[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flyW3CumD87fBJogRznLWMWLSBt68GOzWtjLP-jp7zIw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":36,"analysis":144,"fingerprints":698},"pimi-admin-agent","Pimi Admin Agent","2.0.1","Himanshu Bhuyan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhimanshubhuyan0\u002F","\u003Cp>Pimi Admin Agent is a powerful WordPress assistant plugin that allows administrators to manage their WordPress site through commands. Built with safety and usability in mind, it provides a reliable, auditable, and scalable solution for WordPress administration.\u003C\u002Fp>\n\u003Cp>Instead of navigating through multiple WordPress admin screens, administrators can use commands to safely execute supported actions with full preview and confirmation.\u003C\u002Fp>\n\u003Cp>The plugin is designed with predictability, transparency, and safety as first-class principles.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Command Interface – Control your WordPress site using commands\u003C\u002Fli>\n\u003Cli>WordPress Core Management – Create, update, delete pages, posts, and users\u003C\u002Fli>\n\u003Cli>Media Library Operations – Upload, delete, and list media files\u003C\u002Fli>\n\u003Cli>Menus & Navigation – Create menus, add items, assign to locations\u003C\u002Fli>\n\u003Cli>Widgets Management – Add, remove, and list widgets in sidebars\u003C\u002Fli>\n\u003Cli>Elementor Integration – Create Elementor pages and assign templates\u003C\u002Fli>\n\u003Cli>Plugin Management – Install and update plugins (activation\u002Fdeactivation must be done manually through the Plugins page)\u003C\u002Fli>\n\u003Cli>Approval Queue – Automatic approval for high-risk commands\u003C\u002Fli>\n\u003Cli>Workflows – Multi-step command sequences\u003C\u002Fli>\n\u003Cli>Bulk Operations – Process multiple items at once\u003C\u002Fli>\n\u003Cli>CSV Import – Import products, pages, posts from CSV files\u003C\u002Fli>\n\u003Cli>Command Templates – Save and reuse commands\u003C\u002Fli>\n\u003Cli>Full Audit Log – Complete command history with timestamps\u003C\u002Fli>\n\u003Cli>Safety Features – No dangerous operations (wp-config editing, SQL execution, etc.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>What This Plugin Does NOT Do\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Does not activate or deactivate plugins (must be done manually through Plugins page)\u003C\u002Fli>\n\u003Cli>Does not delete plugins via command\u003C\u002Fli>\n\u003Cli>Does not change user passwords\u003C\u002Fli>\n\u003Cli>Does not create or update administrator users\u003C\u002Fli>\n\u003Cli>Does not edit wp-config.php\u003C\u002Fli>\n\u003Cli>Does not execute arbitrary SQL\u003C\u002Fli>\n\u003Cli>Does not edit core WordPress files\u003C\u002Fli>\n\u003Cli>Does not modify role capabilities\u003C\u002Fli>\n\u003Cli>Does not execute arbitrary or free-form commands\u003C\u002Fli>\n\u003Cli>Does not bypass WordPress permissions or plugin security\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Requirements\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 5.0 or higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 or higher\u003C\u002Fli>\n\u003Cli>MySQL 5.6 or higher\u003C\u002Fli>\n\u003Cli>Administrator privileges required\u003C\u002Fli>\n\u003Cli>Optional plugins (for specific features):\n\u003Cul>\n\u003Cli>Elementor (for Elementor features)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Automatic Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Go to Plugins \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Add New\u003C\u002Fli>\n\u003Cli>Search for “Pimi Admin Agent”\u003C\u002Fli>\n\u003Cli>Click “Install Now”\u003C\u002Fli>\n\u003Cli>Click “Activate”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Manual Installation\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Download the plugin ZIP file from your purchase\u003C\u002Fli>\n\u003Cli>Log in to your WordPress admin panel\u003C\u002Fli>\n\u003Cli>Navigate to Plugins > Add New\u003C\u002Fli>\n\u003Cli>Click “Upload Plugin”\u003C\u002Fli>\n\u003Cli>Choose the downloaded ZIP file\u003C\u002Fli>\n\u003Cli>Click “Install Now”\u003C\u002Fli>\n\u003Cli>Click “Activate”\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Navigate to \u003Cstrong>Pimi Admin Agent \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Assistant\u003C\u002Fstrong> in WordPress admin\u003C\u002Fli>\n\u003Cli>Enter a command\u003C\u002Fli>\n\u003Cli>Confirm the action (if required)\u003C\u002Fli>\n\u003Cli>Review the result in the activity log\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Example commands:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Create page [About Us] content [Welcome to our site]\u003Cbr \u002F>\n* Create post [Welcome Post] content [This is my first post]\u003Cbr \u002F>\n* Create user [email@example.com] role [editor]\u003Cbr \u002F>\n* Upload image [https:\u002F\u002Fexample.com\u002Fimage.jpg]\u003Cbr \u002F>\n* Create menu [Main Menu]\u003Cbr \u002F>\n* Add widget [text] to sidebar [sidebar-1]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Elementor:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Create Elementor page [Home]\u003Cbr \u002F>\n* Assign Elementor template [Homepage Template] to page [Home]\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugins:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Install plugin [contact-form-7]\u003Cbr \u002F>\n* Update plugin [contact-form-7]\u003Cbr \u002F>\n* Note: Plugin activation and deactivation must be done manually through the WordPress Plugins page\u003C\u002Fp>\n\u003Ch3>Security\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Administrator-only access (manage_options capability required)\u003C\u002Fli>\n\u003Cli>WordPress nonce validation on all AJAX requests\u003C\u002Fli>\n\u003Cli>Whitelisted actions only\u003C\u002Fli>\n\u003Cli>No dangerous operations (wp-config editing, SQL execution, etc.)\u003C\u002Fli>\n\u003Cli>Administrator user protection (cannot create\u002Fupdate\u002Fdelete admin users)\u003C\u002Fli>\n\u003Cli>Password changes disabled (use WordPress admin)\u003C\u002Fli>\n\u003Cli>Approval queue for high-risk commands (>50 items)\u003C\u002Fli>\n\u003Cli>Complete audit logging\u003C\u002Fli>\n\u003Cli>Role-based permissions\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage your WordPress site using simple commands. Create pages, posts, users, manage plugins, and more with commands.",0,92,"2026-01-14T05:34:00.000Z","6.9.4","6.7","7.4",[18,19,20,21],"admin-assistant","admin-tools","bulk-actions","productivity","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpimi-admin-agent","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpimi-admin-agent.2.0.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"himanshubhuyan0",2,10,93,30,89,"2026-04-04T07:14:33.001Z",[37,57,77,100,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":11,"num_ratings":11,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":55,"download_link":56,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"bulk-delete-product-images","Bulk Delete Product Images","1.0.0","Keramaros Antonios","https:\u002F\u002Fprofiles.wordpress.org\u002Fantoniskeramaros\u002F","\u003Cp>\u003Cstrong>Bulk Delete Product Images\u003C\u002Fstrong> is a lightweight WooCommerce admin tool that lets you quickly remove all product images — featured and gallery — for selected products using the built-in bulk actions menu.\u003C\u002Fp>\n\u003Cp>Perfect for store admins who need to clean up unused or outdated product images.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Adds a new bulk action \u003Cstrong>“Delete Images”\u003C\u002Fstrong> to the Products page.\u003Cbr \u002F>\n– Deletes both \u003Cstrong>featured image\u003C\u002Fstrong> and \u003Cstrong>gallery images\u003C\u002Fstrong> for selected products.\u003Cbr \u002F>\n– Works directly from the WordPress admin.\u003Cbr \u002F>\n– Does not affect other product data.\u003Cbr \u002F>\n– Displays a confirmation notice after deletion.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Example use case:\u003C\u002Fstrong>\u003Cbr \u002F>\nIf you imported products with incorrect or duplicate images, use this plugin to clean them up before uploading new ones.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Fkeramaros.gr\" rel=\"nofollow ugc\">Keramaros Antonios\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Adds a bulk action to delete featured and gallery images from selected WooCommerce products in one click.",20,173,"2025-11-18T18:36:00.000Z","6.8.5","5.0","7.2",[19,20,52,53,54],"delete-images","product-images","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbulk-delete-product-images.1.0.0.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":67,"num_ratings":68,"last_updated":69,"tested_up_to":14,"requires_at_least":70,"requires_php":16,"tags":71,"homepage":75,"download_link":76,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"the-paste","The Paste","2.1.4","podpirate","https:\u002F\u002Fprofiles.wordpress.org\u002Fpodpirate\u002F","\u003Cp>Speed up your workflow by pasting files and image data directly into the WordPress media library.