[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fT7Yz0B3iff9FLsbbB8oQporrdvnJiry88m7wCA0JB8Q":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":26,"download_link":27,"security_score":28,"vuln_count":29,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":33,"crawl_stats":30,"alternatives":40,"analysis":41,"fingerprints":290},"plug-and-play","Plug & Play","1.2","Bassem Rabia","https:\u002F\u002Fprofiles.wordpress.org\u002Fdjerba\u002F","\u003Cp>\u003Cstrong>Plug and Play\u003C\u002Fstrong> our feautures and turn your WordPress Blog into a \u003Cstrong>Highly Interactive, Elegant and Secure\u003C\u002Fstrong> Blog.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplug-and-play\u002F\" rel=\"ugc\">Read more\u003C\u002Fa> about with this plugin!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Hide Admin Bar: Disable WordPress Admin bar for front end user, Speedup your web site loading.\u003C\u002Fli>\n\u003Cli>WP Generator Meta Tag Remover: Customize your own website loogin form logo.\u003C\u002Fli>\n\u003Cli>Security Tools:     It can be considered a security risk to make your wordpress version visible and public you should hide it.\u003C\u002Fli>\n\u003Cli>Versus: Shows recently viewed posts by visitor as a sidebar.\u003C\u002Fli>\n\u003Cli>Maintenance Mode: Easily create a maintenance mode page for your WordPress site.\u003C\u002Fli>\n\u003C\u002Ful>\n","Plug and Play our feautures and turn your WordPress Blog into a Highly Interactive, Elegant and Secure Blog.",10,1497,100,1,"2016-07-11T14:28:00.000Z","4.5.33","3.9.0","",[20,21,22,23,24,25],"posts-comparator","wordpress-change-login-logo","wordpress-hide-admin-bar","wordpress-security-tools","wp-generator-meta-tag-remover","wp-recents-posts-shows","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplug-and-play\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplug-and-play.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":34,"display_name":7,"profile_url":8,"plugin_count":35,"total_installs":36,"avg_security_score":28,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"djerba",5,130,30,84,"2026-04-04T04:22:08.104Z",[],{"attackSurface":42,"codeSignals":101,"taintFlows":274,"riskAssessment":275,"analyzedAt":289},{"hooks":43,"ajaxHandlers":97,"restRoutes":98,"shortcodes":99,"cronEvents":100,"entryPointCount":29,"unprotectedCount":29},[44,50,54,58,62,66,70,72,76,80,85,89,92],{"type":45,"name":46,"callback":47,"file":48,"line":49},"action","admin_enqueue_scripts","bPress_admin_enqueue","bPress\\WP2P.class.php",21,{"type":45,"name":51,"callback":52,"file":48,"line":53},"admin_menu","bPress_menu",22,{"type":45,"name":55,"callback":56,"file":48,"line":57},"wp_loaded","bPress_run_maintenance_mode",25,{"type":45,"name":59,"callback":60,"file":48,"line":61},"wp_head","bPress_run_api",26,{"type":45,"name":63,"callback":64,"file":48,"line":65},"login_enqueue_scripts","bPress_run_login",27,{"type":45,"name":67,"callback":68,"file":48,"line":69},"init","bPress_run_admin_bar",29,{"type":45,"name":67,"callback":71,"file":48,"line":37},"bPress_run_remove_version",{"type":45,"name":73,"callback":74,"file":48,"line":75},"wp_footer","bPress_run",31,{"type":45,"name":77,"callback":78,"file":48,"line":79},"login_head","bPress_run_my_login_logo",51,{"type":81,"name":82,"callback":83,"file":48,"line":84},"filter","login_headerurl","bPress_run_my_login_logo_url",53,{"type":81,"name":86,"callback":87,"file":48,"line":88},"show_admin_bar","__return_false",65,{"type":81,"name":90,"callback":87,"file":48,"line":91},"the_generator",138,{"type":45,"name":93,"callback":94,"file":95,"line":96},"plugins_loaded","papLanguage","index.php",20,[],[],[],[],{"dangerousFunctions":102,"sqlUsage":103,"outputEscaping":105,"fileOperations":29,"externalRequests":14,"nonceChecks":29,"capabilityChecks":14,"bundledLibraries":273},[],{"prepared":29,"raw":29,"locations":104},[],{"escaped":29,"rawEcho":106,"locations":107},92,[108,111,113,115,117,119,120,122,124,125,127,129,131,133,135,137,139,141,143,145,147,149,150,152,153,155,157,158,159,161,163,164,165,167,169,171,173,175,177,179,181,183,185,186,188,189,191,192,193,195,196,198,199,201,202,204,205,207,208,210,211,213,215,217,219,221,223,225,227,229,231,232,234,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267,269,271],{"file":48,"line":109,"context":110},49,"raw