[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frmJ4o2S68Av5AR89lYeHwO4VMOWFGrU8bF0b4nBJp10":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":136,"fingerprints":274},"pingchecker","Pingchecker","1.2.0","Tony Hayes","https:\u002F\u002Fprofiles.wordpress.org\u002Fmajick\u002F","\u003Cp>Pingchecker is a free plugin for WordPress that allows you to scan your post’s content for\u003Cbr \u002F>\nlinks, check the pingability of those resources you’ve linked to, and manually ping those\u003Cbr \u002F>\npages. This improves upon the inbuilt fuctionality of WordPress by allowing you to receive\u003Cbr \u002F>\nthe results of your attempted pings whereas WordPress doesn’t. (With WordPress your ping\u003Cbr \u002F>\neither appears in the trackback list or it doesn’t, with no explanation or error codes.)\u003C\u002Fp>\n\u003Cp>Also included is a workaround for a bug in the WordPress XML RPC server that prevents many\u003Cbr \u002F>\nof your pingbacks from succeeding without you even knowing about it! When you ping another\u003Cbr \u002F>\nblogs server, it will check the page you linked, BUT because of this bug, sometimes it can’t\u003Cbr \u002F>\nfind the link at all. This workaround adds a hidden div to your footer with your links so\u003Cbr \u002F>\nthey can be found, greatly improving your chances of a successful ping.\u003C\u002Fp>\n\u003Ch3>Recommended Use\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Before publishing your post, use Pingchecker to check the pingability of the resources\u003Cbr \u002F>\nyou are linking to. If they aren’t, you may wish to choose alternative similar resources\u003Cbr \u002F>\nthat are pingable instead.\u003C\u002Fli>\n\u003Cli>Then, publish your post and WordPress will attempt to ping the resources automatically\u003Cbr \u002F>\nas it normally would. Check the trackback list under your content box to see if your ping\u003Cbr \u002F>\nwas successful as usual.\u003C\u002Fli>\n\u003Cli>If the new trackback\u002Fpingback does not appear, use Pingchecker to ping the resource\u003Cbr \u002F>\ninstead. The results of your attempted pings will be returned in an alert box.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>The XML RPC Server Bug Workaround\u003C\u002Fh3>\n\u003Cp>While working on this plugin I noticed a large occurrence of the pingback fault 17:\u003Cbr \u002F>\n“The source URL does not contain a link to the target URL, and so cannot be used as a source.”\u003Cbr \u002F>\nA really frustrating message given you are sending a pingback because the source DOES contain\u003Cbr \u002F>\na link to the target, yes? Might I point out that very few WordPress users are aware of this\u003Cbr \u002F>\neven happening because nowhere does WordPress actually return you these fault codes..!\u003C\u002Fp>\n\u003Cp>Well, after a bit of testing I found the bug seems to be in the XML RPC server code for\u003Cbr \u002F>\nWordpress, specifically the strip_tags function in PHP is just not reliable enough for getting\u003Cbr \u002F>\nanchor links on the variety of WordPress templates out there (IMHO). (Line 3422 in WP3.1)\u003C\u002Fp>\n\u003Cp>Unfortunately, since the bug is in the server code itself, you can’t fix it on someone elses\u003Cbr \u002F>\nblog can you? That’s why this is a workaround instead. The Pingchecker workaround will scan\u003Cbr \u002F>\nyour post content for links using regex instead, then echo a hidden div element containing\u003Cbr \u002F>\nall the links (with an added nofollow tag so you aren’t linking twice) in your blogs footer,\u003Cbr \u002F>\nwhich is picked up much more easily by the strip_tags function in use by the server.\u003C\u002Fp>\n","Scans post for links, checks if they are pingeable and sends pingbacks with results returned, improves chances of successful pings!",10,3871,0,"2011-07-07T13:56:00.000Z","3.1.4","2.6","",[19,20,21,4,22],"backlink","ping","pingback","trackback","http:\u002F\u002Fpingbackpro.com\u002Fpingchecker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpingchecker.1.2.