[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdX-EMcBLpce5hiqvzF_5RoDtyC-Dit8_OLncbPSYbe0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":142,"fingerprints":252},"plugin-report","Plugin Report","2.2.2","Torsten Landsiedel","https:\u002F\u002Fprofiles.wordpress.org\u002Fzodiac1978\u002F","\u003Cp>A WordPress plugin that provides detailed information about currently installed plugins.\u003C\u002Fp>\n\u003Ch3>Plugin Report will allow you to:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Spot plugins that are no longer maintained.\u003C\u002Fli>\n\u003Cli>Get a quick overview of the “plugin health” of your site.\u003C\u002Fli>\n\u003Cli>Provide clients with a detailed report, right from their own dashboard, or as CSV spreadsheet.\u003C\u002Fli>\n\u003Cli>Find plugins that are no longer active on multisite installs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to Roy Tanck for trusting me to adopt this great plugin. Hartelijk bedankt!\u003C\u002Fp>\n\u003Cp>Special thanks go to \u003Ca href=\"http:\u002F\u002Ftristen.ca\u002F\" rel=\"nofollow ugc\">Tristen Forsythe Brown\u003C\u002Fa> for the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftristen\u002Ftablesort\" rel=\"nofollow ugc\">tablesort JavaScript library\u003C\u002Fa> licensed under the MIT License.\u003C\u002Fp>\n","A WordPress plugin that provides detailed information about currently installed plugins.",1000,26304,100,14,"2026-01-18T12:46:00.000Z","6.9.4","4.6","5.6",[20,21,22,23],"admin","multisite","plugin-info","plugins","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-report\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-report.2.2.2.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"zodiac1978",4,1820,91,30,88,"2026-04-04T03:31:41.931Z",[39,60,80,101,120],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":57,"download_link":58,"security_score":59,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"proper-network-activation","Proper Network Activation","1.0.5","scribu","https:\u002F\u002Fprofiles.wordpress.org\u002Fscribu\u002F","\u003Cp>When running WordPress MultiSite, you have a very handy feature called network activation. It allows you to activate a plugin for the entire network of sites. The trouble is that it only does half the job.\u003C\u002Fp>\n\u003Cp>Some plugins have an install procedure that is meant to be run only on activation. However, when you do a network activation, that install procedure is only run for the current site. So, you end up with plugins not working properly on all the other sites.\u003C\u002Fp>\n\u003Cp>What this plugin does:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>when doing a network de\u002Factivation, it triggers the de\u002Factivation hook on all sites in the network\u003C\u002Fli>\n\u003Cli>when creating a new site, it triggers the activation hook for all active network plugins on that site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Links: \u003Ca href=\"http:\u002F\u002Fscribu.net\u002Fwordpress\u002Fproper-network-activation\" rel=\"nofollow ugc\">Plugin News\u003C\u002Fa> | \u003Ca href=\"http:\u002F\u002Fscribu.net\" rel=\"nofollow ugc\">Author’s Site\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contribute Code at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fscribu\u002Fwp-proper-network-activation\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fscribu\u002Fwp-proper-network-activation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Contribute Translations at \u003Ca href=\"https:\u002F\u002Ftranslate.foe-services.de\u002Fprojects\u002Fproper-network-activation\" rel=\"nofollow ugc\">https:\u002F\u002Ftranslate.foe-services.de\u002Fprojects\u002Fproper-network-activation\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Avoid errors when using WordPress MultiSite network activation",20,32400,86,7,"2013-03-14T12:57:00.000Z","3.5.2","3.1","",[56,20,21,23],"activation","http:\u002F\u002Fscribu.net\u002Fwordpress\u002Fproper-network-activation","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fproper-network-activation.zip",85,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":13,"num_ratings":70,"last_updated":71,"tested_up_to":16,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"multisite-administration-tools","Multisite Administration Tools","1.21","Aaron Axelsen","https:\u002F\u002Fprofiles.wordpress.org\u002Faxelseaa\u002F","\u003Cp>The Multisite Administration Tools plugin adds additional columns to the Sites, Plugins and Themes tables in the Network Admin interface.\u003C\u002Fp>\n\u003Cp>On the Sites table, two additional columns are added to allow admins to easily view the theme of the site, and also any plugins that are enabled.\u003C\u002Fp>\n\u003Cp>On the Themes table, there is an additional column added which allows the administrator to see all sites that are actively using that theme.\u003C\u002Fp>\n\u003Cp>On the Plugins table, there is an additional column added which allows the administrator to see all sites that are actively using that plugin.\u003C\u002Fp>\n","Adds information to the network admin sites, plugins and themes page. Allows you to easily see what theme and plugins are enabled on a site.",10,3393,2,"2025-12-21T16:29:00.000Z","5.8","7.2",[75,21,76,23,77],"admintools","network","themes","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fmultisite-administration-tools\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-administration-tools.1.21.