\u003C\u002Fp>\n\u003Cp>You can copy files and image data from many desktop applications:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>macOS Finder\u003C\u002Fli>\n\u003Cli>Windows Filesystem\u003C\u002Fli>\n\u003Cli>Screenshots\u003C\u002Fli>\n\u003Cli>Adobe Photoshop\u003C\u002Fli>\n\u003Cli>Gimp\u003C\u002Fli>\n\u003Cli>LibreOffice\u003C\u002Fli>\n\u003Cli>GoogleDocs\u003C\u002Fli>\n\u003Cli>Adobe XD\u003C\u002Fli>\n\u003Cli>SVG from Adobe XD, Illustrator, Figma and Affinity Designer (\u003Cstrong>Note:\u003C\u002Fstrong> An additional plugin for SVG Support is required. My favorite: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsafe-svg\u002F\" rel=\"ugc\">Safe SVG\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmcguffin\u002Fthe-paste#applications-tested-so-far\" rel=\"nofollow ugc\">And some more…\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>… and paste it to Classic Editor or directly to the media library.\u003C\u002Fp>\n\u003Cp>The most recent Desktop versions of Chrome, Edge, Firefox and Safari are supported.\u003C\u002Fp>\n\u003Cp>Install \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsafe-svg\u002F\" rel=\"ugc\">Safe SVG\u003C\u002Fa> to enable SVG support.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmcguffin\u002Fthe-paste\" rel=\"nofollow ugc\">The paste at GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You like it? You can’t stop pasting? \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fdonate\u002F?hosted_button_id=F8NKC6TCASUXE\" rel=\"nofollow ugc\">Paste some cash with PayPal\u003C\u002Fa>!\u003C\u002Fp>\n\u003Ch3>Known Issues\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cem>Firefox\u003C\u002Fem> does not support pasting multiple files from the OS filesystem.\u003C\u002Fli>\n\u003Cli>\u003Cem>Safari\u003C\u002Fem> lacks the support to convert images to the webP format.\u003C\u002Fli>\n\u003Cli>Pasting in TinyMCE triggers a JavaScript error if \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Freal-media-library-lite\u002F\" rel=\"ugc\">Real Media Library\u003C\u002Fa> is active. Pasting in the media library is still working.\u003C\u002Fli>\n\u003Cli>\u003Cem>Edge\u003C\u002Fem> is working suspiciously well, which is very unusal in the Microsoft world and must be considered a bug.\u003C\u002Fli>\n\u003C\u002Ful>\n","Paste files and image data from clipboard and instantly upload them to the WordPress media library.",10000,99479,96,35,"2025-12-05T13:32:00.000Z","4.8",[72,73,74,21],"clipboard","copy-paste","media-library","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fthe-paste\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthe-paste.2.1.4.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":14,"requires_at_least":90,"requires_php":55,"tags":91,"homepage":96,"download_link":97,"security_score":98,"vuln_count":30,"unpatched_count":11,"last_vuln_date":99,"fetched_at":26},"publish-to-schedule","Publish to Schedule","4.5.8","alexbenfica","https:\u002F\u002Fprofiles.wordpress.org\u002Falexbenfica\u002F","\u003Cp>Looking for a way to streamline your WordPress blog post scheduling? Look no further than Publish to Schedule!\u003C\u002Fp>\n\u003Cp>Publish to Schedule is a powerful and flexible WordPress scheduling plugin that lets you automate your blog post publishing process. With just a few simple configurations, you can set up a schedule that works for you, ensuring that your content is consistently published on the days and times you choose.\u003C\u002Fp>\n\u003Cp>With the ability to set specific days of the week, number of posts per day, and time intervals for scheduling, Publish to Schedule takes the guesswork out of post publishing. And if you ever need to make adjustments, the plugin provides clear and detailed information in the publish box, allowing you to easily modify dates and times as needed.\u003C\u002Fp>\n\u003Cp>Publish to Schedule is perfect for bloggers who want to focus on creating great content, without the hassle of manual scheduling. And with its easy-to-use interface, even those with little technical knowledge can quickly get up and running.\u003C\u002Fp>\n\u003Cp>So if you’re looking to take your blog to the next level, download Publish to Schedule today and see the difference it can make for your content creation process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Support the Development:\u003C\u002Fstrong> If you find this plugin useful, please consider \u003Ca href=\"https:\u002F\u002Fwww.buymeacoffee.com\u002FFQNxAqVUTo\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> to support ongoing development and maintenance.\u003C\u002Fp>\n","Automate your WordPress post scheduling with Publish to Schedule. Set rules for days and times to publish posts automatically, saving you time and ens &hellip;",5000,76130,86,23,"2025-12-04T02:47:00.000Z","2.8",[92,93,94,21,95],"automation","post-scheduler","posts","scheduling","https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fpublish-to-schedule\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpublish-to-schedule.zip",99,"2023-02-27 00:00:00",{"slug":19,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":55,"tags":114,"homepage":119,"download_link":120,"security_score":121,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"Admin Tools","1.3.9","Yehi","https:\u002F\u002Fprofiles.wordpress.org\u002Fyehi\u002F","\u003Cp>Admin Tools Helps you prepared the Admin interface for your customers.