[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyUvwJ-zB8OdqlRpZ-2rlUaDAYQRXz3E2cIkDPhFB1Q8":3,"$fv7iCfmhLeqA5qZANDprttiBQdkiyMlKdwx2gmrTPLFc":253,"$fLyP5GFLVBQxtL4NUng2hlzDuSTWNCHDqMohtmfXiYtk":258},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":135,"fingerprints":236},"pf-secure-toolkit","PF Secure Toolkit","1.0.0","Poet Farmer","https:\u002F\u002Fprofiles.wordpress.org\u002Fpoetfarmer\u002F","\u003Cp>PF Secure Toolkit helps you secure your site by turning off WordPress components you may not need or want exposed.\u003C\u002Fp>\n\u003Cp>Features include:\u003Cbr \u002F>\n* Disable Author Archives (301 redirect + remove users sitemap).\u003Cbr \u002F>\n* Disable Comments site-wide (removes UI, blocks REST, hides existing).\u003Cbr \u002F>\n* Disable WP Emojis (scripts, styles, TinyMCE, email\u002FRSS, CDN prefetch).\u003Cbr \u002F>\n* Disable XML-RPC (removes headers, blocks pingback methods).\u003Cbr \u002F>\n* Quick toggle settings in the admin panel.\u003C\u002Fp>\n","PF Secure Toolkit is a lightweight, modular plugin to harden WordPress by disabling unnecessary features.",0,297,"2025-08-27T10:54:00.000Z","6.8.5","5.6","7.4",[18,19,20,21,22],"comments","emojis","hardening","security","xml-rpc","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpf-secure-toolkit.1.0.0.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"poetfarmer",1,30,94,"2026-05-20T02:55:02.034Z",[37,60,78,101,119],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":23,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"manage-xml-rpc","Manage XML-RPC","1.0.2","brainvireinfo","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrainvireinfo\u002F","\u003Cp>You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Block XML-RPC by following way.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable pingback.ping, pingback.extensions.getPingbacks and Unset X-Pingback from HTTP headers, that will block bots to access specified method.\u003C\u002Fli>\n\u003Cli>Disable\u002FBlock XML-RPC for all users.\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable\u002FDisable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.",6000,64423,60,4,"2024-12-02T07:10:00.000Z","6.7.5","4.0",[53,54,21,55,56],"block-xml-rpc","brute-force-attacks","xml-rpc-pingback","xmlrpc-php-attack","http:\u002F\u002Fwww.brainvire.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-xml-rpc.1.0.2.zip",92,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":25,"num_ratings":70,"last_updated":71,"tested_up_to":14,"requires_at_least":15,"requires_php":23,"tags":72,"homepage":76,"download_link":77,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"netsensai-shield","NETSENSAI Shield","1.4.9","Rafal Gierlicki","https:\u002F\u002Fprofiles.wordpress.org\u002Frgierlicki\u002F","\u003Cp>NETSENSAI Shield offers a range of security features, including:\u003C\u002Fp>\n\u003Cp>Changing the login URL to reduce brute force attack risks.\u003C\u002Fp>\n\u003Cp>Disabling the REST API (WP API JSON) for non-logged-in users.\u003C\u002Fp>\n\u003Cp>Disabling XML-RPC to prevent unauthorized access.\u003C\u002Fp>\n\u003Cp>Disabling the WordPress file editor to avoid accidental or malicious changes.\u003C\u002Fp>\n\u003Cp>Disabling Application Passwords to block unauthorized API access.\u003C\u002Fp>\n\u003Cp>Applying advanced HTTP security headers (e.g., HSTS, X-Frame-Options, Content-Security-Policy).\u003C\u002Fp>\n\u003Cp>Integration with W3 Total Cache:\u003C\u002Fp>\n\u003Cp>Permanently disable .htaccess writes by W3TC\u003C\u002Fp>\n\u003Cp>Runtime disabling of Page Cache UI\u003C\u002Fp>\n\u003Cp>One-time full cache flush on first admin page load\u003C\u002Fp>\n\u003Cp>Automatic cache flush on Secure Options save\u003C\u002Fp>\n\u003Cp>Physical cleanup and permanent disable via the W3TC API\u003C\u002Fp>\n\u003Cp>Suppression of Site Health REST API availability notices for non-logged-in users (removes false Site Health errors while maintaining full API blocking).\u003C\u002Fp>\n\u003Cp>In addition, the plugin provides helpful user feedback:\u003C\u002Fp>\n\u003Cp>Email notifications when the login URL changes – sends a localized HTML email (Polish or English) with your old and new login links, change date and the plugin logo, so you remember to update your bookmarks.