[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2LZaBnLh0sfd1L-Mo3F2OGvtVBJvCoukX_Mjje8ofYQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":14,"tags":17,"homepage":14,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":125,"fingerprints":199},"rtpanel-hooks-editor","rtPanel Hooks Editor","2.5.1","rtCamp","https:\u002F\u002Fprofiles.wordpress.org\u002Frtcamp\u002F","\u003Cp>This plugin is add-on for \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fthemes\u002Frtpanel\" title=\"rtPanel Theme Framework\" rel=\"ugc\">rtPanel Theme Framework\u003C\u002Fa> and should be used alongwith it.\u003C\u002Fp>\n\u003Cp>It adds an option page under rtPanel Theme Options, using which, a user can write codes for various action and\u002For filter hooks supported by \u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Frtpanel\u002F\" title=\"rtPanel Theme Framework\" rel=\"nofollow ugc\">rtPanel Theme Framework\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Using this plugin a user need not edit any theme files to achieve desired functionality.\u003C\u002Fp>\n\u003Ch4>Useful Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Frtcamp.com\u002Frtpanel\u002Fplugins-list\u002Frtpanel-hooks-editor\u002F\" rel=\"nofollow ugc\">rtPanel Hooks Editor Plugin’s Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdocs.rtcamp.com\u002Frtpanel\u002Fdeveloper\u002F\" rel=\"nofollow ugc\">Hooks Reference\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fcommunity.rtcamp.com\u002Fc\u002Frtpanel\" rel=\"nofollow ugc\">Free Support Forum\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","This plugin is add-on for [rtPanel Theme Framework](https:\u002F\u002Fwordpress.org\u002Fthemes\u002Frtpanel \"rtPanel Theme Framework\") and should be used along &hellip;",10,5306,0,"","4.0.38","3.6",[18,19,20,21,22],"actions","filters","hooks","rtcamp","rtpanel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frtpanel-hooks-editor.2.5.1.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":21,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},19,118710,94,883,75,"2026-04-03T23:29:01.710Z",[36,58,77,94,110],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":24,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":16,"requires_php":14,"tags":49,"homepage":54,"download_link":55,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"facetwp-manipulator","FacetWP Manipulator","1.0.0","David Cramer","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesertsnowman\u002F","\u003Cp>FacetWP comes with many filters which gives you the power to mould it to your needs. Generally, you would code these filters into your child theme in the functions.php file. This has drawbacks, however. If you do not use a child theme or you change to a new theme, you stand to loose functionality on updates.\u003C\u002Fp>\n\u003Cp>FacetWP Manipulator allows you to add code to specific filters to manipulate functionality without hard coding it to the themes files. This means that your functionality via filters can be activated or deactivated without touching the file system.\u003C\u002Fp>\n","FacetWP Manipulator allows you to add code to specific FacetWP filters and Actions to manipulate functionality without hard coding it to the theme.",30,6111,1,"2017-01-17T23:45:00.000Z","4.7.32",[50,51,52,53],"facetwp","facetwp-actions","facetwp-filters","facetwp-hooks","https:\u002F\u002Fcramer.co.za","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffacetwp-manipulator.1.0.0.zip",85,"2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":13,"num_ratings":13,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"captain-hooks","Captain Hooks","1.0.2","David Beja","https:\u002F\u002Fprofiles.wordpress.org\u002Fdbeja\u002F","\u003Cp>Captain Hooks is a robust WordPress plugin designed to give developers an in-depth look at all the hooks available in their WordPress environment. Explore actions, filters, and shortcodes like never before!\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Comprehensive Hook Listing\u003C\u002Fstrong>: Easily list and search all hooks (actions and filters) across any theme or plugin installed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Insight\u003C\u002Fstrong>: View all shortcodes, along with their parameters.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Code Implementation Viewer\u003C\u002Fstrong>: Quickly pinpoint where the hooks and shortcodes are implemented within the code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Sample Codes\u003C\u002Fstrong>: Not sure how to use a hook? Get code samples instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Live Mode\u003C\u002Fstrong>: An advanced feature to monitor actions or filters in real-time and log all its parameters for better debugging.