\u003Cbr \u002F>\nThe plugin extends your admin control, allowing you to extend the control of the Admin Control.\u003C\u002Fp>\n\u003Ch4>Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Easy to Use\u003C\u002Fli>\n\u003Cli>Lightweight\u003C\u002Fli>\n\u003Cli>Hide Admin Menus & Sub-Menus\u003C\u002Fli>\n\u003Cli>Hide Plugins from Admin Users\u003C\u002Fli>\n\u003Cli>Hide Top Bar or parts from Top Bar\u003C\u002Fli>\n\u003Cli>Change logo on the admin login page\u003C\u002Fli>\n\u003Cli>Choose who can see admin notifications\u003C\u002Fli>\n\u003Cli>Control wordpress updates\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Feedback\u003C\u002Fh4>\n\u003Cp>If you like this plugin, then please leave us a good rating and review.\u003Cbr \u002F> Consider following us on \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F109974551206892069425\" rel=\"author nofollow ugc\">Google+\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fmadadim.co.il\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>\u003C\u002Fp>\n","Admin Tools Helps you to get better admin for your customers. Manage your menus, plugins, Top Bar, updates and more",4000,40488,94,11,"2021-09-30T06:41:00.000Z","5.8.13","4.2",[115,19,116,117,118],"admin","customize","hide-admin-menu","hide-admin-menus","http:\u002F\u002Fwww.madadim.co.il","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-tools.zip",85,{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":109,"num_ratings":132,"last_updated":133,"tested_up_to":14,"requires_at_least":134,"requires_php":135,"tags":136,"homepage":140,"download_link":141,"security_score":98,"vuln_count":142,"unpatched_count":11,"last_vuln_date":143,"fetched_at":26},"leira-cron-jobs","Cron Jobs","1.2.12","Ariel","https:\u002F\u002Fprofiles.wordpress.org\u002Farielhr1987\u002F","\u003Cp>\u003Cstrong>Cron Jobs\u003C\u002Fstrong> is a lightweight yet powerful plugin that simplifies the management of your WordPress cron events.\u003C\u002Fp>\n\u003Cp>With this tool, you can quickly view, run, and modify your scheduled tasks (cron jobs) without writing code. It’s ideal for developers, site managers, or anyone needing better control over WordPress’s background processes.\u003C\u002Fp>\n\u003Cp>Key features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Run or bulk run selected cron jobs instantly.\u003C\u002Fli>\n\u003Cli>Edit cron job schedule, next run time, and arguments directly from the list view.\u003C\u002Fli>\n\u003Cli>Customize visible columns and preferences via the native “Screen Options” panel.\u003C\u002Fli>\n\u003Cli>Access help and documentation to better understand how WordPress cron works.\u003C\u002Fli>\n\u003C\u002Ful>\n","Easily manage and monitor your WordPress cron jobs from a clean, intuitive interface.",2000,30369,3,"2025-12-19T00:50:00.000Z","4.1","5.4",[19,92,137,138,139],"cron","scheduler","wp-cron","https:\u002F\u002Fgithub.com\u002Farielhr1987\u002Fleira-cron-jobs","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fleira-cron-jobs.1.2.12.zip",1,"2024-09-12 00:00:00",{"attackSurface":145,"codeSignals":298,"taintFlows":376,"riskAssessment":686,"analyzedAt":697},{"hooks":146,"ajaxHandlers":194,"restRoutes":294,"shortcodes":295,"cronEvents":296,"entryPointCount":297,"unprotectedCount":11},[147,153,157,160,163,166,169,172,174,176,178,183,185,190],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","admin_menu","add_admin_menu","src\\Admin.php",28,{"type":148,"name":154,"callback":155,"file":151,"line":156},"admin_enqueue_scripts","enqueue_scripts",29,{"type":148,"name":158,"callback":159,"file":151,"line":33},"admin_init","register_settings",{"type":148,"name":158,"callback":161,"file":151,"line":162},"handle_export_settings",31,{"type":148,"name":158,"callback":164,"file":151,"line":165},"handle_import_settings",32,{"type":148,"name":167,"callback":168,"file":151,"line":68},"admin_notices","show_uninstall_notice",{"type":148,"name":167,"callback":170,"file":151,"line":171},"closure",773,{"type":148,"name":167,"callback":170,"file":151,"line":173},780,{"type":148,"name":167,"callback":170,"file":151,"line":175},790,{"type":148,"name":167,"callback":170,"file":151,"line":177},822,{"type":148,"name":179,"callback":180,"file":181,"line":182},"init","check_direct_access","src\\Security.php",33,{"type":148,"name":158,"callback":184,"file":181,"line":68},"add_security_headers",{"type":186,"name":187,"callback":188,"priority":31,"file":181,"line":189},"filter","pimi_response_data","obfuscate_sensitive_data",37,{"type":148,"name":191,"callback":192,"priority":31,"file":181,"line":193},"pimi_suspicious_activity","log_suspicious_activity",39,[195,201,205,208,212,216,220,224,228,232,236,240,244,248,252,256,260,264,268,272,276,280,284,288,291],{"action":196,"nopriv":197,"callback":198,"hasNonce":199,"hasCapCheck":199,"file":151,"line":200},"pimi_set_uninstall_preference",false,"ajax_set_uninstall_preference",true,34,{"action":202,"nopriv":197,"callback":203,"hasNonce":199,"hasCapCheck":199,"file":151,"line":204},"pimi_save_template","ajax_save_template",38,{"action":206,"nopriv":197,"callback":207,"hasNonce":199,"hasCapCheck":199,"file":151,"line":193},"pimi_execute_template","ajax_execute_template",{"action":209,"nopriv":197,"callback":210,"hasNonce":199,"hasCapCheck":199,"file":151,"line":211},"pimi_create_workflow","ajax_create_workflow",40,{"action":213,"nopriv":197,"callback":214,"hasNonce":199,"hasCapCheck":199,"file":151,"line":215},"pimi_execute_workflow","ajax_execute_workflow",41,{"action":217,"nopriv":197,"callback":218,"hasNonce":199,"hasCapCheck":199,"file":151,"line":219},"pimi_get_workflow_details","ajax_get_workflow_details",42,{"action":221,"nopriv":197,"callback":222,"hasNonce":199,"hasCapCheck":199,"file":151,"line":223},"pimi_submit_approval","ajax_submit_approval",43,{"action":225,"nopriv":197,"callback":226,"hasNonce":199,"hasCapCheck":199,"file":151,"line":227},"pimi_approve_command","ajax_approve_command",44,{"action":229,"nopriv":197,"callback":230,"hasNonce":199,"hasCapCheck":199,"file":151,"line":231},"pimi_reject_command","ajax_reject_command",45,{"action":233,"nopriv":197,"callback":234,"hasNonce":199,"hasCapCheck":199,"file":151,"line":235},"pimi_create_bulk_job","ajax_create_bulk_job",46,{"action":237,"nopriv":197,"callback":238,"hasNonce":199,"hasCapCheck":199,"file":151,"line":239},"pimi_execute_bulk_job","ajax_execute_bulk_job",47,{"action":241,"nopriv":197,"callback":242,"hasNonce":199,"hasCapCheck":199,"file":151,"line":243},"pimi_get_bulk_job_status","ajax_get_bulk_job_status",48,{"action":245,"nopriv":197,"callback":246,"hasNonce":199,"hasCapCheck":199,"file":151,"line":247},"pimi_get_all_bulk_jobs","ajax_get_all_bulk_jobs",49,{"action":249,"nopriv":197,"callback":250,"hasNonce":199,"hasCapCheck":199,"file":151,"line":251},"pimi_resume_bulk_job","ajax_resume_bulk_job",50,{"action":253,"nopriv":197,"callback":254,"hasNonce":199,"hasCapCheck":199,"file":151,"line":255},"pimi_upload_csv","ajax_upload_csv",51,{"action":257,"nopriv":197,"callback":258,"hasNonce":199,"hasCapCheck":199,"file":151,"line":259},"pimi_set_csv_mapping","ajax_set_csv_mapping",52,{"action":261,"nopriv":197,"callback":262,"hasNonce":199,"hasCapCheck":199,"file":151,"line":263},"pimi_execute_csv_import","ajax_execute_csv_import",53,{"action":265,"nopriv":197,"callback":266,"hasNonce":199,"hasCapCheck":199,"file":151,"line":267},"pimi_export_logs","ajax_export_logs",54,{"action":269,"nopriv":197,"callback":270,"hasNonce":199,"hasCapCheck":199,"file":151,"line":271},"pimi_get_dashboard_stats","ajax_get_dashboard_stats",55,{"action":273,"nopriv":197,"callback":274,"hasNonce":199,"hasCapCheck":199,"file":151,"line":275},"pimi_delete_workflow","ajax_delete_workflow",56,{"action":277,"nopriv":197,"callback":278,"hasNonce":199,"hasCapCheck":199,"file":151,"line":279},"pimi_delete_template","ajax_delete_template",57,{"action":281,"nopriv":197,"callback":282,"hasNonce":199,"hasCapCheck":199,"file":151,"line":283},"pimi_delete_bulk_job","ajax_delete_bulk_job",58,{"action":285,"nopriv":197,"callback":286,"hasNonce":199,"hasCapCheck":199,"file":287,"line":182},"pimi_process_prompt","process_prompt","src\\Core.php",{"action":289,"nopriv":197,"callback":290,"hasNonce":199,"hasCapCheck":199,"file":287,"line":200},"pimi_get_impact_preview","get_impact_preview",{"action":292,"nopriv":197,"callback":293,"hasNonce":199,"hasCapCheck":199,"file":287,"line":68},"pimi_confirm_execution","confirm_execution",[],[],[],25,{"dangerousFunctions":299,"sqlUsage":300,"outputEscaping":358,"fileOperations":132,"externalRequests":11,"nonceChecks":33,"capabilityChecks":251,"bundledLibraries":375},[],{"prepared":301,"raw":302,"locations":303},108,24,[304,308,310,312,314,317,320,322,324,326,329,331,333,335,337,340,342,344,347,350,353,354,355,356],{"file":305,"line":306,"context":307},"pimiadminagent.php",104,"$wpdb->get_col() with variable interpolation",{"file":305,"line":301,"context":309},"$wpdb->query() with variable interpolation",{"file":305,"line":311,"context":309},113,{"file":305,"line":313,"context":309},118,{"file":151,"line":315,"context":316},524,"$wpdb->get_var() with variable interpolation",{"file":151,"line":318,"context":319},544,"$wpdb->get_results() with variable