[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fkF9LA9L_jLL3n6TnC-0M9-QUWi-WgS3zoaGUv2lN46s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":62,"crawl_stats":36,"alternatives":67,"analysis":173,"fingerprints":281},"plugin-notes-plus","Plugin Notes Plus","1.2.10","jamiebergen","https:\u002F\u002Fprofiles.wordpress.org\u002Fjamiebergen\u002F","\u003Cp>Have you ever returned to a site that you built a while back and asked, “Why did I install this plugin?” This plugin provides an extra column on the Plugins page that enables you to add, edit, or delete notes about the plugins you have installed on a particular site. These notes are intended to provide documentation regarding why a particular plugin was installed and how or where it’s being used.\u003C\u002Fp>\n\u003Cp>Features\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add as many or as few notes as you need for each plugin.\u003C\u002Fli>\n\u003Cli>Edit or delete notes as desired.\u003C\u002Fli>\n\u003Cli>Select an icon to go with each note to quickly convey what type of content it contains (e.g., info, warning, link, etc.)\u003C\u002Fli>\n\u003Cli>Format notes using basic HTML tags if desired.\u003C\u002Fli>\n\u003Cli>Any links included in the note will be automatically converted to \u003Ccode>target=\"_blank\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Notes are added and updated via Ajax, avoiding slow page reloads.\u003C\u002Fli>\n\u003Cli>Notes also display on the WordPress Updates page for any plugins that need to be updated.\u003C\u002Fli>\n\u003Cli>A filter is provided if you would like to display notes beneath the plugin description instead of in a separate column.\u003C\u002Fli>\n\u003Cli>A filter is available to selectively hide or display plugin notes in the admin.\u003C\u002Fli>\n\u003C\u002Ful>\n","Adds a column to the Plugins page where you can add, edit, or delete notes about a plugin.",9000,75205,100,61,"2025-03-20T00:08:00.000Z","6.7.5","6.2","5.6",[20,21,22],"memo","plugin-notes","plugins","https:\u002F\u002Fgithub.com\u002Fjamiebergen\u002Fplugin-notes-plus","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-notes-plus.1.2.10.zip",91,2,0,"2024-08-16 00:00:00","2026-03-15T15:16:48.613Z",[31,47],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":38,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":28,"updated_date":43,"references":44,"days_to_patch":46},"CVE-2024-43326","plugin-notes-plus-authenticated-subscriber-arbitrary-note-deletion","Plugin Notes Plus \u003C= 1.2.7 - Authenticated (Subscriber+) Arbitrary Note Deletion","The Plugin Notes Plus plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pnp_delete_response() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary notes.",null,"\u003C=1.2.7","1.2.8","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2024-08-19 18:59:50",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe505b376-89ca-4df1-85a1-f8c472325547?source=api-prod",4,{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":36,"affected_versions":52,"patched_in_version":53,"severity":39,"cvss_score":54,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2024-37561","plugin-notes-plus-authenticated-administrator-stored-cross-site-scripting","Plugin Notes Plus \u003C= 1.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting","The Plugin Notes Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.","\u003C=1.2.6","1.2.7",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-07-09 00:00:00","2024-07-19 13:55:26",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F18f0d0fd-3d1a-4e93-8e06-9cae7d64faf7?source=api-prod",11,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":63,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":64,"trust_score":65,"computed_at":66},1,8,88,"2026-04-04T04:56:01.987Z",[68,87,106,130,153],{"slug":21,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":13,"num_ratings":77,"last_updated":78,"tested_up_to":79,"requires_at_least":80,"requires_php":81,"tags":82,"homepage":84,"download_link":85,"security_score":86,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"Plugin Notes","1.6","Mohammad