[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fn0VlCH2ISvQvtrZWWe83IDvMQAPGB3EnwFHXo2UPxFM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":46,"crawl_stats":36,"alternatives":52,"analysis":90,"fingerprints":309},"plugin-organizer","Plugin Organizer","10.2.4","Jeff Sterup","https:\u002F\u002Fprofiles.wordpress.org\u002Ffoomagoo\u002F","\u003Cp>This plugin allows you to do the following:\u003Cbr \u002F>\n1. Change the order that your plugins are loaded.\u003Cbr \u002F>\n2. Selectively disable plugins by any post type or wordpress managed URL.\u003Cbr \u002F>\n3. Adds grouping to the plugin admin age.\u003C\u002Fp>\n\u003Cp>WARNING: Reordering or disabling plugins can have catastrophic affects on your site.  It can cause issues with plugins and can render your site inaccessible.\u003C\u002Fp>\n","Change plugin order and selectively enable\u002Fdisable plugins on each post\u002Fpage.",10000,771323,94,227,"2025-11-29T17:12:00.000Z","6.9.4","4.6.0","",[20,21,4,22],"disable-plugins-by-post-or-page","plugin-load-order","turn-off-plugins-for-post-or-page","https:\u002F\u002Fwww.sterup.com\u002Fwordpress-plugins\u002Fplugin-organizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-organizer.10.2.4.zip",99,1,0,"2025-12-08 00:00:00","2026-03-15T15:16:48.613Z",[31],{"id":32,"url_slug":33,"title":34,"description":35,"plugin_slug":4,"theme_slug":36,"affected_versions":37,"patched_in_version":6,"severity":38,"cvss_score":39,"cvss_vector":40,"vuln_type":41,"published_date":28,"updated_date":42,"references":43,"days_to_patch":45},"CVE-2025-13417","plugin-organizer-authenticated-subscriber-sql-injection","Plugin Organizer \u003C= 10.2.3 - Authenticated (Subscriber+) SQL Injection","The Plugin Organizer plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 10.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",null,"\u003C=10.2.3","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-01-06 16:02:51",[44],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F241b29c2-eaeb-4abb-a33c-631e768e03b8?source=api-prod",30,{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":45,"trust_score":13,"computed_at":51},"foomagoo",2,10400,100,"2026-04-04T04:16:31.445Z",[53,75],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":45,"last_updated":64,"tested_up_to":65,"requires_at_least":66,"requires_php":18,"tags":67,"homepage":71,"download_link":72,"security_score":73,"vuln_count":26,"unpatched_count":27,"last_vuln_date":74,"fetched_at":29},"plugin-groups","Plugin Groups","2.0.9","David Cramer","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesertsnowman\u002F","\u003Cp>If you have a lot of plugins installed, it can be difficult to manage them all. Now you can organize the plugins admin page by grouping your plugins by purpose. Each group will be displayed as a plugin status tabs in the plugins admin page, so you can easily filter which plugins you are viewing by group.\u003C\u002Fp>\n\u003Cp>A free plugin by \u003Ca href=\"https:\u002F\u002Fcramer.co.za\" rel=\"nofollow ugc\">David Cramer\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FDavidCramer\u002Fplugin-groups\" rel=\"nofollow ugc\">Contribute to the development on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","Organize plugins in the Plugins Admin Page by creating groups and filter types",1000,27148,86,"2024-02-20T06:45:00.000Z","6.4.8","5.3",[68,69,54,4,70],"plugin-filter","plugin-group","plugin-status-filter","https:\u002F\u002Fcramer.co.za","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-groups.zip",85,"2024-02-20 00:00:00",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":27,"downloaded":83,"rating":27,"num_ratings":27,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":87,"tags":88,"homepage":18,"download_link":89,"security_score":73,"vuln_count":27,"unpatched_count":27,"last_vuln_date":36,"fetched_at":29},"disable-plugins-on-pages-posts","Disable Plugins on Pages Posts (Plugin Load Organizer)","1.0.0","Amin Nazemi","https:\u002F\u002Fprofiles.wordpress.org\u002Faminnz\u002F","\u003Cp>Regarding WordPress performance, we have a part to say around plugins. Each plugin includes PHP code that has got to be executed,\u003Cbr \u002F>\nmore often than not incorporates scripts and styles, and may indeed run extra inquiries against the database.