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":25,"computed_at":35},"majick",5,250,87,30,"2026-04-03T19:57:43.663Z",[37,57,78,98,116],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"no-self-ping","No Self Ping","1.2.1","Michael Adams (mdawaffe)","https:\u002F\u002Fprofiles.wordpress.org\u002Fmdawaffe\u002F","\u003Cp>Some people really like that WordPress sends pings from your own site to your own site when you write posts; it gives them a trail of related posts.\u003C\u002Fp>\n\u003Cp>Some people do not like this behavior; it clutters up their comments.\u003C\u002Fp>\n\u003Cp>This plugin disables intra-blog pinging.\u003C\u002Fp>\n\u003Cp>Once activated, there’s nothing for you to do. However, head to Settings -> Discussion and you’ll find a field in which you can, if you wish, specify more domains that won’t be pinged. Why? Well, maybe you often refer to other sites that you maintain or, particularly, you run a multi-site and don’t want each blog pinging the other – specify a list here and you’re sorted.\u003C\u002Fp>\n\u003Cp>This plugin was originally developed by the awesome \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fmdawaffe\u002F\" rel=\"nofollow ugc\">Michael D. Adams\u003C\u002Fa> and the iconography is courtesy of the very talented \u003Ca href=\"https:\u002F\u002Fwww.fiverr.com\u002Fjankirathore\" rel=\"nofollow ugc\">Janki Rathod\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Please visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdartiss\u002Fno-self-ping\" title=\"Github\" rel=\"nofollow ugc\">Github page\u003C\u002Fa> for the latest code development, planned enhancements and known issues\u003C\u002Fstrong>\u003C\u002Fp>\n","Keeps WordPress from sending pings to your own site.",10000,333104,86,15,"2026-02-08T15:41:00.000Z","6.9.4","4.6","7.4",[20,21,22],"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fno-self-ping","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-self-ping.1.2.1.zip",100,{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":56,"num_ratings":67,"last_updated":68,"tested_up_to":50,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":56,"vuln_count":76,"unpatched_count":13,"last_vuln_date":77,"fetched_at":27},"webmention","Webmention","5.6.2","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>When you link to a website you can send it a Webmention to notify it and then that website may display your post as a comment, like, or other response, and presto, you’re having a conversation from one site to another!\u003C\u002Fp>\n\u003Cp>A \u003Ca href=\"https:\u002F\u002Fwww.w3.org\u002FTR\u002Fwebmention\u002F\" rel=\"nofollow ugc\">Webmention\u003C\u002Fa> is a notification that one URL links to another. Sending a Webmention is not limited to blog posts, and can be used for additional kinds of content and responses as well.\u003C\u002Fp>\n\u003Cp>For example, a response can be an RSVP to an event, an indication that someone “likes” another post, a “bookmark” of another post, and many others. Webmention enables these interactions to happen across different websites, enabling a distributed social web.\u003C\u002Fp>\n\u003Cp>The Webmention plugin supports the Webmention protocol, giving you support for sending and receiving Webmentions. It offers a simple built in presentation.\u003C\u002Fp>\n","Enable conversation across the web.",900,59493,8,"2026-01-01T12:43:00.000Z","6.2","7.2",[72,73,21,22,58],"indieweb","linkback","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webmention","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebmention.5.6.2.zip",1,"2023-03-08 00:00:00",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":88,"num_ratings":89,"last_updated":90,"tested_up_to":50,"requires_at_least":91,"requires_php":92,"tags":93,"homepage":96,"download_link":97,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"hide-trackbacks","Hide Trackbacks","1.1.7","Sander van Dragt","https:\u002F\u002Fprofiles.wordpress.org\u002Fpacifika\u002F","\u003Cp>Introducing \u003Cem>Hide Trackbacks\u003C\u002Fem> – keep the benefits of track- and pingbacks (know when someone writes about posts) while keeping the comments clean and uncluttered.