[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fySBndvgpvHU0qna9U0gS2mPWyK5pHP8nmNCU7J9rUzM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":144,"fingerprints":530},"posts-to-do-list","Posts To-Do List","1.4.4","Stefano","https:\u002F\u002Fprofiles.wordpress.org\u002Fste_95\u002F","\u003Cp>Most people who run a multi-author blog need to tell their writers what post they should write. And so administrators send emails with a URL of the post source, the keyword for the post, any notes accompanying that. And sometimes a user notices a post that is worth writing and he wants to tell the other writers, so they have to email the administrator who will tell the other users and everyone will kill themselves in the end. The Posts To-Do List plugin allows you to get rid of that rigmarole.\u003C\u002Fp>\n\u003Cp>By a convenient box in the posts editing page, \u003Cstrong>everyone will be able to share the posts they think are worth writing. You have this little box, where you put the URL of the page where you read that great post, and the plugin will fetch the title by itself. You will then be able to change the retrieved title, suggest a keyword and add other notes, set a priority and assign the post to some user of the blog.\u003C\u002Fstrong> And if you want to leave everything blank but the title field, leaving a suggestion that anyone can catch and deepen… well, you can!\u003C\u002Fp>\n\u003Cp>No more emails to tell “You do this and that, use this keyword and don’t forget that…”. Everything can be down inside WordPress. Not only by the administrator, but by any logged in user.\u003C\u002Fp>\n\u003Cp>You, as the administrator, want everything in the power of your hand? No problem, you can \u003Cstrong>decide what user roles can add new posts to the to-do list and what user roles can delete already added items.\u003C\u002Fstrong> You want your users to stick to the post you assigned to them? You can hide the posts you have assigned to other users from their view. From a \u003Cstrong>simple stats page\u003C\u002Fstrong> it will be immediately clear how many posts you have already assigned and how many of them are still to do, so that it will be easy to understand how much your writers have done and how many posts you have still to assign. Almost every action is powered by AJAX, so that no page reloads are needed and you do not even notice it is happening, it just works.\u003C\u002Fp>\n","Share post ideas with writers, suggest them writing topics and keep track of the posts ideas with a to-do list.",60,10971,94,7,"2025-12-06T05:07:00.000Z","6.9.4","3.0","",[20,21,22,23],"multi-author","post-management","posts","to-do-list","https:\u002F\u002Fwww.thecrowned.org\u002Fwordpress-plugin-posts-to-do-list","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fposts-to-do-list.1.4.5.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"ste_95",6,3090,98,1578,78,"2026-04-04T13:56:25.058Z",[40,61,81,99,122],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":26,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":18,"download_link":60,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"delete-posts-by-url","Delete Posts By URL","2.2.1","betterranking","https:\u002F\u002Fprofiles.wordpress.org\u002Fbetterranking\u002F","\u003Cp>Delete Posts By URL is a powerful WordPress plugin that allows you to bulk delete posts using various methods. Whether you have a list of URLs or want to filter posts by specific criteria, this plugin provides a clean and efficient way to manage your content.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Delete posts by pasting URLs (absolute or relative)\u003C\u002Fli>\n\u003Cli>Filter and delete posts by:\n\u003Cul>\n\u003Cli>Date range\u003C\u002Fli>\n\u003Cli>Author\u003C\u002Fli>\n\u003Cli>Categories\u003C\u002Fli>\n\u003Cli>Post status (draft, published, private)\u003C\u002Fli>\n\u003Cli>Custom meta fields\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Import\u002FExport capabilities:\n\u003Cul>\n\u003Cli>Import URLs from CSV\u002FTXT files\u003C\u002Fli>\n\u003Cli>Export list of deleted posts (for record keeping)\u003C\u002Fli>\n\u003Cli>Export URLs before deletion (backup)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Advanced deletion options:\n\u003Cul>\n\u003Cli>Delete associated media