[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fEJ2yLATH1O_aQo4GGCA0a2bi9zcTMkraiYmfdMi2U_A":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":141,"fingerprints":233},"permissions-security-audit","Permissions & Security Audit","1.2","Andrew Stewart","https:\u002F\u002Fprofiles.wordpress.org\u002Finnocow\u002F","\u003Cp>Permissions & Security Audit is a plugin that runs a series of tests to check common security issues with the following areas:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>File and folder permissions\u003C\u002Fli>\n\u003Cli>File and folder ownership\u003C\u002Fli>\n\u003Cli>WordPress configuration settings\u003C\u002Fli>\n\u003Cli>Apache\u002FPHP and hosting settings\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Although this plugin will flag potential issues; it will not resolve these items. You will need to manually resolve them, use the help of a plugin or contact an individual who has the experience to help.\u003C\u002Fp>\n\u003Cp>Ce plugin est disponible en français aussi.\u003C\u002Fp>\n","Permissions & Security Audit is a plugin that runs a series of tests to check common security issues with the following areas:",50,2161,40,1,"2021-03-04T20:36:00.000Z","5.7.15","5.2","5.4",[20,21,22,23,24],"file","folders","permission","permissions","security","https:\u002F\u002Finnocow.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpermissions-security-audit.1.2.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"innocow",2,30,84,"2026-04-04T21:16:40.660Z",[39,59,79,100,116],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":35,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"autochmod","AutoCHMOD","0.5.2","belinde","https:\u002F\u002Fprofiles.wordpress.org\u002Fbelinde\u002F","\u003Cp>Protect folders and files from unhautorized changes managing filesystem permissions. You can configure the permission mask for file and folders in “protected” and “writeable” status, and with a single click you can switch between them. When you enable writing a cron event is set and the protected status will be applied automatically after 10 minutes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please check carefully the configuration before enabling protection!\u003C\u002Fstrong> If the default permission mask isn’t correct for your server \u003Cstrong>WordPress will stop working\u003C\u002Fstrong>, and you’ll need to restore the correct permission manually.\u003C\u002Fp>\n\u003Cp>Pay attention: the suggested configuration is, obviously, only a suggestion: depending on various system configuration the detection could be suboptimal or erroneous.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>New in 0.5:\u003C\u002Fstrong> automatic updates should work regularly; the protection will disabled and re-enabled, hopefully without pain. But this feature is still experimental and I can’t debug it untill next minor release of WP.\u003C\u002Fp>\n","Protect folders and files from unhautorized changes managing filesystem permissions.",4696,60,3,"2014-04-17T08:20:00.000Z","3.9.40","3.1.0","",[55,56,21,23,24],"chmod","filesystem","http:\u002F\u002Fe2net.it?autochmod","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautochmod.0.5.2.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":53,"tags":74,"homepage":77,"download_link":78,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-file-permission-check","File Permissions & Size Check","1.0.4","wycks","https:\u002F\u002Fprofiles.wordpress.org\u002Fwycks\u002F","\u003Cp>Will add a little “x” next to any files\u002Ffolders set to 777, since this is inherently insecure. Checks all recursive folders that come with a default WordPress install.\u003C\u002Fp>\n\u003Cp>This plugin can be CPU intensive as it iterates over your whole folder\u002Ffile structure to gather statistics.\u003C\u002Fp>\n\u003Cp>Notes :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Checks root, wp-admin, wp-content, wp-includes and all sub folders\u003C\u002Fli>\n\u003Cli>Includes your plugin and theme folders\u003C\u002Fli>\n\u003Cli>Ignores images, text, CSS , and translation files\u003C\u002Fli>\n\u003Cli>Will exclude the cache folders since they contain to many files to scan.\u003C\u002Fli>\n\u003Cli>Requires PHP 5.1.2 or greater\u003C\u002Fli>\n\u003Cli>Please run this during low traffic.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>This plugin will not return accurate results under IIS or WAMP stack due to how windows handles file permissions.