\u003C\u002Fp>\n\u003Cp>After enabling the plugin, trackbacks and pingbacks are no longer shown on your posts and the comment count is updated correctly to reflect this. They remain accessible via the admin panel.\u003C\u002Fp>\n\u003Cp>Original code created by  \u003Ca href=\"http:\u002F\u002Fwww.honeytechblog.com\u002Fhow-to-remove-tracbacks-and-pings-from-wordpress-posts\u002F\" rel=\"nofollow ugc\">Honey Singh\u003C\u002Fa> (used with permission of the author).\u003C\u002Fp>\n","Prevents trackbacks and pingbacks from showing up as comments on posts.",400,17591,94,6,"2025-12-07T10:00:00.000Z","5.8","7.0",[94,21,95,22],"comments","spam","http:\u002F\u002Fwp.me\u002Fp1vXha-4u","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-trackbacks.1.1.7.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":13,"num_ratings":13,"last_updated":108,"tested_up_to":50,"requires_at_least":109,"requires_php":92,"tags":110,"homepage":114,"download_link":115,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"really-simple-disable-comments","Really Simple Disable Comments","0.2.1","NEXTFLY® Web Design","https:\u002F\u002Fprofiles.wordpress.org\u002Fnextfly\u002F","\u003Cp>Really Simple Disable Comments is a lightweight plugin that completely disables WordPress comments functionality with a single activation. No configuration needed!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disables comments on all post types\u003C\u002Fli>\n\u003Cli>Removes comment-related UI elements\u003C\u002Fli>\n\u003Cli>Disables trackbacks and pingbacks\u003C\u002Fli>\n\u003Cli>Removes comment-related admin menu items and dashboard widgets\u003C\u002Fli>\n\u003Cli>Hides comment counts from dashboard “At a Glance” widget\u003C\u002Fli>\n\u003Cli>Hides “Recent Comments” section from dashboard Activity widget\u003C\u002Fli>\n\u003Cli>Disables all comment-related Gutenberg blocks\u003C\u002Fli>\n\u003Cli>Clean and efficient code with no settings required\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What Gets Disabled?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Comment forms and displays\u003C\u002Fli>\n\u003Cli>Admin menu items and dashboard widgets\u003C\u002Fli>\n\u003Cli>Comment-related Gutenberg blocks\u003C\u002Fli>\n\u003Cli>Trackbacks and pingbacks\u003C\u002Fli>\n\u003Cli>Comment-related UI elements in themes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer Friendly\u003C\u002Fh4>\n\u003Cp>The plugin includes various filters and actions for developers to customize its behavior:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>rsdc_post_type\u003C\u002Fcode> – Filter the post type before removing comment support\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_comments_status\u003C\u002Fcode> – Filter the comments status\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_hide_existing_comments\u003C\u002Fcode> – Filter the hidden comments array\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_hide_ui_styles\u003C\u002Fcode> – Filter the CSS used to hide comment UI elements\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_block_editor_settings\u003C\u002Fcode> – Filter the block editor settings\u003C\u002Fli>\n\u003Cli>\u003Ccode>rsdc_allowed_blocks\u003C\u002Fcode> – Filter the allowed Gutenberg blocks\u003C\u002Fli>\n\u003C\u002Ful>\n","Effortlessly disable all comments and trackback functionality across your entire WordPress site by activating this plugin.",200,2437,"2025-12-09T15:20:00.000Z","5.0",[94,111,112,113],"disable-comments","disable-pingbacks","disable-trackbacks","https:\u002F\u002Fgithub.com\u002Fnextfly\u002Freally-simple-disable-comments","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freally-simple-disable-comments.0.2.1.