[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frtpSbCw1xm9ypRSMvmkuf9ScoSsuYALwqkgGnDx_Cpk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":132,"fingerprints":182},"restrict-multisite-plugins","Restrict Multisite Plugins","1.1.3","Adam Harley (Kawauso)","https:\u002F\u002Fprofiles.wordpress.org\u002Fkawauso\u002F","\u003Cp>A quick adaptation of the theme restriction code for plugins. Can only restrict on a site-wide basis, though it will only affect those sites on which it’s activated. Does not restrict super admins. Plugins \u003Cstrong>must\u003C\u002Fstrong> be active on the main site to be controlled by this plugin (this is an issue with WordPress’ plugin structure).\u003C\u002Fp>\n\u003Cp>See also: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frestrict-multisite-widgets\u002F\" rel=\"ugc\">Restrict Multisite Widgets\u003C\u002Fa>\u003C\u002Fp>\n","Allows network admins to restrict which plugins are available on sites, similar to themes.",10,4337,100,1,"2011-06-30T21:10:00.000Z","3.2.1","3.0","",[20,21,22],"multisite","plugins","restrict","http:\u002F\u002Fadamharley.co.uk\u002Fwordpress-plugins\u002Frestrict-multisite-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestrict-multisite-plugins.1.1.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"kawauso",8,600,89,30,86,"2026-04-06T09:23:40.872Z",[39,59,78,95,116],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":13,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":57,"download_link":58,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"plugin-report","Plugin Report","2.2.2","Torsten Landsiedel","https:\u002F\u002Fprofiles.wordpress.org\u002Fzodiac1978\u002F","\u003Cp>A WordPress plugin that provides detailed information about currently installed plugins.\u003C\u002Fp>\n\u003Ch3>Plugin Report will allow you to:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Spot plugins that are no longer maintained.\u003C\u002Fli>\n\u003Cli>Get a quick overview of the “plugin health” of your site.\u003C\u002Fli>\n\u003Cli>Provide clients with a detailed report, right from their own dashboard, or as CSV spreadsheet.\u003C\u002Fli>\n\u003Cli>Find plugins that are no longer active on multisite installs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Thanks to Roy Tanck for trusting me to adopt this great plugin. Hartelijk bedankt!\u003C\u002Fp>\n\u003Cp>Special thanks go to \u003Ca href=\"http:\u002F\u002Ftristen.ca\u002F\" rel=\"nofollow ugc\">Tristen Forsythe Brown\u003C\u002Fa> for the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftristen\u002Ftablesort\" rel=\"nofollow ugc\">tablesort JavaScript library\u003C\u002Fa> licensed under the MIT License.\u003C\u002Fp>\n","A WordPress plugin that provides detailed information about currently installed plugins.",1000,26304,14,"2026-01-18T12:46:00.000Z","6.9.4","4.6","5.6",[55,20,56,21],"admin","plugin-info","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fplugin-report\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-report.2.2.2.zip",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":69,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":18,"tags":74,"homepage":76,"download_link":77,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"multisite-plugin-manager","Multisite Plugin Manager","3.1.6","Aaron Edwards","https:\u002F\u002Fprofiles.wordpress.org\u002Fuglyrobot\u002F","\u003Cp>Plugin management for WordPress Multisite that supports the native plugins page and the WPMU DEV Pro Sites plugin! Used on thousands of multisite installs across the web.\u003Cbr \u002F>\nPreviously known as \u003Cstrong>WPMU Plugin Manager\u003C\u002Fstrong>, it uses a backend options page to adjust plugin permissions for all the sites in your network.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Select what plugins sites have access to\u003C\u002Fli>\n\u003Cli>Choose plugins to Auto-Activate for all new blogs\u003C\u002Fli>\n\u003Cli>Mass activate\u002Fdeactivate a plugin on all sites in your network (Very Handy!)\u003C\u002Fli>\n\u003Cli>Assign special plugin access permissions for specific sites in your network\u003C\u002Fli>\n\u003Cli>And as Super Admin, you can override all these to activate specific plugins on the sites you choose!\u003C\u002Fli>\n\u003Cli>Removes the plugin meta row links (Version, Author, Plugin) and any update messages for blog admins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Also, if you use the excellent \u003Ca href=\"https:\u002F\u002Fpremium.wpmudev.org\u002Fproject\u002Fpro-sites\u002F\" rel=\"nofollow ugc\">Pro Sites plugin from WPMU DEV\u003C\u002Fa> you will be able to charge for access to certain plugins!