[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f4ovAH-OyOrY7W7DCagX5d1OF3dQrQ1dMdYhi81CTZnw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":131,"fingerprints":546},"quickstart","QuickStart","1.13.0","Doug Wollison","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougwollison\u002F","\u003Cp>\u003Cstrong>This plugin is no longer being developed.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin is no longer being developed.",10,4310,0,"2024-10-18T16:58:00.000Z","0.0.0","",[18,19,20,21,22],"development","framework","function","utilities","utility","https:\u002F\u002Fgithub.com\u002Fdougwollison\u002Fquickstart","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fquickstart.zip",92,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"dougwollison",7,1170,90,30,87,"2026-04-04T04:14:10.276Z",[38,59,80,95,113],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":13,"num_ratings":13,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wowholic-core","Wowholic CORE","1.1.3","Wowholic","https:\u002F\u002Fprofiles.wordpress.org\u002Fwowholic\u002F","\u003Ch3>CORE: WordPress utilities\u003C\u002Fh3>\n\u003Cp>CORE is a utility-based, unintrusive WordPress plugin. It offers a simple UI to tweak many sensible default settings to quickstart your new fresh WordPress project. It’s recommended for developers building custom themes with ACF.\u003C\u002Fp>\n\u003Cp>CORE builds on top of Wowholic’s +5 years of experience developing fully custom WordPress sites, for all sorts of customers and industries. We made this plugin to be more efficient and productive in our own work, and we hope it helps you too!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean up unnecessary WordPress’ defaults:\n\u003Cul>\n\u003Cli>Remove comments widget styles\u003C\u002Fli>\n\u003Cli>Remove WP version from RSS feed\u003C\u002Fli>\n\u003Cli>Remove Gutenberg block library CSS (only if Classic Editor plugin is active)\u003C\u002Fli>\n\u003Cli>Remove RSD link\u003C\u002Fli>\n\u003Cli>Remove post, category and comment feed links\u003C\u002Fli>\n\u003Cli>Remove Windows Live Writer link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003Cli>Remove shortlink\u003C\u002Fli>\n\u003Cli>Remove relational adjacent links\u003C\u002Fli>\n\u003Cli>Remove emoji detection script and styles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Disable Theme & Plugin Editors, Widgets Admin Page, Default Post Type and Comments\u003C\u002Fli>\n\u003Cli>Set up some default redirections (archives, attachment pages…)\u003C\u002Fli>\n\u003Cli>Set up a visual grid on different breakpoints for debugging layout styles\u003C\u002Fli>\n\u003Cli>Enable layout spacing utility for debugging distances between elements (using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fstevenlei\u002Fspacingjs\" rel=\"nofollow ugc\">spacingjs\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Add custom format options to TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow removing unnecessary buttons from TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable Theme Options \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Add label next to Flexible Content Layout name \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow shortcodes in excerpts, textareas and text fields \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable pretty Search URL\u003C\u002Fli>\n\u003Cli>Enable \u003Ccode>[email]\u003C\u002Fcode> shortcode for antispam\u003C\u002Fli>\n\u003Cli>Change WordPress’ upload size limit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these features are contextual, which means that they won’t show or work unless some condition is met (usually, if a given plugin is active or not).\u003C\u002Fp>\n\u003Ch3>Community Feedback\u003C\u002Fh3>\n\u003Cp>Although already providing many features, this plugin is still in its early stages of development. Please reach out to us for any constructive feedback you might have!