[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fv3G3snPgAmmIwU9lb0BYK24SQLKQPT_PEZ78LIGRaQo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":43,"crawl_stats":34,"alternatives":48,"analysis":158,"fingerprints":191},"rtl-tester","RTL Tester","1.2","Yoav Farhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fyoavf\u002F","\u003Cp>This plugin adds a button to the admin bar that allow admins to switch the text direction of the site. It can be used to test WordPress themes and plugins with Right To Left (RTL) text direction.\u003C\u002Fp>\n","Test your themes and plugins in RTL mode.",1000,229522,100,20,"2020-08-11T19:13:00.000Z","5.5.18","3.3","",[20,21],"rtl","testing","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Frtl-tester\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frtl-tester.1.2.zip",63,1,"2025-12-11 00:00:00","2026-03-15T15:16:48.613Z",[29],{"id":30,"url_slug":31,"title":32,"description":33,"plugin_slug":4,"theme_slug":34,"affected_versions":35,"patched_in_version":34,"severity":36,"cvss_score":37,"cvss_vector":38,"vuln_type":39,"published_date":26,"updated_date":40,"references":41,"days_to_patch":34},"CVE-2025-64239","rtl-tester-cross-site-request-forgery","RTL Tester \u003C= 1.2 - Cross-Site Request Forgery","The RTL Tester plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=1.2","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-12-19 16:47:14",[42],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F496119d8-6908-44ce-951e-ece45500113b?source=api-prod",{"slug":44,"display_name":7,"profile_url":8,"plugin_count":25,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":45,"trust_score":46,"computed_at":47},"yoavf",30,68,"2026-04-04T06:02:00.594Z",[49,69,91,113,136],{"slug":50,"name":51,"version":52,"author":53,"author_profile":54,"description":55,"short_description":56,"active_installs":14,"downloaded":57,"rating":58,"num_ratings":58,"last_updated":59,"tested_up_to":60,"requires_at_least":61,"requires_php":62,"tags":63,"homepage":67,"download_link":68,"security_score":13,"vuln_count":58,"unpatched_count":58,"last_vuln_date":34,"fetched_at":27},"rtl-tester-mirror","RTL Tester Mirror by WebMan","1.0.5","WebMan Design | Oliver Juhas","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmandesign\u002F","\u003Cp>This plugin simply mirrors the Right To Left (RTL) website layout using a CSS transform making it look like Left To Right (LTR) website.\u003C\u002Fp>\n\u003Cp>This is a great tool for LTR language speakers for testing RTL layouts of WordPress themes and plugins, making the testing process much easier for you eyes and brain 😉\u003C\u002Fp>\n\u003Cp>Works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Frtl-tester\u002F\" rel=\"ugc\">RTL Tester\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Mirrors RTL website layout to make it look like LTR layout\u003C\u002Fli>\n\u003Cli>Plugin adds a blue notification with “Mirrored RTL” text at the top when the RTL website is mirrored\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin Localization\u003C\u002Fh4>\n\u003Cp>Translate the plugin by clicking the \u003Cstrong>“Translate RTL Tester Mirror”\u003C\u002Fstrong> button under the “Translations” section in the sidebar.\u003C\u002Fp>\n\u003Ch4>Additional Resources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fview\u002Fplugin-reviews\u002Frtl-tester-mirror\u002F#postform\" rel=\"ugc\">Write a review\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Frtl-tester-mirror\u002F\" rel=\"ugc\">Have a question?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fwebmandesign\u002F#content-themes\" rel=\"nofollow ugc\">Grab a free theme\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fwebmandesigneu\u002F\" rel=\"nofollow ugc\">Follow @webmandesigneu\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.webmandesign.eu\" rel=\"nofollow ugc\">Visit WebMan Design\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Makes it easy for LTR language speaker to test the RTL website layout by mirroring it so it looks like LTR.",6282,0,"2025-12-13T09:28:00.000Z","6.9.4","6.0","7.0",[64,65,20,21,66],"ltr","mirror","transform","https:\u002F\u002Fwww.webmandesign.eu\u002Fportfolio\u002Frtl-tester-mirror-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frtl-tester-mirror.1.0.5.