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":88,"downloaded":89,"rating":90,"num_ratings":91,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":54,"tags":95,"homepage":99,"download_link":100,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wpcore","WPCore Plugin Manager","1.9.2","stueynet","https:\u002F\u002Fprofiles.wordpress.org\u002Fstueynet\u002F","\u003Cp>WPCore is a tool that allows you to manage collections of WordPress plugins and then quickly install them on any WordPress site. You can generate your collections at https:\u002F\u002Fwpcore.com and then import them to your WordPress site by copying and pasting your unique collection key in WordPress.\u003C\u002Fp>\n","Create plugin collections and install them in one click on any WordPress site.",10000,168565,96,32,"2025-05-20T17:15:00.000Z","6.8.5","3.5",[20,96,97,98,23],"administration","install","installation","https:\u002F\u002Fwpcore.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpcore.1.9.2.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":109,"downloaded":110,"rating":111,"num_ratings":47,"last_updated":112,"tested_up_to":52,"requires_at_least":113,"requires_php":54,"tags":114,"homepage":118,"download_link":119,"security_score":59,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"root-relative-urls","Root Relative URLs","2.3","MarcusPope","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcuspope\u002F","\u003Cp>A WordPress plugin that converts all URL formats to root-relative URLs to enable seamless transitioning between staging\u002Fproduction host environments and debugging\u002Ftesting from mobile devices, without the use of hackish tactics like textual find-replace strategies or risky hosts\u002FNAT spoofing strategies.\u003C\u002Fp>\n\u003Cp>With Root Relative URLs you can browse your development site from http:\u002F\u002Flocalhost\u002F or http:\u002F\u002F127.0.0.1\u002F or from a named network resource like http:\u002F\u002Fmycomputername\u002F without worrying about links redirecting you back to your site’s URL.\u003C\u002Fp>\n\u003Cp>This plugin also modifies the tinyMCE hooks so links and media embedded with built-in tools will only insert URLs from the first forward slash after the domain (i.e. the root of your site.)  This means when you push content changes to a staging or production environment they are guaranteed to reference the correct target instead of accidentally referencing a production resource in development or, worse-yet, a development-exclusive resource in production.\u003C\u002Fp>\n\u003Cp>It supports path-based MU Installations, but does not support domain-based MU sites due to architectural deficiencies in the WordPress core.\u003C\u002Fp>\n\u003Cp>Version 1.5 fixes an infinite redirect problem that is a result of a core bug in WordPress.  If you have problems with the \u003C!–more–> tag or permalinks for custom post types, please read the FAQ or new Install Steps for support.\u003C\u002Fp>\n\u003Cp>Version 2.2 allows for adding certain URL’s or partial URL’s to a blacklist, meaning I won’t use root relative urls, but dynamic absolute URLs instead for displaying content.  This will fix problems with 3rd party plugins, and can be configured on the General Settings page.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n","Converts all URLs to root-relative URLs for hosting the same site on multiple IPs, easier production migration and better mobile device testing.",6000,77389,58,"2017-11-28T08:04:00.000Z","3.2.1",[20,115,116,21,117],"content","links","url","http:\u002F\u002Fwww.marcuspope.com\u002Fwordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Froot-relative-urls.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":11,"downloaded":128,"rating":90,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":54,"tags":133,"homepage":137,"download_link":138,"security_score":139,"vuln_count":140,"unpatched_count":140,"last_vuln_date":141,"fetched_at":28},"hide-plugins","Hide Plugins","1.0.4","ThemeBoy","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeboy\u002F","\u003Cp>Hide Plugins is a light-weight plugin that gives a single admin user the ability to hide plugins prevent them from being activated, deactivated, or deleted by clients and other users, including administrators. By activating Hide Plugins, you will be able to see all plugins and a toggle to hide each plugin from other users on the Plugins page. Hide Plugins will always remain hidden.\u003C\u002Fp>\n\u003Cp>Note that the dropdown on the Edit Plugins page will not be affected, since it does not have a filter to hook into. Hidden plugins will remain active, so traces of the plugin in areas other than the Plugins page (like options pages in the admin menu) will still be visible. If you also want to hide menus, we recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadmin-menu-editor\u002F\" rel=\"ugc\">Admin Menu Editor\u003C\u002Fa>.