\u003C\u002Fstrong>\u003C\u002Fp>\n","Simple plugin that checks your WordPress install and shows your file permissions, size, and last modified date.",300,21094,96,4,"2013-03-13T04:06:00.000Z","3.5.2","2.8",[75,20,21,23,76],"check","size","http:\u002F\u002Fwww.wpsecure.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-file-permission-check.zip",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":70,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":53,"download_link":99,"security_score":89,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"folder-auditor","Guard Dog Security & Site Lock","6.6","WP Fix It - WordPress Experts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfixit\u002F","\u003Cp>\u003Cstrong>Guard Dog Security & Site Lock\u003C\u002Fstrong> helps WordPress administrators keep their installations clean and secure.\u003C\u002Fp>\n\u003Cp>Over time, it’s common for orphaned plugin or theme folders to build up in your wp-content directory. These stray folders may be the result of incomplete uninstallations, leftover files from updates, or abandoned code that was never fully removed. While they might seem harmless at first glance, they can create confusion, waste storage space, and in some cases pose a serious security risk.\u003C\u002Fp>\n\u003Cp>Hackers often exploit these forgotten folders by hiding backdoors or malicious scripts inside them, knowing that site owners rarely check for or even notice such files. An orphaned folder can act as an open invitation for unauthorized access, giving attackers a quiet place to operate undetected.\u003Cbr \u002F>\nBy identifying and removing these unused folders, you not only keep your WordPress installation clean and organized but also close off potential entry points that could otherwise be used to compromise your site. The Guard Dog Security plugin makes this process simple, scanning your directories to uncover anything that doesn’t belong and highlighting it for review before it becomes a problem.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>SITE LOCK – Only found here!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>One of the easiest ways for a hacked user to damage your site is by adding or changing the physical files that WordPress relies on. If attackers can place hidden scripts, modify plugin or theme files, or inject malicious code, they gain the power to compromise your entire site.\u003C\u002Fp>\n\u003Cp>The Site Lock feature in Guard Dog Security protects against this by allowing you to lock all folders and files in your installation and make them read-only. Once locked, no new files can be added, no existing files can be changed, and nothing can be removed. This ensures that the foundation of your WordPress site remains untouched, even if someone attempts to exploit vulnerabilities or gain access.\u003C\u002Fp>\n\u003Cp>When updates or changes are needed, you can unlock the system with a single action, perform your updates, and then reapply the lock. This simple but powerful safeguard gives you complete control over your site’s file structure and adds a layer of security that goes beyond what most WordPress plugins offer.\u003C\u002Fp>\n\u003Cp>This plugin scans the following directories:\u003Cbr \u002F>\n– WordPress Root (main installation folder)\u003Cbr \u002F>\n– wp-content Folder (wp-content\u002F)\u003Cbr \u002F>\n– Plugins Folder (wp-content\u002Fplugins\u002F)\u003Cbr \u002F>\n– Themes Folder (wp-content\u002Fthemes\u002F)\u003Cbr \u002F>\n– Uploads Folder (wp-content\u002Fuploads\u002F)\u003Cbr \u002F>\n– htaccess files\u003Cbr \u002F>\n– Database tables\u003C\u002Fp>\n\u003Cp>Guard Dog Security takes a disk-first approach. It crawls your entire WordPress installation and inventories every single file and folder, not just plugins and themes. Everything is presented in a clear interface where you can open items to view their contents, mark them to ignore, delete them if they are not needed, or download a copy for backup or investigation.\u003C\u002Fp>\n\u003Cp>Because it works directly from what is actually on disk, you are never limited by what WordPress shows in the admin. You can quickly spot unfamiliar files, tidy up leftovers from old plugins or themes, and pull down suspicious items for review, all without leaving the dashboard. It provides a fast and transparent way to see exactly what is on your server and take action immediately.