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":62,"requires_at_least":82,"requires_php":83,"tags":84,"homepage":89,"download_link":90,"security_score":13,"vuln_count":58,"unpatched_count":58,"last_vuln_date":34,"fetched_at":27},"fakerpress","FakerPress","0.9.0","Gustavo Bordoni","https:\u002F\u002Fprofiles.wordpress.org\u002Fbordoni\u002F","\u003Cp>Whenever you create a new Theme or Plugin you will always need to create custom data to test whether your plugin is working or not, and as Developers ourselves we had this problem quite alot.\u003C\u002Fp>\n\u003Cp>Our goal with this plugin is to fill this gap where you have problem with a good solution both for Developers and for Users of WordPress.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note: This plugin requires PHP 8.1 or higher to be activated.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Ffakerpress.com\u002Fr\u002Fgithub\" rel=\"nofollow ugc\">\u003Cstrong>Checkout our GitHub Repository\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Components Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Posts\u003C\u002Fli>\n\u003Cli>Custom Post Types\u003C\u002Fli>\n\u003Cli>Meta Data\u003C\u002Fli>\n\u003Cli>Featured Image\u003C\u002Fli>\n\u003Cli>Users\u003C\u002Fli>\n\u003Cli>Tags\u003C\u002Fli>\n\u003Cli>Categories\u003C\u002Fli>\n\u003Cli>Comments\u003C\u002Fli>\n\u003Cli>Custom Comment Types\u003C\u002Fli>\n\u003Cli>Attachments (NEW)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Creating Dummy Content\u003C\u002Fh4>\n\u003Cp>Normally a WordPress developer will need to perform the task of filling up an empty theme with dummy content, and doing this manually can be really time consuming, the main reasons this plugin was create was to speed up this process.\u003C\u002Fp>\n\u003Ch4>Random Featured Images\u003C\u002Fh4>\n\u003Cp>Create randomly generated attachments as the Featured Images for your WordPress dummy content.\u003C\u002Fp>\n\u003Ch4>Create random Meta Information\u003C\u002Fh4>\n\u003Cp>WordPress has Meta for Users, Posts, Terms and Comments, FakerPress will allow you to generate custom dummy meta for all four, with \u003Cem>20 types of Data\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Delete the Content Generated\u003C\u002Fh4>\n\u003Cp>After you are done with your testing it should be easy to delete all the content created using FakerPress, now you will be able to do it.\u003C\u002Fp>\n\u003Ch4>Generate Random HTML\u003C\u002Fh4>\n\u003Cp>When creating dummy posts what you really want is that the HTML is really random so that you might see bugs that an XML import wouldn’t.\u003C\u002Fp>\n\u003Ch4>Generate Images in your HTML\u003C\u002Fh4>\n\u003Cp>When you are testing your website images are important, so FakerPress will allow you to output Images to your HTML tests.\u003C\u002Fp>\n\u003Ch4>Real Browser data on User Comments\u003C\u002Fh4>\n\u003Cp>For comments our plugin is prepared to generate a real Browser data instead of leaving the field empty.\u003C\u002Fp>\n\u003Ch4>Random Terms generation\u003C\u002Fh4>\n\u003Cp>For creating and assigning the terms you will have a much better tool that will allow you to select which kind of taxonomy you want to assign to your posts, and leaving the randomization to the plugin’s code.\u003C\u002Fp>\n\u003Ch4>Real random User profiles\u003C\u002Fh4>\n\u003Cp>If you fill up your WordPress with any data for the user profiles you might not catch an edge case, this plugin will fill up the fields with data that will really matter in the tests.\u003C\u002Fp>\n\u003Ch4>Modern REST API\u003C\u002Fh4>\n\u003Cp>FakerPress now includes a comprehensive REST API for programmatic content generation. All modules support REST endpoints with batching capabilities for large-scale generation. Full OpenAPI documentation is available at \u003Ccode>\u002Fwp-json\u002Ffakerpress\u002Fv1\u002Fdocs\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Ch4>Generate Attachments\u003C\u002Fh4>\n\u003Cp>Create realistic image attachments with customizable dimensions, multiple image providers (Placehold.co, Lorem Picsum), and automatic generation of alt text, captions, and descriptions. All images include proper attribution – Lorem Picsum images credit the original Unsplash photographers.