Jangda","https:\u002F\u002Fprofiles.wordpress.org\u002Fbatmoo\u002F","\u003Cp>Allows you to add notes to plugins. Useful when you’re using lots of plugins and\u002For make modifications to a plugin and want to make a note of them, and\u002For work on your WordPress install with a group of people. This plugin was inspired by a post by \u003Ca href=\"http:\u002F\u002Fdigwp.com\" rel=\"nofollow ugc\">Chris Coyier\u003C\u002Fa>: (http:\u002F\u002Fdigwp.com\u002F2009\u002F10\u002Fideas-for-plugins\u002F)\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add\u002Fedit\u002Fdelete notes for each plugin on the plugin page\u003C\u002Fli>\n\u003Cli>You can use HTML in notes (v1.1+)\u003C\u002Fli>\n\u003Cli>You can use \u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" rel=\"nofollow ugc\">markdown syntax\u003C\u002Fa> in notes (v1.5+)\u003C\u002Fli>\n\u003Cli>You can use a number of variables which will be automagically replaced when the note displays (v1.5+)\u003C\u002Fli>\n\u003Cli>Save a note as a template for new notes (v1.5+)\u003C\u002Fli>\n\u003Cli>You can color-code notes to see in one glance what’s up or down (v1.6+)\u003C\u002Fli>\n\u003Cli>Links within note automagically have \u003Ccode>target=\"_blank\"\u003C\u002Fcode> added so you won’t accidently leave your site while working with the plugins.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please have a look at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-notes\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more information about these features.\u003C\u002Fp>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Markdown script\u003C\u002Fstrong>: \u003Ca href=\"http:\u002F\u002Fmichelf.ca\u002Fprojects\u002Fphp-markdown\u002F\" rel=\"nofollow ugc\">PHP Markdown 1.0.1.o\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>External link indicator\u003C\u002Fstrong>: liberally nicked from the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbwp-external-links\u002F\" rel=\"ugc\">Better WP External Links\u003C\u002Fa> plugin\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Dutch – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fjrf\" rel=\"ugc\">jrf\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Please help us make this plugin available in more language by translating it. See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-notes\u002Ffaq\u002F\" rel=\"ugc\">FAQ\u003C\u002Fa> for more info.\u003C\u002Fp>\n","Allows you to add notes to plugins.",500,14446,26,"2015-07-16T22:45:00.000Z","4.2.39","3.5","",[20,83,21,22],"meta","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-notes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-notes.1.6.zip",85,{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":95,"downloaded":96,"rating":27,"num_ratings":27,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":104,"download_link":105,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"plugin-notes-label","Plugin Notes Label","5.21","wpgear","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpgear\u002F","\u003Cp>This Plugin allows you to Add personal Notes, comments, memo to each of the Plugins.\u003Cbr \u002F>\nYou can change or delete any Note at any time.\u003Cbr \u002F>\nNotes are available to anyone who has access to the Plugins page.\u003C\u002Fp>\n\u003Cp>Here are some reasons why “Plugin Notes Label” is needed and useful:\u003Cbr \u002F>\n– Over time, sometimes you forget exactly why this or that Plugin was installed.\u003Cbr \u002F>\n– Some Plugins have to be modified (although this is not correct), and their updating requires special attention. That is, you need to remind yourself and others that you cannot update such a Plugin without careful preparation.\u003Cbr \u002F>\n– Sometimes you expect a specific new promised functionality from a certain Plugin, and up to this point, all intermediate updates are not particularly important.\u003Cbr \u002F>\n– Anyone who administers WordPress can remember a few more similar reasons. ))\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add, Edit, Delete Notes – does not require page refresh.