\u003C\u002Fp>\n","Hide installed plugins from clients and other admin users.",19213,9,"2016-04-22T14:32:00.000Z","4.5.33","3.0",[20,134,135,136,23],"dashboard","hidden","hide","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhide-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-plugins.1.0.4.zip",63,1,"2025-12-31 00:00:00",{"attackSurface":143,"codeSignals":171,"taintFlows":214,"riskAssessment":244,"analyzedAt":251},{"hooks":144,"ajaxHandlers":161,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":140,"unprotectedCount":26},[145,151,154,157],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","network_admin_menu","register_settings_page","rt-plugin-report.php",53,{"type":146,"name":152,"callback":148,"file":149,"line":153},"admin_menu",55,{"type":146,"name":155,"callback":156,"file":149,"line":111},"admin_enqueue_scripts","enqueue_assets",{"type":146,"name":158,"callback":159,"priority":68,"file":149,"line":160},"upgrader_process_complete","upgrade_delete_cache_items",62,[162],{"action":163,"nopriv":164,"callback":165,"hasNonce":166,"hasCapCheck":166,"file":149,"line":167},"rt_get_plugin_info",false,"get_plugin_info",true,60,[],[],[],{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":26,"externalRequests":140,"nonceChecks":140,"capabilityChecks":70,"bundledLibraries":213},[],{"prepared":26,"raw":26,"locations":174},[],{"escaped":129,"rawEcho":176,"locations":177},17,[178,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211],{"file":149,"line":179,"context":180},107,"raw output",{"file":149,"line":182,"context":180},111,{"file":149,"line":184,"context":180},114,{"file":149,"line":186,"context":180},124,{"file":149,"line":188,"context":180},126,{"file":149,"line":190,"context":180},133,{"file":149,"line":192,"context":180},134,{"file":149,"line":194,"context":180},135,{"file":149,"line":196,"context":180},136,{"file":149,"line":198,"context":180},137,{"file":149,"line":200,"context":180},138,{"file":149,"line":202,"context":180},139,{"file":149,"line":204,"context":180},140,{"file":149,"line":206,"context":180},141,{"file":149,"line":208,"context":180},152,{"file":149,"line":210,"context":180},155,{"file":149,"line":212,"context":180},269,[],[215],{"entryPoint":216,"graph":217,"unsanitizedCount":140,"severity":243},"\u003Crt-plugin-report> (rt-plugin-report.php:0)",{"nodes":218,"edges":239},[219,224,230,233,237],{"id":220,"type":221,"label":222,"file":149,"line":223},"n0","source","$_POST",250,{"id":225,"type":226,"label":227,"file":149,"line":228,"wp_function":229},"n1","sink","wp_remote_get() [SSRF]",393,"wp_remote_get",{"id":231,"type":221,"label":222,"file":149,"line":232},"n2",363,{"id":234,"type":235,"label":236,"file":149,"line":232},"n3","transform","→ check_exists_in_svn()",{"id":238,"type":226,"label":227,"file":149,"line":228,"wp_function":229},"n4",[240,241,242],{"from":220,"to":225,"sanitized":166},{"from":231,"to":234,"sanitized":164},{"from":234,"to":238,"sanitized":164},"medium",{"summary":245,"deductions":246},"The plugin \"plugin-report\" v2.2.2 presents a generally good security posture with several positive indicators. Notably, it has a small attack surface, with all identified entry points having authentication checks. The code demonstrates strong practices by exclusively using prepared statements for its SQL queries and includes nonce and capability checks, suggesting an awareness of common WordPress security vulnerabilities. The absence of known CVEs and past vulnerabilities further contributes to a positive outlook.\n\nHowever, there are areas for improvement that introduce some risk. The taint analysis reveals a flow with an unsanitized path, which is a significant concern, even though it was not classified as critical or high severity. This could potentially lead to unexpected behavior or vulnerabilities if an attacker can control the input to this flow. Additionally, a concerning 35% of output escaping is noted as not properly escaped. This indicates a potential for Cross-Site Scripting (XSS) vulnerabilities, especially if sensitive data is being outputted without adequate sanitization.\n\nIn conclusion, while \"plugin-report\" v2.2.2 exhibits strengths in its handling of SQL, authentication, and its clean vulnerability history, the presence of an unsanitized path in taint analysis and the significant percentage of unescaped output warrant caution. Addressing these specific issues will further strengthen the plugin's security.",[247,249],{"reason":248,"points":68},"Flow with unsanitized path",{"reason":250,"points":50},"Low percentage of properly escaped output","2026-03-16T18:44:29.595Z",{"wat":253,"direct":268},{"assetPaths":254,"generatorPatterns":256,"scriptPaths":257,"versionParams":262},[255],"\u002Fwp-content\u002Fplugins\u002Fplugin-report\u002Fcss\u002Fplugin-report.css",[],[258,259,260,261],"\u002Fwp-content\u002Fplugins\u002Fplugin-report\u002Fjs\u002Ftablesort.min.js","\u002Fwp-content\u002Fplugins\u002Fplugin-report\u002Fjs\u002Ftablesort.number.min.js","\u002Fwp-content\u002Fplugins\u002Fplugin-report\u002Fjs\u002Ftablesort.dotsep.min.js","\u002Fwp-content\u002Fplugins\u002Fplugin-report\u002Fjs\u002Fplugin-report.js",[263,264,265,266,267],"plugin-report\u002Fstyle.css?ver=","plugin-report\u002Fjs\u002Ftablesort.min.js?ver=","plugin-report\u002Fjs\u002Ftablesort.number.min.js?ver=","plugin-report\u002Fjs\u002Ftablesort.dotsep.min.js?ver=","plugin-report\u002Fjs\u002Fplugin-report.js?ver=",{"cssClasses":269,"htmlComments":275,"htmlAttributes":276,"restEndpoints":280,"jsGlobals":281,"shortcodeOutput":283},[270,271,272,273,274],"pr-risk-low","pr-risk-medium","pr-risk-high","plugin-report-row-temp-","no-sort",[],[277,278,279],"data-sort-default","data-sort-method","data-plugin-slug",[],[282],"plugin_report_vars",[]]