\u003C\u002Fp>\n\u003Ch4>Types of Meta Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Attachment\u003C\u002Fli>\n\u003Cli>WP_Query\u003C\u002Fli>\n\u003Cli>Number\u003C\u002Fli>\n\u003Cli>Elements\u003C\u002Fli>\n\u003Cli>Letter\u003C\u002Fli>\n\u003Cli>Words\u003C\u002Fli>\n\u003Cli>Text\u003C\u002Fli>\n\u003Cli>HTML\u003C\u002Fli>\n\u003Cli>Lexify\u003C\u002Fli>\n\u003Cli>Asciify\u003C\u002Fli>\n\u003Cli>Regexify\u003C\u002Fli>\n\u003Cli>Person\u003C\u002Fli>\n\u003Cli>Geo Information\u003C\u002Fli>\n\u003Cli>Company\u003C\u002Fli>\n\u003Cli>Date\u003C\u002Fli>\n\u003Cli>TimeZone\u003C\u002Fli>\n\u003Cli>Email\u003C\u002Fli>\n\u003Cli>Domain\u003C\u002Fli>\n\u003Cli>IP\u003C\u002Fli>\n\u003Cli>Browser User Agent\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Languages\u003C\u002Fh4>\n\u003Cp>We moved away from \u003Cem>Transifex\u003C\u002Fem> due to the new GlotPress on WordPress.org, so if you want to translate FakerPress to your language please \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fpolyglots\u002Fhandbook\u002Frosetta\u002Ftheme-plugin-directories\u002F#translating-themes-plugins\" rel=\"nofollow ugc\">follow this guidelines\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>See room for improvement?\u003C\u002Fh4>\n\u003Cp>Great! There are several ways you can get involved to help make FakerPress better:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Report Bugs:\u003C\u002Fstrong> If you find a bug, error or other problem, please report it! You can do this by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffakerpress\" rel=\"ugc\">creating a new topic\u003C\u002Fa> in the plugin forum. Once a developer can verify the bug by reproducing it, they will create an official bug report in GitHub where the bug will be worked on.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Suggest New Features:\u003C\u002Fstrong> Have an awesome idea? Please share it! Simply \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ffakerpress\" rel=\"ugc\">create a new topic\u003C\u002Fa> in the plugin forum to express your thoughts on why the feature should be included and get a discussion going around your idea.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Issue Pull Requests:\u003C\u002Fstrong> If you’re a developer, the easiest way to get involved is to help out on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbordoni\u002Ffakerpress\u002Fissues\" rel=\"nofollow ugc\">issues already reported\u003C\u002Fa> in GitHub. Be sure to check out the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbordoni\u002Ffakerpress\u002Fblob\u002Fmaster\u002Fcontributing.md\" rel=\"nofollow ugc\">contributing guide\u003C\u002Fa> for developers.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Thank you for wanting to make FakerPress better for everyone! \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=8fPf6L0XNvM\" rel=\"nofollow ugc\">We salute you\u003C\u002Fa>.\u003C\u002Fp>\n","FakerPress is a clean way to generate fake and dummy content to your WordPress, great for developers who need testing",10000,736880,98,205,"2026-03-09T12:12:00.000Z","5.5","8.1",[85,86,87,88,21],"developer","dummy-content","generator","lorem-ipsun","https:\u002F\u002Ffakerpress.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffakerpress.0.9.0.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":77,"downloaded":99,"rating":100,"num_ratings":101,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":111,"download_link":112,"security_score":13,"vuln_count":58,"unpatched_count":58,"last_vuln_date":34,"fetched_at":27},"unbounce","Unbounce Landing Pages","1.1.4","Unbounce","https:\u002F\u002Fprofiles.wordpress.org\u002Funbouncewordpress\u002F","\u003Cp>With Unbounce’s landing page plugin for WordPress, marketers can create fully customized landing pages for\u003Cbr \u002F>\ntheir campaigns and publish them to their existing WordPress sites.\u003C\u002Fp>\n\u003Cp>To publish landing pages on your WordPress website:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Build your landing page in Unbounce, the world’s most powerful landing page builder\u003C\u002Fli>\n\u003Cli>Publish your page to WordPress using this very plugin\u003C\u002Fli>\n\u003Cli>Manage all your WordPress landing pages through the plugin’s interface\u003C\u002Fli>\n\u003Cli>Edit and update all your landing pages from Unbounce’s page builder. They’ll automatically get updated on your WordPress site\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Unbounce allows you to customize your landing pages to match your brand perfectly. The WYSIWYG builder allows\u003Cbr \u002F>\nfor quick and easy page editing. With the Unbounce WordPress Landing Page Plugin, you can launch your landing\u003Cbr \u002F>\npage on your own domain without ever talking to I.T. Try it for a month for free!