interpolation",{"file":151,"line":321,"context":316},599,{"file":151,"line":323,"context":319},731,{"file":151,"line":325,"context":319},739,{"file":327,"line":328,"context":319},"src\\ApprovalQueue.php",157,{"file":287,"line":330,"context":307},250,{"file":287,"line":332,"context":309},254,{"file":287,"line":334,"context":309},259,{"file":287,"line":336,"context":309},264,{"file":338,"line":339,"context":316},"src\\Dashboard.php",190,{"file":338,"line":341,"context":319},281,{"file":338,"line":343,"context":319},392,{"file":345,"line":346,"context":319},"src\\Permissions.php",168,{"file":348,"line":349,"context":307},"src\\TemplateManager.php",215,{"file":351,"line":352,"context":316},"templates\\uninstall-page.php",36,{"file":351,"line":189,"context":316},{"file":351,"line":211,"context":316},{"file":351,"line":215,"context":316},{"file":357,"line":219,"context":309},"uninstall.php",{"escaped":359,"rawEcho":360,"locations":361},291,6,[362,365,367,369,371,373],{"file":151,"line":363,"context":364},752,"raw output",{"file":151,"line":366,"context":364},774,{"file":151,"line":368,"context":364},781,{"file":151,"line":370,"context":364},791,{"file":151,"line":372,"context":364},823,{"file":338,"line":374,"context":364},428,[],[377,395,407,424,436,453,463,482,495,508,522,535,548,561,574,593],{"entryPoint":378,"graph":379,"unsanitizedCount":11,"severity":394},"ajax_set_uninstall_preference (src\\Admin.php:829)",{"nodes":380,"edges":392},[381,386],{"id":382,"type":383,"label":384,"file":151,"line":385},"n0","source","$_POST",836,{"id":387,"type":388,"label":389,"file":151,"line":390,"wp_function":391},"n1","sink","update_option() [Settings Manipulation]",838,"update_option",[393],{"from":382,"to":387,"sanitized":199},"low",{"entryPoint":396,"graph":397,"unsanitizedCount":11,"severity":394},"ajax_get_workflow_details (src\\Admin.php:984)",{"nodes":398,"edges":405},[399,401],{"id":382,"type":383,"label":384,"file":151,"line":400},990,{"id":387,"type":388,"label":402,"file":151,"line":403,"wp_function":404},"get_row() [SQLi]",998,"get_row",[406],{"from":382,"to":387,"sanitized":199},{"entryPoint":408,"graph":409,"unsanitizedCount":142,"severity":394},"ajax_upload_csv (src\\Admin.php:1227)",{"nodes":410,"edges":421},[411,414,417],{"id":382,"type":383,"label":412,"file":151,"line":413},"$_FILES['csv_file']",1238,{"id":387,"type":415,"label":416,"file":151,"line":413},"transform","→ upload_csv()",{"id":418,"type":388,"label":389,"file":419,"line":420,"wp_function":391},"n2","src\\CSVImport.php",87,[422,423],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":425,"graph":426,"unsanitizedCount":11,"severity":394},"\u003CSecurity> (src\\Security.php:0)",{"nodes":427,"edges":434},[428,431],{"id":382,"type":383,"label":429,"file":181,"line":430},"$_SERVER",116,{"id":387,"type":388,"label":432,"file":181,"line":339,"wp_function":433},"get_var() [SQLi]","get_var",[435],{"from":382,"to":387,"sanitized":199},{"entryPoint":437,"graph":438,"unsanitizedCount":11,"severity":394},"\u003Csettings-page> (templates\\settings-page.php:0)",{"nodes":439,"edges":450},[440,443,444,445],{"id":382,"type":383,"label":441,"file":442,"line":297},"$_POST (x2)","templates\\settings-page.php",{"id":387,"type":388,"label":389,"file":442,"line":152,"wp_function":391},{"id":418,"type":383,"label":384,"file":442,"line":297},{"id":446,"type":388,"label":447,"file":442,"line":448,"wp_function":449},"n3","echo() [XSS]",72,"echo",[451,452],{"from":382,"to":387,"sanitized":199},{"from":418,"to":446,"sanitized":199},{"entryPoint":454,"graph":455,"unsanitizedCount":11,"severity":394},"\u003Cuninstall-page> (templates\\uninstall-page.php:0)",{"nodes":456,"edges":461},[457,459],{"id":382,"type":383,"label":384,"file":351,"line":458},14,{"id":387,"type":388,"label":389,"file":351,"line":460,"wp_function":391},16,[462],{"from":382,"to":387,"sanitized":199},{"entryPoint":464,"graph":465,"unsanitizedCount":132,"severity":481},"render_history_page (src\\Admin.php:560)",{"nodes":466,"edges":478},[467,470,472,474],{"id":382,"type":383,"label":468,"file":151,"line":469},"$_GET",572,{"id":387,"type":388,"label":432,"file":151,"line":471,"wp_function":433},591,{"id":418,"type":383,"label":473,"file":151,"line":469},"$_GET (x2)",{"id":446,"type":388,"label":475,"file":151,"line":476,"wp_function":477},"get_results() [SQLi]",607,"get_results",[479,480],{"from":382,"to":387,"sanitized":197},{"from":418,"to":446,"sanitized":197},"high",{"entryPoint":483,"graph":484,"unsanitizedCount":142,"severity":481},"ajax_execute_workflow (src\\Admin.php:1016)",{"nodes":485,"edges":492},[486,488,490],{"id":382,"type":383,"label":384,"file":151,"line":487},1039,{"id":387,"type":415,"label":489,"file":151,"line":487},"→ execute_workflow()",{"id":418,"type":388,"label":402,"file":491,"line":211,"wp_function":404},"src\\WorkflowEngine.php",[493,494],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":496,"graph":497,"unsanitizedCount":142,"severity":481},"ajax_approve_command (src\\Admin.php:1074)",{"nodes":498,"edges":505},[499,501,503],{"id":382,"type":383,"label":384,"file":151,"line":500},1087,{"id":387,"type":415,"label":502,"file":151,"line":500},"→ approve()",{"id":418,"type":388,"label":402,"file":327,"line":504,"wp_function":404},110,[506,507],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":509,"graph":510,"unsanitizedCount":142,"severity":481},"ajax_execute_bulk_job (src\\Admin.php:1148)",{"nodes":511,"edges":519},[512,514,516],{"id":382,"type":383,"label":384,"file":151,"line":513},1163,{"id":387,"type":415,"label":515,"file":151,"line":513},"→ execute_job()",{"id":418,"type":388,"label":402,"file":517,"line":518,"wp_function":404},"src\\BulkOperations.php",214,[520,521],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":523,"graph":524,"unsanitizedCount":142,"severity":481},"ajax_get_bulk_job_status (src\\Admin.php:1168)",{"nodes":525,"edges":532},[526,528,530],{"id":382,"type":383,"label":384,"file":151,"line":527},1181,{"id":387,"type":415,"label":529,"file":151,"line":527},"→ get_job_status()",{"id":418,"type":388,"label":402,"file":517,"line":531,"wp_function":404},366,[533,534],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":536,"graph":537,"unsanitizedCount":142,"severity":481},"ajax_resume_bulk_job (src\\Admin.php:1205)",{"nodes":538,"edges":545},[539,541,543],{"id":382,"type":383,"label":384,"file":151,"line":540},1218,{"id":387,"type":415,"label":542,"file":151,"line":540},"→ resume_job()",{"id":418,"type":388,"label":402,"file":517,"line":544,"wp_function":404},476,[546,547],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":549,"graph":550,"unsanitizedCount":142,"severity":481},"ajax_execute_csv_import (src\\Admin.php:1270)",{"nodes":551,"edges":558},[552,554,556],{"id":382,"type":383,"label":384,"file":151,"line":553},1283,{"id":387,"type":415,"label":555,"file":151,"line":553},"→ execute_import()",{"id":418,"type":388,"label":402,"file":419,"line":557,"wp_function":404},228,[559,560],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":562,"graph":563,"unsanitizedCount":142,"severity":481},"ajax_delete_workflow (src\\Admin.php:1360)",{"nodes":564,"edges":571},[565,567,569],{"id":382,"type":383,"label":384,"file":151,"line":566},1373,{"id":387,"type":415,"label":568,"file":151,"line":566},"→ delete_workflow()",{"id":418,"type":388,"label":402,"file":491,"line":570,"wp_function":404},243,[572,573],{"from":382,"to":387,"sanitized":197},{"from":387,"to":418,"sanitized":197},{"entryPoint":575,"graph":576,"unsanitizedCount":142,"severity":481},"ajax_delete_bulk_job (src\\Admin.php:1404)",{"nodes":577,"edges":589},[578,580,582,584,586],{"id":382,"type":383,"label":384,"file":151,"line":579},1410,{"id":387,"type":388,"label":402,"file":151,"line":581,"wp_function":404},1421,{"id":418,"type":383,"label":384,"file":151,"line":583},1437,{"id":446,"type":415,"label":585,"file":151,"line":583},"→ delete_job()",{"id":587,"type":388,"label":402,"file":517,"line":588,"wp_function":404},"n4",505,[590,591,592],{"from":382,"to":387,"sanitized":199},{"from":418,"to":446,"sanitized":197},{"from":446,"to":587,"sanitized":197},{"entryPoint":594,"graph":595,"unsanitizedCount":685,"severity":481},"\u003CAdmin> (src\\Admin.php:0)",{"nodes":596,"edges":662},[597,598,599,600,601,602,604,606,608,610,612,614,616,618,620,622,624,626,628,630,632,634,636,638,640,642,644,646,648,650,652,654,656,658,660],{"id":382,"type":383,"label":468,"file":151,"line":469},{"id":387,"type":388,"label":432,"file":151,"line":471,"wp_function":433},{"id":418,"type":383,"label":473,"file":151,"line":469},{"id":446,"type":388,"label":475,"file":151,"line":476,"wp_function":477},{"id":587,"type":383,"label":384,"file":151,"line":385},{"id":603,"type":388,"label":389,"file":151,"line":390,"wp_function":391},"n5",{"id":605,"type":383,"label":441,"file":151,"line":400},"n6",{"id":607,"type":388,"label":402,"file":151,"line":403,"wp_function":404},"n7",{"id":609,"type":383,"label":384,"file":151,"line":487},"n8",{"id":611,"type":415,"label":489,"file":151,"line":487},"n9",{"id":613,"type":388,"label":402,"file":491,"line":211,"wp_function":404},"n10",{"id":615,"type":383,"label":384,"file":151,"line":500},"n11",{"id":617,"type":415,"label":502,"file":151,"line":500},"n12",{"id":619,"type":388,"label":402,"file":327,"line":504,"wp_function":404},"n13",{"id":621,"type":383,"label":384,"file":151,"line":513},"n14",{"id":623,"type":415,"label":515,"file":151,"line":513},"n15",{"id":625,"type":388,"label":402,"file":517,"line":518,"wp_function":404},"n16",{"id":627,"type":383,"label":384,"file":151,"line":527},"n17",{"id":629,"type":415,"label":529,"file":151,"line":527},"n18",{"id":631,"type":388,"label":402,"file":517,"line":531,"wp_function":404},