\u003C\u002Fli>\n\u003Cli>Notes fit neatly and compactly into the general list of Plugins without breaking the original style.\u003C\u002Fli>\n\u003Cli>Displays Notes on the page: “update-core”. This is especially important if any Plugin requires special attention.\u003C\u002Fli>\n\u003Cli>Works correctly with Translated Plugin Names.\u003C\u002Fli>\n\u003Cli>Works correctly with HTML Entity in Plugin Names.\u003C\u002Fli>\n\u003Cli>Setup-Page:\n\u003Cul>\n\u003Cli>“Enable Setup-Page for Admin only” On\u002FOff\u003C\u002Fli>\n\u003Cli>“Show note Author” On\u002FOff\u003C\u002Fli>\n\u003Cli>“Show note Date” On\u002FOff\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>“Import” – “Export”:\n\u003Cul>\n\u003Cli>“Import”. All Notes are imported, along with information about the creation date and author name.\u003C\u002Fli>\n\u003Cli>“Export”. If the Note already exists, but it does not exist in the Export file, then the Note remains unchanged. If the File contains a Note about a Plugin that is not on this site, then the Note will be saved and will be displayed when such a Plugin is installed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>“Clear All Notes”:\n\u003Cul>\n\u003Cli>It can be useful in some cases when you need to completely Delete all Notes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Add your Notes to each plugin.",50,1981,"2026-01-30T08:19:00.000Z","6.9.4","4.1","5.4",[102,103,20,21],"custom-note","label","https:\u002F\u002Fwpgear.xyz\u002Fplugin-notes-label\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-notes-label.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":98,"requires_at_least":119,"requires_php":120,"tags":121,"homepage":126,"download_link":127,"security_score":128,"vuln_count":26,"unpatched_count":27,"last_vuln_date":129,"fetched_at":29},"wp-rollback","WP Rollback – Rollback Plugins and Themes","3.0.12","Devin Walker","https:\u002F\u002Fprofiles.wordpress.org\u002Fdlocc\u002F","\u003Cp>Quickly and easily rollback any theme or plugin from WordPress.org to any previous (or newer) version without any of the manual fuss. Works just like the plugin updater, except you’re rolling back (or forward) to a specific version. No need for manually downloading and FTPing the files or learning Subversion. This plugin takes care of the trouble for you.\u003C\u002Fp>\n\u003Ch4>🔙 Rollback WordPress.org Plugins and Themes\u003C\u002Fh4>\n\u003Cp>While it’s considered best practice to always keep your WordPress plugins and themes updated, we understand there are times you may need to quickly revert to a previous version. This plugin makes that process as easy as a few mouse clicks. Simply select the version of the plugin or theme that you’d like to rollback to, confirm, and in a few moments you’ll be using the version requested. No more fumbling to find the version, downloading, unzipping, FTPing, learning Subversion or hair pulling.\u003C\u002Fp>\n\u003Cp>For advanced features like premium plugin\u002Ftheme support (Envato, Kadence Pro, Astra Pro, etc.), comprehensive activity logging, multisite network support, and priority support, consider upgrading to \u003Ca href=\"https:\u002F\u002Fwprollback.com\u002F\" rel=\"nofollow ugc\">WP Rollback Pro\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Muy Importante (Very Important): Always Test and Backup\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Important Disclaimer:\u003C\u002Fstrong> This plugin is not intended to be used without first taking the proper precautions to ensure zero data loss or site downtime. Always be sure you have first tested the rollback on a staging or development site prior to using WP Rollback on a live site.\u003C\u002Fp>\n\u003Cp>We provide no (zero) assurances, guarantees, or warranties that the plugin, theme, or WordPress version you are downgrading to will work as you expect. Use this plugin at your own risk.