (which is “Debug Bar” by default in English) with the page’s query count and total sql time. The button will be red if there were more than 200 queries or they took more than 1 second to run, and orange if the page required more than 100 queries or took more than 0.5 seconds to run.\u003C\u002Fp>\n\u003Cp>Requires the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-bar-console\u002F\" rel=\"ugc\">Debug Bar plugin\u003C\u002Fa> and for the constant \u003Ccode>SAVEQUERIES\u003C\u002Fcode> to be true.\u003C\u002Fp>\n\u003Cp>Inspired by the Admin Bar on WordPress.com VIP, which offers similar functionality.\u003C\u002Fp>\n","A simple add-on for the Debug Bar plugin to replace the button text with the database query count and time.",3499,2,"2014-02-02T19:02:00.000Z","3.7.41","3.1",[19,106,20,107,22],"debug-bar","mysql","https:\u002F\u002Fgithub.com\u002Fmboynes\u002Fdebug-bar-query-count-alert","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdebug-bar-query-count-alert.0.1.zip",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":11,"downloaded":118,"rating":11,"num_ratings":11,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":16,"tags":122,"homepage":126,"download_link":127,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"cron-error-silence","Cron Error Silence","1.0.2","Pierre Stephan","https:\u002F\u002Fprofiles.wordpress.org\u002Fpierrestephan\u002F","\u003Cp>\u003Cstrong>Tired of “undefined index” or “could_not_set” warnings in your debug.log file?\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Cstrong>Cron Error Silence\u003C\u002Fstrong> is a lightweight, zero-impact WordPress plugin that automatically suppresses non-critical cron-related PHP warnings while keeping all scheduled tasks running perfectly.\u003C\u002Fp>\n\u003Cp>Ideal for developers, staging environments, or performance-focused admins who want readable logs without breaking functionality.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>🔇 Suppresses “Undefined array key” cron warnings\u003C\u002Fli>\n\u003Cli>🛡️ Prevents “could_not_set” cron errors from cluttering logs\u003C\u002Fli>\n\u003Cli>💯 Keeps WordPress cron system fully functional\u003C\u002Fli>\n\u003Cli>✨ No performance loss\u003C\u002Fli>\n\u003Cli>⚙️ Works alongside caching and optimization plugins\u003C\u002Fli>\n\u003Cli>✅ Fully automatic and safe to use\u003C\u002Fli>\n\u003C\u002Ful>\n","Silence noisy WordPress cron-related error messages and clean up your debug logs – without affecting core functionality.",310,"2025-06-21T16:16:00.000Z","6.8.5","5.0",[123,124,125,21,22],"cron","debugging","errors","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcron-error-silence\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcron-error-silence.1.0.2.zip",{"attackSurface":129,"codeSignals":180,"taintFlows":213,"riskAssessment":273,"analyzedAt":280},{"hooks":130,"ajaxHandlers":152,"restRoutes":176,"shortcodes":177,"cronEvents":178,"entryPointCount":179,"unprotectedCount":179},[131,137,141,145,148],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","admin_enqueue_scripts","patchwing_enqueues","includes\u002Fclass-core.php",32,{"type":132,"name":138,"callback":139,"file":135,"line":140},"admin_init","patchwing_register_settings",34,{"type":132,"name":142,"callback":143,"file":135,"line":144},"admin_menu","patchwing_register_menu",36,{"type":132,"name":138,"callback":146,"file":135,"line":147},"patchwing_handle_actions",45,{"type":132,"name":149,"callback":150,"file":151,"line":144},"plugins_loaded","closure","patchwing.php",[153,158,161,165,168,172],{"action":154,"nopriv":155,"callback":156,"hasNonce":155,"hasCapCheck":155,"file":135,"line":157},"patchwing_db_table_actions",false,"patchwing_handle_db_table_actions",39,{"action":159,"nopriv":155,"callback":160,"hasNonce":155,"hasCapCheck":155,"file":135,"line":62},"patchwing_refresh_system_info","patchwing_ajax_refresh_system_info",{"action":162,"nopriv":155,"callback":163,"hasNonce":155,"hasCapCheck":155,"file":135,"line":164},"patchwing_get_system_info_report","