[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f0Rz3r82bROEu461XmsOEbJjKALvJTeJUpxHpyw0W1yY":3,"$fOUWCDa1Yic6bh1-eaabtBpvqUIVYU-A0FWG04Jp1Ym8":155,"$f7I6wFVbleQqaTB2nc-SKw915_6oQEnXmJWtD3w0u8CU":160},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":16,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":110,"fingerprints":139},"s2-safety-functions","s2 Safety","1.9.2","Sebas2","https:\u002F\u002Fprofiles.wordpress.org\u002Fsebas2\u002F","\u003Cblockquote>\n\u003Cp>This will automatically add basic security headers to any wordpress website.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Overview\u003C\u002Fh4>\n\u003Cp>Adding security layers to your website has never been easier. Just add the plugin and activate. With this plugin you will reach a score of A+ on https:\u002F\u002Fsecurityheaders.com\u002F\u003C\u002Fp>\n\u003Ch4>Installation Instructions\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Upload \u003Ccode>s2 Safety\u003C\u002Fcode> folder to the \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>Activate the plugin through the ‘Plugins’ menu in WordPress\u003C\u002Fli>\n\u003C\u002Fol>\n","WordPress plugin to add instant security basics",10,1081,0,"2022-05-29T15:34:00.000Z","6.0.11","","5.2.17",[19,20,21,22],"referrer-policy-header-etc","x-content-type-options","x-frame-options","x-xss-protection","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fs2-safety-functions.zip",85,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":24,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"sebas2",3,40,30,84,"2026-05-20T00:16:43.829Z",[37,56,77,93],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":45,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":16,"tags":51,"homepage":16,"download_link":54,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"simple-iframe-buster","Simple Iframe Buster","1.1.1","Mikel King","https:\u002F\u002Fprofiles.wordpress.org\u002Fvizkr\u002F","\u003Cp>Provides a method of adding X-Frame-Options to the http headers for sites hosted in an environment that does not grant access to\u003Cbr \u002F>\nthe webserver config, .htaccess or lack mod_headers type facility.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sets X-Frame-Options to SAMEORIGIN\u003C\u002Fli>\n\u003Cli>Enqueue iframe blocking javascript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>This is my arbitrary section. There’s really nothing special to add because this is truly a simple plugin with no settings or configuration. Turn it on and block the iframe content thieves. Much of this can also be achieve by working with a good hosting provider. If you are board then head over to my content site \u003Ca href=\"https:\u002F\u002Fwww.jafdip.com\" rel=\"nofollow ugc\">JAFDIP\u003C\u002Fa>.\u003C\u002Fp>\n","Provides a method of setting the X-Frame-Options header to SAMEORIGIN. Also enqueues a javascript based iframe blocker.",100,6329,2,"2021-08-13T21:10:00.000Z","5.7.15","3.9",[52,53,21],"http-headers","iframe","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-iframe-buster.zip","2026-04-16T10:56:18.058Z",{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":11,"downloaded":64,"rating":45,"num_ratings":47,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":74,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"abdal-security-headers","Abdal Security Headers","5.1.3","Ebrahim Shafiei (EbraSha)","https:\u002F\u002Fprofiles.wordpress.org\u002Fprofshafiei\u002F","\u003Cp>Abdal Security Headers is a powerful WordPress plugin that enhances your website’s security through HTTP security headers. It provides an easy-to-use interface for managing security policies and protecting against common web vulnerabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Modern UI with iOS-style switches\u003C\u002Fli>\n\u003Cli>Real-time CSP Header Preview\u003C\u002Fli>\n\u003Cli>Automatic