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":56,"downloaded":124,"rating":47,"num_ratings":125,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":17,"tags":129,"homepage":132,"download_link":133,"security_score":134,"vuln_count":76,"unpatched_count":76,"last_vuln_date":135,"fetched_at":27},"manuall-dofollow","SMu Manual DoFollow","1.8.1","Stefan M.","https:\u002F\u002Fprofiles.wordpress.org\u002Fstefan-m-1\u002F","\u003Cp>This plugin will set all Trackbacks and Pingbacks automatically to DoFollow Links.\u003C\u002Fp>\n\u003Cp>The user comments will get after \u003Ccode>X\u003C\u002Fcode> comments from a unique mailaddress automatically DoFollow status. All other comments have NoFollow, except the Admin enable manually the DoFollow Status. The status which is set manual (if DoFollow or NoFollow) will overrides the automatical process. So, you have the control if someone gets sooner the DoFollow status, or never maybe. Of corse, the automatism can be disabled to do the hole work manually.\u003C\u002Fp>\n\u003Cp>You get an support automatism, that you don’t need to check daily, but have the full control power.\u003C\u002Fp>\n\u003Cp>Additonal this plugin validated all DoFollow URLs and will notice if there are broken links. Broken Links are very bad the Rank in the Search Engines (SEO).\u003C\u002Fp>\n\u003Cp>Home Page of the Plugin: \u003Ca href=\"http:\u002F\u002Fblog.murawski.ch\u002F2010\u002F09\u002Fwordpress-manual-dofollow-plugin\u002F\" title=\"IT Blögg - WordPress Manual DoFollow Plugin\" rel=\"nofollow ugc\">IT Blögg – WordPress Manual DoFollow Plugin\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you have a wish for new functions, please contact me.\u003C\u002Fp>\n","SMu DoFollow has many DoFollow Options (Manual or Automatism) and included URL Validator (Manual, WP-Cron or Cronjob).",10570,3,"2015-12-21T09:46:00.000Z","4.1.42","3.0.0",[94,130,131,21,22],"dofollow","nofollow","http:\u002F\u002Fblog.murawski.ch\u002F2010\u002F09\u002Fwordpress-manual-dofollow-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanuall-dofollow.zip",63,"2025-07-07 00:00:00",{"attackSurface":137,"codeSignals":174,"taintFlows":201,"riskAssessment":261,"analyzedAt":273},{"hooks":138,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":13,"unprotectedCount":13},[139,145,148,151,155,158,163,167],{"type":140,"name":141,"callback":142,"file":143,"line":144},"action","admin_head","pingcheckercheckping","pingchecker.php",336,{"type":140,"name":141,"callback":146,"file":143,"line":147},"pingcheckersendping",337,{"type":140,"name":141,"callback":149,"file":143,"line":150},"pingcheckercheckapprovals",338,{"type":140,"name":152,"callback":153,"file":143,"line":154},"edit_form_advanced","pingchecker_box",361,{"type":140,"name":156,"callback":153,"file":143,"line":157},"edit_page_form",362,{"type":159,"name":160,"callback":161,"file":143,"line":162},"filter","the_content","pingchecker_scanforlinks",412,{"type":140,"name":164,"callback":165,"file":143,"line":166},"wp_head","pingchecker_addalinks",413,{"type":140,"name":168,"callback":165,"file":143,"line":169},"wp_footer",414,[],[],[],[],{"dangerousFunctions":175,"sqlUsage":176,"outputEscaping":178,"fileOperations":13,"externalRequests":31,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":200},[],{"prepared":76,"raw":13,"locations":177},[],{"escaped":13,"rawEcho":179,"locations":180},9,[181,184,186,188,190,192,194,196,198],{"file":143,"line":182,"context":183},51,"raw output",{"file":143,"line":185,"context":183},104,{"file":143,"line":187,"context":183},199,{"file":143,"line":189,"context":183},204,{"file":143,"line":191,"context":183},222,{"file":143,"line":193,"context":183},227,{"file":143,"line":195,"context":183},248,{"file":143,"line":197,"context":183},255,{"file":143,"line":199,"context":183},408,[],[202,220,246],{"entryPoint":203,"graph":204,"unsanitizedCount":76,"severity":219},"pingcheckercheckping (pingchecker.php:15)",{"nodes":205,"edges":216},[206,211],{"id":207,"type":208,"label":209,"file":143,"line":210},"n0","source","$_REQUEST",17,{"id":212,"type":213,"label":214,"file":143,"line":182,"wp_function":215},"n1","sink","echo() [XSS]","echo",[217],{"from":207,"to":212,"sanitized":218},false,"medium",{"entryPoint":221,"graph":222,"unsanitizedCount":244,"severity":245},"pingcheckersendping (pingchecker.php:191)",{"nodes":223,"edges":240},[224,227,228,231,235],{"id":207,"type":208,"label":225,"file":143,"line":226},"$_REQUEST (x2)",195,{"id":212,"type":213,"label":214,"file":143,"line":187,"wp_function":215},{"id":229,"type":208,"label":225,"file":143,"line":230},"n2",197,{"id":232,"type":233,"label":234,"file":143,"line":230},"n3","transform","→ pingcheckernewpingback()",{"id":236,"type":213,"label":237,"file":143,"line":238,"wp_function":239},"n4","query() [SQLi]",141,"query",[241,242,243],{"from":207,"to":212,"sanitized":218},{"from":229,"to":232,"sanitized":218},{"from":232,"to":236,"sanitized":218},4,"high",{"entryPoint":247,"graph":248,"unsanitizedCount":260,"severity":245},"\u003Cpingchecker> (pingchecker.php:0)",{"nodes":249,"edges":256},[250,252,253,254,255],{"id":207,"type":208,"label":251,"file":143,"line":210},"$_REQUEST (x5)",{"id":212,"type":213,"label":214,"file":143,"line":182,"wp_function":215},{"id":229,"type":208,"label":225,"file":143,"line":230},{"id":232,"type":233,"label":234,"file":143,"line":230},{"id":236,"type":213,"label":237,"file":143,"line":238,"wp_function":239},[257,258,259],{"from":207,"to":212,"sanitized":218},{"from":229,"to":232,"sanitized":218},{"from":232,"to":236,"sanitized":218},7,{"summary":262,"deductions":263},"The pingchecker plugin v1.2.0 exhibits a mixed security posture. On one hand, the plugin does not expose a direct attack surface through common entry points like AJAX handlers, REST API routes, or shortcodes, which is a positive indicator. Furthermore, it utilizes prepared statements for its single SQL query, a crucial best practice for preventing SQL injection. The absence of known CVEs and a clean vulnerability history suggests a level of stability. However, significant concerns arise from the code analysis. The fact that 0% of output is properly escaped, coupled with two high-severity taint flows involving unsanitized paths, presents a notable risk. This indicates that user-supplied data might be processed in a way that could lead to vulnerabilities such as Cross-Site Scripting (XSS) if it reaches the output without proper sanitization. The lack of nonce and capability checks, while not directly tied to a vulnerable entry point in this static analysis, removes essential layers of defense for any potential future or indirect vulnerabilities. The plugin's reliance on external HTTP requests (5 of them) could also be a vector if these external services are compromised or if the plugin doesn't validate their responses properly, though this is not explicitly detailed in the provided data.",[264,267,269,271],{"reason":265,"points":266},"High severity taint flows found",12,{"reason":268,"points":67},"No output escaping on any output",{"reason":270,"points":31},"No nonce checks implemented",{"reason":272,"points":31},"No capability checks implemented","2026-03-17T00:21:09.319Z",{"wat":275,"direct":280},{"assetPaths":276,"generatorPatterns":277,"scriptPaths":278,"versionParams":279},[],[],[],[],{"cssClasses":281,"htmlComments":285,"htmlAttributes":286,"restEndpoints":291,"jsGlobals":292,"shortcodeOutput":293},[282,283,284],"pingcheckerbutton","pingcheckerresult","pingcheckerpingable",[],[287,288,289,290,284,282,283],"pingcheckerpostid","pingcheckerlink","pingcheckerserver","checkping",[],[],[]]