\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you want to read contributing guidelines, you can find them at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>\u003C\u002Fp>\n","CORE makes you faster and more efficient when developing custom WordPress sites.",40,2316,"2025-12-04T09:20:00.000Z","6.9.4","5.6","7.0",[53,18,54,55,22],"custom-themes","efficiency","productivity","https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwowholic-core.1.1.3.zip",100,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":13,"num_ratings":13,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":50,"tags":71,"homepage":77,"download_link":78,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"beans-visual-hook-guide","Beans Visual Hook Guide","1.1.0","Jeff Cleverley","https:\u002F\u002Fprofiles.wordpress.org\u002Fdeftly\u002F","\u003Cp>A Plugin tool to aid theme development with the innovative, flexible, and incredibly powerful \u003Ca href=\"https:\u002F\u002Fwww.getbeans.io\u002F\" rel=\"nofollow ugc\">Beans\u003C\u002Fa> Framework.\u003C\u002Fp>\n\u003Cp>When enabled alongside Beans Development Mode, this plugin displays all possible Markup Action Hooks made available by the Beans HTML API.\u003C\u002Fp>\n\u003Cp>Beans is a dream to develop with, as all markup and attributes added using Beans are registered using a unique Markup ID which can be exposed by enabling the Beans Development Mode in settings.\u003C\u002Fp>\n\u003Cp>Once Development Mode is enabled, the Markup IDs are output in a data-markup-id tag in the front-end. The values of which can be used by the various \u003Ca href=\"https:\u002F\u002Fwww.getbeans.io\u002Fcode-reference\u002Fapi\u002F\" rel=\"nofollow ugc\">Beans APIs\u003C\u002Fa> to rapidly develop beautiful themes.\u003C\u002Fp>\n\u003Cp>Any markup added using Beans adds several \u003Ca href=\"https:\u002F\u002Fwww.getbeans.io\u002Fdocumentation\u002Fmarkup-and-attributes\u002F\" rel=\"nofollow ugc\">dynamic action hooks\u003C\u002Fa> both before and after it:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>{$markup_id}_before_markup, fires before the opening markup\n{$markup_id}_prepend_markup, fires after the opening markup\n{$markup_id}_append_markup, fires before the closing markup\n{$markup_id}_after_markup, fires after the closing markup.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>( _prepend_markup and _append_markup are not available for self-closed markup )\u003C\u002Fp>\n\u003Cp>In short, this means pretty much anything can be added anywhere on any page by adding actions to the available hooks.\u003C\u002Fp>\n\u003Cp>This plugin is intended as a companion tool to the Beans Development Mode and your Browser inspector. It displays all of the available hooks that have been created dynamically by the Beans HTML API, making it easy for Beans Themes Developers to visualise the appropriate hook to use.\u003C\u002Fp>\n\u003Cp>The Beans logo and Beans name are being used with kind permission from the amazing people behind the Beans Framework.\u003C\u002Fp>\n","A useful companion tool for theme development with the Beans Framework. Displays all possible Markup Action Hooks made available by the Beans HTML AP &hellip;",2256,"2018-07-20T13:38:00.000Z","4.9.29","4.6",[72,73,74,75,76],"beans","beans-framework","beans-html-api","development-tool","hooks","https:\u002F\u002Fgithub.com\u002FJeffCleverley\u002FBeans-Visual-Hook-Guide","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbeans-visual-hook-guide.zip",85,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":11,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":50,"tags":92,"homepage":93,"download_link":94,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"sp-framework","SP Framework","2.0.3","Alex Kuimov","https:\u002F\u002Fprofiles.wordpress.org\u002Fspoot1986\u002F","\u003Cp>Special Pack Framework – Feature set for fast website development\u003C\u002Fp>\n","Special Pack Framework - Feature set for fast website development",1121,"2020-11-24T12:50:00.000Z","5.4.19","5.0",[18,19],"https:\u002F\u002Fsp-framework.ru","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsp-framework.