security header configuration\u003C\u002Fli>\n\u003Cli>Protection against XSS attacks\u003C\u002Fli>\n\u003Cli>Prevention of clickjacking attempts\u003C\u002Fli>\n\u003Cli>MIME-type sniffing protection\u003C\u002Fli>\n\u003Cli>Strict HTTPS enforcement\u003C\u002Fli>\n\u003Cli>Full RTL support\u003C\u002Fli>\n\u003Cli>Mobile-responsive interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security Headers Managed:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security (HSTS)\u003C\u002Fli>\n\u003Cli>Content-Security-Policy (CSP)\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Cp>This plugin is available in the following languages:\u003Cbr \u002F>\n– English (en_US)\u003Cbr \u002F>\n– Persian (fa_IR)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the \u003Cstrong>GPLv2 or later\u003C\u002Fstrong> License.\u003Cbr \u002F>\nLicense details: \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>\u003C\u002Fp>\n","Enhance WordPress security with essential HTTP security headers, protecting against XSS, clickjacking, and other common web vulnerabilities.",2950,"2025-03-13T14:27:00.000Z","6.7.5","5.0","7.2",[70,71,72,73,21],"content-security-policy","hsts","security","security-headers","https:\u002F\u002Fgithub.com\u002Febrasha\u002Fabdal-security-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabdal-security-headers.5.1.3.zip",92,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":16,"requires_php":16,"tags":88,"homepage":91,"download_link":92,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"turnupsecurity-http-headers","TurnUpSecurity HTTP Headers – Simple & Secure WordPress HTTP Headers","1.0","TurnUpHosting","https:\u002F\u002Fprofiles.wordpress.org\u002Ffergi230\u002F","\u003Cp>Thank you for downloading our plugin. TurnUpSecurity HTTP Headers plugin allows you to enable HTTP headers from the settings page.\u003C\u002Fp>\n\u003Cp>Before you install the plugin go to https:\u002F\u002Fsecurityheaders.com\u002F and scan your website’s url, if it’s already at A, then no need to install the plugin.\u003C\u002Fp>\n\u003Ch3>Installation Instructions\u003C\u002Fh3>\n\u003Cp>Download the plugin, go to Plugins area in your WordPress dashboard, select add new plugin, and upload the zip file.\u003C\u002Fp>\n\u003Cp>Activate the plugin.\u003Cbr \u002F>\nGo to settings and select TurnUpSecurity HTTP Headers, check the box to Enable HTTP Headers and click on save.\u003C\u002Fp>\n\u003Cp>Verify your HTTP Header score by going to https:\u002F\u002Fsecurityheaders.com\u002F and scanning your website’s url (refresh the page first).\u003C\u002Fp>\n\u003Cp>That’s it Enjoy :).\u003C\u002Fp>\n\u003Ch3>About Us\u003C\u002Fh3>\n\u003Cp>TurnUpHosting provides Secure and Fast WordPress Hosting and custom web developments for all. \u003Ca href=\"https:\u002F\u002Fturnuphosting.com\u002F\" rel=\"nofollow ugc\">TurnUpHosting\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Contact and Credits\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fturnuphosting.com\u002Fweb-design\u002F\" rel=\"nofollow ugc\">TurnUpHosting Dev Team\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>1.0\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds X-Frame-Options Policy\u003C\u002Fli>\n\u003Cli>Adds X-XSS-Protection Policy\u003C\u002Fli>\n\u003Cli>Adds X-Content-Type-Options Policy\u003C\u002Fli>\n\u003Cli>Adds Strict-Transport-Security Policy\u003C\u002Fli>\n\u003Cli>Adds Referrer-Policy\u003C\u002Fli>\n\u003Cli>Adds Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Adds Permissions-Policy\u003C\u002Fli>\n\u003C\u002Ful>\n","Thank you for downloading our plugin. TurnUpSecurity HTTP Headers plugin allows you to enable HTTP headers from the settings page.",5280,"2024-03-04T13:14:00.000Z","6.4.8",[89,90,22],"http-headers-protection","wordpress-http-headers-security","https:\u002F\u002Fturnupsecurityshield.