\u003C\u002Fp>\n\u003Ch4>Translation Ready\u003C\u002Fh4>\n\u003Cp>Do you speak another language? Want to contribute in a meaningful way to WP Rollback? There’s no better way than to help us translate the plugin. This plugin is translation ready. Simply header over to the WP Rollback \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fwp-rollback\u002F\" rel=\"nofollow ugc\">translation project\u003C\u002Fa> that’s powered by WordPress.org volunteer translators. There you can contribute to the translation of the plugin into your language.\u003C\u002Fp>\n\u003Ch4>Support and Documentation\u003C\u002Fh4>\n\u003Cp>We answer all free user support requests \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fwp-rollback\" rel=\"ugc\">on the WordPress.org support forum\u003C\u002Fa>. For pro users, please submit your questions to \u003Ca href=\"https:\u002F\u002Fwprollback.com\u002F?utm_campaign=free-plugin&utm_medium=free-plugin&utm_source=readme\" rel=\"nofollow ugc\">WP Rollback Pro support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>WP Rollback was created to be as intuitive to the natural WordPress experience as possible. We believe that once you activate WP Rollback, you’ll quickly discover exactly how it works without question.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>BUT!!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>We do have documentation on our website. See \u003Ca href=\"https:\u002F\u002Fdocs.wprollback.com\u002F?utm_source=free-plugin&utm_medium=readme&utm_campaign=documentation\" rel=\"nofollow ugc\">WP Rollback Documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Rollback (or forward) any WordPress.org plugin, theme, or block like a boss.",300000,4310141,98,213,"2026-02-27T18:26:00.000Z","6.5","7.4",[122,22,123,124,125],"downgrade","revert","rollback","version","https:\u002F\u002Fwprollback.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-rollback.3.0.12.zip",99,"2015-06-28 00:00:00",{"slug":131,"name":132,"version":133,"author":134,"author_profile":135,"description":136,"short_description":137,"active_installs":138,"downloaded":139,"rating":65,"num_ratings":140,"last_updated":141,"tested_up_to":142,"requires_at_least":143,"requires_php":18,"tags":144,"homepage":148,"download_link":149,"security_score":150,"vuln_count":151,"unpatched_count":27,"last_vuln_date":152,"fetched_at":29},"download-plugin","Download Plugin","2.4.0","Metagauss","https:\u002F\u002Fprofiles.wordpress.org\u002Fmetagauss\u002F","\u003Ch4>Download Plugin for WordPress\u003C\u002Fh4>\n\u003Cp>Download Plugin can easily download plugins, themes, users, blog posts, pages, comments, attachments, and more directly from your WordPress dashboard. Download Plugin can also download data from any plugin that uses custom post types, including WooCommerce products, Easy Digital Downloads, Portfolio Post Types, Slider Revolution, bbPress, WP Job Manager, JetPack, and many more.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Plugins\u003C\u002Fstrong>: A download button is placed beside each plugin, allowing you to download the plugin in a zip file format. You can also select multiple plugins and use the bulk download option to download all selected plugins with a single click.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Themes\u003C\u002Fstrong>: Similar to plugins, a download button is placed beside each theme in your WordPress dashboard. You can download themes in a zip file format.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Users\u003C\u002Fstrong>: With the Download Plugin, you can download individual user data or multiple users’ metadata in a CSV file format. This feature simplifies user data management, allowing easy download and save user information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Blog Posts\u003C\u002Fstrong>: Export blog posts individually or in bulk with just a click. Download Plugin allows you to download blog posts in a CSV format for backup or migration purposes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Pages\u003C\u002Fstrong>: Download single or multiple pages from your WordPress site. This feature is perfect for backing up your content or transferring pages between sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Custom Posts\u003C\u002Fstrong>: Download data from plugin that use custom post types. Download single custom post or a bulk download of multiple posts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Download Comments\u003C\u002Fstrong>: Download comments either individually or in bulk. Save user feedback and engagement safely.