[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPvfOokuidutGdDIYz2QPBf_sh85WvuA_FzStgc6bOSU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":130,"fingerprints":440},"sajjetti-audit","Sajjetti – AI Audit","1.0.0","Sajjetti","https:\u002F\u002Fprofiles.wordpress.org\u002Fsajjetti\u002F","\u003Cp>Sajjetti – AI Audit is a security-first code scanner for WordPress plugins and themes.\u003Cbr \u002F>\nIt performs static analysis of PHP, HTML, CSS, and JS files to detect vulnerabilities,\u003Cbr \u002F>\nperformance issues, and coding standard problems before they become real risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy by design\u003C\u002Fstrong>\u003Cbr \u002F>\n– Nothing runs automatically; all scans are triggered manually by the site owner.\u003Cbr \u002F>\n– Files are analyzed statically — never executed.\u003Cbr \u002F>\n– Remote analysis is disabled by default. No code leaves your site until you explicitly enable “Allow remote analysis” in Settings.\u003Cbr \u002F>\n– When enabled, selected file contents are sent securely over HTTPS to the Sajjetti API. Analysis data is temporary and discarded after results are returned.\u003Cbr \u002F>\n– Complies with WordPress.org privacy and consent guidelines.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What it helps you find\u003C\u002Fstrong>\u003Cbr \u002F>\n– Security: unescaped output, missing nonces and capability checks, unsafe file operations, risky SQL patterns, and other common vulnerabilities.\u003Cbr \u002F>\n– Performance: expensive loops, heavy queries, oversized assets, and inefficient patterns that slow down page loads.\u003Cbr \u002F>\n– Code quality and compatibility: deprecated APIs, version-specific pitfalls, and conflicts with WordPress coding standards.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Optional AI assistance\u003C\u002Fstrong>\u003Cbr \u002F>\nWhen remote analysis is enabled, the Sajjetti API provides AI-powered suggestions with context-specific recommendations.\u003Cbr \u002F>\nResults are presented with file-by-file drill-down, risk levels, and actionable insights. Human review is always recommended before making changes.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Detects vulnerabilities, warnings, and performance issues\u003C\u002Fli>\n\u003Cli>Provides optional AI-assisted analysis with actionable suggestions\u003C\u002Fli>\n\u003Cli>Offers file-by-file drill-down and detailed reports\u003C\u002Fli>\n\u003Cli>Built with a security-first design, including VIP-compliant validation and sanitization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Security Considerations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>All scans are user-initiated; nothing runs automatically.\u003C\u002Fli>\n\u003Cli>File contents are analyzed statically (never executed).\u003C\u002Fli>\n\u003Cli>REST endpoints require capability checks and nonces.\u003C\u002Fli>\n\u003Cli>All external requests use HTTPS with nonce and referer validation.\u003C\u002Fli>\n\u003Cli>Uninstall removes plugin data (options and tables) cleanly.\u003C\u002Fli>\n\u003Cli>All user-facing strings are escaped and translatable.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Pricing and API Access\u003C\u002Fh3>\n\u003Cp>The plugin includes a small allowance of free scans.\u003Cbr \u002F>\nAdditional scans require an API key, available through a paid subscription.\u003C\u002Fp>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>When you initiate a scan with remote analysis enabled, this plugin may transmit selected file contents (Base64-encoded PHP, HTML, CSS, and JS), limited file metadata (filename, relative path, size, cryptographic hash such as SHA-256), your site IP address and URL (for license validation), and your Sajjetti API username to the Sajjetti API for static analysis. No WordPress user account data, passwords, or database content is transmitted or stored. Temporary analysis data is deleted after results are returned. For details, see the included privacy.md file.\u003C\u002Fp>\n\u003Cp>Remote analysis is disabled by default. Scans cannot start until the site owner explicitly enables Allow remote analysis in Settings.\u003C\u002Fp>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the Sajjetti Hub API (https:\u002F\u002Fsajjetti.ai) to validate license status,\u003Cbr \u002F>\nmanage usage limits, upload code snippets for analysis, and fetch audit results.\u003C\u002Fp>\n\u003Cp>Data sent:\u003Cbr \u002F>\n– License key and username when validating or checking usage.\u003Cbr \u002F>\n– Website URL and IP address when validating usage.\u003Cbr \u002F>\n– Selected PHP\u002FJS\u002FCSS source files when submitting for auditing.\u003C\u002Fp>\n\u003Cp>Data returned:\u003Cbr \u002F>\n– License type and remaining file quota.\u003Cbr \u002F>\n– Audit results (security, performance, and code quality insights).