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fturnupsecurity-http-headers.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":13,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":105,"tags":106,"homepage":108,"download_link":109,"security_score":45,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":55},"ruigehond-embed","Ruigehond embed","1.4.2","Joeri van Veen","https:\u002F\u002Fprofiles.wordpress.org\u002Fruigehond\u002F","\u003Cp>Plugin to embed selected urls from your site elsewhere.\u003C\u002Fp>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>Other embedding will be prohibited by default, with an \u003Ccode>X-Frame-Options\u003C\u002Fcode> header and, optionally, a \u003Ccode>Content Security Policy\u003C\u002Fcode> header.\u003Cbr \u002F>\nThis will secure your WordPress website from a number of fairly easy attacks.\u003C\u002Fp>\n\u003Cp>To make this plugin especially useful you can now allow (third party) websites to embed specific urls from your site.\u003Cbr \u002F>\nEasily reuse forms or other content from your main site on satellite sites you own, without opening up any of them to attack.\u003C\u002Fp>\n\u003Ch4>Quick setup\u003C\u002Fh4>\n\u003Cp>Activate the plugin and go to Settings -> Ruigehond embed.\u003Cbr \u002F>\nAdd a reference (e.g. \u003Ccode>general-contact-form\u003C\u002Fcode>) in the \u003Cem>title\u003C\u002Fem> field and save the settings.\u003Cbr \u002F>\nAdd a slug it should serve (e.g. \u003Ccode>\u002Fcontact-clean\u002F\u003C\u002Fcode>) in the \u003Cem>embed\u003C\u002Fem> field.\u003Cbr \u002F>\nAdd urls that may embed this, aka referrers, (e.g. \u003Ccode>https:\u002F\u002Fmy-satellite.site\u003C\u002Fcode>) in the textarea.\u003C\u002Fp>\n\u003Ch4>Embedding\u003C\u002Fh4>\n\u003Cp>Install the plugin on your satellite site. This has the added benefit of locking down that site as well.\u003C\u002Fp>\n\u003Cp>Use the simple shortcode on that site to generate an iframe with the embedded content:\u003Cbr \u002F>\n    \u003Ccode>[ruigehond-embed src=\"https:\u002F\u002Fmy-main.site\u002Fruigehond_embed\u002Fgeneral-contact-form\"]\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Watch the form magically and safely be embedded. Other sites will continue to not be able to embed your content.\u003C\u002Fp>\n\u003Cp>You can also embed using a regular iframe in html, as long as the referrer is whitelisted.\u003Cbr \u002F>\nHowever, by using the plugin and shortcode, the height of the iframe will automatically be adjusted to fit the content.\u003C\u002Fp>\n\u003Ch4>Use htaccess\u003C\u002Fh4>\n\u003Cp>This plugin adds lines (clearly marked) at the beginning of your htaccess file.\u003Cbr \u002F>\nThey need not be at the beginning, but they need to be before the WordPress lines, or any other lines that corrupt the \u003Ccode>THE_REQUEST\u003C\u002Fcode> var.\u003C\u002Fp>\n\u003Cp>This plugin needs \u003Ccode>mod_headers\u003C\u002Fcode>, \u003Ccode>mod_rewrite\u003C\u002Fcode> and \u003Ccode>mod_setenvif\u003C\u002Fcode> to be activated, but they probably already are.\u003C\u002Fp>\n\u003Ch4>Without htaccess\u003C\u002Fh4>\n\u003Cp>When the htaccess is not processed, the plugin itself works directly with the request in the php processor.\u003Cbr \u002F>\nThe CSP header is not supported in that case.\u003Cbr \u002F>\nAlso, other plugins (especially caching plugins) may already have decided on a different route and this plugin might not work.\u003C\u002Fp>\n\u003Ch4>Content Security Policy\u003C\u002Fh4>\n\u003Cp>You can switch on the \u003Ccode>Content Security Policy\u003C\u002Fcode> (or \u003Ccode>CSP\u003C\u002Fcode>) header in this plugin, which is the most modern way to tackle these issues.\u003Cbr \u002F>\nHowever, other plugins may interfere, so be sure to check whether the CSP header is to your liking in practice.\u003C\u002Fp>\n\u003Cp>This plugin will add a \u003Ccode>CSP\u003C\u002Fcode> header if none is present yet.