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":11,"downloaded":103,"rating":58,"num_ratings":104,"last_updated":105,"tested_up_to":106,"requires_at_least":107,"requires_php":16,"tags":108,"homepage":111,"download_link":112,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"sunrise","Sunrise","2.0.0","Vova","https:\u002F\u002Fprofiles.wordpress.org\u002Fgn_themes\u002F","\u003Cp>Sunrise is an opensource and OOP-based WordPress plugin framework. It was designed to speed up plugin deployment, together with sufficient functionality. This great framework allows you to create powerful options pages with just a few lines of code.\u003C\u002Fp>\n\u003Ch4>Features out of the box\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Powerful options, e.g. ajax upload fields, color pickers, checkbox groups and much more\u003C\u002Fli>\n\u003Cli>Translation support\u003C\u002Fli>\n\u003Cli>OOP-based and easily extensible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Useful links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgndev\u002Fsunrise\u002Fwiki\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fgndev\u002Fsunrise\u002F\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsunrise\u002F\" rel=\"ugc\">Support forum\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Ftwitter.com\u002Fgndevinfo\" rel=\"nofollow ugc\">My Twitter\u003C\u002Fa> and \u003Ca href=\"http:\u002F\u002Fgndev.info\u002F\" rel=\"nofollow ugc\">homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Plugin framework, that was designed to speed up plugin deployment and development",3592,1,"2013-08-08T11:45:00.000Z","4.0.38","3.3",[109,110,18,19],"admin","developer","http:\u002F\u002Fexample.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsunrise.2.0.0.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":11,"downloaded":121,"rating":13,"num_ratings":13,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":16,"tags":125,"homepage":129,"download_link":130,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"tina-mvc","Author: Francis Crossen (fcrossen)","1.0.13","Francis Crossen","https:\u002F\u002Fprofiles.wordpress.org\u002Ffcrossen\u002F","\u003Cp>Tina MVC provides you with base classes and helper classes and functions on which you build your WordPress applications.\u003C\u002Fp>\n\u003Cp>It uses a lose model view controller pattern to abstract design and logic and make life easier for you and your HTML designer.\u003C\u002Fp>\n\u003Ch3>Features:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Completely separate your code from WordPress themes. Your users can change their theme and still retain your application functionality.\u003C\u002Fli>\n\u003Cli>A helper class for generating and processing HTML forms.\u003C\u002Fli>\n\u003Cli>A helper class for generating paginated tables from SQL (for when custom posts are not appropriate).\u003C\u002Fli>\n\u003Cli>A helper class for generating HTML tables from your data.\u003C\u002Fli>\n\u003Cli>Separation of your code from core Tina MVC files for easy upgrades.\u003C\u002Fli>\n\u003Cli>Compact and non-intrusive. Currently 3 filters plus 1 action hook for widgets and 1 shortcode hook are used for basic usage.\u003C\u002Fli>\n\u003Cli>A function to allow you to call a Tina MVC controller from your theme file (breaks the MC) or from another controller.\u003C\u002Fli>\n\u003Cli>Flexible enough for quick procedural prototyping – don’t like MVC? No problem!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Tutorials, Documentation and Code Samples\u003C\u002Fh3>\n\u003Cp>All Tina MVC documentation is included with the plugin. After activating the plugin you can access it from the WordPress admin back end. (Look for the Tina MVC administration page.)\u003Cbr \u002F>\nSource code is liberally commented for PhpDocumentor.