\u003C\u002Fli>\n\u003C\u002Ful>\n","Captain Hooks is a WordPress plugin that provides developers with a comprehensive view of all actions, filters, and shortcodes of their environment.",1396,"2025-03-10T17:17:00.000Z","6.7.5","5.7","7.2",[18,72,19,20,73],"admin","shortcodes","https:\u002F\u002Fgithub.com\u002Fdbkode\u002Fcaptain-hooks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcaptain-hooks.1.0.2.zip",92,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":24,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":14,"tags":90,"homepage":92,"download_link":93,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"prioritize-hooks","Prioritize Hooks","1.2","Jon Weatherhead","https:\u002F\u002Fprofiles.wordpress.org\u002Fjweathe\u002F","\u003Cp>Prioritize Hooks allows the overriding of the priority of various filters and actions hooked by plugins and themes.\u003Cbr \u002F>\nA list of non-core actions and filters registered before the \u003Ccode>admin_init\u003C\u002Fcode> action will be shown in the\u003Cbr \u002F>\nPrioritize Hooks settings page, with the option of overriding the priority of any that you should so wish. At the moment,\u003Cbr \u002F>\nthe hook cannot be changed, just the priority of that callback within its respective hook. Note that priorities will not\u003Cbr \u002F>\nbe overridden until the \u003Ccode>wp_loaded\u003C\u002Fcode> action is run. To disabled a hook, use hyphen(-) as the priority.\u003Cbr \u002F>\nLeave a priority blank to reset it.\u003C\u002Fp>\n","Prioritize Hooks allows the overriding of the priority of various filters and actions hooked by plugins and themes.",2383,2,"2013-12-30T06:10:00.000Z","3.7.41","3.2",[18,19,20,91],"override","http:\u002F\u002Fportfolio.planetjon.ca\u002Fprojects\u002Fprioritize-hooks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprioritize-hooks.1.2.zip",{"slug":95,"name":96,"version":80,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":11,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":108,"download_link":109,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"sectors","Sectors – Conditional Templates & Hooks","Joachim Jensen","https:\u002F\u002Fprofiles.wordpress.org\u002Fintoxstudio\u002F","\u003Cp>Sectors is a first of its kind plugin for WordPress. Create theme templates for any context on your site. Make sure select Actions or Filters are only added when certain conditions are met.\u003C\u002Fp>\n\u003Ch4>Contexts\u003C\u002Fh4>\n\u003Cp>When you add a new sector to your site, you select the content it covers. This could be:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>All posts in a select category\u003C\u002Fli>\n\u003Cli>Pages by an author\u003C\u002Fli>\n\u003Cli>Custom Post Types with a Custom Taxonomy\u003C\u002Fli>\n\u003Cli>…\u003C\u002Fli>\n\u003Cli>Any combination of above\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Sectors also comes with built in support for BuddyPress, WPML, Polylang, and more.\u003C\u002Fp>\n\u003Ch4>Templates\u003C\u002Fh4>\n\u003Cp>Sectors will look in your theme folder for the following templates:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>\u002Fsectors\u002F\u003Csector-name>.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>\u002Fsector-\u003Csector-name>.php\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If found, it will be automatically loaded for the context.\u003C\u002Fp>\n\u003Ch4>API\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Template Tags\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Check if a query is part of a given or any sector:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>is_sector(string $sector):boolean\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Get all sectors for current context:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>get_current_sectors():array\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Hooks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Sectors extends all WordPress Actions and Filters by adding a scope. This means you can add a callback to an action and make sure it’s only executed in a given context:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_sector_action(string $sector, string $tag, callable $function, int $priority = 10, int $accepted_args = 1 )\n\nadd_sector_filter(string $sector, string $tag, callable $function, int $priority = 10, int $accepted_args = 1 )\n\u003C\u002Fcode>\u003C\u002Fpre>\n","What if you could add templates, actions, and filters depending on the context?",1519,"2024-07-28T07:14:00.000Z","6.6.5","4.8","5.6",[18,107,19,20],"conditional-templates","https:\u002F\u002Fdev.institute\u002Fwordpress-sectors\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsectors.zip",{"slug":111,"name":112,"version":39,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":13,"downloaded":117,"rating":13,"num_ratings":13,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":14,"tags":121,"homepage":123,"download_link":124,"security_score":56,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":57},"action-runner","Action Runner by The Rite Sites","The Rite Sites","https:\u002F\u002Fprofiles.wordpress.org\u002Ftheritesites\u002F","\u003Cp>With the increasing popularity of blocks, developers and store owners alike have been finding some templating features missing normally available through the use of PHP and \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fhooks\u002F\" rel=\"nofollow ugc\">WordPress Hooks\u003C\u002Fa>.\u003Cbr \u002F>\nThe WordPress community is \u003Ca href=\"https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002F@wordpress\u002Fhooks\" rel=\"nofollow ugc\">hard at work\u003C\u002Fa> to create the extensibility tools and framework that exists in PHP into javascript, but some of the tools are not quite there!\u003C\u002Fp>\n\u003Cp>This plugin creates a couple new shortcodes to help bridge the gap temporarily, as well as help users\u002Fadmins with “templating” without going into your theme or plugins.\u003C\u002Fp>\n\u003Cp>The first shortcode is in relation to \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fhooks\u002Factions\u002F\" rel=\"nofollow ugc\">WordPress Actions\u003C\u002Fa> and aptly follows the parameter naming convention.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[action_runner_trs name=\"woocommerce_before_cart\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The second shortcode, in relation to \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fhooks\u002Ffilters\u002F\" rel=\"nofollow ugc\">WordPress Filters\u003C\u002Fa>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[filter_runner_trs name=\"woocommerce_shipping_estimate_html\" content=\"Shipping options will be updated during checkout.\"]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>There are serious limitations these shortcodes have to offer users. The functions do_action() and apply_filters() can have complex code attached to them, and may rely on global variables that are typically accessible on pages the Hooks have existed on.\u003Cbr \u002F>\nThe code is written in a way that even in the block editor, the shortcodes will not attempt to execute in the administrative side of your website. This is especially notable as the Block Editor attempts to render the code of a shortcode as a preview and writing in the database as post_content.\u003Cbr \u002F>\nWe recommend users to put this plugin on a staging server and do a test of the specific Hooks you would like to use on the applicable page(s) as to not break any user experiences.\u003C\u002Fp>\n\u003Cp>Originally designed to work with the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoo-gutenberg-products-block\u002F\" rel=\"ugc\">WooCommerce Blocks\u003C\u002Fa> Cart and Checkout pages, we needed to enable users to have the message that notified users can apply their \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fwoocommerce-points-and-rewards\u002F\" rel=\"nofollow ugc\">Points and Rewards\u003C\u002Fa>,\u003Cbr \u002F>\nit also works with plugins that hook into upsell actions or couponing like \u003Ca href=\"https:\u002F\u002Fwww.theritesites.com\u002Fplugins\u002Fpretty-coupons-for-woocommerce\u002F\" rel=\"nofollow ugc\">Pretty Coupons\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwoocommerce.com\u002Fproducts\u002Fsmart-coupons\u002F\" rel=\"nofollow ugc\">Smart Coupon\u003C\u002Fa>, or even your own custom action, which can be created on the fly!\u003C\u002Fp>\n\u003Cp>This plugin pairs nicely with getting custom solutions to your front end quickly for testing or quick notices on your website, especially when using a snippets plugin.