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features\u003C\u002Fstrong>\u003Cbr \u002F>\n– Finds plugin folders not listed on the Plugins screen (hidden or orphaned)\u003Cbr \u002F>\nScans for plugin folders that exist in your WordPress installation but aren’t showing on the Plugins screen.\u003Cbr \u002F>\n– Detects missing plugin folders referenced by active or installed plugins\u003Cbr \u002F>\nIdentifies when active or installed plugins are missing their associated folders.\u003Cbr \u002F>\n– Lists top-level folders and files in key WordPress directories\u003Cbr \u002F>\nDisplays top-level files and folders within critical WordPress directories for easy auditing.\u003Cbr \u002F>\n– Fully lock all folders and files to make them read only\u003Cbr \u002F>\nLets you make all folders and files read-only for maximum protection.\u003Cbr \u002F>\n– Configure security headers\u003Cbr \u002F>\nAdds and manages HTTP security headers to harden your site against common threats.\u003Cbr \u002F>\n– Configure user security\u003Cbr \u002F>\nProvides settings to strengthen account and login security for WordPress users.\u003Cbr \u002F>\n– Infection scanner\u003Cbr \u002F>\nScan all site files to find any suspicious files\u003Cbr \u002F>\n– Zero configuration setup\u003Cbr \u002F>\nEnable scheduled scans to find any suspicious files and send you an email report\u003Cbr \u002F>\n– As many emails receipts as you like\u003Cbr \u002F>\nWorks right after install and activation—no complex setup required.\u003C\u002Fp>\n","Audit your site to keep WordPress clean and secure. Enable our one-of-a-kind SITE LOCK to give your site the ultimate security.",200,5148,100,"2026-02-25T13:08:00.000Z","6.9.4","5.0","7.4",[95,96,97,98],"easy-security","file-permissions","folder-permissions","site-lock","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffolder-auditor.6.6.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":89,"downloaded":108,"rating":89,"num_ratings":34,"last_updated":109,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":110,"homepage":114,"download_link":115,"security_score":89,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"reset-file-and-folder-permissions","Reset file and folder permissions","1.1.1","Prakhar Bhatia","https:\u002F\u002Fprofiles.wordpress.org\u002Fprakharb88\u002F","\u003Cp>Reset file and folder permissions is a powerful yet safe WordPress plugin designed to help administrators reset file and directory permissions to their recommended secure values, and optionally reset file\u002Ffolder ownership. This tool is particularly useful after site migrations, server changes, or when dealing with permission-related issues.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Dual Functionality\u003C\u002Fstrong>: Reset both permissions (0644\u002F0755) and ownership (user\u002Fgroup) in separate tabs\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ownership Management\u003C\u002Fstrong>: Change file and folder ownership to the correct web server user (VPS\u002Fdedicated servers)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Compatibility Check\u003C\u002Fstrong>: Automatically detects if ownership functions are available on your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Batch Processing\u003C\u002Fstrong>: Handles large directory structures efficiently with configurable batch sizes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time Progress\u003C\u002Fstrong>: Visual progress bar with detailed statistics during processing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Safety First\u003C\u002Fstrong>: Multiple security checks and confirmations before making changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Selective Processing\u003C\u002Fstrong>: Choose specific directories to process (entire site, wp-content, plugins, themes, or uploads)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Recommendations\u003C\u002Fstrong>: Automatically detects and recommends the correct owner\u002Fgroup for your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Error Handling\u003C\u002Fstrong>: Comprehensive error logging and reporting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Responsive Interface\u003C\u002Fstrong>: Works seamlessly on desktop and mobile devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Focused\u003C\u002Fstrong>: Only administrators can use this tool, with proper nonce verification\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Standard WordPress Permissions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Files (0644)\u003C\u002Fstrong>: Owner can read\u002Fwrite, group