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Legal & Privacy:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Terms of Service: https:\u002F\u002Fsajjetti.ai\u002Fterms-of-service\u002F\u003Cbr \u002F>\n– Privacy Policy: https:\u002F\u002Fsajjetti.ai\u002Fprivacy-policy\u002F\u003C\u002Fp>\n","AI-assisted theme and plugin scanner for security, performance, and best practices. Provides clear, actionable insights.",0,170,"2025-10-09T15:23:00.000Z","6.8.5","6.6","8.0",[18,19,20,21,22],"audit","code-analysis","performance","scanner","security","https:\u002F\u002Fsajjetti.ai\u002Faudit","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsajjetti-audit.1.0.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"sajjetti",1,30,94,"2026-04-04T15:36:30.373Z",[36,57,78,97,112],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":25,"downloaded":44,"rating":25,"num_ratings":31,"last_updated":45,"tested_up_to":46,"requires_at_least":47,"requires_php":48,"tags":49,"homepage":55,"download_link":56,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"free-php-version-info","WPLifeCycle – Free PHP Version Info & Website Manager","4.0","Funlus Oy","https:\u002F\u002Fprofiles.wordpress.org\u002Ffunlus\u002F","\u003Cp>WPLifeCycle gives WordPress admins a single dashboard to see \u003Cstrong>exactly\u003C\u002Fstrong> which PHP version a site is running, how long it will stay in active\u002Fsecurity support, and what to fix before anything breaks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cem>PHP version badge\u003C\u002Fem> with active- and security-support countdowns  \u003C\u002Fli>\n\u003Cli>\u003Cem>Multi-site monitoring\u003C\u002Fem> — push data to your free WPLifeCycle cloud account  \u003C\u002Fli>\n\u003Cli>\u003Cem>SEO audit\u003C\u002Fem> – on-page checks and scoring (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>OWASP-based security scan\u003C\u002Fem> (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Performance scan\u003C\u002Fem> (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Secure Admin Link\u003C\u002Fem> generator – creates a random, time-boxed \u002Fwp-admin URL (v 3.0+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Hooks scanner & tester\u003C\u002Fem> – lists add_action \u002F add_filter calls, flags conflicts (v 3.1+)  \u003C\u002Fli>\n\u003Cli>\u003Cem>Plugins monitor\u003C\u002Fem> – tracks version for every active plugin (v 3.1+)\u003C\u002Fli>\n\u003Cli>\u003Cem>Admin user Log monitor\u003C\u002Fem> – tracks all admin visits (v 3.2+)\u003C\u002Fli>\n\u003Cli>Core, theme, and plugin updater – manage and trigger updates directly via WPLifeCycle (v3.3+)\u003C\u002Fli>\n\u003Cli>Improved API interface – faster and more reliable data sync between your site and WPLifeCycle.com (v3.3+)\u003C\u002Fli>\n\u003Cli>One-Click Auto Updates for WordPress Core, Plugins, and Themes (v 4.0+)\u003C\u002Fli>\n\u003Cli>Dashboard improvements and enhanced access control (v 4.0+)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Built for real-world workflows: minimal setup, async scans that respect server load, and .po\u002F.mo files for quick translation.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Open \u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> WPLifeCycle\u003C\u002Fstrong> to view PHP version details and run scans.  \u003C\u002Fli>\n\u003Cli>Click \u003Cstrong>Generate Secure Admin Link\u003C\u002Fstrong> to create a one-off login URL.  \u003C\u002Fli>\n\u003Cli>Use the \u003Cstrong>Send to API\u003C\u002Fstrong> toggle if you want this site monitored centrally.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Video\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FuDcyZEi3-Kg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n","This plugin shows your current PHP version, its lifecycle security support days, and can send version data to the WPLifeCycle for proactive planning.",2803,"2026-02-23T10:30:00.000Z","6.9.4","5.0","5.5",[50,51,52,53,54],"performance-scanner","php-version","security-scanner","version-management","wplifecycle","http:\u002F\u002Fwww.wplifecycle.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffree-php-version-info.zip",{"slug":58,"name":59,"version":60,"author":61,"author_profile":62,"description":63,"short_description":64,"active_installs":65,"downloaded":66,"rating":25,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":75,"download_link":76,"security_score":77,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-scanner","WP Scanner – Performance and Security","1.0.2","A5hleyRich","https:\u002F\u002Fprofiles.wordpress.org\u002Fa5hleyrich\u002F","\u003Cp>Monitor your site’s load time, performance and security using \u003Ca href=\"https:\u002F\u002Fwpscanner.io\" rel=\"nofollow ugc\">WP Scanner\u003C\u002Fa>. Gain an insight into how quickly your site loads for visitors over time and receive suggestions on how to improve performance. Ensure your site is secure by monitoring file changes, permissions, server headers and other security concerns.