patchwing_ajax_system_info_report",41,{"action":166,"nopriv":155,"callback":166,"hasNonce":155,"hasCapCheck":155,"file":135,"line":167},"patchwing_export_system_info",42,{"action":169,"nopriv":155,"callback":170,"hasNonce":155,"hasCapCheck":155,"file":135,"line":171},"patchwing_performance_analyzer_refresh","patchwing_ajax_refresh_performance",43,{"action":173,"nopriv":155,"callback":174,"hasNonce":155,"hasCapCheck":155,"file":135,"line":175},"patchwing_performance_analyzer_clear","patchwing_ajax_clear_performance",44,[],[],[],6,{"dangerousFunctions":181,"sqlUsage":205,"outputEscaping":207,"fileOperations":82,"externalRequests":101,"nonceChecks":210,"capabilityChecks":211,"bundledLibraries":212},[182,187,190,193,196,199,202],{"fn":183,"file":184,"line":185,"context":186},"shell_exec","includes\u002Fclass-dashboard.php",547,"$result = shell_exec($command . ' 2>\u002Fdev\u002Fnull');",{"fn":183,"file":184,"line":188,"context":189},564,"$psRes = shell_exec('powershell -Command \"Get-CimInstance Win32_OperatingSystem | Select-Object Tota",{"fn":183,"file":184,"line":191,"context":192},570,"$totalStr = shell_exec('wmic OS get TotalVisibleMemorySize \u002FValue');",{"fn":183,"file":184,"line":194,"context":195},571,"$freeStr  = shell_exec('wmic OS get FreePhysicalMemory \u002FValue');",{"fn":183,"file":184,"line":197,"context":198},601,"$freeOut = shell_exec('free -b'); \u002F\u002F -b for bytes",{"fn":183,"file":184,"line":200,"context":201},618,"$total = (int)shell_exec('\u002Fusr\u002Fsbin\u002Fsysctl -n hw.memsize');",{"fn":183,"file":184,"line":203,"context":204},619,"$vmStat = shell_exec('\u002Fusr\u002Fbin\u002Fvm_stat');",{"prepared":79,"raw":11,"locations":206},[],{"escaped":208,"rawEcho":11,"locations":209},257,[],8,11,[],[214,233,241,253,261],{"entryPoint":215,"graph":216,"unsanitizedCount":11,"severity":232},"patchwing_render_system_info (includes\u002Fclass-dashboard.php:109)",{"nodes":217,"edges":229},[218,223],{"id":219,"type":220,"label":221,"file":184,"line":222},"n0","source","$_SERVER (x2)",120,{"id":224,"type":225,"label":226,"file":184,"line":227,"wp_function":228},"n1","sink","echo() [XSS]",185,"echo",[230],{"from":219,"to":224,"sanitized":231},true,"low",{"entryPoint":234,"graph":235,"unsanitizedCount":11,"severity":232},"\u003Cclass-dashboard> (includes\u002Fclass-dashboard.php:0)",{"nodes":236,"edges":239},[237,238],{"id":219,"type":220,"label":221,"file":184,"line":222},{"id":224,"type":225,"label":226,"file":184,"line":227,"wp_function":228},[240],{"from":219,"to":224,"sanitized":231},{"entryPoint":242,"graph":243,"unsanitizedCount":11,"severity":232},"patchwing_render_db_page (includes\u002Fclass-db-tables.php:17)",{"nodes":244,"edges":251},[245,249],{"id":219,"type":220,"label":246,"file":247,"line":248},"$_GET (x2)","includes\u002Fclass-db-tables.php",29,{"id":224,"type":225,"label":226,"file":247,"line":250,"wp_function":228},95,[252],{"from":219,"to":224,"sanitized":231},{"entryPoint":254,"graph":255,"unsanitizedCount":11,"severity":232},"\u003Cclass-db-tables> (includes\u002Fclass-db-tables.php:0)",{"nodes":256,"edges":259},[257,258],{"id":219,"type":220,"label":246,"file":247,"line":248},{"id":224,"type":225,"label":226,"file":247,"line":250,"wp_function":228},[260],{"from":219,"to":224,"sanitized":231},{"entryPoint":262,"graph":263,"unsanitizedCount":11,"severity":232},"\u003Cclass-debug-log> (includes\u002Fclass-debug-log.php:0)",{"nodes":264,"edges":271},[265,269],{"id":219,"type":220,"label":266,"file":267,"line":268},"$_GET (x3)","includes\u002Fclass-debug-log.php",135,{"id":224,"type":225,"label":226,"file":267,"line":270,"wp_function":228},284,[272],{"from":219,"to":224,"sanitized":231},{"summary":274,"deductions":275},"The \"patchwing\" v1.0.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by using prepared statements for all SQL queries and properly escaping all output. The absence of known CVEs and a clean vulnerability history suggest a generally well-maintained codebase.  