and others can read only\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Directories (0755)\u003C\u002Fstrong>: Owner can read\u002Fwrite\u002Fexecute, group and others can read\u002Fexecute\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>When to Use This Plugin\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>For Permission Reset:\u003C\u002Fstrong>\u003Cbr \u002F>\n* After migrating your WordPress site to a new server\u003Cbr \u002F>\n* When files have incorrect permissions causing functionality issues\u003Cbr \u002F>\n* For security hardening when permissions are too permissive\u003Cbr \u002F>\n* When troubleshooting file access problems\u003Cbr \u002F>\n* During routine maintenance to ensure proper permissions\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Ownership Reset:\u003C\u002Fstrong>\u003Cbr \u002F>\n* After migrating to a new server with a different web server user\u003Cbr \u002F>\n* When WordPress cannot write files or install plugins\u002Fthemes\u003Cbr \u002F>\n* After manually uploading files via FTP with incorrect ownership\u003Cbr \u002F>\n* When troubleshooting “permission denied” errors despite correct permissions\u003Cbr \u002F>\n* When switching hosting providers or server configurations\u003C\u002Fp>\n\u003Ch4>Safety Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Requires explicit confirmation before processing\u003C\u002Fli>\n\u003Cli>Batch processing prevents server timeouts\u003C\u002Fli>\n\u003Cli>Real-time progress monitoring\u003C\u002Fli>\n\u003Cli>Comprehensive error logging\u003C\u002Fli>\n\u003Cli>Restricted to administrators only\u003C\u002Fli>\n\u003Cli>Path validation to prevent processing outside WordPress directory\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports:\u003Cbr \u002F>\n* Email: prakhar@nandann.com\u003Cbr \u002F>\n* Website: https:\u002F\u002Fnandann.com\u003Cbr \u002F>\n* Subject: WordPress Development Help Request\u003C\u002Fp>\n\u003Cp>Professional WordPress development and troubleshooting services available. Expert solutions for complex WordPress challenges including custom development, site migrations, security audits, and performance optimization.\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cp>This plugin is developed with security and reliability in mind. All user inputs are sanitized, permissions are validated, and operations are logged for transparency.\u003C\u002Fp>\n\u003Ch4>Technical Details\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Uses WordPress native functions and hooks\u003C\u002Fli>\n\u003Cli>Implements proper AJAX handling with nonce verification\u003C\u002Fli>\n\u003Cli>Follows WordPress coding standards\u003C\u002Fli>\n\u003Cli>Includes comprehensive error handling\u003C\u002Fli>\n\u003Cli>Responsive design using WordPress admin styles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin does not collect, store, or transmit any personal data. All operations are performed locally on your server, and no data is sent to external services.\u003C\u002Fp>\n\u003Ch3>About the Developer\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Prakhar Bhatia\u003C\u002Fstrong> is a professional WordPress developer and troubleshooter with extensive experience in:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>WordPress Troubleshooting\u003C\u002Fstrong>: Expert diagnosis and resolution of complex WordPress issues, performance optimization, and security hardening\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Development\u003C\u002Fstrong>: Bespoke WordPress plugins, themes, and custom functionality tailored to specific business needs  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Site Migration & Hosting\u003C\u002Fstrong>: Seamless website migrations, hosting optimization, and server configuration for peak performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security & Maintenance\u003C\u002Fstrong>: Comprehensive security audits, malware removal, and ongoing maintenance to keep sites secure\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Nandann Creative Agency\u003C\u002Fstrong> specializes in WordPress development solutions for businesses of all sizes.\u003C\u002Fp>\n\u003Cp>Contact: prakhar@nandann.com | Website: https:\u002F\u002Fnandann.com\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Built with security and usability in mind, following WordPress development best practices. Developed by Prakhar Bhatia at Nandann Creative Agency.