\u003C\u002Fp>\n\u003Ch4>Metrics\u003C\u002Fh4>\n\u003Cp>View important metrics about your WordPress install, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Load time\u003C\u002Fli>\n\u003Cli>WordPress version\u003C\u002Fli>\n\u003Cli>PHP version\u003C\u002Fli>\n\u003Cli>Plugin updates\u003C\u002Fli>\n\u003Cli>Content breakdown\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Performance\u003C\u002Fh4>\n\u003Cp>The following performance rules are checked when scanning your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use PHP 7 or HHVM\u003C\u002Fli>\n\u003Cli>Enable object caching\u003C\u002Fli>\n\u003Cli>Minimize HTTP Requests\u003C\u002Fli>\n\u003Cli>Use a Content Delivery Network\u003C\u002Fli>\n\u003Cli>Avoid empty src or href\u003C\u002Fli>\n\u003Cli>Add an Expires or a Cache-Control Header\u003C\u002Fli>\n\u003Cli>Gzip Components\u003C\u002Fli>\n\u003Cli>Put StyleSheets at the Top\u003C\u002Fli>\n\u003Cli>Put Scripts at the Bottom\u003C\u002Fli>\n\u003Cli>Avoid CSS Expressions\u003C\u002Fli>\n\u003Cli>Make JavaScript and CSS External\u003C\u002Fli>\n\u003Cli>Reduce DNS Lookups\u003C\u002Fli>\n\u003Cli>Minify JavaScript and CSS\u003C\u002Fli>\n\u003Cli>Avoid Redirects\u003C\u002Fli>\n\u003Cli>Remove Duplicate Scripts\u003C\u002Fli>\n\u003Cli>Configure ETags\u003C\u002Fli>\n\u003Cli>Make AJAX Cacheable\u003C\u002Fli>\n\u003Cli>Use GET for AJAX Requests\u003C\u002Fli>\n\u003Cli>Reduce the Number of DOM Elements\u003C\u002Fli>\n\u003Cli>No 404s\u003C\u002Fli>\n\u003Cli>Reduce Cookie Size\u003C\u002Fli>\n\u003Cli>Use Cookie-Free Domains for Components\u003C\u002Fli>\n\u003Cli>Avoid Filters\u003C\u002Fli>\n\u003Cli>Do Not Scale Images in HTML\u003C\u002Fli>\n\u003Cli>Make favicon.ico Small and Cacheable\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security\u003C\u002Fh4>\n\u003Cp>The following security rules are checked when scanning your site:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Verify WordPress Core Files\u003C\u002Fli>\n\u003Cli>Verify Directory and File Permissions\u003C\u002Fli>\n\u003Cli>Serve Site Over HTTPS\u003C\u002Fli>\n\u003Cli>Keep Plugins Updated\u003C\u002Fli>\n\u003Cli>Keep WordPress Updated\u003C\u002Fli>\n\u003Cli>Keep PHP Updated\u003C\u002Fli>\n\u003Cli>Disable Debug Display\u003C\u002Fli>\n\u003Cli>Disable File Editing\u003C\u002Fli>\n\u003Cli>Remove Accounts with “Admin” Username\u003C\u002Fli>\n\u003Cli>Change the Default Table Prefix\u003C\u002Fli>\n\u003Cli>Configure Public-Key-Pins Header\u003C\u002Fli>\n\u003Cli>Configure Content Security Policy Header\u003C\u002Fli>\n\u003Cli>Configure X-Frame-Options Header\u003C\u002Fli>\n\u003Cli>Configure X-Content-Type-Options Header\u003C\u002Fli>\n\u003Cli>Configure X-Xss-Protection Header\u003C\u002Fli>\n\u003Cli>Configure Strict-Transport-Security Header\u003C\u002Fli>\n\u003Cli>Disable Server Header\u003C\u002Fli>\n\u003Cli>Disable X-Powered-By Header\u003C\u002Fli>\n\u003C\u002Ful>\n","Scan your WordPress site and receive recommendations on how to improve load time, performance and security.",50,10283,2,"2016-05-29T22:07:00.000Z","4.5.33","3.5","",[20,73,21,74,22],"scan","scanning","https:\u002F\u002Fwpscanner.io","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-scanner.1.0.2.zip",85,{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":25,"num_ratings":88,"last_updated":89,"tested_up_to":46,"requires_at_least":90,"requires_php":91,"tags":92,"homepage":95,"download_link":96,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"site-checker-all-in-one-qa-testing","Site Checker: All-in-One QA Testing, Speed, Link & Security Audit","1.2","Genetech Products","https:\u002F\u002Fprofiles.wordpress.org\u002Fgenetechproducts\u002F","\u003Cp>Welcome! And say hello to WP Site Checker, every web developer’s one-stop toolbox for all your testing and building needs.\u003Cbr \u002F>\nTired of having to install a plethora of different plugins to check your website’s page speed, WordPress Compatibility, Security, and more? Well look no further!\u003C\u002Fp>\n\u003Cp>WP Site Checker, a tool made by Web Developers, for Web Developers, has all the tools you need to not only help you speed through development in the initial stages, but keep up maintenance and site pace like it is nobody’s business.\u003C\u002Fp>\n\u003Cp>So, what exactly does WP Site Checker offer? Well, our services are separated into 3 major functions;\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>WP Related Checks:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>“WordPress Related Checks” are the checks your website will run through pertaining to the general health of the WordPress Engine for your website. It’s checks include;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Checking for any WP plugin or theme updates\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Checking your overall website content and caching health\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Identifying how Search Engine Crawlers are interacting with your website\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>WP Security Checks:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>“WordPress Security Checks” are the checks your website will run through in regards to the overall security of the site. This includes;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Identifying the Admin User ID and Admin URL, whether they are secure or the user