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Just activate this plugin.\u003C\u002Fli>\n\u003Cli>You can see Download link below each plugin name on plugins page.\u003C\u002Fli>\n\u003Cli>Click on any of them and that plugin’s zip will be downloaded to your computer.\u003C\u002Fli>\n\u003Cli>Cheers!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cblockquote>\n\u003Cp>Must-have utility plugin that allows you to download any plugin directly from WordPress Dashboard!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>WordPress download plugin is a utility plugin that does one thing, and does it perfectly. It may sound simple, but this feature plugs a hole in current set of WordPress plugin functionality. As a site admin you must be aware that you can search and install WordPress plugins directly from the dashboard, or you can upload the plugin as zip files, assuming you received it from another site (for example, a commercial plugin). Once installed, all plugins list themselves inside Dashboard -> Plugins page. After deactivating and deleting them, they simply disappear. All files are removed from the server instantly. WordPress does not allow you to backup or download the plugins before you jettison them from your site. If you also manage your server and are fairly comfortable doing so, you may find a more contrived way to download installed plugins via directory manager app or FTP. Obviously, this requires more than a single click and not for everyone.\u003C\u002Fp>\n\u003Cp>What exactly are plugins and how this plugin helps you save time or bail you out from difficult situations? Plugins are files and\u002F or directories, which are created inside your WordPress installation (defined by WordPress) when you first install them. Both active and deactivated files reside inside them. When you upload zip package of a plugin, WordPress extracts it and places the directory inside it in the plugins folder. Our plugin allows you to reverse the process. It will convert any plugin installed on your site into a zip package ready to be reinstalled later or moved to another site. It accomplishes this by simply adding a new link “Download” under the plugin title to already existing links. It is a single click process and hardly takes any time. Our plugin does not create any other page in the dashboard or clutter menus. It is lightweight, efficient and completely invisible until you need it.\u003C\u002Fp>\n\u003Cp>So why would you need it? While there can be many reasons, here are the primary we think you will find it useful.\u003C\u002Fp>\n\u003Ch4>A. Backup\u003C\u002Fh4>\n\u003Cp>The foremost and most common reason – when you wish to make backup of the plugin for future installation.\u003C\u002Fp>\n\u003Ch4>B. Premium\u002F Commercial Plugins\u003C\u002Fh4>\n\u003Cp>If you have purchased the plugin from a vendor site, you may want to make a backup of your new purchase to make sure you have it handy if the vendor is no longer available or your account is expired. Please note: Do check terms of use for commercial plugins on publisher’s site.\u003C\u002Fp>\n\u003Ch4>C. Migrating to a different site\u003C\u002Fh4>\n\u003Cp>So you have found yourselves dependent on some specific plugins that you want to use on all of your sites? You can download these plugins from your current site do a folder on your hard disk from where you can upload to your other sites.\u003C\u002Fp>\n\u003Ch4>D. Preserving Changes\u003C\u002Fh4>\n\u003Cp>If you DIY type and made modifications to plugin files to suit your requirements, you will want to make sure you have an archived copy of the plugin if the files get overwritten by an update etc.\u003C\u002Fp>\n\u003Ch4>Starter Guide\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmetagauss.com\u002Fdownload-plugin-guide\u002F\" rel=\"nofollow ugc\">Checkout Download plugin guide\u003C\u002Fa> for more information.