\u003Cbr \u002F>\nThis implies that pointless plugins can influence page speed and may have a negative effect on the user encounter and your page positioning on google searches and speed insight ranking.\u003C\u002Fp>\n\u003Cp>** Usage **\u003Cbr \u002F>\nJust install it in your wordpress website and go to wp-admin -> settings -> plugin load organizer\u003Cbr \u002F>\nthere are two options available :\u003Cbr \u002F>\n1. Disabling the plugins in the specific pages\u003Cbr \u002F>\n2. Disabling the plugins based on the post-type\u003C\u002Fp>\n","This plugin is focusing on organizing the load of plugins in all around the WordPress and can help you to reduce the HTTP requests and running PHP cod &hellip;",2962,"2022-08-16T07:52:00.000Z","6.0.11","5.4","5.6",[4],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-plugins-on-pages-posts.1.0.0.zip",{"attackSurface":91,"codeSignals":97,"taintFlows":291,"riskAssessment":292,"analyzedAt":308},{"hooks":92,"ajaxHandlers":93,"restRoutes":94,"shortcodes":95,"cronEvents":96,"entryPointCount":27,"unprotectedCount":27},[],[],[],[],[],{"dangerousFunctions":98,"sqlUsage":117,"outputEscaping":131,"fileOperations":26,"externalRequests":27,"nonceChecks":27,"capabilityChecks":289,"bundledLibraries":290},[99,104,105,108,109,112,113,116],{"fn":100,"file":101,"line":102,"context":103},"unserialize","tpl\\common_js.php",22,"'std_plugins'=>(is_array(@unserialize($storedPluginLists['disabled_plugins'])))? @unserialize($store",{"fn":100,"file":101,"line":102,"context":103},{"fn":100,"file":101,"line":106,"context":107},23,"'mobile_plugins'=>(is_array(@unserialize($storedPluginLists['disabled_mobile_plugins'])))? @unserial",{"fn":100,"file":101,"line":106,"context":107},{"fn":100,"file":101,"line":110,"context":111},24,"'std_groups'=>(is_array(@unserialize($storedPluginLists['disabled_groups'])))? @unserialize($storedP",{"fn":100,"file":101,"line":110,"context":111},{"fn":100,"file":101,"line":114,"context":115},25,"'mobile_groups'=>(is_array(@unserialize($storedPluginLists['disabled_mobile_groups'])))? @unserializ",{"fn":100,"file":101,"line":114,"context":115},{"prepared":26,"raw":118,"locations":119},5,[120,124,126,128,130],{"file":121,"line":122,"context":123},"uninstall.php",26,"$wpdb->query() with variable interpolation",{"file":121,"line":125,"context":123},27,{"file":121,"line":127,"context":123},28,{"file":121,"line":129,"context":123},29,{"file":121,"line":45,"context":123},{"escaped":27,"rawEcho":63,"locations":132},[133,136,137,139,141,143,146,147,149,151,153,155,157,159,161,163,165,167,170,172,174,176,178,180,182,184,186,189,191,192,193,195,197,198,200,201,203,205,207,208,210,212,213,214,216,217,219,220,222,223,225,227,229,231,233,235,237,238,241,243,245,248,250,251,252,254,255,256,257,259,261,263,265,267,269,270,271,273,275,277,278,280,283,285,287,288],{"file":101,"line":134,"context":135},6,"raw