in question has the right credentials\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The installation status for the recommended WP security plugins, whether or not they have been enabled\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The password strength of admin\u002Fuser credentials and how vulnerable they are to be compromised\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>General Checks:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>“A series of general checks that your website will go through, relating to outside factors as separate from WordPress functions and checks. These checks are meant for a variety of factors from optimization to security;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Redirection from Http to Https, ensuring the privacy of user information and basic security protocols\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Page Speed reporting, leading you to problem points in your website that may be causing it to lag or slow down on a number of devices\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>SSL rating is a general check that  makes sure your site’s SSL certificate is up to date, providing you with its current condition and grade\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Youtube Suggested is simply a toggle that allows you to switch between the use of channel-specific, or genre-specific Youtube videos populating your website\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>The accessibility report will provide you with a detailed report of the accessibility of any given page on your website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Broken Links ( \u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Available in Premium\u003C\u002Fa> )\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Word Search ( \u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Available in Premium\u003C\u002Fa> )\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>404 Page Checker ( \u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Available in Premium\u003C\u002Fa> )\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>External & Internal Links ( \u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Available in Premium\u003C\u002Fa> )\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Responsive Test ( \u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Available in Premium\u003C\u002Fa> )\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Headings ( \u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Available in Premium\u003C\u002Fa> )\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Spell & Grammar Check ( \u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fpricing\u002F\" rel=\"nofollow ugc\">Available in Premium\u003C\u002Fa> )\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Automation:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>“The “Automation” feature within WP Site Checker allows you to run the checks automatically. Once you’ve navigated to the function, you can add an email address, select a frequency and select the checks you want to run automatically. Once the process is run, “Automation” will send you a report based on the frequency you have set for all the selected checks on your email.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>You can find detailed usage instructions, setup steps, and feature documentation at:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwpsitechecker.com\u002Fdocumentation\u002F\" rel=\"nofollow ugc\">Site Checker Documentation\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin connects to the following third-party services:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Google PageSpeed Insights API\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to analyze website performance metrics and provide optimization suggestions.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> The URL of the page being tested.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When Sent:\u003C\u002Fstrong> When you run a site speed test from within the plugin dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Provider:\u003C\u002Fstrong> Google LLC  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fterms\" rel=\"nofollow ugc\">Google Terms of Service\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">Google Privacy Policy\u003C\u002Fa>  \u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Qualys SSL Labs API\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Purpose:\u003C\u002Fstrong> Used to analyze the SSL\u002FTLS configuration of your website and provide a security grade.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Sent:\u003C\u002Fstrong> Your website’s domain name.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>When Sent:\u003C\u002Fstrong> When you check your SSL rating from within the plugin dashboard.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service Provider:\u003C\u002Fstrong> Qualys, Inc.  