\u003C\u002Fp>\n\u003Cp>Admin popup when disabling the WP API JSON – displays a friendly modal warning that disabling the REST API may break plugins like WooCommerce or contact forms. The popup includes a purchase link to upgrade to the PRO version if you need this feature without losing functionality.\u003C\u002Fp>\n\u003Cp>Scoped styling – the custom colour for the “Save changes” button is now limited to the Secure Options page, so other admin pages keep the default WordPress look.\u003C\u002Fp>\n\u003Cp>Promotional banner assistant – notifies administrators of summer discount codes and NETSENSAI Shield PRO features.\u003C\u002Fp>\n\u003Cp>The free version provides both core and advanced Level 3 security functionalities. A PRO version offers extended support, additional features, and automatic protection enhancements.\u003C\u002Fp>\n","Hardens and protects your site by locking down login, REST API, XML‑RPC, file editor, and applying HTTP security headers.",1000,6232,5,"2025-10-14T20:18:00.000Z",[73,20,74,21,75],"cybersecurity","protection","wordpress-security","https:\u002F\u002Fwww.netsensai.pl\u002Fstore\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnetsensai-shield.1.4.9.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":68,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":99,"download_link":100,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"no-nonsense","No Nonsense","3.6.5","Room 34 Creative Services, LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Froom34\u002F","\u003Cp>For professional developers working with WordPress, the first steps in any new build frequently involve deleting default content and turning off built-in settings. This plugin encapsulates many of those tasks on a single, clean configuration screen.\u003C\u002Fp>\n","The fastest, cleanest way to get rid of the parts of WordPress you don't need.",40600,90,6,"2026-01-06T19:06:00.000Z","6.9.4","4.9","7.0",[94,95,96,97,98],"remove-comments","remove-emoji","remove-howdy","remove-wordpress-logo","remove-xml-rpc","https:\u002F\u002Fnononsensewp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-nonsense.3.6.5.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":68,"downloaded":109,"rating":25,"num_ratings":70,"last_updated":110,"tested_up_to":14,"requires_at_least":111,"requires_php":16,"tags":112,"homepage":117,"download_link":118,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"simple-disable-xml-rpc","Simple Disable XML-RPC | Reduce Brute Force & DDOS Attacks","1.4.0","Delower Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F","\u003Cp>\u003Cstrong>Simple Disable XML-RPC\u003C\u002Fstrong> is a lightweight, powerful WordPress plugin that gives you complete control over your site’s XML-RPC functionality. Protect your WordPress site from brute force attacks, DDoS attempts, and other XML-RPC security vulnerabilities with just one click.\u003C\u002Fp>\n\u003Ch3>🔒 Why Disable XML-RPC?\u003C\u002Fh3>\n\u003Cp>XML-RPC is a remote communication protocol that allows external applications to interact with your WordPress site. While useful for some services, it’s frequently exploited by attackers for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Brute Force Attacks\u003C\u002Fstrong> – Automated password guessing attempts\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DDoS Attacks\u003C\u002Fstrong> – Overwhelming your server with requests\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Resource Exhaustion\u003C\u002Fstrong> – Slowing down your website\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pingback Vulnerabilities\u003C\u002Fstrong> – Exploiting pingback features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>✨ Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>🎯 One-Click Control\u003C\u002Fstrong> – Modern toggle switch interface (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔐 Enhanced Security\u003C\u002Fstrong> – Block XML-RPC attacks instantly\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚡ Improved Performance\u003C\u002Fstrong> – Reduce server load and resource usage\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🎨 Beautiful Admin Interface\u003C\u002Fstrong> – Clean, modern card-based design (NEW in v1.4.0)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🌐 