However, a significant concern arises from the \"attack surface\" analysis, which reveals 6 AJAX handlers with no authentication checks. This lack of authorization on all entry points presents a substantial risk, as any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure.\n\nWhile the taint analysis shows no critical or high-severity flows, the presence of 7 \"dangerous functions,\" specifically `shell_exec`, without any indication of sanitization or contextual usage is a red flag. If these functions are invoked with user-supplied input or in an insecure manner, they could lead to remote code execution. The plugin also has file operation capabilities, which, combined with the lack of authentication on AJAX handlers and the presence of dangerous functions, could create a potent attack vector if not carefully managed. In conclusion, while the plugin is strong in some areas like SQL and output handling, the critical vulnerability of unprotected AJAX endpoints and the potential misuse of `shell_exec` overshadow these strengths, demanding immediate attention.",[276,278],{"reason":277,"points":79},"AJAX handlers without authentication",{"reason":279,"points":210},"Presence of dangerous function shell_exec","2026-04-16T15:06:39.401Z",{"wat":282,"direct":301},{"assetPaths":283,"generatorPatterns":291,"scriptPaths":292,"versionParams":293},[284,285,286,287,288,289,290],"\u002Fwp-content\u002Fplugins\u002Fpatchwing\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fpatchwing\u002Fassets\u002Fjs\u002Fvendor\u002Fchart.min.js","\u002Fwp-content\u002Fplugins\u002Fpatchwing\u002Fassets\u002Fjs\u002Fvendor\u002Fjquery-3.7.0.min.js","\u002Fwp-content\u002Fplugins\u002Fpatchwing\u002Fassets\u002Fjs\u002Fpatchwing.js","\u002Fwp-content\u002Fplugins\u002Fpatchwing\u002Fassets\u002Fjs\u002Fperformance-analyzer.js","\u002Fwp-content\u002Fplugins\u002Fpatchwing\u002Fassets\u002Fjs\u002Fdebug-log.js","\u002Fwp-content\u002Fplugins\u002Fpatchwing\u002Fassets\u002Fjs\u002Fdb-tables.js",[],[285,286,287,288,289,290],[294,295,296,297,298,299,300],"patchwing\u002Fstyle.css?ver=","chart.min.js?ver=","jquery-3.7.0.min.js?ver=","patchwing.js?ver=","performance-analyzer.js?ver=","debug-log.js?ver=","db-tables.js?ver=",{"cssClasses":302,"htmlComments":306,"htmlAttributes":313,"restEndpoints":316,"jsGlobals":320,"shortcodeOutput":326},[303,304,305],"patchwing-settings-field","patchwing-performance-chart","patchwing-debug-log-wrapper",[307,308,309,310,311,312],"\u003C!-- Patchwing: Dashboard -->","\u003C!-- Patchwing: PHP Info -->","\u003C!-- Patchwing: Debug Log -->","\u003C!-- Patchwing: Database Tables -->","\u003C!-- Patchwing: Performance Analyzer -->","\u003C!-- Patchwing: Settings -->",[314,315],"data-patchwing-settings","data-patchwing-performance-data",[317,318,319],"\u002Fwp-json\u002Fpatchwing\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fpatchwing\u002Fv1\u002Fperformance-data","\u002Fwp-json\u002Fpatchwing\u002Fv1\u002Fdebug-log",[321,322,323,324,325],"patchwing_vars","patchwing_dashboard_data","patchwing_performance_analyzer_data","patchwing_debug_log_data","patchwing_db_tables_data",[],{"error":231,"url":328,"statusCode":329,"statusMessage":330,"message":330},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpatchwing\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":101,"versions":332},[333,338],{"version":6,"download_url":24,"svn_tag_url":334,"released_at":26,"has_diff":155,"diff_files_changed":335,"diff_lines":26,"trac_diff_url":336,"vulnerabilities":337,"is_current":231},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpatchwing\u002Ftags\u002F1.0.1\u002F",[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fpatchwing%2Ftags%2F1.0.0&new_path=%2Fpatchwing%2Ftags%2F1.0.1",[],{"version":57,"download_url":339,"svn_tag_url":340,"released_at":26,"has_diff":155,"diff_files_changed":341,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":342,"is_current":155},"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpatchwing.1.0.0.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpatchwing\u002Ftags\u002F1.0.0\u002F",[],[]]