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of Service:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.ssllabs.com\u002Fabout\u002Fterms.html\" rel=\"nofollow ugc\">Qualys Terms of Service\u003C\u002Fa>  \u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy Policy:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.qualys.com\u002Fcompany\u002Fprivacy\u002F\" rel=\"nofollow ugc\">Qualys Privacy Policy\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Source Code\u003C\u002Fh3>\n\u003Cp>This plugin includes minified JavaScript files for download pdf reports. The non-minified source code for these files is available as follows:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>pdfobject.min.js\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The non-minified source code for PDFObject is available at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpipwerks\u002FPDFObject\" rel=\"nofollow ugc\">PDFObject on GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>jspdf.min.js\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The non-minified source code for jsPDF is available at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fparallax\u002FjsPDF\" rel=\"nofollow ugc\">jsPDF on GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>html2canvas.min.js\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The non-minified source code for html2canvas is available at \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fniklasvh\u002Fhtml2canvas\" rel=\"nofollow ugc\">html2canvas on GitHub\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","Scan, spot, and solve WordPress issues in seconds with Site Checker.",20,722,4,"2026-02-12T13:26:00.000Z","6.0","7.4",[20,22,93,94],"seo","site-audit","https:\u002F\u002Fwpsitechecker.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsite-checker-all-in-one-qa-testing.1.2.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":11,"num_ratings":11,"last_updated":106,"tested_up_to":46,"requires_at_least":90,"requires_php":91,"tags":107,"homepage":71,"download_link":111,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"resilience-compliance-manager","Resilience Compliance Manager","1.2.12","bean1352","https:\u002F\u002Fprofiles.wordpress.org\u002Fbean1352\u002F","\u003Cp>If you sell a WordPress plugin or theme to anyone in the EU, the EU Cyber Resilience Act (Regulation 2024\u002F2847) applies to you. It does not matter where you are based or whether your product is free. Agencies distributing custom plugins or themes to EU clients are also in scope.\u003C\u002Fp>\n\u003Cp>From September 11, 2026, you need a documented vulnerability reporting process, the required security documents, and a way to monitor your products for known vulnerabilities. ResilienceWP is built for WordPress developers — plugin developers, theme developers, and agencies — to cover all of that in one place.\u003C\u002Fp>\n\u003Cp>Non-compliance carries fines up to EUR 15 million or 2.5% of global annual turnover. Authorities can also force non-compliant products off the EU market.\u003C\u002Fp>\n\u003Cp>The free plan covers the paperwork side of compliance: checklist, five document templates, and the CRA education guide. Paid plans add automated vulnerability scanning, email alerts, the Incident Center for ENISA notification management, and downloadable compliance reports, all directly inside your WordPress admin. Pro plans also include webhook integrations for CI\u002FCD pipelines and external tools — get real-time notifications when scans complete or vulnerabilities are found.\u003C\u002Fp>\n\u003Cp>For pricing, documentation, and more details visit \u003Ca href=\"https:\u002F\u002Fwww.resiliencewp.com\" rel=\"nofollow ugc\">resiliencewp.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Compliance Checklist (Free)\u003C\u002Fh4>\n\u003Cp>26 actionable items, each mapped to a specific CRA article. Five categories cover everything the regulation requires:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Risk Assessment: documenting threats, attack surfaces, and mitigations\u003C\u002Fli>\n\u003Cli>Secure Development: secure defaults, no known exploitable vulnerabilities at release\u003C\u002Fli>\n\u003Cli>Vulnerability Handling: disclosure policy, coordinated reporting, user notification\u003C\u002Fli>\n\u003Cli>Required Documentation: SBOM, Declaration of Conformity, technical file\u003C\u002Fli>\n\u003Cli>Post-Market Obligations: ongoing monitoring, security updates, end-of-life policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Every item has a plain-English explanation of what it means and why it matters. Check items off as you complete them. Progress saves automatically.