\u003C\u002Fp>\n","A WordPress plugin to reset file permissions to 0644, directory permissions to 0755, and file\u002Ffolder ownership for security and maintenance purposes.",1057,"2025-12-07T02:56:00.000Z",[111,112,113,23,24],"directories","files","maintenance","https:\u002F\u002Fnandann.com\u002Fcontact","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freset-file-and-folder-permissions.1.1.1.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":126,"num_ratings":127,"last_updated":128,"tested_up_to":91,"requires_at_least":129,"requires_php":130,"tags":131,"homepage":136,"download_link":137,"security_score":138,"vuln_count":139,"unpatched_count":28,"last_vuln_date":140,"fetched_at":30},"wpfront-user-role-editor","WPFront User Role Editor","4.2.4","Syam Mohan","https:\u002F\u002Fprofiles.wordpress.org\u002Fsyammohanm\u002F","\u003Cp>WPFront User Role Editor plugin allows you to easily manage WordPress user roles within your site.\u003Cbr \u002F>\nYou can create, edit or delete user roles and manage role capabilities.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Create new roles.\u003C\u002Fli>\n\u003Cli>Edit or rename existing roles.\u003C\u002Fli>\n\u003Cli>Clone existing roles.\u003C\u002Fli>\n\u003Cli>Manage capabilities.\u003C\u002Fli>\n\u003Cli>Allows you to add role capabilities.\u003C\u002Fli>\n\u003Cli>Change default user role.\u003C\u002Fli>\n\u003Cli>Add or Remove capabilities.\u003C\u002Fli>\n\u003Cli>Restore role.\u003C\u002Fli>\n\u003Cli>Assign multiple roles.\u003C\u002Fli>\n\u003Cli>Migrate users.\u003C\u002Fli>\n\u003Cli>Navigation menu permissions basic.\u003C\u002Fli>\n\u003Cli>Widget permissions basic.\u003C\u002Fli>\n\u003Cli>Login redirect basic.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmenu-editor\u002F\" rel=\"nofollow ugc\">Admin menu editor.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmedia-attachment-file-permissions\u002F\" rel=\"nofollow ugc\">Media library permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fuser-level-permissions\u002F\" rel=\"nofollow ugc\">User level permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fnavigation-menu-permissions\u002F\" rel=\"nofollow ugc\">Navigation menu permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fwidget-permissions\u002F\" rel=\"nofollow ugc\">Widget permissions advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Flogin-redirect\u002F\" rel=\"nofollow ugc\">Login redirect advanced.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fposts-pages-extended-permissions\u002F\" rel=\"nofollow ugc\">Post\u002FPage extended permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcustom-post-type-permissions\u002F\" rel=\"nofollow ugc\">Custom post type permissions.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fcontent-restriction-shortcodes\u002F\" rel=\"nofollow ugc\">Content restriction shortcodes.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fexport-roles\u002F\" rel=\"nofollow ugc\">Import\u002FExport.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002Fmultisite-sync-roles\u002F\" rel=\"nofollow ugc\">Multisite support.\u003C\u002Fa> [PRO]\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Compare \u003Ca href=\"https:\u002F\u002Fwpfront.com\u002Fppro\" rel=\"nofollow ugc\">User Role Editor Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Spanish tutorial\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FYRZdWH-uukI?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","Easily allows you to manage WordPress user roles. You can create, edit, delete and manage capabilities, also copy existing roles.",30000,962618,90,65,"2025-12-02T16:53:00.000Z","5.1","7.0",[132,133,24,134,135],"capability-manager","role-editor","user-access","user-permissions","http:\u002F\u002Fwpfront.com\u002Fuser-role-editor-pro\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpfront-user-role-editor.4.2.4.zip",94,5,"2025-09-26 