[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJD-mGo7hLRXjSkKdBUYVe-wwN15pNGMz-8h1Z31slUI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":145,"fingerprints":270},"redactor","Redactor","3.1.48f","DCoda","https:\u002F\u002Fprofiles.wordpress.org\u002Fdcoda\u002F","\u003Cp>This plugin is only supported on PHP 5.2 or greater.\u003C\u002Fp>\n\u003Cp>\u003C!--description-->\u003Cbr \u002F>\nBlack out certain words that may appear in a post especially when quoting.\u003Cbr \u002F>\nAids you to keep the original content intact but maintain privacy or a family rating.\u003Cbr \u002F>\nAlso allows the ability to hide explicit content, or spoiler information, such as sports results\u003Cbr \u002F>\nand film endings but allow the user to choose if they wish to view it.\u003C\u002Fp>\n\u003Cp>Redactor gives you two forms of censorship:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. Hide and Reveal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By wrapping a phrase in either [censor][\u002Fcensor] or [spoiler][\u002Fspoiler] bbCode tags you will block out the phrase, but give the user the option to reveal the hidden phrase by moving over the phase with the mouse.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Automatic Predefined\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>On the \u003Ccode>Settings->Redactor\u003C\u002Fcode> admin page you can build a list of phrases you wish to censor. There are three types of possible censorship:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>1. Blackout\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This will remove the phrase from the post replacing it with black bars representing each word in the phrase.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>2. Censor \u002F Spoiler\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This will obscure the phrase with either the word \u003Ccode>Censor\u003C\u002Fcode> or \u003Ccode>Spoiler\u003C\u002Fcode> but it gives the reader the opportunity to reveal the censored phrase.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>3. Swap With\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The most subtle form of censorship depending on how you use it. The censored phrase will simply be swapped for your desired replacement.\u003C\u002Fp>\n\u003Cp>Redactor will match the phrases to be replaced to whole words and you will not have the problem of an accidental match inside a word, making nonsense of the post.\u003Cbr \u002F>\nAlso for added safety Redactor will ignore any HTML or BBCode tags in the post, replacing only their inner content and not messing around with their attributes.\u003Cbr \u002F>\nTo allow for the possibility that you may add phrases that overlap, you can prioritise the phases.\u003C\u002Fp>\n\u003Cp>As Redactor filters the content each time the post is requested, It is recommended that you consider installing a page caching plugin.\u003Cbr \u002F>\n\u003C!--description-->\u003C\u002Fp>\n\u003Cp>If you are having trouble and cannot find the answers in the \u003Ca href=\"http:\u002F\u002Fredactor.dcoda.co.uk\u002Fhelp\u002Ffaq\u002F\" rel=\"nofollow ugc\">FAQ\u003C\u002Fa> you can post your support questions to the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Ftags\u002Fredactor\" rel=\"ugc\">WordPress Support Forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you find Redactor useful please rate it at \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fredactor\u002F\" rel=\"ugc\">wordpress.org\u003C\u002Fa> and please consider making a \u003Ca href=\"http:\u002F\u002Fredactor.dcoda.co.uk\u002Fdonate\u002F\" rel=\"nofollow ugc\">donation\u003C\u002Fa> to help us set aside more hours to maintain Redactor\u003C\u002Fp>\n\u003Cp>Redactor is written by \u003Ca href='http:\u002F\u002Fdcoda.co.uk' rel=\"nofollow ugc\">dcoda\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can check out our other plugins \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fusers\u002Fdcoda\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If you require a custom plugin you can contact us \u003Ca href=\"http:\u002F\u002Fdcoda.co.uk\u002Fcontact\u002F\" rel=\"nofollow ugc\">here\u003C\u002Fa> and maybe we could write it for you.\u003C\u002Fp>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>(c) Copyright DCoda Limited, 2007 -, All Rights Reserved.