\u003C\u002Fp>\n\u003Ch4>Document Generator (Free)\u003C\u002Fh4>\n\u003Cp>Generate the five documents the CRA requires before you can legally place a product on the EU market:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Vulnerability Disclosure Policy (Article 13(6)): your public process for receiving and handling security reports from researchers\u003C\u002Fli>\n\u003Cli>Incident Response Plan: your internal procedure when a vulnerability is discovered or actively exploited\u003C\u002Fli>\n\u003Cli>EU Declaration of Conformity: the formal self-declaration that your product meets CRA essential requirements\u003C\u002Fli>\n\u003Cli>Software Bill of Materials (SBOM) (Article 13): a structured inventory of your plugin’s components, dependencies, and third-party libraries\u003C\u002Fli>\n\u003Cli>security.txt: the machine-readable contact file security researchers use to reach you, placed at \u002F.well-known\u002Fsecurity.txt\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fill in your plugin name, contact details, and a few specifics. Download in text or markdown format. No starting from scratch, no lawyer needed for the first draft.\u003C\u002Fp>\n\u003Ch4>CRA Education Centre (Free)\u003C\u002Fh4>\n\u003Cp>An article-by-article breakdown of Regulation (EU) 2024\u002F2847, written for developers rather than legal teams. Understand what each obligation actually requires: what counts as “active exploitation,” what an SBOM needs to contain, what the 24-hour reporting window really means.\u003C\u002Fp>\n\u003Ch4>Vulnerability Scanner (Basic and Pro)\u003C\u002Fh4>\n\u003Cp>Connect your account to ResilienceWP and it monitors your plugins against the WPScan vulnerability database on a regular schedule. Weekly on Basic, daily on Pro.\u003C\u002Fp>\n\u003Cp>You can monitor any plugin by its WordPress.org slug, not just the plugins currently installed on your site. If your plugin depends on WooCommerce, ACF, or any other third-party plugin, you can add those slugs directly and track vulnerabilities in your dependencies. Plugins can also be added directly from your installed plugins list.\u003C\u002Fp>\n\u003Cp>The moment a new vulnerability is found, you get an email with the severity rating, CVE ID, affected version range, and fix version if one is available. Back in your WordPress admin, vulnerabilities are grouped by plugin and sorted by date discovered, so you can see at a glance which plugins have open issues and how old they are.\u003C\u002Fp>\n\u003Cp>Each vulnerability card shows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Severity (Critical \u002F High \u002F Medium \u002F Low \u002F Info) with colour coding\u003C\u002Fli>\n\u003Cli>CVE identifier linked directly to the NVD entry\u003C\u002Fli>\n\u003Cli>The fix version (or “no fix available yet”)\u003C\u002Fli>\n\u003Cli>An action hint: whether to update, acknowledge, or open an incident\u003C\u002Fli>\n\u003Cli>A button to report the incident directly to the Incident Center\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Status tracking lets you mark vulnerabilities as Open, Acknowledged, In Progress, Resolved, or False Positive. Export the full vulnerability list as CSV for your compliance records.\u003C\u002Fp>\n\u003Ch4>Incident Center (Basic and Pro)\u003C\u002Fh4>\n\u003Cp>When a vulnerability in your plugin is being actively exploited, the CRA requires you to notify ENISA within 24 hours. The Incident Center tracks that deadline from the moment you log first awareness and guides you through the complete regulatory workflow.\u003C\u002Fp>\n\u003Cp>Creating a new incident logs the discovery timestamp and starts all three countdown timers simultaneously:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Early Warning: due within 24 hours of first awareness\u003C\u002Fli>\n\u003Cli>Vulnerability Notification: due within 72 hours, with full technical details\u003C\u002Fli>\n\u003Cli>Final Report: due within 14 days, including root cause and remediation steps\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The case view shows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Live countdown timers for each notification deadline, turning amber at 6 hours and red when overdue\u003C\u002Fli>\n\u003Cli>A completeness score on your incident report so you know exactly what information is still missing\u003C\u002Fli>\n\u003Cli>A “Where to Submit” section with direct links to ENISA’s reporting portal, the EU CSIRT network directory, and the CVE Programme at MITRE\u003C\u002Fli>\n\u003Cli>A full audit log recording every action taken, every field updated, and every notification submitted\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On Pro, you can export the full incident case including all notifications and the complete audit log, formatted for submission to regulators or for your compliance archive.\u003C\u002Fp>\n\u003Ch4>Dashboard and Compliance Score\u003C\u002Fh4>\n\u003Cp>The dashboard gives you a live compliance score (0-100) with a transparent breakdown:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>-15 points per open critical vulnerability\u003C\u002Fli>\n\u003Cli>-7 points per open high vulnerability\u003C\u002Fli>\n\u003Cli>-3 points per open medium vulnerability\u003C\u002Fli>\n\u003Cli>-20 points per overdue incident (past the 24-hour ENISA deadline)\u003C\u002Fli>\n\u003Cli>-5 points per active open incident\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It is not a vanity metric. It is a working indicator of where you stand against your CRA obligations at any point in time, with the exact deductions shown so you know what to fix first.