\u003C\u002Fp>\n\u003Cp>More than 10,000 digital marketers use Unbounce. Some of the features they love the most include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Publish pages to your WordPress domain\u003C\u002Fli>\n\u003Cli>A team of Customer Success coaches that are easy to reach when you need help\u003C\u002Fli>\n\u003Cli>80+ free templates (plus more on ThemeForest)\u003C\u002Fli>\n\u003Cli>Complete customizability of the desktop and mobile layouts\u003C\u002Fli>\n\u003Cli>Built in A\u002FB testing features\u003C\u002Fli>\n\u003Cli>Integrations with the tools marketers use – MailChimp, SalesForce, Hubspot & more\u003C\u002Fli>\n\u003Cli>Easy Google Analytics tagging & event tracking\u003C\u002Fli>\n\u003Cli>Plus much more\u003C\u002Fli>\n\u003C\u002Ful>\n","Unbounce is the most powerful standalone landing page builder available.",417130,64,11,"2025-06-02T17:36:00.000Z","6.7.5","4.1.5","8.0",[107,108,109,110,92],"a-b-testing","ab-testing","cro","split-testing","http:\u002F\u002Funbounce.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funbounce.1.1.4.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":60,"requires_at_least":126,"requires_php":18,"tags":127,"homepage":132,"download_link":133,"security_score":79,"vuln_count":134,"unpatched_count":58,"last_vuln_date":135,"fetched_at":27},"easy-affiliate-links","Easy Affiliate Links","3.8.1","Brecht","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrechtvds\u002F","\u003Cp>Easy Affiliate Links helps you manage all the affiliate links on your website. Both cloaked pretty links and regular non-cloaked links. Clicks get tracked for your links automatically.\u003C\u002Fp>\n\u003Cp>Learn more on \u003Ca href=\"https:\u002F\u002Fbootstrapped.ventures\u002Feasy-affiliate-links\u002F\" rel=\"nofollow ugc\">our website\u003C\u002Fa> and in \u003Ca href=\"https:\u002F\u002Fhelp.bootstrapped.ventures\u002Fcollection\u002F133-easy-affiliate-links\" rel=\"nofollow ugc\">our knowledge base\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Current features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Compatible with both the Classic Editor and new \u003Cstrong>Gutenberg\u003C\u002Fstrong> Block Editor\u003C\u002Fli>\n\u003Cli>Add affiliate links in \u003Cstrong>Elementor\u003C\u002Fstrong> using their text widget\u003C\u002Fli>\n\u003Cli>Use regular links or \u003Cstrong>affiliate HTML code\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Create \u003Cstrong>shortlinks\u003C\u002Fstrong> to optionally cloak your affiliate links\u003C\u002Fli>\n\u003Cli>Use \u003Cstrong>ugc and sponsored\u003C\u002Fstrong> attributes for your links\u003C\u002Fli>\n\u003Cli>Leave specific links uncloaked for \u003Cstrong>Amazon compatibility\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic text disclaimer\u003C\u002Fstrong> for your affiliate links\u003C\u002Fli>\n\u003Cli>Easily access your links in the \u003Cstrong>visual and html editor\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Assign \u003Cstrong>categories\u003C\u002Fstrong> to your links\u003C\u002Fli>\n\u003Cli>Tracking of monthly and lifetime \u003Cstrong>click counts\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import affiliate links\u003C\u002Fstrong> from XML and CSV\u003C\u002Fli>\n\u003Cli>Ability to \u003Cstrong>export your links\u003C\u002Fstrong> to XML and CSV\u003C\u002Fli>\n\u003Cli>Use a CSV export and import to \u003Cstrong>easily update your links in bulk\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Easy Affiliate Links Premium\u003C\u002Fh4>\n\u003Cp>Looking for some more advanced functionality? We also have the \u003Ca href=\"http:\u002F\u002Fbootstrapped.ventures\u002Feasy-affiliate-links\u002Fget-the-plugin\u002F\" rel=\"nofollow ugc\">Easy Affiliate Links Premium\u003C\u002Fa> add-on available with the following features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Get valuable insights with \u003Cstrong>click statistics and charts\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Automatic \u003Cstrong>broken links checker\u003C\u002Fstrong> with email notifications\u003C\u002Fli>\n\u003Cli>Show an \u003Cstrong>automatic tooltip disclaimer\u003C\u002Fstrong> when hovering over links\u003C\u002Fli>\n\u003Cli>**Conditional geo or device targeted* links\u003C\u002Fli>\n\u003Cli>Use \u003Cstrong>Replacement Links\u003C\u002Fstrong> to (temporarily) swap affiliate links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is under active development, so just \u003Ca href=\"https:\u002F\u002Fhelp.bootstrapped.ventures\u002Farticle\u002F41-how-can-i-contact-support\" rel=\"nofollow ugc\">let us know\u003C\u002Fa> if you have any requests at all!