output",{"file":101,"line":127,"context":135},{"file":101,"line":138,"context":135},390,{"file":101,"line":140,"context":135},445,{"file":142,"line":125,"context":135},"tpl\\global_plugins_js.php",{"file":144,"line":145,"context":135},"tpl\\groupAndOrder.php",19,{"file":144,"line":145,"context":135},{"file":144,"line":148,"context":135},62,{"file":144,"line":150,"context":135},67,{"file":144,"line":152,"context":135},68,{"file":144,"line":154,"context":135},69,{"file":144,"line":156,"context":135},72,{"file":144,"line":158,"context":135},73,{"file":144,"line":160,"context":135},75,{"file":144,"line":162,"context":135},76,{"file":144,"line":164,"context":135},77,{"file":144,"line":166,"context":135},89,{"file":168,"line":169,"context":135},"tpl\\group_and_order_js.php",92,{"file":168,"line":171,"context":135},115,{"file":168,"line":173,"context":135},140,{"file":168,"line":175,"context":135},164,{"file":168,"line":177,"context":135},179,{"file":168,"line":179,"context":135},194,{"file":168,"line":181,"context":135},202,{"file":168,"line":183,"context":135},212,{"file":168,"line":185,"context":135},239,{"file":187,"line":188,"context":135},"tpl\\postMetaBox.php",15,{"file":187,"line":190,"context":135},21,{"file":187,"line":129,"context":135},{"file":187,"line":129,"context":135},{"file":187,"line":194,"context":135},31,{"file":187,"line":196,"context":135},57,{"file":187,"line":158,"context":135},{"file":187,"line":199,"context":135},74,{"file":187,"line":166,"context":135},{"file":187,"line":202,"context":135},105,{"file":187,"line":204,"context":135},128,{"file":187,"line":206,"context":135},134,{"file":187,"line":173,"context":135},{"file":187,"line":209,"context":135},152,{"file":187,"line":211,"context":135},181,{"file":187,"line":183,"context":135},{"file":187,"line":183,"context":135},{"file":187,"line":215,"context":135},218,{"file":187,"line":215,"context":135},{"file":187,"line":218,"context":135},228,{"file":187,"line":218,"context":135},{"file":187,"line":221,"context":135},234,{"file":187,"line":221,"context":135},{"file":187,"line":224,"context":135},248,{"file":187,"line":226,"context":135},259,{"file":187,"line":228,"context":135},261,{"file":187,"line":230,"context":135},262,{"file":187,"line":232,"context":135},276,{"file":187,"line":234,"context":135},288,{"file":187,"line":236,"context":135},300,{"file":187,"line":236,"context":135},{"file":239,"line":240,"context":135},"tpl\\pt_plugins_js.php",56,{"file":239,"line":242,"context":135},95,{"file":239,"line":244,"context":135},123,{"file":246,"line":247,"context":135},"tpl\\search_plugins_js.php",44,{"file":249,"line":129,"context":135},"tpl\\settings.php",{"file":249,"line":129,"context":135},{"file":249,"line":129,"context":135},{"file":249,"line":253,"context":135},43,{"file":249,"line":253,"context":135},{"file":249,"line":196,"context":135},{"file":249,"line":196,"context":135},{"file":249,"line":258,"context":135},169,{"file":249,"line":260,"context":135},175,{"file":249,"line":262,"context":135},199,{"file":249,"line":264,"context":135},204,{"file":249,"line":266,"context":135},229,{"file":249,"line":268,"context":135},237,{"file":249,"line":228,"context":135},{"file":249,"line":230,"context":135},{"file":249,"line":272,"context":135},263,{"file":249,"line":274,"context":135},286,{"file":249,"line":276,"context":135},312,{"file":249,"line":276,"context":135},{"file":249,"line":279,"context":135},329,{"file":281,"line":282,"context":135},"tpl\\settings_page_js.php",14,{"file":281,"line":284,"context":135},61,{"file":281,"line":286,"context":135},70,{"file":281,"line":162,"context":135},{"file":281,"line":25,"context":135},4,[],[],{"summary":293,"deductions":294},"The Plugin Organizer v10.2.4 exhibits a mixed security posture.  On the positive side, the plugin has a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or proper permission checks. This suggests a deliberate effort to limit entry points.  However, significant concerns arise from the static analysis. The presence of 8 'dangerous functions', specifically 'unserialize', without any apparent input validation or sanitization, is a major red flag.  