"n19",{"id":633,"type":383,"label":384,"file":151,"line":540},"n20",{"id":635,"type":415,"label":542,"file":151,"line":540},"n21",{"id":637,"type":388,"label":402,"file":517,"line":544,"wp_function":404},"n22",{"id":639,"type":383,"label":412,"file":151,"line":413},"n23",{"id":641,"type":415,"label":416,"file":151,"line":413},"n24",{"id":643,"type":388,"label":389,"file":419,"line":420,"wp_function":391},"n25",{"id":645,"type":383,"label":384,"file":151,"line":553},"n26",{"id":647,"type":415,"label":555,"file":151,"line":553},"n27",{"id":649,"type":388,"label":402,"file":419,"line":557,"wp_function":404},"n28",{"id":651,"type":383,"label":384,"file":151,"line":566},"n29",{"id":653,"type":415,"label":568,"file":151,"line":566},"n30",{"id":655,"type":388,"label":402,"file":491,"line":570,"wp_function":404},"n31",{"id":657,"type":383,"label":384,"file":151,"line":583},"n32",{"id":659,"type":415,"label":585,"file":151,"line":583},"n33",{"id":661,"type":388,"label":402,"file":517,"line":588,"wp_function":404},"n34",[663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684],{"from":382,"to":387,"sanitized":199},{"from":418,"to":446,"sanitized":199},{"from":587,"to":603,"sanitized":199},{"from":605,"to":607,"sanitized":199},{"from":609,"to":611,"sanitized":197},{"from":611,"to":613,"sanitized":197},{"from":615,"to":617,"sanitized":197},{"from":617,"to":619,"sanitized":197},{"from":621,"to":623,"sanitized":197},{"from":623,"to":625,"sanitized":197},{"from":627,"to":629,"sanitized":197},{"from":629,"to":631,"sanitized":197},{"from":633,"to":635,"sanitized":197},{"from":635,"to":637,"sanitized":197},{"from":639,"to":641,"sanitized":197},{"from":641,"to":643,"sanitized":197},{"from":645,"to":647,"sanitized":197},{"from":647,"to":649,"sanitized":197},{"from":651,"to":653,"sanitized":197},{"from":653,"to":655,"sanitized":197},{"from":657,"to":659,"sanitized":197},{"from":659,"to":661,"sanitized":197},9,{"summary":687,"deductions":688},"The \"pimi-admin-agent\" v2.0.1 plugin exhibits a generally strong security posture, with several positive indicators. Notably, all identified AJAX handlers include authentication checks, there are no exposed REST API routes, shortcodes, or cron events, and a high percentage of SQL queries utilize prepared statements (82%) and output is properly escaped (98%). The presence of 30 nonce checks and 50 capability checks further reinforces this. The absence of any recorded CVEs or known vulnerabilities in its history is also a significant strength, suggesting a history of responsible development or a lack of past exploitable issues.\n\nHowever, the taint analysis reveals a critical concern: 10 out of 16 analyzed flows have high severity unsanitized paths. This indicates potential for vulnerabilities where user-supplied input is not adequately validated or cleaned before being used in sensitive operations, particularly in file operations which are also present. While no critical severity taint flows were explicitly reported, the high number of 'high severity' unsanitized paths is a significant red flag. This suggests a potential for privilege escalation or other critical vulnerabilities if these flows are exploited, even if current exploit vectors aren't obvious or have not yet been discovered.\n\nIn conclusion, the plugin benefits from good practices in core areas like authentication and sanitization of SQL and output. The lack of historical vulnerabilities is positive. The primary weakness lies in the taint analysis, specifically the high number of unsanitized paths. This is the most significant area of concern and warrants immediate attention to ensure all inputs are thoroughly validated before use, mitigating potential risks that are not yet reflected in its CVE history.",[689,692,694],{"reason":690,"points":691},"High severity unsanitized paths in taint analysis",15,{"reason":693,"points":31},"Unsanitized paths present in taint analysis",{"reason":695,"points":696},"File operations present",5,"2026-03-17T07:02:36.608Z",{"wat":699,"direct":708},{"assetPaths":700,"generatorPatterns":703,"scriptPaths":704,"versionParams":705},[701,702],"\u002Fwp-content\u002Fplugins\u002Fpimi-admin-agent\u002Fbuild\u002Fcss\u002Fapp.css","\u002Fwp-content\u002Fplugins\u002Fpimi-admin-agent\u002Fbuild\u002Fjs\u002Fapp.js",[],[702],[706,707],"pimi-admin-agent\u002Fbuild\u002Fcss\u002Fapp.css?ver=","pimi-admin-agent\u002Fbuild\u002Fjs\u002Fapp.js?ver=",{"cssClasses":709,"htmlComments":718,"htmlAttributes":719,"restEndpoints":721,"jsGlobals":722,"shortcodeOutput":724},[710,711,712,713,714,715,716,717],"pimi-agent-container","pimi-agent-header","pimi-agent-sidebar","pimi-agent-content","pimi-agent-command-input","pimi-agent-response-area","pimi-agent-button","pimi-agent-modal",[],[720],"data-pimi-agent",[],[723],"PimiAgent",[]]