\u003C\u002Fp>\n\u003Ch4>Compliance Reports and SBOM Export (Basic and Pro)\u003C\u002Fh4>\n\u003Cp>Generate a PDF compliance report for auditors or regulators covering your vulnerability history, resolution timeline, and document status. Export your Software Bill of Materials in standard format, as required by CRA Article 13.\u003C\u002Fp>\n\u003Ch4>Webhook Integrations (Pro)\u003C\u002Fh4>\n\u003Cp>Connect ResilienceWP to your CI\u002FCD pipeline, Slack, or any external tool with webhook callbacks. Configure webhook endpoints in Settings and receive real-time HTTP POST notifications with HMAC-SHA256 signed payloads when:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A scheduled or manual scan completes\u003C\u002Fli>\n\u003Cli>A new vulnerability is found in one of your monitored plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Each webhook delivery is logged with status codes and response data, so you can debug integration issues directly from your WordPress admin. Manage up to 5 webhook endpoints per account, toggle them on and off, and filter by event type.\u003C\u002Fp>\n\u003Ch4>Who needs to comply\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Commercial plugin developers: selling to EU customers through any channel (your site, Envato, direct) makes you the manufacturer under the CRA\u003C\u002Fli>\n\u003Cli>WordPress agencies: distributing custom-built plugins to EU clients, even for a single client, counts as placing a product on the market\u003C\u002Fli>\n\u003Cli>Freemium developers: having a free version does not exempt you; any commercial activity tied to the product brings you in scope\u003C\u002Fli>\n\u003Cli>Theme developers: themes with shortcodes, API integrations, or custom post types may qualify as “products with digital elements”\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key dates\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>10 December 2024: CRA entered into force. Transition period began.\u003C\u002Fli>\n\u003Cli>11 September 2026: Vulnerability and incident reporting obligations apply.\u003C\u002Fli>\n\u003Cli>11 December 2027: Full CRA application. All requirements in effect.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Source Code\u003C\u002Fh4>\n\u003Cp>The admin dashboard is built with React and compiled using Vite. The uncompiled source is included in the plugin ZIP under admin\u002Fsrc\u002F. To rebuild from source:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install Node.js 20+ and pnpm 10+\u003C\u002Fli>\n\u003Cli>Run \u003Ccode>pnpm install\u003C\u002Fcode> in the plugin directory\u003C\u002Fli>\n\u003Cli>Run \u003Ccode>pnpm build\u003C\u002Fcode> to recompile the admin dashboard\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>External Services\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>ResilienceWP API\u003C\u002Fstrong> (https:\u002F\u002Fapi.resiliencewp.com)\u003Cbr \u002F>\nUsed for API key verification, vulnerability scanning, incident management, and report generation. Data sent: API key, WordPress site URL, plugin slugs and versions.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.resiliencewp.com\u002Fterms\" rel=\"nofollow ugc\">Terms of Service\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.resiliencewp.com\u002Fprivacy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WPScan\u003C\u002Fstrong> (via ResilienceWP API)\u003Cbr \u002F>\nPlugin vulnerability data is sourced from the WPScan database. Plugin slugs are sent through the ResilienceWP API. No personal data is sent from your WordPress installation directly to WPScan.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fterms\" rel=\"nofollow ugc\">WPScan Terms\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwpscan.com\u002Fprivacy\" rel=\"nofollow ugc\">WPScan Privacy Policy\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Paddle\u003C\u002Fstrong> (payments)\u003Cbr \u002F>\nSubscription payments are processed by Paddle as merchant of record. Payment data is handled entirely by Paddle and never passes through our servers.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.paddle.com\u002Flegal\u002Fterms\" rel=\"nofollow ugc\">Paddle Terms\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fwww.paddle.com\u002Flegal\u002Fprivacy\" rel=\"nofollow ugc\">Paddle Privacy\u003C\u002Fa>\u003C\u002Fp>\n","CRA compliance for WordPress developers. Checklist, document generator, vulnerability scanner, and incident reporting for the 2026 EU deadline.",567,"2026-03-11T17:21:00.000Z",[18,108,109,22,110],"compliance","gdpr","vulnerability-scanner","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fresilience-compliance-manager.1.2.12.