Furthermore, a concerning 100% of output escaping is not properly implemented, increasing the risk of cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on any identified entry points (though there are none) is also a weakness, as these are standard security measures for WordPress plugins.\n\nThe vulnerability history shows one medium-severity CVE related to SQL injection. While there are no currently unpatched vulnerabilities, the past SQL injection issue, combined with the SQL query analysis showing only 17% use prepared statements, suggests a historical pattern of insecure SQL handling.  The lack of taint analysis results is unusual, but it doesn't negate the identified risks.  In conclusion, while the plugin has a limited attack surface and no known critical or high-severity vulnerabilities, the static analysis reveals critical weaknesses in 'unserialize' usage and output escaping, alongside a history of SQL injection vulnerabilities and poor SQL query preparation. These present tangible risks that require immediate attention.",[295,297,300,303,306],{"reason":296,"points":188},"Dangerous function 'unserialize' found",{"reason":298,"points":299},"0% output escaping",8,{"reason":301,"points":302},"17% SQL queries use prepared statements",7,{"reason":304,"points":305},"Medium severity CVE history",10,{"reason":307,"points":118},"0 Nonce checks on entry points","2026-03-16T17:42:18.524Z",{"wat":310,"direct":320},{"assetPaths":311,"generatorPatterns":314,"scriptPaths":315,"versionParams":317},[312,313],"\u002Fwp-content\u002Fplugins\u002Fplugin-organizer\u002Fjs\u002Fvalidation.js","\u002Fwp-content\u002Fplugins\u002Fplugin-organizer\u002Fcss\u002Fplugin-organizer.css",[],[316],"\u002Fwp-content\u002Fplugins\u002Fplugin-organizer\u002Fjs\u002Fplugin-organizer.js",[318,319],"plugin-organizer\u002Fcss\u002Fplugin-organizer.css?ver=","plugin-organizer\u002Fjs\u002Fplugin-organizer.js?ver=",{"cssClasses":321,"htmlComments":356,"htmlAttributes":357,"restEndpoints":376,"jsGlobals":377,"shortcodeOutput":391},[322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,347,351,355],"PO-permalink-input","PO-ui-dialog","PO-ui-notices","PO-content-wrap","PO-add-permalink","PO-disable-all-plugins","PO-enable-all-plugins","PO-disable-all-groups","PO-enable-all-groups","PO-plugin-overview-header","plugin-overview-list","PO-available-platforms","PO-available-roles","plugin-overview-platform-list","plugin-overview-role-list","PO-disabled-std-plugin-list","PO_disabled_std_plugin_list","PO-disabled-mobile-plugin-list","PO_disabled_mobile_plugin_list","PO-disabled-std-group-list","PO_disabled_std_group_list","PO-disabled-mobile-group-list","PO_disabled_mobile_group_list","plugin-overview-plugin-list","plugin-wrap","PO-plugin-id","PO-plugin-name","plugin-overview-group-list","group-wrap","PO-group-id","PO-group-members","plugin-name-container","group-name-container","disabled",[],[358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375],"data-po-help-dialog","data-po-dialog-title","data-po-dialog-content","data-po-dialog-width","data-po-dialog-height","data-po-dialog-modal","data-po-dialog-resizable","data-po-dialog-position","data-po-dialog-close-text","data-po-dialog-class","data-plugin-id","data-group-id","data-platform","data-role","data-item-type","data-action","data-state","data-plugin-status",[],[378,379,380,381,382,383,384,385,386,387,388,389,390],"tmpObjectCount","globalPlugins","toggleButtonOptions","PO_attach_help_dialog","PO_display_ui_dialog","PO_activate_pt_override","PO_deactivate_pt_override","PO_set_expand_info_action","PO_attach_ui_handlers","PO_add_permalink","PO_add_all","PO_remove_all","PO_mark_disabled_plugins",[]]