Translation Ready\u003C\u002Fstrong> – Fully internationalized and translation-ready\u003C\u002Fli>\n\u003Cli>\u003Cstrong>📱 Mobile Responsive\u003C\u002Fstrong> – Settings page works perfectly on all devices\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🧹 Clean Uninstall\u003C\u002Fstrong> – Removes all data when uninstalled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>⚙️ Developer Friendly\u003C\u002Fstrong> – Well-coded, follows WordPress standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>🔄 Regular Updates\u003C\u002Fstrong> – Actively maintained and tested with latest WordPress versions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>💯 Lightweight\u003C\u002Fstrong> – No bloat, minimal impact on your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🆕 What’s New in Version 1.4.0\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>✅ Modern toggle switch replaces old checkbox\u003C\u002Fli>\n\u003Cli>✅ Beautiful card-based admin interface\u003C\u002Fli>\n\u003Cli>✅ Enhanced security with proper sanitization\u003C\u002Fli>\n\u003Cli>✅ Better code organization (OOP approach)\u003C\u002Fli>\n\u003Cli>✅ Improved accessibility and UX\u003C\u002Fli>\n\u003Cli>✅ Removes X-Pingback header when disabled\u003C\u002Fli>\n\u003Cli>✅ Fixed activation redirect for bulk installations\u003C\u002Fli>\n\u003Cli>✅ Better mobile responsive design\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🎯 Perfect For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Security-focused website owners\u003C\u002Fli>\n\u003Cli>Sites that don’t use mobile apps or remote publishing\u003C\u002Fli>\n\u003Cli>Sites experiencing XML-RPC attacks\u003C\u002Fli>\n\u003Cli>Performance-conscious administrators\u003C\u002Fli>\n\u003Cli>Anyone wanting better control over WordPress features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>🔧 How It Works\u003C\u002Fh3>\n\u003Cp>This plugin uses the native WordPress \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> filter to safely disable XML-RPC without modifying core files. Simply activate the plugin, toggle the switch on the settings page, and you’re protected!\u003C\u002Fp>\n\u003Ch3>⚠️ Important Note\u003C\u002Fh3>\n\u003Cp>Disabling XML-RPC may affect:\u003Cbr \u002F>\n* WordPress mobile apps\u003Cbr \u002F>\n* Jetpack (some features)\u003Cbr \u002F>\n* Remote publishing tools\u003Cbr \u002F>\n* Pingbacks and trackbacks\u003Cbr \u002F>\n* Third-party services that rely on XML-RPC\u003C\u002Fp>\n\u003Cp>Only disable XML-RPC if you don’t use these features.\u003C\u002Fp>\n\u003Ch3>🤝 Contributing & Bug Reports\u003C\u002Fh3>\n\u003Cp>Bug reports and pull requests are welcome on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>. Help us make this plugin better!\u003C\u002Fp>\n\u003Ch3>💝 Support the Development\u003C\u002Fh3>\n\u003Cp>If you find this plugin helpful, please consider:\u003Cbr \u002F>\n* ⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rating it 5 stars\u003C\u002Fa>\u003Cbr \u002F>\n* 🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Reporting bugs\u003C\u002Fa>\u003Cbr \u002F>\n* 💬 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Suggesting features\u003C\u002Fa>\u003Cbr \u002F>\n* ☕ \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\u002Fdonate\" rel=\"nofollow ugc\">Buying us a coffee\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Simple Disable XML-RPC does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Collect any user data\u003C\u002Fli>\n\u003Cli>Store any personal information\u003C\u002Fli>\n\u003Cli>Make external API calls\u003C\u002Fli>\n\u003Cli>Use cookies or tracking\u003C\u002Fli>\n\u003Cli>Send data to third parties\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin only stores one setting in your WordPress database: whether XML-RPC is enabled or disabled.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? We’re here for you!