[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faG3cArEnetS3BEUHCeyB_iW_n5Xl-9He3v2nOpO02gI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":32,"analysis":33,"fingerprints":262},"readme-generator","Readme Generator","1.0.2","paulstuttard","https:\u002F\u002Fprofiles.wordpress.org\u002Fpaulstuttard\u002F","\u003Cp>This plugin enables plugin authors to write their plugin readme content inside a page (or set of pages) or post on their site and then at the click of a button generate the associated valid readme.txt file automatically.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Simple HTML to Markdown conversion\u003C\u002Fli>\n\u003Cli>Helper widget on Post\u002FPage edit screen to set plugin specific options and Generate the readme\u003C\u002Fli>\n\u003Cli>Global options to set the default values and configure the plugin’s behaviour\u003C\u002Fli>\n\u003Cli>Facility to insert a ‘starter’ template into the current post\u003C\u002Fli>\n\u003Cli>Basic i18n verification and .pot file generation\u003C\u002Fli>\n\u003Cli>Handles single page based readme or page with children\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Latest Version – 1.0.2\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add support for Generation of contextual Help Data Files\u003C\u002Fli>\n\u003Cli>Minor Bug Fixes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Future Updates\u003C\u002Fh3>\n\u003Cp>Some improvements that I hope to make to the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Take content from ‘Visual’ Post\u002FPage edit\u003C\u002Fli>\n\u003Cli>Add popup widget when post displayed showing Header details, and links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Options\u003C\u002Fh3>\n\u003Cp>The plugin has a number of options some are saved locally with individual posts\u002Fpages and some are global and are used to modify the behaviour of the plugin.\u003C\u002Fp>\n\u003Ch4>Plugin Name\u003C\u002Fh4>\n\u003Cp>Sets the name of the Plugin for which the readme.txt file is to be generated. This options is saved for each plugin page\u002Fpost.\u003C\u002Fp>\n\u003Ch4>Contributors\u003C\u002Fh4>\n\u003Cp>This sets the list of contributors for the plugin. This option is saved for each plugin page\u002Fpost, and the default for this value can be set in the global options.\u003C\u002Fp>\n\u003Ch4>Donate Link\u003C\u002Fh4>\n\u003Cp>This sets the donate link for the plugin. This option is saved for each plugin page\u002Fpost, and the default for this value can be set in the global options.\u003C\u002Fp>\n\u003Ch4>Tags\u003C\u002Fh4>\n\u003Cp>This sets the list of tags for the plugin. This option is saved for each plugin page\u002Fpost, and the default for this value can be set in the global options.\u003C\u002Fp>\n\u003Ch4>Required Version\u003C\u002Fh4>\n\u003Cp>This sets the minimum required version of WordPress that the plugin will work with. This option is saved for each plugin page\u002Fpost, and the default for this value can be set in the global options.\u003C\u002Fp>\n\u003Ch4>Tested Version\u003C\u002Fh4>\n\u003Cp>This sets the highest version of WordPress that the plugin has been tested against. This option is saved for each plugin page\u002Fpost, and the default for this value can be set in the global options.\u003C\u002Fp>\n\u003Ch4>Stable Version\u003C\u002Fh4>\n\u003Cp>This sets the stable version of the plugin that should be downloaded by users. This option is saved for each plugin page\u002Fpost.\u003C\u002Fp>\n\u003Ch4>Readme Location\u003C\u002Fh4>\n\u003Cp>The plugin subdirectory where the ‘readme.txt’ should be written, usually set to the plugin directory. This is relative to the WordPress plugin directory ‘wp-content\u002Fplugins’.\u003C\u002Fp>\n\u003Ch4>Ignore Sections\u003C\u002Fh4>\n\u003Cp>If there are any sections or sub-sections that are in the post that should not be present in the readme.txt, then enter their names here as a comma separated list.