\u003Cbr \u002F>\nBut if one is present, the \u003Ccode>frame-ancestors\u003C\u002Fcode> directive must be present in it for this plugin to work.\u003Cbr \u002F>\nIt will only set the \u003Ccode>frame-ancestors\u003C\u002Fcode> directive, none of the others (to not break your site).\u003C\u002Fp>\n","Prevent your site from being embedded. Select specific urls that may be embedded from specific origins.",1059,"2025-12-03T10:09:00.000Z","6.9.4","6.0","7.4",[107],"x-frame-options-embed-embedding-iframe-sameorigin","https:\u002F\u002Fgithub.com\u002Fjoerivanveen\u002Fruigehond-embed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fruigehond-embed.1.4.2.zip",{"attackSurface":111,"codeSignals":127,"taintFlows":134,"riskAssessment":135,"analyzedAt":138},{"hooks":112,"ajaxHandlers":123,"restRoutes":124,"shortcodes":125,"cronEvents":126,"entryPointCount":13,"unprotectedCount":13},[113,119],{"type":114,"name":115,"callback":116,"file":117,"line":118},"action","plugins_loaded","plugin_setup","s2_safety.php",14,{"type":114,"name":120,"callback":121,"file":117,"line":122},"send_headers","s2_setsafety_headers",37,[],[],[],[],{"dangerousFunctions":128,"sqlUsage":129,"outputEscaping":131,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":133},[],{"prepared":13,"raw":13,"locations":130},[],{"escaped":13,"rawEcho":13,"locations":132},[],[],[],{"summary":136,"deductions":137},"The \"s2-safety-functions\" v1.9.2 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals are overwhelmingly positive, with no dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The lack of file operations, external HTTP requests, nonce checks, and capability checks, while potentially indicating limited functionality, also means these common vectors for exploitation are not present.\n\nThe taint analysis reveals no identified flows with unsanitized paths, indicating that the plugin does not appear to improperly handle or expose data. The vulnerability history is also exceptionally clean, with zero recorded CVEs of any severity. This suggests a plugin that has either been meticulously developed with security in mind or has not been subjected to extensive security scrutiny, but in the absence of reported issues, it points towards a low risk of known exploitable vulnerabilities.\n\nIn conclusion, the \"s2-safety-functions\" plugin, based on this analysis, appears to be very secure. Its minimal attack surface and clean code signals are commendable. The lack of any historical vulnerabilities further reinforces its perceived safety. However, it's important to note that a lack of reported vulnerabilities doesn't guarantee absolute security, especially if the plugin has a very limited user base or has not undergone comprehensive security audits. Nevertheless, for the current version and based on the provided data, the risk is assessed as very low.",[],"2026-03-16T23:45:06.947Z",{"wat":140,"direct":145},{"assetPaths":141,"generatorPatterns":142,"scriptPaths":143,"versionParams":144},[],[],[],[],{"cssClasses":146,"htmlComments":147,"htmlAttributes":151,"restEndpoints":152,"jsGlobals":153,"shortcodeOutput":154},[],[148,149,150],"\u003C!-- Clickjacking is one of the malicious attacks used against people on the web. \n            Back in 2009 Microsoft came out with a new measure in IE8 to fight against clickjacking that’s \n            since been adopted by Firefox, Chrome, Safari, Opera, and others. This is through servers \n            setting a http header of X-Frame-Options and browsers following the settings. -->","\u003C!-- Will be removed -->","\u003C!-- Since 1.9.1  Feature-Policy migration to Permissions-Policy -->",[],[],[],[],{"error":156,"url":157,"statusCode":158,"statusMessage":159,"message":159},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fs2-safety-functions\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":161},[]]