00:00:00",{"attackSurface":142,"codeSignals":182,"taintFlows":225,"riskAssessment":226,"analyzedAt":232},{"hooks":143,"ajaxHandlers":178,"restRoutes":179,"shortcodes":180,"cronEvents":181,"entryPointCount":28,"unprotectedCount":28},[144,150,154,158,162,165,168,171,175],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","admin_menu","hook_admin_menu","src\\security_audit.php",126,{"type":145,"name":151,"callback":152,"file":148,"line":153},"admin_enqueue_scripts","hook_admin_enqueue_scripts",131,{"type":145,"name":155,"callback":156,"priority":89,"file":148,"line":157},"init","hook_init_load_translations",136,{"type":145,"name":159,"callback":160,"file":148,"line":161},"rest_api_init","entities_permissions",144,{"type":145,"name":159,"callback":163,"file":148,"line":164},"entities_ownership",149,{"type":145,"name":159,"callback":166,"file":148,"line":167},"entities_folders",154,{"type":145,"name":159,"callback":169,"file":148,"line":170},"server_process_details",160,{"type":145,"name":159,"callback":172,"priority":173,"file":148,"line":174},"configuration_wp",10,165,{"type":145,"name":159,"callback":176,"priority":173,"file":148,"line":177},"configuration_sys",171,[],[],[],[],{"dangerousFunctions":183,"sqlUsage":184,"outputEscaping":186,"fileOperations":14,"externalRequests":28,"nonceChecks":28,"capabilityChecks":14,"bundledLibraries":224},[],{"prepared":28,"raw":28,"locations":185},[],{"escaped":28,"rawEcho":187,"locations":188},15,[189,193,195,197,199,201,203,205,208,210,213,214,217,219,222],{"file":190,"line":191,"context":192},"src\\views\\loader.php",92,"raw output",{"file":190,"line":194,"context":192},99,{"file":190,"line":196,"context":192},106,{"file":190,"line":198,"context":192},113,{"file":190,"line":200,"context":192},120,{"file":202,"line":13,"context":192},"src\\views\\pages\\about.php",{"file":202,"line":204,"context":192},122,{"file":206,"line":207,"context":192},"src\\views\\pages\\ownership.php",223,{"file":206,"line":209,"context":192},307,{"file":211,"line":212,"context":192},"src\\views\\pages\\permission.php",190,{"file":211,"line":67,"context":192},{"file":215,"line":216,"context":192},"src\\views\\pages\\sys_configuration.php",321,{"file":215,"line":218,"context":192},390,{"file":220,"line":221,"context":192},"src\\views\\pages\\wp_configuration.php",444,{"file":220,"line":223,"context":192},514,[],[],{"summary":227,"deductions":228},"The \"permissions-security-audit\" v1.2 plugin presents a generally positive security posture, with no known vulnerabilities or exploitable attack surface points identified in the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with improper authentication or authorization checks is a significant strength. Furthermore, the plugin exclusively uses prepared statements for SQL queries and shows a clean history of CVEs, indicating a commitment to secure coding practices.\n\nHowever, the static analysis reveals a critical concern regarding output escaping, with 0% of the 15 identified outputs being properly escaped. This indicates a high risk of cross-site scripting (XSS) vulnerabilities if any user-supplied data is reflected directly in the output without proper sanitization. While the plugin demonstrates strong practices in other areas, this lack of output escaping represents a significant weakness that could be exploited by attackers to inject malicious scripts into the website.\n\nGiven the clean vulnerability history and controlled attack surface, the overall risk is moderate, leaning towards low, primarily due to the identified output escaping issue. The plugin's strengths in preventing unauthorized access and securing database interactions are commendable. However, the unescaped output is a severe oversight that must be addressed to mitigate the risk of XSS attacks. Future development should prioritize addressing this gap in output sanitization.",[229],{"reason":230,"points":231},"No output escaping detected",8,"2026-03-16T22:03:02.424Z",{"wat":234,"direct":243},{"assetPaths":235,"generatorPatterns":238,"scriptPaths":239,"versionParams":240},[236,237],"\u002Fwp-content\u002Fplugins\u002Fpermissions-security-audit\u002Fviews\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fpermissions-security-audit\u002Fviews\u002Fjs\u002Ficwpsecurityauditadmin.js",[],[237],[241,242],"plugins\u002Fpermissions-security-audit\u002Fviews\u002Fcss\u002Fadmin.css?ver=","plugins\u002Fpermissions-security-audit\u002Fviews\u002Fjs\u002Ficwpsecurityauditadmin.js?ver=",{"cssClasses":244,"htmlComments":245,"htmlAttributes":246,"restEndpoints":247,"jsGlobals":254,"shortcodeOutput":255},[],[],[],[248,249,250,251,252,253],"\u002Fwp-json\u002Finnocow-wp-security-audit\u002Fv1\u002Fentities\u002Fpermissions","\u002Fwp-json\u002Finnocow-wp-security-audit\u002Fv1\u002Fentities\u002Fownership","\u002Fwp-json\u002Finnocow-wp-security-audit\u002Fv1\u002Fentities\u002Ffolders","\u002Fwp-json\u002Finnocow-wp-security-audit\u002Fv1\u002Fserver\u002Fprocess\u002Fdetails","\u002Fwp-json\u002Finnocow-wp-security-audit\u002Fv1\u002Fconfiguration\u002Fwp","\u002Fwp-json\u002Finnocow-wp-security-audit\u002Fv1\u002Fconfiguration\u002Fsys",[],[]]