\u003C\u002Fp>\n\u003Cp>This code is released under the GPL license version 2, available here:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl.txt\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl.txt\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>There are so many possibly configurations of installation the plugin can be installed on we limit testing to a PHP 5.2+ Linux platform running the latest version of WordPress at the time of release but it is released WITHOUT ANY WARRANTY;\u003Cbr \u002F>\n without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003C\u002Fp>\n","Versatile Censor Tool",10,7089,0,"2012-06-04T14:29:00.000Z","3.3.2","3.0.0","",[19,20,21,22,23],"film-ending","post","redact","secret","sports","http:\u002F\u002Fredactor.dcoda.co.uk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fredactor.3.1.48f.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"dcoda",4,40,30,84,"2026-04-05T00:50:12.509Z",[38,56,74,97,121],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":11,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":17,"tags":50,"homepage":54,"download_link":55,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"secret-posts","Secret Posts","1.0","Scott Grant","https:\u002F\u002Fprofiles.wordpress.org\u002Fsgrant\u002F","\u003Cp>Adds a meta box to the post editing page with two options: number of views remaining, and the date to automatically expire access.\u003C\u002Fp>\n","Mark WordPress posts as private after a specified number of page views or time.",1367,"2015-07-21T17:57:00.000Z","4.2.39","4.0",[51,52,53,39],"hide","posts","private","http:\u002F\u002Fscootah.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecret-posts.1.0.zip",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":17,"tags":68,"homepage":72,"download_link":73,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wpkeyme","WPKeyMe","0.2.1","Aubrey Portwood","https:\u002F\u002Fprofiles.wordpress.org\u002Faubreypwd\u002F","\u003Cp>This plugin allows you to require a secret key that is passed via the URL: http:\u002F\u002Fexample.com\u002Fpost-title\u002F?key=[string]\u003Cbr \u002F>\nSpecify the key in a custom value called “key” with the [string] or use the built in widget.\u003C\u002Fp>\n\u003Cp>Stable version of the plugin are pushed to the WordPress repository,\u003Cbr \u002F>\nbut the latest version of the plugin can be found at:\u003Cbr \u002F>\nhttps:\u002F\u002Fbitbucket.org\u002Fexcion\u002Fwpkeyme\u002F\u003C\u002Fp>\n\u003Cp>Issues\u002FBugs: https:\u002F\u002Fbitbucket.org\u002Fexcion\u002Fwpkeyme\u002Fissues\u003C\u002Fp>\n","This plugin allows you to require a secret key that is passed via the URL: http:\u002F\u002Fexample.com\u002Fpost-title\u002F?key=[string]",3021,"2013-04-15T21:55:00.000Z","3.5.2","3.0.1",[69,20,22,70,71],"key","string","token","https:\u002F\u002Fbitbucket.org\u002Fexcion\u002Fwpkeyme\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpkeyme.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":82,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":89,"tags":90,"homepage":93,"download_link":94,"security_score":95,"vuln_count":32,"unpatched_count":13,"last_vuln_date":96,"fetched_at":28},"duplicate-post","Yoast Duplicate Post","4.6","Yoast","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoast\u002F","\u003Cp>This plugin allows users to clone posts of any type, or copy them to new drafts for further editing.\u003C\u002Fp>\n\u003Cp>How it works:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>In ‘Edit Posts’\u002F’Edit Pages’, you can click on ‘Clone’ link below the post\u002Fpage title: this will immediately create a copy and return to the list.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In ‘Edit Posts’\u002F’Edit Pages’, you can select one or more items, then choose ‘Clone’ in the ‘Bulk Actions’ dropdown to copy them all at once.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In ‘Edit Posts’\u002F’Edit Pages’, you can click on ‘New Draft’ link below the post\u002Fpage title.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>On the post edit screen, you can click on ‘Copy to a new draft’ above “Cancel”\u002F”Move to trash” or in the admin bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>While viewing a post as a logged in user, you can click on ‘Copy to a new draft’ in the admin bar.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>3, 4 and 5 will lead to the edit page for the new draft: change what you want, click on ‘Publish’ and you’re done.\u003C\u002Fp>\n\u003Cp>There is also a \u003Cstrong>template tag\u003C\u002Fstrong>, so you can put it in your templates and clone your posts\u002Fpages from the front-end. Clicking on the link will lead you to the edit page for the new draft, just like the admin bar link.