files\u003C\u002Fli>\n\u003Cli>Delete associated comments\u003C\u002Fli>\n\u003Cli>Delete related post meta\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Clean and intuitive tabbed interface\u003C\u002Fli>\n\u003Cli>Secure processing with proper nonce verification\u003C\u002Fli>\n\u003Cli>Option to move posts to trash instead of permanent deletion\u003C\u002Fli>\n\u003C\u002Ful>\n","Advanced bulk deletion of WordPress posts with multiple filtering options and powerful features for content management.",80,866,1,"2025-06-26T09:48:00.000Z","6.8.5","5.0","7.2",[56,57,58,21,59],"batch-delete","bulk-delete","delete-posts","url-delete","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdelete-posts-by-url.2.2.1.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":48,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":18,"tags":75,"homepage":78,"download_link":79,"security_score":80,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"auto-schedule-posts","Auto-Schedule Posts","3.6","David Miller","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavidjmillerorg\u002F","\u003Cp>Auto-Schedule posts catches posts as they are published and holding them until the previously set criteria are met for the proper publication time.\u003C\u002Fp>\n\u003Cp>You can set publication between certain hours, limit publication to certain days, and specify a minimum time period between posts.\u003C\u002Fp>\n","Auto-Schedule Posts allows users to separate their writing schedule from their publishing schedule - write when you want and have posts publish at the …",50,20368,2,"2013-02-07T01:31:00.000Z","3.3.2","2.3",[76,20,22,77],"auto-schedule","scheduling","http:\u002F\u002Fplugins.davidjmiller.org\u002Fauto-schedule-posts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-schedule-posts.zip",85,{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":89,"downloaded":90,"rating":27,"num_ratings":27,"last_updated":91,"tested_up_to":16,"requires_at_least":53,"requires_php":92,"tags":93,"homepage":18,"download_link":98,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"auto-post-publisher","Auto Post Publisher","1.8","ExertLogics","https:\u002F\u002Fprofiles.wordpress.org\u002Fexertlogics\u002F","\u003Cp>Auto Post Publisher ensures that your scheduled posts are published even if they miss their scheduled time. It’s especially useful for websites with high traffic or busy schedules where posts might get delayed. The plugin works seamlessly with all post types and provides an easy-to-use settings interface for better control.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks for missed scheduled posts  \u003C\u002Fli>\n\u003Cli>Works with custom post types  \u003C\u002Fli>\n\u003Cli>Simple settings interface  \u003C\u002Fli>\n\u003Cli>Select which post types to monitor  \u003C\u002Fli>\n\u003Cli>No configuration needed – works out of the box\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatically publishes scheduled posts that may have missed their scheduled time.",20,669,"2026-01-01T11:18:00.000Z","8.2",[94,95,21,96,97],"auto-publish","automatic","scheduled-posts","scheduler","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fauto-post-publisher.1.8.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":52,"requires_at_least":112,"requires_php":18,"tags":113,"homepage":118,"download_link":119,"security_score":35,"vuln_count":120,"unpatched_count":27,"last_vuln_date":121,"fetched_at":29},"duplicate-page","Duplicate Page","4.5.6","mndpsingh287","https:\u002F\u002Fprofiles.wordpress.org\u002Fmndpsingh287\u002F","\u003Cp>Duplicate Posts, Pages and Custom Posts easily using single click. You can duplicate your pages, posts and custom post by just one click and it will save as your selected options (draft, private, public, pending).\u003C\u002Fp>\n\u003Ch4>Key Features in Duplicate Page Pro Editions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>User Roles:\u003C\u002Fstrong> Allow User Roles To access Duplicate Page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Types:\u003C\u002Fstrong> Filter to show Duplicate Page link in post types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clone Link Location:\u003C\u002Fstrong> Option where to show clone link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status:\u003C\u002Fstrong> Option to select Duplicate Posts Status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection:\u003C\u002Fstrong> Option to Redirect after click on clone link..