[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fulWYJDLaHNXA5I0Z7CfNnDgkkiy7Rg7Ad_s3Ioq3R34":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":49,"crawl_stats":38,"alternatives":55,"analysis":56,"fingerprints":120},"plugin-logic","Plugin Logic","1.1.2","simon_h","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimon_h\u002F","\u003Cp>A possibility to increase the speed of your WordPress page is to deactivate Plugins on pages,\u003Cbr \u002F>\nwhere they are not needed. This Plugin allows you to do this on a easy way.\u003Cbr \u002F>\nSo you can reduce the amount of JavaScript and CSS files which are loaded and SQL queries run at page load.\u003C\u002Fp>\n","Url based plugin deactivation or activation.",90,8243,94,27,"2025-12-05T17:20:00.000Z","6.9.4","6.2.0","",[20,21,22,23,24],"activate-plugins-by-url","deactivate-plugins-by-rules","deactivate-plugins-by-url","disable-plugins-by-page","disable-plugins-by-rules","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-logic\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-logic.1.1.2.zip",99,1,0,"2022-12-02 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":40,"severity":41,"cvss_score":42,"cvss_vector":43,"vuln_type":44,"published_date":30,"updated_date":45,"references":46,"days_to_patch":48},"CVE-2022-4268","plugin-logic-authenticated-administrator-sql-injection","Plugin Logic \u003C= 1.0.7 - Authenticated (Administrator+) SQL Injection","The Plugin Logic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=1.0.7","1.0.8","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2024-01-22 19:56:02",[47],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe75a96ab-499b-4f1d-a60b-a5aa9d804363?source=api-prod",417,{"slug":7,"display_name":50,"profile_url":8,"plugin_count":51,"total_installs":52,"avg_security_score":11,"avg_patch_time_days":48,"trust_score":53,"computed_at":54},"Simon Wheatley",3,40090,72,"2026-04-04T14:25:55.915Z",[],{"attackSurface":57,"codeSignals":92,"taintFlows":109,"riskAssessment":110,"analyzedAt":119},{"hooks":58,"ajaxHandlers":88,"restRoutes":89,"shortcodes":90,"cronEvents":91,"entryPointCount":29,"unprotectedCount":29},[59,65,68,73,77,82,86],{"type":60,"name":61,"callback":62,"file":63,"line":64},"action","admin_footer","closure","plugin-logic-fields.php",166,{"type":60,"name":61,"callback":66,"file":63,"line":67},"get_adminbar_colors",185,{"type":60,"name":69,"callback":70,"file":71,"line":72},"plugins_loaded","init","plugin-logic.php",26,{"type":60,"name":74,"callback":75,"file":71,"line":76},"admin_menu","on_admin_menu",88,{"type":78,"name":79,"callback":80,"file":71,"line":81},"filter","screen_layout_columns","screen_options_controls",130,{"type":60,"name":83,"callback":84,"file":71,"line":85},"admin_notices","admin_notice__error",191,{"type":60,"name":61,"callback":62,"file":71,"line":87},718,[],[],[],[],{"dangerousFunctions":93,"sqlUsage":101,"outputEscaping":104,"fileOperations":28,"externalRequests":29,"nonceChecks":106,"capabilityChecks":107,"bundledLibraries":108},[94,98],{"fn":95,"file":71,"line":96,"context":97},"unserialize",358,"$rules['urls']  = unserialize( $r->urls );",{"fn":95,"file":71,"line":99,"context":100},359,"$rules['words'] = unserialize( $r->words );",{"prepared":102,"raw":29,"locations":103},19,[],{"escaped":102,"rawEcho":29,"locations":105},[],4,5,[],[],{"summary":111,"deductions":112},"The plugin \"plugin-logic\" v1.1.2 exhibits a mixed security posture. On the positive side, the static analysis shows no identified attack surface, meaning there are no readily exploitable entry points like unprotected AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries utilize prepared statements, all output is properly escaped, and there are a good number of nonce and capability checks, indicating adherence to several WordPress security best practices. The absence of external HTTP requests and bundled libraries is also a positive sign, reducing potential attack vectors.\n\nHowever, there are significant concerns. The presence of the `unserialize` function without explicit warnings about its usage is a major red flag. Improper use of `unserialize` can lead to Remote Code Execution vulnerabilities if the input data is controlled by an attacker. The vulnerability history also reveals a past high-severity SQL injection vulnerability, which is concerning given the plugin's history. While this specific vulnerability is reported as patched, the nature of the vulnerability suggests that careful input validation and sanitization are critical for this plugin.\n\nIn conclusion, while the current version of \"plugin-logic\" v1.1.2 appears to have a reduced attack surface and good practices regarding SQL queries and output escaping, the presence of `unserialize` and the past SQL injection vulnerability necessitate caution. The developer should thoroughly audit the usage of `unserialize` and ensure robust input validation across all data sources.",[113,116],{"reason":114,"points":115},"Dangerous function 'unserialize' detected",15,{"reason":117,"points":118},"Past high-severity SQL Injection vulnerability",10,"2026-03-16T21:18:55.016Z",{"wat":121,"direct":130},{"assetPaths":122,"generatorPatterns":125,"scriptPaths":126,"versionParams":127},[123,124],"\u002Fwp-content\u002Fplugins\u002Fplugin-logic\u002Fcss\u002Fplugin-logic.css","\u002Fwp-content\u002Fplugins\u002Fplugin-logic\u002Fjs\u002Fplugin-logic.js",[],[124],[128,129],"plugin-logic\u002Fcss\u002Fplugin-logic.css?ver=","plugin-logic\u002Fjs\u002Fplugin-logic.js?ver=",{"cssClasses":131,"htmlComments":132,"htmlAttributes":134,"restEndpoints":137,"jsGlobals":138,"shortcodeOutput":140},[],[133],"\u003C!-- Plugin Logic -->",[135,136],"name=\"plulo_toggle_dash_col\"","id=\"plulo_option_page\"",[],[139],"pluginLogic",[]]