\u003C\u002Fp>\n\u003Ch4>Heading Type\u003C\u002Fh4>\n\u003Cp>This global setting, defines what html element the plugin will use to define the plugin top level headings & sections.\u003C\u002Fp>\n\u003Ch4>Sub-Heading Type\u003C\u002Fh4>\n\u003Cp>This global setting, defines what html element the plugin will use to define the plugin sub-headings & sections.\u003C\u002Fp>\n\u003Ch4>Plugin Category\u003C\u002Fh4>\n\u003Cp>If all your plugin posts are of a specific category, then put the category’s slug or ID’s in this setting so that the Readme Generator is enabled by default for these posts.\u003C\u002Fp>\n\u003Ch4>Parent Page\u003C\u002Fh4>\n\u003Cp>If all your plugin posts are children of a specific post\u002Fpage, then put the post’s slug or ID’s in this setting so that the Readme Generator is enabled by default for these posts.\u003C\u002Fp>\n\u003Ch4>Readme Filename\u003C\u002Fh4>\n\u003Cp>The name of the file that the Readme Generator will create, by default this is ‘readme.txt’, if you want to keep your existing readme.txt set this to something else.\u003C\u002Fp>\n\u003Ch4>Parse Sub-Pages\u003C\u002Fh4>\n\u003Cp>If this option is selected then it will also append any pages that are children of the current page to the readme.txt file.\u003C\u002Fp>\n\u003Ch4>Generate POT\u003C\u002Fh4>\n\u003Cp>The plugin can generate a .pot file, however this is quiet primitive, enable this option to generate the POT file. This option is saved for each plugin page\u002Fpost, and the default for this value can be set in the global options.\u003C\u002Fp>\n\u003Ch4>POT Filename\u003C\u002Fh4>\n\u003Cp>The name of the .pot file that the Readme Generator will create, by default this is ‘i18n\u002F%SLUG%.pot’. The location is relative to the directory of the ‘readme.txt’, and the phrase %SLUG% will be replaced with the Plugin Name (e.g. plugin-name).\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>The plugin comes with translation support but as yet no translations are included. Please refer to the WordPress Codex for more information about activating the translation. If you want to help to translate the plugin to your language, please have a look at the i18n\u002Freadme-gen.pot file which contains all definitions and may be used to create a language specific .po file. If you do create a translation please contact me and I will add it to the plugin ready for the next update.\u003C\u002Fp>\n","A simple plugin to convert a HTML post or page content into a plugin readme.txt file.",10,1716,0,"2013-09-12T13:00:00.000Z","3.6.1","3.1","",[19],"readme-txt-plugin-markdown","http:\u002F\u002Fwww.houseindorset.co.uk\u002Fplugins\u002Freadme-generator","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Freadme-generator.1.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":22,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},2,20,30,84,"2026-04-05T17:37:10.929Z",[],{"attackSurface":34,"codeSignals":83,"taintFlows":221,"riskAssessment":247,"analyzedAt":261},{"hooks":35,"ajaxHandlers":73,"restRoutes":79,"shortcodes":80,"cronEvents":81,"entryPointCount":82,"unprotectedCount":82},[36,42,47,51,55,59,62,66,69],{"type":37,"name":38,"callback":39,"file":40,"line":41},"action","admin_init","init","readme-generator.php",60,{"type":43,"name":44,"callback":45,"priority":11,"file":40,"line":46},"filter","plugin_row_meta","register_plugin_links",61,{"type":37,"name":48,"callback":49,"file":40,"line":50},"admin_menu","setup_options",62,{"type":37,"name":52,"callback":53,"file":40,"line":54},"save_post","save_form",63,{"type":37,"name":56,"callback":57,"file":40,"line":58},"admin_print_scripts-post.php","form_scripts",109,{"type":37,"name":60,"callback":57,"file":40,"line":61},"admin_print_scripts-post-new.php",110,{"type":37,"name":63,"callback":64,"file":40,"line":65},"admin_print_styles-post-new.php","form_styles",111,{"type":37,"name":67,"callback":64,"file":40,"line