\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clone Link Title:\u003C\u002Fstrong> Option to change Duplicate Post Link Title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Prefix:\u003C\u002Fstrong> Option to add Post Prefix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Suffix:\u003C\u002Fstrong> Option to add Post Suffix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editor\u003C\u002Fstrong>: And Many More Filters and Features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fpro\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Buy Pro Version\u003C\u002Fa>\u003C\u002Fstrong> with various features & support.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fcontact\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>\u003C\u002Fstrong> for Support Only Pro Version Users.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fpro\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Upgrade to Pro Version\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFj8BHxvebXs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Col>\n\u003Cli>First Activate Plugin.\u003C\u002Fli>\n\u003Cli>Go Select to Duplicate Page settings Menu from Settings Tab and savings settings. \u003C\u002Fli>\n\u003Cli>Then Create New Post\u002FPage or Use old.\u003C\u002Fli>\n\u003Cli>After click on duplicate this link, then duplicate post\u002F page will be created and saved as draft,publish,pending,private depending upon settings.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Minimum requirements for Duplicate Page\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.3+\u003C\u002Fli>\n\u003Cli>PHP 5.x\u003C\u002Fli>\n\u003Cli>MySQL 5.x\u003C\u002Fli>\n\u003C\u002Ful>\n","Duplicate Posts, Pages and Custom Posts easily using single click",3000000,35845792,96,442,"2025-10-16T11:26:00.000Z","3.4",[114,100,115,116,117],"duplicate-custom-posts","duplicate-post","page-duplicate","post-duplicate","https:\u002F\u002Fduplicatepro.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplicate-page.zip",3,"2021-08-28 00:00:00",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":16,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":142,"download_link":143,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"post-types-order","Post Types Order","2.4.6","nsp-code","https:\u002F\u002Fprofiles.wordpress.org\u002Fnsp-code\u002F","\u003Cp>\u003Cstrong>Over 12 MILLIONS DOWNLOADS and near PERFECT rating out of 200 REVIEWS\u003C\u002Fstrong>. \u003Cbr \u002F>\nEasily Sort Posts and Custom Post Types with Drag-and-Drop\u003C\u002Fp>\n\u003Cp>Take full control of your post order with a powerful plugin that lets you effortlessly reorder posts and custom post types using a simple drag-and-drop interface.\u003C\u002Fp>\n\u003Cp>Customize the order directly from the default WordPress post archive list or use the dedicated Re-Order interface, which displays all available items for easy management. Whether you’re working with default posts or custom post types, organizing your content has never been easier.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cp>This plugin was designed to be user-friendly, ensuring that anyone can easily use its sorting feature, regardless of their WordPress experience:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Install the plugin via the “Install Plugins” interface or by uploading the post-types-order folder to the \u002Fwp-content\u002Fplugins\u002F directory.\u003C\u002Fli>\n\u003Cli>Activate the Post Types Order plugin.\u003C\u002Fli>\n\u003Cli>A new settings page will be added under Settings > Post Types Order. Visit this page and save the options for the first time.\u003C\u002Fli>\n\u003Cli>With the \u003Cstrong>AutoSort\u003C\u002Fstrong> option enabled, no code changes are needed, the plugin will automatically apply the customized post order.\u003C\u002Fli>\n\u003Cli>Use the Re-Order interface, available for every non-hierarchical custom post type, to change the post order as needed.