\u003C\u002Fp>\n","Easily manage and cloak all your affiliate links.",8000,296632,84,34,"2026-01-20T14:51:00.000Z","3.5",[128,129,130,131],"affiliate","cloaking","links","shortlink","https:\u002F\u002Fbootstrapped.ventures\u002Feasy-affiliate-links\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feasy-affiliate-links.3.8.1.zip",3,"2024-06-27 00:00:00",{"slug":137,"name":138,"version":139,"author":140,"author_profile":141,"description":142,"short_description":143,"active_installs":144,"downloaded":145,"rating":146,"num_ratings":147,"last_updated":148,"tested_up_to":60,"requires_at_least":149,"requires_php":150,"tags":151,"homepage":156,"download_link":157,"security_score":13,"vuln_count":58,"unpatched_count":58,"last_vuln_date":34,"fetched_at":27},"plugin-check","Plugin Check (PCP)","1.8.0","WordPress.org","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressdotorg\u002F","\u003Cp>Plugin Check is a tool for testing whether your plugin meets the required standards for the WordPress.org plugin directory. With this plugin you will be able to run most of the checks used for new submissions, and check if your plugin meets the requirements.\u003C\u002Fp>\n\u003Cp>Additionally, the tool flags violations or concerns around plugin development best practices, from basic requirements like correct usage of internationalization functions to accessibility, performance, and security best practices.\u003C\u002Fp>\n\u003Cp>The checks can be run either using the WP Admin user interface or WP-CLI:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To check a plugin using WP Admin, please navigate to the \u003Cem>Tools > Plugin Check\u003C\u002Fem> menu. You need to be able to manage plugins on your site in order to access that screen.\u003C\u002Fli>\n\u003Cli>To check a plugin using WP-CLI, please use the \u003Ccode>wp plugin check\u003C\u002Fcode> command. For example, to check the “Hello Dolly” plugin: \u003Ccode>wp plugin check hello.php\u003C\u002Fcode>\n\u003Cul>\n\u003Cli>Note that by default when using WP-CLI, only static checks can be executed. In order to also include runtime checks, a workaround is currently necessary using the \u003Ccode>--require\u003C\u002Fcode> argument of WP-CLI, to manually load the \u003Ccode>cli.php\u003C\u002Fcode> file within the plugin checker directory before WordPress is loaded. For example: \u003Ccode>wp plugin check hello.php --require=.\u002Fwp-content\u002Fplugins\u002Fplugin-check\u002Fcli.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>You could use arbitrary path or URL to check a plugin. For example, to check a plugin from a URL: \u003Ccode>wp plugin check https:\u002F\u002Fexample.com\u002Fplugin.zip\u003C\u002Fcode> or to check a plugin from a path: \u003Ccode>wp plugin check \u002Fpath\u002Fto\u002Fplugin\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The checks are grouped into several categories, so that you can customize which kinds of checks you would like to run on a plugin.\u003C\u002Fp>\n\u003Cp>Keep in mind that this plugin is not a replacement for the manual review process, but it will help you speed up the process of getting your plugin approved for the WordPress.org plugin repository, and it will also help you avoid some common mistakes.