output",{"file":48,"line":112,"context":110},86,{"file":48,"line":114,"context":110},89,{"file":48,"line":116,"context":110},90,{"file":48,"line":118,"context":110},91,{"file":48,"line":106,"context":110},{"file":48,"line":121,"context":110},95,{"file":48,"line":123,"context":110},103,{"file":48,"line":123,"context":110},{"file":48,"line":126,"context":110},174,{"file":48,"line":128,"context":110},200,{"file":48,"line":130,"context":110},202,{"file":48,"line":132,"context":110},235,{"file":48,"line":134,"context":110},377,{"file":48,"line":136,"context":110},378,{"file":48,"line":138,"context":110},387,{"file":48,"line":140,"context":110},423,{"file":48,"line":142,"context":110},425,{"file":48,"line":144,"context":110},426,{"file":48,"line":146,"context":110},429,{"file":48,"line":148,"context":110},439,{"file":48,"line":148,"context":110},{"file":48,"line":151,"context":110},442,{"file":48,"line":151,"context":110},{"file":48,"line":154,"context":110},446,{"file":48,"line":156,"context":110},447,{"file":48,"line":156,"context":110},{"file":48,"line":156,"context":110},{"file":48,"line":160,"context":110},451,{"file":48,"line":162,"context":110},452,{"file":48,"line":162,"context":110},{"file":48,"line":162,"context":110},{"file":48,"line":166,"context":110},457,{"file":48,"line":168,"context":110},458,{"file":48,"line":170,"context":110},459,{"file":48,"line":172,"context":110},460,{"file":48,"line":174,"context":110},465,{"file":48,"line":176,"context":110},477,{"file":48,"line":178,"context":110},479,{"file":48,"line":180,"context":110},480,{"file":48,"line":182,"context":110},483,{"file":48,"line":184,"context":110},493,{"file":48,"line":184,"context":110},{"file":48,"line":187,"context":110},496,{"file":48,"line":187,"context":110},{"file":48,"line":190,"context":110},499,{"file":48,"line":190,"context":110},{"file":48,"line":190,"context":110},{"file":48,"line":194,"context":110},500,{"file":48,"line":194,"context":110},{"file":48,"line":197,"context":110},508,{"file":48,"line":197,"context":110},{"file":48,"line":200,"context":110},511,{"file":48,"line":200,"context":110},{"file":48,"line":203,"context":110},514,{"file":48,"line":203,"context":110},{"file":48,"line":206,"context":110},521,{"file":48,"line":206,"context":110},{"file":48,"line":209,"context":110},524,{"file":48,"line":209,"context":110},{"file":48,"line":212,"context":110},529,{"file":48,"line":214,"context":110},530,{"file":48,"line":216,"context":110},531,{"file":48,"line":218,"context":110},532,{"file":48,"line":220,"context":110},537,{"file":48,"line":222,"context":110},549,{"file":48,"line":224,"context":110},551,{"file":48,"line":226,"context":110},552,{"file":48,"line":228,"context":110},555,{"file":48,"line":230,"context":110},563,{"file":48,"line":230,"context":110},{"file":48,"line":233,"context":110},566,{"file":48,"line":233,"context":110},{"file":48,"line":236,"context":110},571,{"file":48,"line":238,"context":110},572,{"file":48,"line":240,"context":110},573,{"file":48,"line":242,"context":110},574,{"file":48,"line":244,"context":110},579,{"file":48,"line":246,"context":110},587,{"file":48,"line":248,"context":110},590,{"file":48,"line":250,"context":110},592,{"file":48,"line":252,"context":110},593,{"file":48,"line":254,"context":110},599,{"file":48,"line":256,"context":110},602,{"file":48,"line":258,"context":110},604,{"file":48,"line":260,"context":110},605,{"file":48,"line":262,"context":110},611,{"file":48,"line":264,"context":110},614,{"file":48,"line":266,"context":110},616,{"file":48,"line":268,"context":110},617,{"file":48,"line":270,"context":110},630,{"file":48,"line":272,"context":110},631,[],[],{"summary":276,"deductions":277},"The \"plug-and-play\" v1.2 plugin exhibits a mixed security posture. On one hand, it demonstrates good practices by having a clean attack surface with no apparent entry points for direct manipulation and a complete absence of dangerous functions. The fact that all SQL queries utilize prepared statements is a significant strength, mitigating common SQL injection risks. However, a critical concern arises from the complete lack of output escaping, with 0% of the 92 identified output points being properly escaped. This opens the door to Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the site's output, impacting users. The plugin also makes an external HTTP request, which could be a vector if not handled carefully.  The vulnerability history is currently clean, with no recorded CVEs, which is positive, but this doesn't negate the identified code-level risks. The lack of known vulnerabilities could also indicate limited testing or a lack of public scrutiny, making the identified code weaknesses more significant.",[278,281,283,286],{"reason":279,"points":280},"0% properly escaped output points",15,{"reason":282,"points":35},"External HTTP request without clear handling",{"reason":284,"points":285},"No nonce checks on potential entry points (though none exist)",3,{"reason":287,"points":288},"Capability checks present but might be insufficient without context",2,"2026-03-17T01:25:39.314Z",{"wat":291,"direct":299},{"assetPaths":292,"generatorPatterns":295,"scriptPaths":296,"versionParams":298},[293,294],"\u002Fwp-content\u002Fplugins\u002Fplug-and-play\u002Fjs\u002FbPress-wp.js","\u002Fwp-content\u002Fplugins\u002Fplug-and-play\u002Fcss\u002FbPress-wp.css",[],[297],"http:\u002F\u002Fstore.norfolky.com\u002FbPress.js",[],{"cssClasses":300,"htmlComments":307,"htmlAttributes":308,"restEndpoints":311,"jsGlobals":312,"shortcodeOutput":316},[301,302,303,304,305,306],"bPress_under_maintenance","bPress_timer","Days","Hours","Minutes","Seconds",[],[309,310],"id=\"bPress_under_maintenance\"","id=\"bPress_timer\"",[],[313,314,315],"Logo_Signup_Page","bApi","bQuery",[]]