\u003C\u002Fli>\n\u003Cli>For sorting posts via code, include ‘orderby’ => ‘menu_order’ within the custom query arguments. For more details, visit this guide \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\u002Fsample-code-on-how-to-apply-the-sort-for-post-types-order-plugin\u002F\" rel=\"nofollow ugc\">Sample Usage\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Example of Usage\u003C\u002Fh4>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002F6-so4UH-n6M?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>As you can see, reordering posts is as simple as dragging and dropping, with the changes instantly reflected on the front end.\u003C\u002Fp>\n\u003Cp>If the post order doesn’t update on your site, it could be due to one of two reasons: either there was a mistake during setup, or your theme\u002Fplugin is using a custom query that doesn’t follow WordPress Codex standards. But don’t worry—we’re here to help! You can report the issue in the forum, where many users are happy to assist, or you can contact us directly.\u003C\u002Fp>\n\u003Cp>If you encounter any problems with the plugin, feel free to reach out via the forum or contact us directly through our \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\" rel=\"nofollow ugc\">support page\u003C\u002Fa>, and we’ll take a look.\u003C\u002Fp>\n\u003Ch4>Need advanced features ?\u003C\u002Fh4>\n\u003Cp>For advanced features and functionality, check out the extended version of this plugin at \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\u002Fpremium-plugins\u002Fwordpress-plugins\u002Fadvanced-post-types-order\u002F\" rel=\"nofollow ugc\">Advanced Post Types Order\u003C\u002Fa>\u003Cbr \u002F>\n * Hierarchically post types order\u003Cbr \u002F>\n * Manual Drag & Drop \u002F Automatic Sorting\u003Cbr \u002F>\n * Specify exact area where to apply through conditionals\u003Cbr \u002F>\n * Advanced query interface filtering and complex sorts including multiple post types and taxonomies\u003Cbr \u002F>\n * Posts Order by Custom Taxonomies\u003Cbr \u002F>\n * Enhanced Interface, List \u002F Grid View\u003Cbr \u002F>\n * Allow Interface Filters (Categories, Dates, Search etc)\u003Cbr \u002F>\n * Post Types Thumbnails\u003Cbr \u002F>\n * Advanced query usage\u003Cbr \u002F>\n * MultiSite Network Support, WPML, Polylang, WooCommerce, WP E-Commerce, Platform Pro, Genesis etc\u003Cbr \u002F>\n * WPML 100% compatibility with sort synchronization across languages\u003Cbr \u002F>\n * Mobile Touch Drag & Drop Ready\u003Cbr \u002F>\n * Sort interfaces through admin and front end\u003Cbr \u002F>\n * Pagination for sort lists\u003Cbr \u002F>\n * Free Updates\u003Cbr \u002F>\n * Free Support\u003C\u002Fp>\n\u003Cp>This plugin is developed by \u003Ca href=\"https:\u002F\u002Fwww.nsp-code.com\" rel=\"nofollow ugc\">Nsp-Code\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Localization\u003C\u002Fh3>\n\u003Cp>Would you like to contribute a translation in your language? Please check at https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fpost-types-order\u003C\u002Fp>\n\u003Cp>There isn’t any Editors for your native language on plugin Contributors? You can help to moderate! https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fpost-types-order\u002Fcontributors\u003C\u002Fp>\n","Sort posts and custom post type objects using a drag-and-drop, sortable JavaScript AJAX interface, or through the default WordPress dashboard",600000,16094255,90,296,"2026-03-13T09:43:00.000Z","2.8","5.6",[138,139,123,140,141],"post-order","post-sort","posts-order","posts-sort","http:\u002F\u002Fwww.nsp-code.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpost-types-order.2.4.6.zip",{"attackSurface":145,"codeSignals":235,"taintFlows":406,"riskAssessment":516,"analyzedAt":529},{"hooks":146,"ajaxHandlers":197,"restRoutes":231,"shortcodes":232,"cronEvents":233,"entryPointCount":234,"unprotectedCount":234},[147,153,158,162,166,170,174,178,182,186,190,193],{"type":148,"name":149,"callback":150,"file":151,"line":152},"action","admin_menu","posts_to_do_list_menus","posts-to-do-list.php",65,{"type":148,"name":154,"callback":155,"priority":156,"file":151,"line":157},"wpmu_new_blog","posts_to_do_list_new_blog_install",10,71,{"type":148,"name":159,"callback":160,"file":151,"line":161},"add_meta_boxes","posts_to_do_list_post_page_metabox",74,{"type":148,"name":163,"callback":164,"file":151,"line":165},"load-settings_page_posts_to_do_list_options","posts_to