\u003C\u002Fp>\n\u003Cp>A free plugin by Aaron Edwards of \u003Ca href=\"http:\u002F\u002Fuglyrobot.com\u002F\" rel=\"nofollow ugc\">UglyRobot Web Development\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fuglyrobot\u002Fmultisite-plugin-manager\" rel=\"nofollow ugc\">Contribute on GitHub\u003C\u002Fa>\u003C\u002Fp>\n","The essential plugin for every multisite install! Manage plugin access permissions across your entire multisite network.",200,107575,84,23,"2020-08-18T01:52:00.000Z","4.9.29","3.7.3",[20,21,75],"wpmu","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmultisite-plugin-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-plugin-manager.3.1.6.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":13,"downloaded":86,"rating":87,"num_ratings":49,"last_updated":88,"tested_up_to":72,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":18,"download_link":94,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"plugin-activation-status","Plugin Activation Status","1.0.2.1","Curtiss Grymala","https:\u002F\u002Fprofiles.wordpress.org\u002Fcgrymala\u002F","\u003Cp>Plugin Activation Status makes it easier for owners of multisite and multi-network WordPress installations to perform plugin audits on their installations. The plugin generates a list of plugins that are not currently active on any sites or networks. It generates a separate list of plugins that are active somewhere within the installation, and provides details about where and how those plugins are activated.\u003C\u002Fp>\n\u003Cp>This plugin first retrieves a full list of all of the plugins that are network-activated throughout your installation. Then, it loops through all of the sites in your installation, retrieving a list of all of the active plugins on each site. Next, it runs a diff between the full list of installed plugins and the list of all active plugins.\u003C\u002Fp>\n\u003Cp>Once it retrieves all of that information, it outputs two separate lists.\u003C\u002Fp>\n\u003Cp>The first list is the list of Inactive Plugins; all plugins that are installed, but not activated anywhere within WordPress will be listed there. The second list shows all of the Active Plugins; all plugins that are installed and activated somewhere within WordPress are shown there.\u003C\u002Fp>\n\u003Cp>Within the Active Plugins list, each plugin also has a list of all of the places the plugin is active (at the top, a list of all of the places it’s network-active; at the bottom, all of the places it’s normally-activated).\u003C\u002Fp>\n\u003Cp>When the plugin generates the lists of plugins, it stores those lists as site options in the database, so the lists can be retrieved for reference without using any additional server resources. If you would like to remove those cached lists and generate new lists, you simply have to click the Continue button on the admin page.\u003C\u002Fp>\n","Scans a multisite or multi-network installation to identify all plugins that are active or not.",26167,92,"2018-04-03T19:04:00.000Z","3.8",[91,92,20,93,21],"active","multi-network","network-active","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-activation-status.1.0.2.1.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":13,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":18,"tags":109,"homepage":114,"download_link":115,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"manage-customized-plugin-updates","Manage Customized Plugin Updates","3.2","wsxplugindev","https:\u002F\u002Fprofiles.wordpress.org\u002Fwsxplugindev\u002F","\u003Cp>Are you a web developer or website design company who has installed \u002F customized plugins for your clients and you’re having a hard time managing plugin upgrades? Maybe your client tries to upgrade plugins themselves and you end up losing all the customization done to that plugin.\u003C\u002Fp>\n\u003Cp>Here is a plugin that can help you better manage customized plugins. It displays a message to your clients warning them about doing the upgrade.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Mark any plugin as being customized\u003C\u002Fli>\n\u003Cli>Tags to identify customized plugins on the WordPress plugin page\u003C\u002Fli>\n\u003Cli>Alert to show the customization notes\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>Here’s a plugin that can help you better manage customized plugins and display a message to your clients warning them about doing the upgrade.