\u003C\u002Fp>\n\u003Cp>Even if you do not intend to host your plugin in the WordPress.org directory, you are encouraged to use Plugin Check so that your plugin follows the base requirements and best practices for WordPress plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Plugin Namer Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Plugin Check now includes an AI-powered Plugin Namer tool (accessible via \u003Cem>Tools > Plugin Check Namer\u003C\u002Fem>) that helps plugin authors evaluate plugin names before submission. This tool checks for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Similarity to existing plugins in the WordPress.org directory\u003C\u002Fli>\n\u003Cli>Potential trademark conflicts with well-known brands\u003C\u002Fli>\n\u003Cli>Compliance with WordPress plugin naming guidelines\u003C\u002Fli>\n\u003Cli>Generic or overly broad naming issues\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Plugin Namer provides instant feedback with actionable suggestions, helping you choose a clear, unique, and policy-compliant name that stands out in the plugin directory. This feature requires AI provider configuration in the settings.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> The Plugin Namer tool provides guidance only and is not definitive. All plugin name decisions are subject to final review and approval by the WordPress.org Plugins team reviewers.\u003C\u002Fp>\n","Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.",7000,714618,90,31,"2025-12-28T11:57:00.000Z","6.3","7.4",[152,153,154,155,21],"accessibility","performance","plugin-best-practices","security","https:\u002F\u002Fgithub.com\u002FWordPress\u002Fplugin-check","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplugin-check.1.8.0.zip",{"attackSurface":159,"codeSignals":176,"taintFlows":183,"riskAssessment":184,"analyzedAt":190},{"hooks":160,"ajaxHandlers":172,"restRoutes":173,"shortcodes":174,"cronEvents":175,"entryPointCount":58,"unprotectedCount":58},[161,167],{"type":162,"name":163,"callback":164,"file":165,"line":166},"action","init","set_direction","rtl-tester.php",35,{"type":162,"name":168,"callback":169,"priority":170,"file":165,"line":171},"admin_bar_menu","admin_bar_rtl_switcher",999,36,[],[],[],[],{"dangerousFunctions":177,"sqlUsage":178,"outputEscaping":180,"fileOperations":58,"externalRequests":58,"nonceChecks":58,"capabilityChecks":25,"bundledLibraries":182},[],{"prepared":58,"raw":58,"locations":179},[],{"escaped":58,"rawEcho":58,"locations":181},[],[],[],{"summary":185,"deductions":186},"The 'rtl-tester' plugin version 1.2 demonstrates a strong adherence to secure coding practices in its static analysis. Notably, there are no identified dangerous functions, all SQL queries utilize prepared statements, and all identified outputs are properly escaped. Furthermore, the absence of file operations and external HTTP requests reduces the plugin's attack surface.  The plugin also performs at least one capability check, which is a positive sign for access control.  However, the static analysis also reveals a complete lack of entry points (AJAX, REST API, shortcodes, cron events) which is unusual and might indicate the plugin is not performing any dynamic functions or that the analysis missed potential entry points. This lack of interaction could also be interpreted as a reduced attack surface in itself.\n\nThe plugin's vulnerability history is a significant concern. It has one known medium-severity CVE, which is currently unpatched. The historical prevalence of Cross-Site Request Forgery (CSRF) vulnerabilities in its past suggests a pattern of insecure handling of user-initiated actions.  While the current static analysis indicates good practices, the unpatched medium CVE and the historical trend of CSRF point to potential lingering weaknesses or a lack of robust input validation for specific actions, even if not immediately apparent in the current static scan.\n\nIn conclusion, 'rtl-tester' v1.2 exhibits strengths in fundamental secure coding like prepared statements and output escaping. The absence of direct entry points in the static analysis is also a positive sign regarding immediate exploitability through those vectors. Nevertheless, the presence of an unpatched medium-severity CVE and a history of CSRF vulnerabilities represent significant risks that overshadow the positive static analysis findings. Remediation of the existing CVE and a thorough review for potential CSRF vulnerabilities in any user-facing functionalities are paramount.",[187],{"reason":188,"points":189},"Unpatched CVE (Medium Severity)",15,"2026-03-16T18:42:52.160Z",{"wat":192,"direct":197},{"assetPaths":193,"generatorPatterns":194,"scriptPaths":195,"versionParams":196},[],[],[],[],{"cssClasses":198,"htmlComments":199,"htmlAttributes":200,"restEndpoints":201,"jsGlobals":202,"shortcodeOutput":203},[],[],[],[],[],[]]