_do_list_options_page_metaboxes",75,{"type":148,"name":167,"callback":168,"file":151,"line":169},"load-dashboard_page_posts_to_do_list","posts_to_do_list_dashboard_page_metaboxes",76,{"type":148,"name":171,"callback":172,"file":151,"line":173},"wp_dashboard_setup","posts_to_do_list_dasboard_widget",77,{"type":175,"name":176,"callback":177,"priority":156,"file":151,"line":48},"filter","plugin_action_links","posts_to_do_list_settings_meta_link",{"type":175,"name":179,"callback":180,"priority":156,"file":151,"line":181},"plugin_row_meta","posts_to_do_list_donate_meta_link",81,{"type":148,"name":183,"callback":184,"file":151,"line":185},"admin_head-settings_page_posts_to_do_list_options","posts_to_do_list_head",84,{"type":148,"name":187,"callback":188,"file":151,"line":189},"widgets_init","closure",87,{"type":148,"name":191,"callback":188,"file":151,"line":192},"init",91,{"type":148,"name":194,"callback":195,"file":151,"line":196},"plugins_loaded","ptdl_load_localization",867,[198,201,204,207,210,213,216,219,222,225,229],{"action":199,"nopriv":200,"callback":199,"hasNonce":200,"hasCapCheck":200,"file":151,"line":35},"posts_to_do_list_ajax_retrieve_title",false,{"action":202,"nopriv":200,"callback":202,"hasNonce":200,"hasCapCheck":200,"file":151,"line":203},"posts_to_do_list_ajax_get_users_by_role",99,{"action":205,"nopriv":200,"callback":206,"hasNonce":200,"hasCapCheck":200,"file":151,"line":26},"posts_to_do_list_ajax_new_item_submit","posts_to_do_list_ajax_new_item_add",{"action":208,"nopriv":200,"callback":208,"hasNonce":200,"hasCapCheck":200,"file":151,"line":209},"posts_to_do_list_ajax_print_item_after_adding",101,{"action":211,"nopriv":200,"callback":211,"hasNonce":200,"hasCapCheck":200,"file":151,"line":212},"posts_to_do_list_ajax_mark_as_done",102,{"action":214,"nopriv":200,"callback":214,"hasNonce":200,"hasCapCheck":200,"file":151,"line":215},"posts_to_do_list_ajax_get_page",103,{"action":217,"nopriv":200,"callback":217,"hasNonce":200,"hasCapCheck":200,"file":151,"line":218},"posts_to_do_list_ajax_delete_item",104,{"action":220,"nopriv":200,"callback":220,"hasNonce":200,"hasCapCheck":200,"file":151,"line":221},"posts_to_do_list_ajax_i_ll_take_it",105,{"action":223,"nopriv":200,"callback":223,"hasNonce":200,"hasCapCheck":200,"file":151,"line":224},"posts_to_do_list_ajax_i_dont_want_it_anymore",106,{"action":226,"nopriv":227,"callback":226,"hasNonce":200,"hasCapCheck":200,"file":151,"line":228},"posts_to_do_list_ajax_save_user_note",true,107,{"action":226,"nopriv":200,"callback":226,"hasNonce":200,"hasCapCheck":200,"file":151,"line":230},108,[],[],[],11,{"dangerousFunctions":236,"sqlUsage":245,"outputEscaping":301,"fileOperations":27,"externalRequests":50,"nonceChecks":246,"capabilityChecks":50,"bundledLibraries":405},[237,242],{"fn":238,"file":239,"line":240,"context":241},"unserialize","posts-to-do-list-print-functions.php",97,"$item_done_details  = @unserialize( $single->item_done );",{"fn":238,"file":151,"line":243,"context":244},781,"$item_done = @unserialize( $single->item_done );",{"prepared":246,"raw":247,"locations":248},13,23,[249,253,256,258,260,262,266,269,271,273,275,277,279,281,283,285,287,289,291,293,295,297,299],{"file":250,"line":251,"context":252},"posts-to-do-list-ajax-functions.php",92,"$wpdb->query() with variable interpolation",{"file":250,"line":254,"context":255},121,"$wpdb->get_var() with variable interpolation",{"file":250,"line":257,"context":255},126,{"file":250,"line":259,"context":252},131,{"file":250,"line":261,"context":252},143,{"file":263,"line":264,"context":265},"posts-to-do-list-install-functions.php",15,"$wpdb->get_col() with variable interpolation",{"file":239,"line":267,"context":268},40,"$wpdb->get_results() with variable interpolation",{"file":151,"line":270,"context":252},41,{"file":151,"line":272,"context":252},114,{"file":151,"line":274,"context":252},117,{"file":151,"line":276,"context":252},120,{"file":151,"line":278,"context":252},125,{"file":151,"line":280,"context":268},327,{"file":151,"line":282,"context":268},330,{"file":151,"line":284,"context":255},331,{"file":151,"line":286,"context":268},738,{"file":151,"line":288,"context":268},740,{"file":151,"line":290,"context":268},765,{"file":151,"line":292,"context":268},766,{"file":151,"line":294,"context":268},767,{"file":296,"line":246,"context":252},"uninstall.php",{"file":296,"line":298,"context":252},14,{"file":296,"line":300,"context":265},24,{"escaped":302,"rawEcho":303,"locations":304},18,55,[305,308,310,311,313,315,317,319,320,321,322,323,324,326,327,329,330,331,333,335,337,338,340,342,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,401,403],{"file":250,"line":306,"context":307},68,"raw