\u003C\u002Fp>\n","Are you a web developer or website design company who has installed \u002F customized plugins for your clients and you're having a hard time managing  …",90,12046,2,"2023-02-10T10:46:00.000Z","6.1.10","4.7.5",[110,111,96,112,113],"block-plugin-update","customized-plugins","plugin-upgrade-custom-notice","restrict-plugin-upgrade","https:\u002F\u002Fwww.webstix.com\u002Fwordpress-plugin-development","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmanage-customized-plugin-updates.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":124,"downloaded":125,"rating":13,"num_ratings":105,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":18,"tags":129,"homepage":130,"download_link":131,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"multisite-plugin-stats","Multisite Plugin Stats","1.1","ljg3","https:\u002F\u002Fprofiles.wordpress.org\u002Fljg3\u002F","\u003Cp>This plugin was designed to let you know a little bit more about what plugins your users are running on your multisite install. It’s useful it you’re trying to clean up unused plugins, or determine plugin popularity.\u003C\u002Fp>\n","A multisite plugin to show plugin activations across all your sites.",40,6481,"2012-06-22T19:25:00.000Z","3.4.2","3.1",[20,21],"http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fmultisite-plugin-stats\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmultisite-plugin-stats.1.1.zip",{"attackSurface":133,"codeSignals":152,"taintFlows":174,"riskAssessment":175,"analyzedAt":181},{"hooks":134,"ajaxHandlers":148,"restRoutes":149,"shortcodes":150,"cronEvents":151,"entryPointCount":26,"unprotectedCount":26},[135,140,145],{"type":136,"name":137,"callback":136,"file":138,"line":139},"filter","all_plugins","restrict-multisite-plugins.php",147,{"type":141,"name":142,"callback":143,"file":138,"line":144},"action","network_admin_menu","setup_admin",153,{"type":141,"name":146,"callback":143,"file":138,"line":147},"admin_menu",155,[],[],[],[],{"dangerousFunctions":153,"sqlUsage":154,"outputEscaping":156,"fileOperations":26,"externalRequests":26,"nonceChecks":26,"capabilityChecks":14,"bundledLibraries":173},[],{"prepared":26,"raw":26,"locations":155},[],{"escaped":14,"rawEcho":32,"locations":157},[158,161,163,164,166,167,169,171],{"file":138,"line":159,"context":160},113,"raw output",{"file":138,"line":162,"context":160},115,{"file":138,"line":162,"context":160},{"file":138,"line":165,"context":160},117,{"file":138,"line":165,"context":160},{"file":138,"line":168,"context":160},119,{"file":138,"line":170,"context":160},120,{"file":138,"line":172,"context":160},121,[],[],{"summary":176,"deductions":177},"The \"restrict-multisite-plugins\" plugin version 1.1.3 exhibits a strong security posture based on the provided static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the potential attack surface. Furthermore, the code demonstrates good practices with 100% of SQL queries using prepared statements and the presence of at least one capability check. The taint analysis also shows no identified unsanitized flows, indicating a low risk of remote code execution or arbitrary file reads through tainted input.\n\nHowever, a significant concern arises from the very low percentage of properly escaped output (11%). This suggests a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. While there are no recorded historical vulnerabilities, the lack of robust output escaping is a critical weakness that could be exploited by attackers to inject malicious scripts into the WordPress admin area or public-facing sites. The plugin's vulnerability history being clean is a positive sign, but it should not overshadow the clear risk identified in the output escaping metrics.\n\nIn conclusion, the plugin's limited attack surface and secure handling of SQL and taint are commendable. However, the poor output escaping is a substantial security flaw that requires immediate attention. Without addressing this, the plugin remains susceptible to XSS attacks, despite its other strengths. The plugin's overall security is undermined by this single, albeit significant, weakness.",[178],{"reason":179,"points":180},"Low output escaping percentage (11%)",7,"2026-03-17T00:22:07.535Z",{"wat":183,"direct":188},{"assetPaths":184,"generatorPatterns":185,"scriptPaths":186,"versionParams":187},[],[],[],[],{"cssClasses":189,"htmlComments":190,"htmlAttributes":191,"restEndpoints":195,"jsGlobals":196,"shortcodeOutput":197},[],[],[192,193,194],"plugin[","id=\"enabled_","id=\"disabled_",[],[],[]]