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This version is GPL v2 licensed. If you are interested in alternative licensing models, or in commercial support, please contact the author at http:\u002F\u002Fwww.seeit.org\u002Fabout-us\u002F.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Support for this version is available at https:\u002F\u002Fwordpress.org\u002Ftags\u002Ftina-mvc?forum_id=10 or by leaving a comment at http:\u002F\u002Fwww.seeit.org\u002Ftina-mvc-for-wordpress\u002F.\u003C\u002Fp>\n\u003Ch3>Known Issue(s)\u003C\u002Fh3>\n\u003Cp>Tina MVC support for permalinks based on post name is experimental. Currently it generates a PHP warning from a core WordPress file.\u003C\u002Fp>\n","Tina MVC is a Wordpress framework that allows you to develop plugins, shortcodes and and widgets.",9013,"2013-11-22T16:41:00.000Z","3.5.2","3.5",[18,19,126,127,128],"mvc","shortcode","widget","http:\u002F\u002Fseeit.org\u002Ftina-mvc-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftina-mvc.zip",{"attackSurface":132,"codeSignals":306,"taintFlows":425,"riskAssessment":535,"analyzedAt":545},{"hooks":133,"ajaxHandlers":297,"restRoutes":303,"shortcodes":304,"cronEvents":305,"entryPointCount":104,"unprotectedCount":104},[134,140,145,150,154,159,163,168,171,174,178,181,185,190,194,197,199,202,205,207,209,211,214,216,218,220,226,229,234,239,242,247,249,253,257,261,266,269,273,278,282,285,288,292],{"type":135,"name":136,"callback":137,"priority":13,"file":138,"line":139},"action","plugins_loaded","qs_constants","inc\\constants.php",56,{"type":135,"name":141,"callback":142,"file":143,"line":144},"admin_menu","qs_helper_hide_comments_adminmenu","inc\\helpers\\hide\\comments.php",15,{"type":135,"name":146,"callback":147,"priority":148,"file":143,"line":149},"admin_bar_menu","qs_helper_hide_comments_adminbar",300,22,{"type":135,"name":151,"callback":152,"file":143,"line":153},"wp_dashboard_setup","qs_helper_hide_comments_dashboard",28,{"type":155,"name":156,"callback":157,"file":143,"line":158},"filter","favorite_actions","qs_helper_hide_comments_favorite",35,{"type":135,"name":160,"callback":161,"file":143,"line":162},"widgets_init","qs_helper_hide_comments_widget",41,{"type":155,"name":164,"callback":165,"priority":166,"file":143,"line":167},"comments_open","__return_false",999,44,{"type":155,"name":169,"callback":165,"priority":166,"file":143,"line":170},"pings_open",45,{"type":155,"name":172,"callback":165,"file":143,"line":173},"xmlrpc_enabled",48,{"type":155,"name":175,"callback":176,"priority":166,"file":143,"line":177},"pre_option_default_comment_status","qs_helper_hide_comments_status",54,{"type":155,"name":179,"callback":176,"priority":166,"file":143,"line":180},"pre_option_default_ping_status",55,{"type":135,"name":182,"callback":183,"file":143,"line":184},"init","qs_helper_hide_comments_support",64,{"type":155,"name":186,"callback":187,"priority":11,"file":188,"line":189},"map_meta_cap","qs_helper_hide_customizer_cap","inc\\helpers\\hide\\customizer.php",17,{"type":135,"name":141,"callback":191,"file":192,"line":193},"qs_helper_hide_links_adminmenu","inc\\helpers\\hide\\links.php",14,{"type":135,"name":146,"callback":195,"priority":148,"file":192,"line":196},"qs_helper_hide_links_adminbar",21,{"type":155,"name":156,"callback":198,"file":192,"line":153},"qs_helper_hide_links_favorite",{"type":135,"name":160,"callback":200,"file":192,"line":201},"qs_helper_hide_links_widget",34,{"type":135,"name":141,"callback":203,"file":204,"line":193},"qs_helper_hide_pages_adminmenu","inc\\helpers\\hide\\pages.php",{"type":135,"name":146,"callback":206,"priority":148,"file":204,"line":196},"qs_helper_hide_pages_adminbar",{"type":155,"name":156,"callback":208,"file":204,"line":153},"qs_helper_hide_pages_favorite",{"type":135,"name":160,"callback":210,"file":204,"line":201},"qs_helper_hide_pages_widget",{"type":135,"name":141,"callback":212,"file":213,"line":193},"qs_helper_hide_posts_adminmenu","inc\\helpers\\hide\\posts.php",{"type":135,"name":146,"callback":215,"priority":148,"file":213,"line":196},"qs_helper_hide_posts_adminbar",{"type":155,"name":156,"callback":217,"file":213,"line":153},"qs_helper_hide_posts_favorite",{"type":135,"name":160,"callback":219,"file":213,"line":201},"qs_helper_hide_posts_widget",{"type":155,"name":221,"callback":222,"priority":223,"file":224,"line":225},"style_loader_src","qs_helper_hide_wphead_version",9999,"inc\\helpers\\hide\\wp_head.php",42,{"type":155,"name":227,"callback":222,"priority":223,"file":224,"line":228},"script_loader_src",43,{"type":135,"name":230,"callback":231,"file":232,"line":233},"admin_enqueue_scripts","qs_helper_mediamanager_enqueue","inc\\helpers\\media_manager.php",31,{"type":135,"name":235,"callback":236,"file":237,"line":238},"the_post","qs_helper_chunks_process","inc\\helpers\\post_chunks.php",69,{"type":135,"name":230,"callback":240,"file":241,"line":153},"qs_helper_sections_enqueue","inc\\helpers\\sections.php",{"type":135,"name":243,"callback":244,"file":245,"line":246},"after_setup_theme","qs_helper_termmeta_installtable","inc\\helpers\\term_meta.php",75,{"type":135,"name":136,"callback":244,"file":245,"line":248},78,{"type":155,"name":250,"callback":251,"priority":11,"file":245,"line":252},"terms_clauses","qs_helper_termmeta_clauses",145,{"type":135,"name":254,"callback":255,"file":245,"line":256},"create_term","qs_helper_termmeta_insertterm",157,{"type":135,"name":258,"callback":259,"file":245,"line":260},"delete_term","qs_helper_termmeta_deleteterm",173,{"type":135,"name":262,"callback":263,"file":264,"line":265},"admin_init","qs_helper_unpublish_process","inc\\helpers\\unpublish.php",23,{"type":135,"name":267,"callback":268,"file":264,"line":46},"post_submitbox_minor_actions","qs_helper_unpublish_action",{"type":135,"name":270,"callback":271,"file":264,"line":272},"admin_head","qs_helper_unpublish_styles",57,{"type":155,"name":274,"callback":275,"file":276,"line":277},"wp_nav_menu_args","qs_helper_walker_inline_wrap","inc\\helpers\\walkers.php",36,{"type":135,"name":279,"callback":280,"file":281,"line":46},"wp_enqueue_scripts","qs_helper_quickedit_enqueue","inc\\helpers\\wpedit.php",{"type":135,"name":146,"callback":283,"priority":166,"file":281,"line":284},"qs_helper_quickedit_togglebutton",137,{"type":135,"name":230,"callback":286,"file":287,"line":277},"qs_helpers_enqueue","inc\\hooks.php",{"type":135,"name":262,"callback":289,"file":290,"line":291},"anonymous","inc\\quickstart\\class-setup.php",2300,{"type":155,"name":293,"callback":294,"priority":166,"file":295,"line":296},"wp_title","title_filter","inc\\quickstart\\class-template.php",229,[298],{"action":299,"nopriv":300,"callback":301,"hasNonce":300,"hasCapCheck":300,"file":287,"line":302},"qs_helper_geocode",false,"qs_hook_ajax_geocode",63,[],[],[],{"dangerousFunctions":307,"sqlUsage":308,"outputEscaping":311,"fileOperations":422,"externalRequests":13,"nonceChecks":423,"capabilityChecks":31,"bundledLibraries":424},[],{"prepared":309,"raw":13,"locations":310},8,[],{"escaped":312,"rawEcho":313,"locations":314},16,53,[315,319,321,323,326,328,331,333,335,336,338,341,343,345,346,348,350,352,353,355,357,359,361,362,364,367,369,371,373,375,377,379,380,382,384,385,387,388,390,392,394,396,398,400,402,404,407,409,411,413,415,417,419],{"file":316,"line":317,"context":318},"inc\\helpers\\attachment.php",32,"raw