\u003C\u002Fp>\n\u003Cp>Duplicate Post has many useful settings to customize its behavior and restrict its use to certain roles or post types. Check out the extensive documentation on \u003Ca href=\"https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002Fduplicate-post\u002F\" rel=\"nofollow ugc\">yoast.com\u003C\u002Fa> and our \u003Ca href=\"https:\u002F\u002Fdeveloper.yoast.com\u002Fduplicate-post\u002Foverview\u002F\" rel=\"nofollow ugc\">developer docs\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you find this useful and if you want to contribute, there are two ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Submit your bug reports, suggestions and requests for features on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYoast\u002Fduplicate-post\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>;\u003C\u002Fli>\n\u003Cli>If you want to translate it to your language (there are just a few lines of text), you can use the \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fduplicate-post\" rel=\"nofollow ugc\">translation project\u003C\u002Fa>;\u003C\u002Fli>\n\u003C\u002Fol>\n","The go-to tool for cloning posts and pages, including the powerful Rewrite & Republish feature.",4000000,38342593,94,525,"2026-03-09T10:34:00.000Z","6.9.4","6.8","7.4",[91,92,75],"clone","copy","https:\u002F\u002Fyoast.com\u002Fwordpress\u002Fplugins\u002Fduplicate-post\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplicate-post.4.6.zip",90,"2026-03-17 20:54:49",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":105,"downloaded":106,"rating":107,"num_ratings":108,"last_updated":109,"tested_up_to":110,"requires_at_least":111,"requires_php":17,"tags":112,"homepage":116,"download_link":117,"security_score":118,"vuln_count":119,"unpatched_count":13,"last_vuln_date":120,"fetched_at":28},"duplicate-page","Duplicate Page","4.5.6","mndpsingh287","https:\u002F\u002Fprofiles.wordpress.org\u002Fmndpsingh287\u002F","\u003Cp>Duplicate Posts, Pages and Custom Posts easily using single click. You can duplicate your pages, posts and custom post by just one click and it will save as your selected options (draft, private, public, pending).\u003C\u002Fp>\n\u003Ch4>Key Features in Duplicate Page Pro Editions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>User Roles:\u003C\u002Fstrong> Allow User Roles To access Duplicate Page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Types:\u003C\u002Fstrong> Filter to show Duplicate Page link in post types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clone Link Location:\u003C\u002Fstrong> Option where to show clone link.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Status:\u003C\u002Fstrong> Option to select Duplicate Posts Status.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Redirection:\u003C\u002Fstrong> Option to Redirect after click on clone link..\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clone Link Title:\u003C\u002Fstrong> Option to change Duplicate Post Link Title.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Prefix:\u003C\u002Fstrong> Option to add Post Prefix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Post Suffix:\u003C\u002Fstrong> Option to add Post Suffix.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Editor\u003C\u002Fstrong>: And Many More Filters and Features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fpro\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Buy Pro Version\u003C\u002Fa>\u003C\u002Fstrong> with various features & support.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fcontact\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>\u003C\u002Fstrong> for Support Only Pro Version Users.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fduplicatepro.com\u002Fpro\u002F?utm_source=Wordpress.org&utm_medium=Website&utm_campaign=Duplicate%20Page%20Pro\" rel=\"nofollow ugc\">Upgrade to Pro Version\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FFj8BHxvebXs?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>How to use\u003C\u002Fh3>\n\u003Col>\n\u003Cli>First Activate Plugin.\u003C\u002Fli>\n\u003Cli>Go Select to Duplicate Page settings Menu from Settings Tab and savings settings. \u003C\u002Fli>\n\u003Cli>Then Create New Post\u002FPage or Use old.\u003C\u002Fli>\n\u003Cli>After click on duplicate this link, then duplicate post\u002F page will be created and saved as draft,publish,pending,private depending upon settings.