\u003C\u002Fp>\n","New Blocks can often ignore action and filter hooks in php or theme templates. This plugin hopes to solve that using shortcodes!",1098,"2020-11-25T17:57:00.000Z","5.6.17","4.0",[18,19,20,122],"templating","https:\u002F\u002Fwww.theritesites.com\u002Fplugins\u002Faction-runner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Faction-runner.zip",{"attackSurface":126,"codeSignals":161,"taintFlows":185,"riskAssessment":186,"analyzedAt":198},{"hooks":127,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":13,"unprotectedCount":13},[128,134,139,143,147,150,154],{"type":129,"name":130,"callback":131,"file":132,"line":133},"action","admin_init","rtp_register_hooks","rtpanel-hooks-editor.php",25,{"type":135,"name":136,"callback":137,"file":132,"line":138},"filter","rtp_add_theme_pages","rtp_hooks",109,{"type":129,"name":140,"callback":141,"file":132,"line":142},"rtp_hooks_metaboxes","rtp_hooks_screen_options",133,{"type":129,"name":144,"callback":145,"file":132,"line":146},"load-appearance_page_rtp_hooks","rtp_theme_options_help",146,{"type":129,"name":144,"callback":148,"file":132,"line":149},"rtp_hook_help",147,{"type":129,"name":151,"callback":148,"priority":152,"file":132,"line":153},"load-appearance_page_rtp_general",11,148,{"type":129,"name":155,"callback":148,"priority":152,"file":132,"line":156},"load-appearance_page_rtp_post_comments",149,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":170,"outputEscaping":172,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":184},[163,167],{"fn":164,"file":132,"line":165,"context":166},"create_function",268,"add_action( 'rtp_' . $hook_name, create_function( '', 'echo rtp_eval_php( \"' . addslashes( stripslas",{"fn":164,"file":132,"line":168,"context":169},270,"add_action( 'rtp_hook_' . $hook_name, create_function( '', 'echo rtp_eval_php( \"' . addslashes( stri",{"prepared":13,"raw":13,"locations":171},[],{"escaped":13,"rawEcho":173,"locations":174},5,[175,178,180,181,183],{"file":132,"line":176,"context":177},196,"raw output",{"file":132,"line":179,"context":177},231,{"file":132,"line":179,"context":177},{"file":132,"line":182,"context":177},232,{"file":132,"line":182,"context":177},[],[],{"summary":187,"deductions":188},"The \"rtpanel-hooks-editor\" plugin version 2.5.1 presents a mixed security posture. On one hand, the absence of known CVEs, unpatched vulnerabilities, and a zero attack surface from common entry points like AJAX, REST API, shortcodes, and cron events are positive indicators. The fact that all SQL queries utilize prepared statements is also a significant strength, mitigating risks of SQL injection. \n\nHowever, several concerning signals emerge from the static code analysis. The presence of two instances of the deprecated and potentially dangerous `create_function` is a red flag. More critically, the finding that 100% of output handling is not properly escaped poses a significant Cross-Site Scripting (XSS) risk. While the taint analysis shows no flows with unsanitized paths, the lack of output escaping means that if any user-controlled data were to enter the application (even if not detected by the current taint analysis), it could be reflected in the output and executed by a victim's browser. The complete lack of nonce and capability checks on entry points, while there are no explicit entry points detected, means that if any were to be introduced in the future, they would be unprotected.\n\nGiven the historical lack of vulnerabilities and the minimal attack surface, the plugin might appear safe. However, the identified code signals, particularly the unescaped output and the use of `create_function`, introduce tangible risks that outweigh the current low CVE count. The potential for XSS due to unescaped output is a serious concern that requires immediate attention.",[189,192,194,196],{"reason":190,"points":191},"Unescaped output detected",6,{"reason":193,"points":173},"Use of dangerous function: create_function",{"reason":195,"points":173},"Missing nonce checks",{"reason":197,"points":173},"Missing capability checks","2026-03-16T23:19:00.578Z",{"wat":200,"direct":207},{"assetPaths":201,"generatorPatterns":202,"scriptPaths":203,"versionParams":204},[],[],[],[205,206],"rtpanel-hooks-editor\u002Frtpanel-hooks-editor.php?ver=","rtpanel-hooks-editor\u002Fcss\u002Frtpanel-hooks-editor.css?ver=",{"cssClasses":208,"htmlComments":217,"htmlAttributes":218,"restEndpoints":225,"jsGlobals":226,"shortcodeOutput":228},[209,210,211,212,213,214,215,216],"options-main-container","expand-collapse","options-container","metabox-holder","inner-sidebar","has-sidebar","has-sidebar-content","rtp_submit",[],[219,220,221,222,223,224],"name=\"rtp_hooks[","id=\"","name=\"rtp_hooks\"","id=\"rt_hooks_form\"","name=\"rtp_submit\"","name=\"rtp_reset\"",[],[227],"postboxes",[]]