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>📖 \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>🐛 \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress-Satkhira-Community\u002Fsimple-disable-xml-rpc\u002Fissues\" rel=\"nofollow ugc\">Report Bugs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>⭐ \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-disable-xml-rpc\u002Freviews\u002F\" rel=\"ugc\">Rate Plugin\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed with ❤️ by \u003Ca href=\"https:\u002F\u002Fwww.wpsatkhira.com\" rel=\"nofollow ugc\">WordPress Satkhira Community\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contributors:\u003C\u002Fstrong>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdelower\u002F\" rel=\"nofollow ugc\">wpdelower\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmonarchwp23\u002F\" rel=\"nofollow ugc\">monarchwp23\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Special thanks to all our users and contributors who help make this plugin better!\u003C\u002Fp>\n","Simply disable XML-RPC on your WordPress site with a simple toggle switch. Protect your site from XML-RPC attacks and improve security.",8887,"2025-11-09T02:27:00.000Z","6.1",[113,114,75,115,116],"disable-xml","disable-xml-rpc","xml","xmlrpc","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-disable-xml-rpc\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-disable-xml-rpc.1.4.0.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":68,"downloaded":127,"rating":25,"num_ratings":128,"last_updated":129,"tested_up_to":92,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":133,"download_link":134,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wee-remove-xmlrpc-methods","Remove XML-RPC Methods","1.4.2","Walter Ebert","https:\u002F\u002Fprofiles.wordpress.org\u002Fwalterebert\u002F","\u003Cp>Removes all WordPress methods from the XML-RPC API to increase security. It does more than just using the \u003Ccode>xmlrpc_enabled\u003C\u002Fcode> hook, because that is only used “To disable XML-RPC methods that require authentication”.\u003C\u002Fp>\n\u003Cp>Activating this plugin will also disable pingbacks, trackbacks, and Really Simple Discovery (RSD), because these rely on XML-RPC.\u003C\u002Fp>\n\u003Cp>It works with any webserver, because it does not use the .htaccess file.\u003C\u002Fp>\n\u003Ch4>Testing the plugin\u003C\u002Fh4>\n\u003Cp>From the command line you can test if the plugin is working correctly using \u003Ca href=\"https:\u002F\u002Fcurl.haxx.se\u002F\" rel=\"nofollow ugc\">curl\u003C\u002Fa>. Replace the \u003Ccode>example.com\u003C\u002Fcode> link to match your website:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>curl -d '\u003C?xml version=\"1.0\"?>\u003CmethodCall>\u003CmethodName>system.listMethods\u003C\u002FmethodName>\u003Cparams>\u003Cparam>\u003Cvalue>\u003Cstring\u002F>\u003C\u002Fvalue>\u003C\u002Fparam>\u003C\u002Fparams>\u003C\u002FmethodCall>' https:\u002F\u002Fexample.com\u002Fxmlrpc.php\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This should only return the following methods:\u003Cbr \u002F>\n– \u003Ccode>system.multicall\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>system.listMethods\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>system.getCapabilities\u003C\u002Fcode>\u003C\u002Fp>\n","Remove all WordPress methods from the XML-RPC API to increase security.",13044,2,"2026-03-26T18:16:00.000Z","4.6","5.4.0",[21,22,116],"https:\u002F\u002Fgitlab.com\u002Fwalterebert\u002Fwee-remove-xmlrpc-methods","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwee-remove-xmlrpc-methods.1.4.2.zip",{"attackSurface":136,"codeSignals":223,"taintFlows":231,"riskAssessment":232,"analyzedAt":235},{"hooks":137,"ajaxHandlers":219,"restRoutes":220,"shortcodes":221,"cronEvents":222,"entryPointCount":11,"unprotectedCount":11},[138,143,146,150,155,158,161,165,168,171,176,179,183,185,189,192,195,198,202,204,207,211,213,216],{"type":139,"name":140,"callback":141,"file":142,"line":88},"action","admin_menu","closure","admin\u002Fsettings.php",{"type":139,"name":144,"callback":141,"file":142,"line":145},"admin_init",16,{"type":139,"name":147,"callback":141,"file":148,"line":149},"template_redirect","modules\u002Fauthors.php",15,{"type":151,"name":152,"callback":153,"file":148,"line":154},"filter","get_the_author_link","__return_empty_string",25,{"type":151,"name":156,"callback":153,"file":148,"line":157},"author_link",26,{"type":151,"name":159,"callback":153,"file":148,"line":160},"the_author",27,{"type":151,"name":162,"callback":141,"priority":163,"file":148,"line":164},"wp_sitemaps_add