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins (Free Download From WordPress.org)\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdownload-theme\u002F\" rel=\"ugc\">Download Theme Plugin:\u003C\u002Fa> allows you to download any theme from your WordPress admin panel’s Appearance page.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcustom-registration-form-builder-with-submission-manager\u002F\" rel=\"ugc\">User Registration and Login Plugin:\u003C\u002Fa> Take total control of end-to-end user registration process on your site with RegistrationMagic plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fprofilegrid-user-profiles-groups-and-communities\u002F\" rel=\"ugc\">User Profiles and Membership Plugin:\u003C\u002Fa> Build awesome user profiles, restrict content and launch memberships with ProfileGrid plugin.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feventprime-event-calendar-management\u002F\" rel=\"ugc\">User Events and Calendar Plugin:\u003C\u002Fa> Manage user events, sell tickets and publish event calendar with EventPrime plugin.\u003C\u002Fp>\n","Download any plugin from your WordPress admin panel's Plugins page by just one click! Now, download themes, users, blog posts, pages, custom post …",50000,930336,22,"2026-03-06T07:06:00.000Z","6.8.5","4.8",[145,131,146,147,22],"download","download-plugin-zip","plugin-zip","http:\u002F\u002Fmetagauss.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdownload-plugin.2.4.0.zip",94,5,"2025-07-03 13:38:05",{"slug":154,"name":155,"version":156,"author":157,"author_profile":158,"description":159,"short_description":160,"active_installs":161,"downloaded":162,"rating":150,"num_ratings":14,"last_updated":163,"tested_up_to":164,"requires_at_least":165,"requires_php":81,"tags":166,"homepage":171,"download_link":172,"security_score":86,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"automatic-updater","Advanced Automatic Updates","1.0.2","Gary Pendergast","https:\u002F\u002Fprofiles.wordpress.org\u002Fpento\u002F","\u003Cp>Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!\u003C\u002Fp>\n\u003Cp>If you’re working on a WordPress Multisite install, it will properly restrict the options page to your Network Admin.\u003C\u002Fp>\n\u003Cp>While this will be useful for the vast majority of sites, please exercise caution, particularly if you have any custom themes or plugins running on your site.\u003C\u002Fp>\n","Adds extra options to WordPress' built-in Automatic Updates feature.",30000,255107,"2021-06-04T00:46:00.000Z","5.0.25","3.7",[167,22,168,169,170],"core","stable","themes","updates","http:\u002F\u002Fpento.net\u002Fprojects\u002Fautomatic-updater-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-updater.1.0.2.zip",{"attackSurface":174,"codeSignals":219,"taintFlows":232,"riskAssessment":267,"analyzedAt":280},{"hooks":175,"ajaxHandlers":208,"restRoutes":216,"shortcodes":217,"cronEvents":218,"entryPointCount":26,"unprotectedCount":26},[176,182,185,187,190,194,197,200,203],{"type":177,"name":178,"callback":179,"file":180,"line":181},"action","init","anonymous","includes\\class-plugin-notes-plus.php",131,{"type":177,"name":183,"callback":179,"file":180,"line":184},"admin_enqueue_scripts",146,{"type":177,"name":183,"callback":179,"file":180,"line":186},147,{"type":177,"name":188,"callback":179,"file":180,"line":189},"after_setup_theme",150,{"type":191,"name":192,"callback":179,"file":180,"line":193},"filter","plugin_row_meta",156,{"type":191,"name":195,"callback":179,"file":180,"line":196},"manage_plugins_columns",159,{"type":177,"name":198,"callback":179,"file":180,"line":199},"manage_plugins_custom_column",160,{"type":191,"name":201,"callback":179,"file":180,"line":202},"manage_plugins-network_columns",163,{"type":177,"name":204,"callback":205,"file":206,"line":207},"plugins_loaded","plugin_notes_plus_migrate_to_table","plugin-notes-plus.php",62,[209,213],{"action":210,"nopriv":211,"callback":179,"hasNonce":211,"hasCapCheck":211,"file":180,"line":212},"pnp_add_response",false,167,{"action":214,"nopriv":211,"callback":179,"hasNonce":211,"hasCapCheck":211,"file":180,"line":215},"pnp_delete_response",168,[],[],[],{"dangerousFunctions":220,"sqlUsage":221,"outputEscaping":223,"fileOperations":27,"externalRequests":27,"nonceChecks":26,"capabilityChecks":230,"bundledLibraries":231},[],{"prepared":46,"raw":27,"locations":222},[],{"escaped":224,"rawEcho":63,"locations":225},29,[226],{"file":227,"line":228,"context":229},"admin\\partials\\plugin-note-markup.php",24,"raw