output",{"file":316,"line":320,"context":318},72,{"file":237,"line":322,"context":318},116,{"file":324,"line":325,"context":318},"inc\\helpers\\post_field.php",50,{"file":327,"line":177,"context":318},"inc\\helpers\\post_meta.php",{"file":329,"line":330,"context":318},"inc\\helpers\\teaser.php",88,{"file":281,"line":332,"context":318},121,{"file":281,"line":334,"context":318},149,{"file":287,"line":139,"context":318},{"file":287,"line":337,"context":318},95,{"file":339,"line":340,"context":318},"inc\\quickstart\\class-callbacks.php",29,{"file":339,"line":342,"context":318},66,{"file":339,"line":344,"context":318},71,{"file":339,"line":320,"context":318},{"file":339,"line":347,"context":318},132,{"file":339,"line":349,"context":318},134,{"file":339,"line":351,"context":318},136,{"file":339,"line":351,"context":318},{"file":339,"line":354,"context":318},138,{"file":339,"line":356,"context":318},181,{"file":339,"line":358,"context":318},183,{"file":339,"line":360,"context":318},185,{"file":339,"line":360,"context":318},{"file":339,"line":363,"context":318},187,{"file":365,"line":366,"context":318},"inc\\quickstart\\class-form.php",658,{"file":290,"line":368,"context":318},1990,{"file":290,"line":370,"context":318},1993,{"file":290,"line":372,"context":318},2742,{"file":290,"line":374,"context":318},2856,{"file":295,"line":376,"context":318},127,{"file":295,"line":378,"context":318},128,{"file":295,"line":354,"context":318},{"file":295,"line":381,"context":318},139,{"file":295,"line":383,"context":318},144,{"file":295,"line":252,"context":318},{"file":295,"line":386,"context":318},148,{"file":295,"line":363,"context":318},{"file":295,"line":389,"context":318},235,{"file":295,"line":391,"context":318},303,{"file":295,"line":393,"context":318},317,{"file":295,"line":395,"context":318},354,{"file":295,"line":397,"context":318},371,{"file":295,"line":399,"context":318},381,{"file":295,"line":401,"context":318},470,{"file":295,"line":403,"context":318},474,{"file":405,"line":406,"context":318},"inc\\quickstart\\class-tools.php",487,{"file":405,"line":408,"context":318},510,{"file":405,"line":410,"context":318},515,{"file":405,"line":412,"context":318},1407,{"file":405,"line":414,"context":318},1408,{"file":405,"line":416,"context":318},1441,{"file":405,"line":418,"context":318},1442,{"file":420,"line":421,"context":318},"inc\\utilities.php",208,2,4,[],[426,442,451,464,488,503,518,527],{"entryPoint":427,"graph":428,"unsanitizedCount":104,"severity":441},"qs_hook_ajax_geocode (inc\\hooks.php:49)",{"nodes":429,"edges":439},[430,434],{"id":431,"type":432,"label":433,"file":287,"line":313},"n0","source","$_REQUEST",{"id":435,"type":436,"label":437,"file":287,"line":139,"wp_function":438},"n1","sink","echo() [XSS]","echo",[440],{"from":431,"to":435,"sanitized":300},"medium",{"entryPoint":443,"graph":444,"unsanitizedCount":104,"severity":450},"\u003Chooks> (inc\\hooks.php:0)",{"nodes":445,"edges":448},[446,447],{"id":431,"type":432,"label":433,"file":287,"line":313},{"id":435,"type":436,"label":437,"file":287,"line":139,"wp_function":438},[449],{"from":431,"to":435,"sanitized":300},"low",{"entryPoint":452,"graph":453,"unsanitizedCount":13,"severity":450},"_order_manager_save (inc\\quickstart\\class-setup.php:2379)",{"nodes":454,"edges":461},[455,458],{"id":431,"type":432,"label":456,"file":290,"line":457},"$_POST['_wp_http_referer']",2406,{"id":435,"type":436,"label":459,"file":290,"line":457,"wp_function":460},"header() [Header Injection]","header",[462],{"from":431,"to":435,"sanitized":463},true,{"entryPoint":465,"graph":466,"unsanitizedCount":13,"severity":450},"\u003Cclass-setup> (inc\\quickstart\\class-setup.php:0)",{"nodes":467,"edges":484},[468,471,475,478,480,482],{"id":431,"type":432,"label":469,"file":290,"line":470},"$_GET (x4)",1313,{"id":435,"type":436,"label":472,"file":290,"line":473,"wp_function":474},"call_user_func() [RCE]",1327,"call_user_func",{"id":476,"type":432,"label":477,"file":290,"line":470},"n2","$_GET (x2)",{"id":479,"type":436,"label":437,"file":290,"line":368,"wp_function":438},"n3",{"id":481,"type":432,"label":456,"file":290,"line":457},"n4",{"id":483,"type":436,"label":459,"file":290,"line":457,"wp_function":460},"n5",[485,486,487],{"from":431,"to":435,"sanitized":463},{"from":476,"to":479,"sanitized":463},{"from":481,"to":483,"sanitized":463},{"entryPoint":489,"graph":490,"unsanitizedCount":13,"severity":450},"\u003Cclass-tools> (inc\\quickstart\\class-tools.php:0)",{"nodes":491,"edges":500},[492,495,497,499],{"id":431,"type":432,"label":493,"file":405,"line":494},"$_SERVER",660,{"id":435,"type":436,"label":472,"file":405,"line":496,"wp_function":474},667,{"id":476,"type":432,"label":433,"file":405,"line":498},1253,{"id":479,"type":436,"label":437,"file":405,"line":418,"wp_function":438},[501,502],{"from":431,"to":435,"sanitized":463},{"from":476,"to":479,"sanitized":463},{"entryPoint":504,"graph":505,"unsanitizedCount":104,"severity":517},"_do_load_callback (inc\\class-smart-plugin.php:107)",{"nodes":506,"edges":515},[507,511],{"id":431,"type":432,"label":508,"file":509,"line":510},"$_args","inc\\class-smart-plugin.php",107,{"id":435,"type":436,"label":512,"file":509,"line":513,"wp_function":514},"call_user_func_array() [RCE]",131,"call_user_func_array",[516],{"from":431,"to":435,"sanitized":300},"high",{"entryPoint":519,"graph":520,"unsanitizedCount":104,"severity":517},"register_meta_box (inc\\quickstart\\class-setup.php:1242)",{"nodes":521,"edges":525},[522,524],{"id":431,"type":432,"label":523,"file":290,"line":470},"$_GET",{"id":435,"type":436,"label":472,"file":290,"line":473,"wp_function":474},[526],{"from":431,"to":435,"sanitized":300},{"entryPoint":528,"graph":529,"unsanitizedCount":104,"severity":517},"do_enqueues (inc\\quickstart\\class-tools.php:618)",{"nodes":530,"edges":533},[531,532],{"id":431,"type":432,"label":493,"file":405,"line":494},{"id":435,"type":436,"label":472,"file":405,"line":496,"wp_function":474},[534],{"from":431,"to":435,"sanitized":300},{"summary":536,"deductions":537},"The \"quickstart\" plugin v1.13.0 exhibits a mixed security posture. On one hand, the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and performing a reasonable number of capability checks. It also has a clean vulnerability history with no known CVEs, suggesting a generally stable development process. However, significant concerns arise from its attack surface and taint analysis. The presence of one unprotected AJAX handler is a critical entry point that could be exploited if malicious data is passed to it without proper validation or authorization. Furthermore, the taint analysis reveals three high-severity flows with unsanitized paths, indicating potential vulnerabilities where user-controlled data might not be properly handled before being used in sensitive operations. While the absence of unescaped output and dangerous functions is positive, the identified taint flows and the unprotected AJAX handler represent the most immediate risks.",[538,540,542],{"reason":539,"points":11},"Unprotected AJAX handler present",{"reason":541,"points":144},"3 High severity taint flows found",{"reason":543,"points":544},"23% output properly escaped",5,"2026-03-17T01:45:01.992Z",{"wat":547,"direct":554},{"assetPaths":548,"generatorPatterns":551,"scriptPaths":552,"versionParams":553},[549,550],"\u002Fwp-content\u002Fplugins\u002Fquickstart\u002Fcss\u002Fwpedit.css","\u002Fwp-content\u002Fplugins\u002Fquickstart\u002Fjs\u002Fwpedit.js",[],[550],[],{"cssClasses":555,"htmlComments":557,"htmlAttributes":558,"restEndpoints":569,"jsGlobals":576,"shortcodeOutput":578},[556],"wpedit-link",[],[559,560,561,562,563,564,565,566,567,568],"data-id","data-title","data-field","data-type","data-url","data-author","data-post-type","data-capability","data-post-id","data-page",[570,571,572,573,574,575],"\u002Fwp-json\u002Fquickstart\u002Fv1\u002Fsettings","\u002Fwp-json\u002Fquickstart\u002Fv1\u002Foptions","\u002Fwp-json\u002Fquickstart\u002Fv1\u002Fusers","\u002Fwp-json\u002Fquickstart\u002Fv1\u002Fposts","\u002Fwp-json\u002Fquickstart\u002Fv1\u002Fterms","\u002Fwp-json\u002Fquickstart\u002Fv1\u002Fcomments",[5,577],"qs",[579,580,581,582,583,584,585,586,587,588,589,590,591,592,593],"[qs_list_posts]","[qs_post_title]","[qs_post_content]","[qs_post_author]","[qs_post_date]","[qs_post_modified_date]","[qs_post_permalink]","[qs_post_type]","[qs_post_excerpt]","[qs_post_id]","[qs_comments]","[qs_comment_author]","[qs_comment_content]","[qs_comment_date]","[qs_comment_permalink]"]