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Minimum requirements for Duplicate Page\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>WordPress 3.3+\u003C\u002Fli>\n\u003Cli>PHP 5.x\u003C\u002Fli>\n\u003Cli>MySQL 5.x\u003C\u002Fli>\n\u003C\u002Ful>\n","Duplicate Posts, Pages and Custom Posts easily using single click",3000000,35845792,96,442,"2025-10-16T11:26:00.000Z","6.8.5","3.4",[113,98,75,114,115],"duplicate-custom-posts","page-duplicate","post-duplicate","https:\u002F\u002Fduplicatepro.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fduplicate-page.zip",98,3,"2021-08-28 00:00:00",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":131,"num_ratings":132,"last_updated":133,"tested_up_to":87,"requires_at_least":134,"requires_php":89,"tags":135,"homepage":141,"download_link":142,"security_score":143,"vuln_count":32,"unpatched_count":13,"last_vuln_date":144,"fetched_at":28},"custom-post-type-ui","Custom Post Type UI","1.18.3","webdevstudios","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdevstudios\u002F","\u003Cp>Custom Post Type UI provides an easy-to-use interface for registering and managing custom post types and taxonomies for your website.\u003C\u002Fp>\n\u003Ch4>Custom Post Type UI Extended\u003C\u002Fh4>\n\u003Cp>CPTUI helps create custom content types, but displaying that content can be a whole new challenge. \u003Ca href=\"https:\u002F\u002Fpluginize.com\u002Fplugins\u002Fcustom-post-type-ui-extended\u002F?utm_source=cptui-desription&utm_medium=text&utm_campaign=wporg\" rel=\"nofollow ugc\">Custom Post Type UI Extended\u003C\u002Fa> was created to help with displaying your crafted content. \u003Ca href=\"https:\u002F\u002Fpluginize.com\u002Fcpt-ui-extended-features\u002F?utm_source=cptui-description-examples&utm_medium=text&utm_campaign=wporg\" rel=\"nofollow ugc\">View our Layouts page\u003C\u002Fa> to see available layout examples with Custom Post Type UI Extended.\u003C\u002Fp>\n\u003Ch4>Plugin development\u003C\u002Fh4>\n\u003Cp>Custom Post Type UI development is managed on GitHub, with official releases published on WordPress.org. The GitHub repo can be found at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWebDevStudios\u002Fcustom-post-type-ui\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002FWebDevStudios\u002Fcustom-post-type-ui\u003C\u002Fa>. Please use the WordPress.org support tab for potential bugs, issues, or enhancement ideas.\u003C\u002Fp>\n","Admin UI for creating custom content types like post types and taxonomies",1000000,22529808,92,273,"2026-01-08T20:43:00.000Z","6.6",[136,137,138,139,140],"content-types","custom-post-types","post-type","taxonomy","types","https:\u002F\u002Fgithub.com\u002FWebDevStudios\u002Fcustom-post-type-ui\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-post-type-ui.1.18.3.zip",93,"2025-12-12 00:00:00",{"attackSurface":146,"codeSignals":161,"taintFlows":207,"riskAssessment":252,"analyzedAt":269},{"hooks":147,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[148,153],{"type":149,"name":150,"callback":150,"file":151,"line":152},"action","init","library\\wordpress\\application.php",54,{"type":149,"name":150,"callback":154,"file":155,"line":156},"initWPaction","library\\wordpress\\data\\meta.php",21,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":175,"outputEscaping":178,"fileOperations":202,"externalRequests":176,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":203},[163,168,172],{"fn":164,"file":165,"line":166,"context":167},"unserialize","library\\base\\data\\xml.php",165,"$new_key = unserialize ( $key );",{"fn":164,"file":169,"line":170,"context":171},"library\\wordpress\\data\\legacy.php",122,"$data [$new_key] = unserialize ( $data [$new_key] );",{"fn":164,"file":155,"line":173,"context":174},133,"$data = unserialize($value[0]);",{"prepared":176,"raw":13,"locations":177},1,[],{"escaped":13,"rawEcho":179,"locations":180},8,[181,185,188,191,193,195,197,200],{"file":182,"line":183,"context":184},"application\\controllers\\tinymce.php",33,"raw output",{"file":186,"line":187,"context":184},"library\\base\\http.php",79,{"file":189,"line":190,"context":184},"library\\base\\view.php",28,{"file":189,"line":192,"context":184},107,{"file":189,"line":194,"context":184},113,{"file":189,"line":196,"context":184},147,{"file":198,"line":199,"context":184},"library\\wordpress\\action.php",603,{"file":198,"line":201,"context":184},770,6,[204],{"name":205,"version":27,"knownCves":206},"TinyMCE",[],[208,226,238],{"entryPoint":209,"graph":210,"unsanitizedCount":176,"severity":225},"basic_auth (library\\wordpress\\action.php:306)",{"nodes":211,"edges":222},[212,217],{"id":213,"type":214,"label":215,"file":198,"line":216},"n0","source","$_SERVER['SERVER_NAME']",314,{"id":218,"type":219,"label":220,"file":198,"line":216,"wp_function":221},"n1","sink","header() [Header Injection]","header",[223],{"from":213,"to":218,"sanitized":224},false,"medium",{"entryPoint":227,"graph":228,"unsanitizedCount":176,"severity":225},"callback (library\\wordpress\\action.php:733)",{"nodes":229,"edges":236},[230,233],{"id":213,"type":214,"label":231,"file":198,"line":232},"$_GET",734,{"id":218,"type":219,"label":234,"file":198,"line":201,"wp_function":235},"echo() [XSS]","echo",[237],{"from":213,"to":218,"sanitized":224},{"entryPoint":239,"graph":240,"unsanitizedCount":251,"severity":225},"\u003Caction> (library\\wordpress\\action.php:0)",{"nodes":241,"edges":248},[242,243,244,246],{"id":213,"type":214,"label":215,"file":198,"line":216},{"id":218,"type":219,"label":220,"file":198,"line":216,"wp_function":221},{"id":245,"type":214,"label":231,"file":198,"line":232},"n2",{"id":247,"type":219,"label":234,"file":198,"line":201,"wp_function":235},"n3",[249,250],{"from":213,"to":218,"sanitized":224},{"from":245,"to":247,"sanitized":224},2,{"summary":253,"deductions":254},"The Redactor plugin version 3.1.48f presents a mixed security posture. On the positive side, the plugin has no recorded CVEs and its SQL queries are properly secured with prepared statements. The attack surface is also minimal, with no apparent AJAX handlers, REST API routes, shortcodes, or cron events, and importantly, none of these are exposed without authentication checks. This suggests a cautious approach to external input handling.\n\nHowever, significant concerns arise from the static code analysis. The presence of the `unserialize` function is a critical warning sign, as it is a common vector for remote code execution when processing untrusted input. Coupled with this, the analysis reveals that 0% of output is properly escaped, indicating a high risk of cross-site scripting (XSS) vulnerabilities. The taint analysis, while showing no critical or high severity flows, did find 3 flows with unsanitized paths, which, when combined with the unescaped output and the `unserialize` function, creates a potentially dangerous combination.\n\nGiven the complete lack of vulnerability history, it's difficult to draw definitive conclusions about its long-term security. This could indicate diligent security practices or simply a lack of widespread use and therefore less scrutiny. The absence of nonce checks and capability checks on any potential entry points (though none were found) is a weakness, as is the bundling of the TinyMCE library, which could be outdated or have its own vulnerabilities. Overall, while the plugin appears to have a small attack surface and secure SQL, the risks associated with `unserialize` and unescaped output are substantial and require immediate attention.",[255,258,260,263,265,267],{"reason":256,"points":257},"Presence of 'unserialize' function",15,{"reason":259,"points":179},"0% output escaping",{"reason":261,"points":262},"Flows with unsanitized paths found",5,{"reason":264,"points":119},"Bundled library (TinyMCE)",{"reason":266,"points":262},"No Nonce checks",{"reason":268,"points":262},"No Capability checks","2026-03-17T00:30:13.546Z",{"wat":271,"direct":286},{"assetPaths":272,"generatorPatterns":278,"scriptPaths":279,"versionParams":280},[273,274,275,276,277],"\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fimages.css","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Ffront.css","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fcommon.css","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fjs\u002Fscript.js",[],[277],[281,282,283,284,285],"\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fimages.css?ver=","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fadmin.css?ver=","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Ffront.css?ver=","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fcss\u002Fcommon.css?ver=","\u002Fwp-content\u002Fplugins\u002Fredactor\u002Flibrary\u002Fbase\u002Fpublic\u002Fjs\u002Fscript.js?ver=",{"cssClasses":287,"htmlComments":289,"htmlAttributes":290,"restEndpoints":292,"jsGlobals":293,"shortcodeOutput":295},[288],"v48fv_16x16_info",[],[291],"data-dodebug",[],[294],"v48fv_data",[]]