_provider",10,33,{"type":151,"name":166,"callback":141,"file":148,"line":167},"rest_endpoints",41,{"type":139,"name":144,"callback":141,"file":169,"line":170},"modules\u002Fcomments.php",14,{"type":151,"name":172,"callback":173,"priority":174,"file":169,"line":175},"comments_open","__return_false",20,35,{"type":151,"name":177,"callback":173,"priority":174,"file":169,"line":178},"pings_open",36,{"type":151,"name":180,"callback":181,"priority":163,"file":169,"line":182},"comments_array","__return_empty_array",37,{"type":139,"name":140,"callback":141,"file":169,"line":184},40,{"type":139,"name":186,"callback":141,"priority":187,"file":169,"line":188},"admin_bar_menu",999,43,{"type":151,"name":190,"callback":141,"file":169,"line":191},"pre_option_default_ping_status",48,{"type":151,"name":193,"callback":141,"file":169,"line":194},"pre_option_default_pingback_flag",49,{"type":151,"name":196,"callback":141,"file":169,"line":197},"pre_option_default_comment_status",50,{"type":151,"name":199,"callback":200,"file":169,"line":201},"pre_option_show_avatars","__return_zero",53,{"type":151,"name":166,"callback":141,"file":169,"line":203},58,{"type":151,"name":205,"callback":141,"priority":163,"file":169,"line":206},"rest_request_before_callbacks",71,{"type":139,"name":208,"callback":141,"file":209,"line":210},"init","modules\u002Femojis.php",11,{"type":151,"name":212,"callback":141,"file":209,"line":157},"tiny_mce_plugins",{"type":151,"name":214,"callback":173,"file":209,"line":215},"emoji_svg_url",31,{"type":151,"name":217,"callback":173,"file":218,"line":210},"xmlrpc_enabled","modules\u002Fxmlrpc.php",[],[],[],[],{"dangerousFunctions":224,"sqlUsage":225,"outputEscaping":227,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":32,"bundledLibraries":230},[],{"prepared":11,"raw":11,"locations":226},[],{"escaped":228,"rawEcho":11,"locations":229},7,[],[],[],{"summary":233,"deductions":234},"The \"pf-secure-toolkit\" plugin v1.0.0 exhibits an excellent security posture based on the provided static analysis and vulnerability history. The code demonstrates a strong adherence to security best practices, with no detected dangerous functions, file operations, or external HTTP requests. Crucially, all SQL queries are secured using prepared statements, and all output is properly escaped, mitigating risks of SQL injection and cross-site scripting (XSS) respectively. The plugin also has no recorded vulnerabilities (CVEs), indicating a history of stable and secure development.\n\nWhile the absence of critical vulnerabilities is highly positive, a minor area for consideration is the lack of observed nonce checks across its (zero) entry points. Although there are no entry points currently, if functionality were to be added in the future without implementing nonce checks, it could introduce a potential vulnerability. The capability check is present, which is a positive sign for access control.\n\nIn conclusion, \"pf-secure-toolkit\" v1.0.0 appears to be a very secure plugin with a robust development process reflected in its clean static analysis and vulnerability-free history. The primary recommendation would be to ensure that any future additions to the plugin's attack surface include appropriate nonce checks to maintain this high level of security.",[],"2026-04-16T13:35:54.385Z",{"wat":237,"direct":242},{"assetPaths":238,"generatorPatterns":239,"scriptPaths":240,"versionParams":241},[],[],[],[],{"cssClasses":243,"htmlComments":244,"htmlAttributes":245,"restEndpoints":246,"jsGlobals":251,"shortcodeOutput":252},[],[],[],[247,248,249,250],"\u002Fwp\u002Fv2\u002Fcomments","\u002Fwp\u002Fv2\u002Fcomments\u002F(?P\u003Cid>[\\d]+)","\u002Fwp\u002Fv2\u002Fcomment-meta","\u002Fwp\u002Fv2\u002Fcomment-meta\u002F(?P\u003Cid>[\\d]+)",[],[],{"error":254,"url":255,"statusCode":256,"statusMessage":257,"message":257},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fpf-secure-toolkit\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":32,"versions":259},[260],{"version":6,"download_url":24,"svn_tag_url":261,"released_at":26,"has_diff":262,"diff_files_changed":263,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":264,"is_current":254},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fpf-secure-toolkit\u002Ftags\u002F1.0.0\u002F",false,[],[]]