":68},"admin_print_styles-post.php",112,{"type":43,"name":70,"callback":71,"priority":11,"file":40,"line":72},"screen_layout_columns","admin_columns",120,[74],{"action":75,"nopriv":76,"callback":77,"hasNonce":76,"hasCapCheck":76,"file":40,"line":78},"readme_gen_generate",false,"generate_readme",93,[],[],[],1,{"dangerousFunctions":84,"sqlUsage":90,"outputEscaping":92,"fileOperations":218,"externalRequests":13,"nonceChecks":27,"capabilityChecks":219,"bundledLibraries":220},[85],{"fn":86,"file":87,"line":88,"context":89},"preg_replace(\u002Fe)","include\\generate-readme.php",102,"preg_replace('\u002F\u003C *em.*>(.*)\u003C *\\\u002Fe",{"prepared":13,"raw":13,"locations":91},[],{"escaped":13,"rawEcho":93,"locations":94},74,[95,99,100,102,104,105,107,108,109,110,112,113,115,116,118,119,121,123,125,126,127,129,130,131,133,135,137,138,140,142,144,146,148,149,150,152,154,155,157,158,159,160,161,163,165,167,169,171,172,174,176,177,178,179,180,181,182,184,185,186,188,190,193,195,198,200,201,203,205,207,209,212,214,216],{"file":96,"line":97,"context":98},"include\\display-form.php",44,"raw output",{"file":96,"line":97,"context":98},{"file":96,"line":101,"context":98},66,{"file":96,"line":103,"context":98},67,{"file":96,"line":103,"context":98},{"file":96,"line":106,"context":98},69,{"file":96,"line":106,"context":98},{"file":96,"line":106,"context":98},{"file":96,"line":106,"context":98},{"file":96,"line":111,"context":98},71,{"file":96,"line":22,"context":98},{"file":96,"line":114,"context":98},86,{"file":96,"line":114,"context":98},{"file":96,"line":117,"context":98},89,{"file":96,"line":117,"context":98},{"file":96,"line":120,"context":98},98,{"file":96,"line":122,"context":98},104,{"file":96,"line":124,"context":98},119,{"file":96,"line":72,"context":98},{"file":96,"line":72,"context":98},{"file":96,"line":128,"context":98},123,{"file":96,"line":128,"context":98},{"file":96,"line":128,"context":98},{"file":96,"line":132,"context":98},126,{"file":96,"line":134,"context":98},139,{"file":96,"line":136,"context":98},140,{"file":96,"line":136,"context":98},{"file":96,"line":139,"context":98},154,{"file":96,"line":141,"context":98},162,{"file":96,"line":143,"context":98},177,{"file":96,"line":145,"context":98},179,{"file":96,"line":147,"context":98},191,{"file":96,"line":147,"context":98},{"file":96,"line":147,"context":98},{"file":96,"line":151,"context":98},205,{"file":96,"line":153,"context":98},206,{"file":96,"line":153,"context":98},{"file":96,"line":156,"context":98},209,{"file":96,"line":156,"context":98},{"file":96,"line":156,"context":98},{"file":96,"line":156,"context":98},{"file":96,"line":156,"context":98},{"file":96,"line":162,"context":98},212,{"file":96,"line":164,"context":98},248,{"file":96,"line":166,"context":98},250,{"file":96,"line":168,"context":98},251,{"file":96,"line":170,"context":98},266,{"file":96,"line":170,"context":98},{"file":96,"line":173,"context":98},267,{"file":96,"line":175,"context":98},301,{"file":96,"line":175,"context":98},{"file":96,"line":175,"context":98},{"file":96,"line":175,"context":98},{"file":96,"line":175,"context":98},{"file":96,"line":175,"context":98},{"file":96,"line":175,"context":98},{"file":96,"line":183,"context":98},309,{"file":96,"line":183,"context":98},{"file":96,"line":183,"context":98},{"file":96,"line":187,"context":98},311,{"file":189,"line":11,"context":98},"include\\generate-help.php",{"file":191,"line":192,"context":98},"include\\generate-pot.php",35,{"file":87,"line":194,"context":98},12,{"file":196,"line":197,"context":98},"include\\show-info.php",5,{"file":196,"line":199,"context":98},7,{"file":196,"line":11,"context":98},{"file":196,"line":202,"context":98},14,{"file":196,"line":204,"context":98},18,{"file":196,"line":206,"context":98},22,{"file":196,"line":208,"context":98},41,{"file":210,"line":211,"context":98},"include\\show-options.php",54,{"file":40,"line":213,"context":98},337,{"file":40,"line":215,"context":98},359,{"file":40,"line":217,"context":98},416,6,3,[],[222,238],{"entryPoint":223,"graph":224,"unsanitizedCount":82,"severity":237},"display_form (include\\display-form.php:39)",{"nodes":225,"edges":235},[226,230],{"id":227,"type":228,"label":229,"file":96,"line":97},"n0","source","$_SERVER['REQUEST_URI']",{"id":231,"type":232,"label":233,"file":96,"line":97,"wp_function":234},"n1","sink","echo() [XSS]","echo",[236],{"from":227,"to":231,"sanitized":76},"medium",{"entryPoint":239,"graph":240,"unsanitizedCount":82,"severity":246},"\u003Cdisplay-form> (include\\display-form.php:0)",{"nodes":241,"edges":244},[242,243],{"id":227,"type":228,"label":229,"file":96,"line":97},{"id":231,"type":232,"label":233,"file":96,"line":97,"wp_function":234},[245],{"from":227,"to":231,"sanitized":76},"low",{"summary":248,"deductions":249},"The \"readme-generator\" v1.0.2 plugin exhibits a mixed security posture. While it demonstrates strengths in its use of prepared statements for SQL queries and a clean vulnerability history with no known CVEs, significant concerns arise from its attack surface and output handling. The presence of an unprotected AJAX handler presents a direct pathway for potential abuse if not properly secured by the application itself.  The code also utilizes a dangerous function, `preg_replace(\u002Fe)`, which can be exploited for code injection under certain circumstances. Furthermore, the complete lack of output escaping for all identified output points is a critical weakness, opening the door to Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, while showing no critical or high severity flows, indicates two flows with unsanitized paths, which could potentially lead to issues if combined with other weaknesses.  The plugin's history of zero vulnerabilities is a positive indicator, suggesting diligent development practices in the past. However, the current static analysis reveals significant weaknesses that, if exploited, could be severe. The absence of proper output escaping is particularly alarming and represents a major security risk that needs immediate attention, even in the absence of past reported vulnerabilities.",[250,253,255,258],{"reason":251,"points":252},"Unprotected AJAX handler",8,{"reason":254,"points":199},"Dangerous function: preg_replace(\u002Fe)",{"reason":256,"points":257},"All output improperly escaped",15,{"reason":259,"points":260},"Flows with unsanitized paths detected",4,"2026-03-17T01:35:54.396Z",{"wat":263,"direct":272},{"assetPaths":264,"generatorPatterns":267,"scriptPaths":268,"versionParams":269},[265,266],"\u002Fwp-content\u002Fplugins\u002Freadme-generator\u002Freadme-gen.js","\u002Fwp-content\u002Fplugins\u002Freadme-generator\u002Freadme-gen.css",[],[265],[270,271],"readme-generator\u002Freadme-gen.css?ver=","readme-generator\u002Freadme-gen.js?ver=",{"cssClasses":273,"htmlComments":275,"htmlAttributes":277,"restEndpoints":311,"jsGlobals":312,"shortcodeOutput":314},[274],"readme-gen-ajax-feedback",[276],"\u003C!-- Widget to display the form -->",[278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310],"data-rg-post-id","data-rg-post-type","data-rg-post-title","data-rg-post-content","data-rg-post-excerpt","data-rg-post-modified","data-rg-post-author","data-rg-post-slug","data-rg-post-status","data-rg-post-name","data-rg-post-parent","data-rg-post-comment-status","data-rg-post-ping-status","data-rg-post-revisions","data-rg-post-menu-order","data-rg-post-guid","data-rg-post-type-object","data-rg-post-post_type","data-rg-post-post_status","data-rg-post-comment_status","data-rg-post-ping_status","data-rg-post-menu_order","data-rg-post-post_name","data-rg-post-post_parent","data-rg-post-to_ping","data-rg-post-pinged","data-rg-post-ping_url","data-rg-post-ping_slug","data-rg-post-ping_id","data-rg-post-ping_type","data-rg-post-ping_data","data-rg-post-ping_result","data-rg-post-plugin-active",[],[313],"readme_gen",[]]