output",{"file":309,"line":247,"context":307},"posts-to-do-list-options-functions.php",{"file":309,"line":247,"context":307},{"file":309,"line":312,"context":307},27,{"file":309,"line":314,"context":307},29,{"file":239,"line":316,"context":307},31,{"file":239,"line":318,"context":307},42,{"file":239,"line":157,"context":307},{"file":239,"line":276,"context":307},{"file":239,"line":276,"context":307},{"file":239,"line":276,"context":307},{"file":239,"line":276,"context":307},{"file":239,"line":325,"context":307},123,{"file":239,"line":325,"context":307},{"file":239,"line":328,"context":307},124,{"file":239,"line":278,"context":307},{"file":239,"line":257,"context":307},{"file":239,"line":332,"context":307},127,{"file":239,"line":334,"context":307},130,{"file":239,"line":336,"context":307},134,{"file":239,"line":336,"context":307},{"file":239,"line":339,"context":307},140,{"file":239,"line":341,"context":307},146,{"file":239,"line":343,"context":307},155,{"file":239,"line":345,"context":307},161,{"file":239,"line":347,"context":307},165,{"file":239,"line":349,"context":307},177,{"file":239,"line":351,"context":307},196,{"file":239,"line":353,"context":307},212,{"file":355,"line":247,"context":307},"posts-to-do-list-widget.php",{"file":355,"line":357,"context":307},26,{"file":355,"line":359,"context":307},33,{"file":151,"line":361,"context":307},401,{"file":151,"line":363,"context":307},413,{"file":151,"line":365,"context":307},460,{"file":151,"line":367,"context":307},503,{"file":151,"line":369,"context":307},506,{"file":151,"line":371,"context":307},513,{"file":151,"line":373,"context":307},524,{"file":151,"line":375,"context":307},535,{"file":151,"line":377,"context":307},541,{"file":151,"line":379,"context":307},562,{"file":151,"line":381,"context":307},570,{"file":151,"line":383,"context":307},575,{"file":151,"line":385,"context":307},583,{"file":151,"line":387,"context":307},588,{"file":151,"line":389,"context":307},596,{"file":151,"line":391,"context":307},645,{"file":151,"line":393,"context":307},646,{"file":151,"line":395,"context":307},659,{"file":151,"line":397,"context":307},660,{"file":151,"line":399,"context":307},676,{"file":151,"line":399,"context":307},{"file":151,"line":402,"context":307},681,{"file":151,"line":404,"context":307},729,[],[407,424,436,447,462,470,480,502],{"entryPoint":408,"graph":409,"unsanitizedCount":120,"severity":423},"posts_to_do_list_metabox_stats (posts-to-do-list.php:611)",{"nodes":410,"edges":421},[411,416],{"id":412,"type":413,"label":414,"file":151,"line":415},"n0","source","$_POST (x3)",616,{"id":417,"type":418,"label":419,"file":151,"line":399,"wp_function":420},"n1","sink","echo() [XSS]","echo",[422],{"from":412,"to":417,"sanitized":200},"medium",{"entryPoint":425,"graph":426,"unsanitizedCount":27,"severity":435},"posts_to_do_list_ajax_retrieve_title (posts-to-do-list-ajax-functions.php:6)",{"nodes":427,"edges":433},[428,430],{"id":412,"type":413,"label":429,"file":250,"line":156},"$_REQUEST['new_item_url']",{"id":417,"type":418,"label":431,"file":250,"line":156,"wp_function":432},"wp_remote_request() [SSRF]","wp_remote_request",[434],{"from":412,"to":417,"sanitized":227},"low",{"entryPoint":437,"graph":438,"unsanitizedCount":27,"severity":435},"posts_to_do_list_ajax_mark_as_done (posts-to-do-list-ajax-functions.php:73)",{"nodes":439,"edges":445},[440,442],{"id":412,"type":413,"label":441,"file":250,"line":251},"$_REQUEST['item_id']",{"id":417,"type":418,"label":443,"file":250,"line":251,"wp_function":444},"query() [SQLi]","query",[446],{"from":412,"to":417,"sanitized":227},{"entryPoint":448,"graph":449,"unsanitizedCount":27,"severity":435},"posts_to_do_list_ajax_i_ll_take_it (posts-to-do-list-ajax-functions.php:110)",{"nodes":450,"edges":459},[451,452,455,457],{"id":412,"type":413,"label":441,"file":250,"line":257},{"id":417,"type":418,"label":453,"file":250,"line":257,"wp_function":454},"get_var() [SQLi]","get_var",{"id":456,"type":413,"label":441,"file":250,"line":259},"n2",{"id":458,"type":418,"label":443,"file":250,"line":259,"wp_function":444},"n3",[460,461],{"from":412,"to":417,"sanitized":227},{"from":456,"to":458,"sanitized":227},{"entryPoint":463,"graph":464,"unsanitizedCount":27,"severity":435},"posts_to_do_list_ajax_i_dont_want_it_anymore (posts-to-do-list-ajax-functions.php:136)",{"nodes":465,"edges":468},[466,467],{"id":412,"type":413,"label":441,"file":250,"line":261},{"id":417,"type":418,"label":443,"file":250,"line":261,"wp_function":444},[469],{"from":412,"to":417,"sanitized":227},{"entryPoint":471,"graph":472,"unsanitizedCount":27,"severity":435},"posts_to_do_list_ajax_save_user_note (posts-to-do-list-ajax-functions.php:176)",{"nodes":473,"edges":478},[474,477],{"id":412,"type":413,"label":475,"file":250,"line":476},"$_REQUEST['note']",182,{"id":417,"type":418,"label":443,"file":250,"line":476,"wp_function":444},[479],{"from":412,"to":417,"sanitized":227},{"entryPoint":481,"graph":482,"unsanitizedCount":27,"severity":435},"\u003Cposts-to-do-list-ajax-functions> (posts-to-do-list-ajax-functions.php:0)",{"nodes":483,"edges":497},[484,485,486,488,489,491,493,495],{"id":412,"type":413,"label":429,"file":250,"line":156},{"id":417,"type":418,"label":431,"file":250,"line":156,"wp_function":432},{"id":456,"type":413,"label":487,"file":250,"line":251},"$_REQUEST['item_id'] (x3)",{"id":458,"type":418,"label":443,"file":250,"line":251,"wp_function":444},{"id":490,"type":413,"label":441,"file":250,"line":257},"n4",{"id":492,"type":418,"label":453,"file":250,"line":257,"wp_function":454},"n5",{"id":494,"type":413,"label":475,"file":250,"line":476},"n6",{"id":496,"type":418,"label":443,"file":250,"line":476,"wp_function":444},"n7",[498,499,500,501],{"from":412,"to":417,"sanitized":227},{"from":456,"to":458,"sanitized":227},{"from":490,"to":492,"sanitized":227},{"from":494,"to":496,"sanitized":227},{"entryPoint":503,"graph":504,"unsanitizedCount":27,"severity":435},"\u003Cposts-to-do-list> (posts-to-do-list.php:0)",{"nodes":505,"edges":513},[506,507,508,510],{"id":412,"type":413,"label":414,"file":151,"line":415},{"id":417,"type":418,"label":419,"file":151,"line":399,"wp_function":420},{"id":456,"type":413,"label":509,"file":151,"line":415},"$_POST (x4)",{"id":458,"type":418,"label":511,"file":151,"line":286,"wp_function":512},"get_results() [SQLi]","get_results",[514,515],{"from":412,"to":417,"sanitized":227},{"from":456,"to":458,"sanitized":227},{"summary":517,"deductions":518},"The \"posts-to-do-list\" plugin version 1.4.4 presents a significant security risk due to a large, unprotected attack surface.  All 11 identified AJAX entry points lack authentication checks, making them prime targets for unauthorized actions. The presence of the `unserialize` function, while not explicitly shown to be exploited in taint analysis, is a known dangerous function that can lead to remote code execution if used with untrusted input.  Furthermore, only 25% of output is properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. The absence of any recorded vulnerabilities in its history is positive, but this could be due to a lack of sophisticated testing or obscurity, rather than inherent security.  The plugin demonstrates a concerning disregard for basic WordPress security practices, particularly concerning AJAX endpoints and output sanitization. While it does utilize prepared statements for a majority of its SQL queries, this is overshadowed by the critical lack of authorization on its primary interaction points.",[519,521,523,526],{"reason":520,"points":156},"11 unprotected AJAX handlers",{"reason":522,"points":14},"Dangerous function: unserialize",{"reason":524,"points":525},"Only 25% of outputs properly escaped",8,{"reason":527,"points":528},"Only 1 capability check on 11 entry points",5,"2026-03-16T21:47:12.510Z",{"wat":531,"direct":538},{"assetPaths":532,"generatorPatterns":534,"scriptPaths":535,"versionParams":536},[533],"\u002Fwp-content\u002Fplugins\u002Fposts-to-do-list\u002Fstyle\u002Fimages\u002Fajax-loader.gif",[],[],[537],"posts-to-do-list\u002Fstyle\u002Fimages\u002Fajax-loader.gif?ver=",{"cssClasses":539,"htmlComments":541,"htmlAttributes":542,"restEndpoints":544,"jsGlobals":545,"shortcodeOutput":546},[540],"ptdl_widget_title",[],[543],"data-widget-id",[],[],[]]