output",3,[],[233,257],{"entryPoint":234,"graph":235,"unsanitizedCount":63,"severity":256},"pnp_add_response (admin\\class-plugin-notes-plus-admin.php:248)",{"nodes":236,"edges":253},[237,243,247],{"id":238,"type":239,"label":240,"file":241,"line":242},"n0","source","$_REQUEST","admin\\class-plugin-notes-plus-admin.php",278,{"id":244,"type":245,"label":246,"file":241,"line":242},"n1","transform","→ get_plugin_note_by_id()",{"id":248,"type":249,"label":250,"file":251,"line":13,"wp_function":252},"n2","sink","get_row() [SQLi]","admin\\class-plugin-notes-plus-the-note.php","get_row",[254,255],{"from":238,"to":244,"sanitized":211},{"from":244,"to":248,"sanitized":211},"high",{"entryPoint":258,"graph":259,"unsanitizedCount":63,"severity":256},"\u003Cclass-plugin-notes-plus-admin> (admin\\class-plugin-notes-plus-admin.php:0)",{"nodes":260,"edges":264},[261,262,263],{"id":238,"type":239,"label":240,"file":241,"line":242},{"id":244,"type":245,"label":246,"file":241,"line":242},{"id":248,"type":249,"label":250,"file":251,"line":13,"wp_function":252},[265,266],{"from":238,"to":244,"sanitized":211},{"from":244,"to":248,"sanitized":211},{"summary":268,"deductions":269},"The plugin \"plugin-notes-plus\" v1.2.10 exhibits a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and has a high percentage of properly escaped output, significant concerns arise from its attack surface and taint analysis.\n\nThe static analysis reveals two AJAX handlers, both lacking authentication checks. This presents a direct entry point for unauthenticated attackers to potentially interact with plugin functionalities. The taint analysis further exacerbates this concern, identifying two flows with unsanitized paths that are classified as high severity. This indicates that user-supplied input in these flows is not being adequately validated or sanitized before being used, potentially leading to vulnerabilities like Cross-Site Scripting or other injection attacks.\n\nThe vulnerability history shows a pattern of past medium-severity vulnerabilities, including Missing Authorization and Cross-site Scripting. While there are currently no unpatched CVEs, the recurrence of these vulnerability types suggests a potential ongoing weakness in input validation and authorization mechanisms. The plugin's strengths lie in its robust SQL handling and output escaping, but the unprotected AJAX endpoints and high-severity taint flows represent immediate and critical risks that need to be addressed.",[270,273,276,278],{"reason":271,"points":272},"Unprotected AJAX handlers",10,{"reason":274,"points":275},"High severity taint flows with unsanitized paths",15,{"reason":277,"points":64},"History of Missing Authorization vulnerabilities",{"reason":279,"points":64},"History of Cross-Site Scripting vulnerabilities","2026-03-16T17:54:13.076Z",{"wat":282,"direct":293},{"assetPaths":283,"generatorPatterns":287,"scriptPaths":288,"versionParams":289},[284,285,286],"\u002Fwp-content\u002Fplugins\u002Fplugin-notes-plus\u002Fadmin\u002Fcss\u002Fplugin-notes-plus-admin.css","\u002Fwp-content\u002Fplugins\u002Fplugin-notes-plus\u002Fadmin\u002Fjs\u002Fplugin-notes-plus-admin.js","\u002Fwp-content\u002Fplugins\u002Fplugin-notes-plus\u002Fadmin\u002Fjs\u002Fplugin-notes-plus-updates.js",[],[285,286],[290,291,292],"plugin-notes-plus\u002Fadmin\u002Fcss\u002Fplugin-notes-plus-admin.css?ver=","plugin-notes-plus\u002Fadmin\u002Fjs\u002Fplugin-notes-plus-admin.js?ver=","plugin-notes-plus\u002Fadmin\u002Fjs\u002Fplugin-notes-plus-updates.js?ver=",{"cssClasses":294,"htmlComments":295,"htmlAttributes":297,"restEndpoints":299,"jsGlobals":300,"shortcodeOutput":303},[],[296],"\u003C!-- Note: plugin-notes-plus -->",[298],"data-plugin-notes-plus",[],[301,170,302],"pnp_params","labels",[]]