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":11,"downloaded":120,"rating":25,"num_ratings":31,"last_updated":121,"tested_up_to":122,"requires_at_least":47,"requires_php":123,"tags":124,"homepage":127,"download_link":128,"security_score":129,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"the-code-registry-code-backup-intelligence","The Code Registry – Code Backup & Intelligence","1.0.9","thecoderegistry","https:\u002F\u002Fprofiles.wordpress.org\u002Fthecoderegistry\u002F","\u003Cp>The Code Registry – Code Backup & Intelligence plugin connects your WordPress site to our code intelligence and analysis service. It securely replicates your site’s code for analysis, providing insights on code complexity, security vulnerabilities, third-party components, licensing issues, and code quality.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Secure code replication for analysis\u003C\u002Fli>\n\u003Cli>Code complexity assessment\u003C\u002Fli>\n\u003Cli>Security vulnerability detection\u003C\u002Fli>\n\u003Cli>Third-party component identification\u003C\u002Fli>\n\u003Cli>License compliance checking\u003C\u002Fli>\n\u003Cli>Code quality evaluation\u003C\u002Fli>\n\u003Cli>Integration with The Code Registry’s web application for advanced features\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>The plugin securely backs up and replicates your site’s code.\u003C\u002Fli>\n\u003Cli>Our service analyzes the code for any issues and generates AI-powered insights.\u003C\u002Fli>\n\u003Cli>Results are displayed in your WordPress admin dashboard.\u003C\u002Fli>\n\u003Cli>Detailed reports are available in the dashboard and as downloadable PDFs.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Free vs. Paid Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The plugin and code analysis features are free to use indefinitely.\u003C\u002Fli>\n\u003Cli>All features are available during a 14-day evaluation period.\u003C\u002Fli>\n\u003Cli>Some advanced features are only accessible through our main web app which you will have access to.\u003C\u002Fli>\n\u003Cli>Automated monthly code re-analysis works during your trial and then requires a paid subscription.\u003C\u002Fli>\n\u003Cli>Existing data and basic features remain accessible after the evaluation period.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Internationalization\u003C\u002Fh3>\n\u003Cp>This plugin is internationalized and uses the text domain the-code-registry-code-backup-intelligence. If you’re interested in translating the plugin to your language, you can use this text domain with the WordPress translation tools.\u003C\u002Fp>\n\u003Cp>To generate a POT file for translations, you can use the following WP-CLI command:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>wp i18n make-pot . languages\u002Fthe-code-registry-code-backup-intelligence.pot --domain=the-code-registry-code-backup-intelligence\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Please ensure that all translatable strings in the plugin use this text domain for proper internationalization.\u003C\u002Fp>\n\u003Ch3>Source Code and Build Process\u003C\u002Fh3>\n\u003Cp>This plugin uses npm and webpack to compile and minify its JavaScript and CSS files. The compiled files are located in the admin\u002Fjs\u002Fdist and admin\u002Fcss\u002Fdist directories.\u003C\u002Fp>\n\u003Cp>For developers interested in reviewing or contributing to the source code:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>The uncompiled source files are located in the src directory.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>To set up the development environment:\u003C\u002Fp>\n\u003Cp>npm install\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>To build the project:\u003C\u002Fp>\n\u003Cp>npm run build\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>To watch for changes and rebuild automatically:\u003C\u002Fp>\n\u003Cp>npm run watch\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The build process uses Vite for bundling and optimization. The configuration can be found in vite.config.js.\u003C\u002Fp>\n\u003Cp>We welcome contributions and encourage developers to review and adapt our code to push WordPress development forward.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin securely transmits your site’s code to The Code Registry’s servers for analysis. We do not store your complete codebase after analysis. For full details on how we handle your data, please view our \u003Ca href=\"https:\u002F\u002Fthecoderegistry.com\u002Fprivacy-policy\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cp>For more information about our services, please visit \u003Ca href=\"https:\u002F\u002Fthecoderegistry.com\" rel=\"nofollow ugc\">The Code Registry\u003C\u002Fa>.\u003C\u002Fp>\n","Backup your code and analyze security vulnerabilities, third-party component usage, licensing issues, code quality and more with The Code Registry.",1121,"2024-09-17T11:54:00.000Z","6.6.5","7.2",[19,125,20,22,126],"code-quality","vulnerabilities","https:\u002F\u002Fthecoderegistry.com\u002Fhow-it-works\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fthe-code-registry-code-backup-intelligence.1.0.9.zip",92,{"attackSurface":131,"codeSignals":137,"taintFlows":427,"riskAssessment":428,"analyzedAt":439},{"hooks":132,"ajaxHandlers":133,"restRoutes":134,"shortcodes":135,"cronEvents":136,"entryPointCount":11,"unprotectedCount":11},[],[],[],[],[],{"dangerousFunctions":138,"sqlUsage":139,"outputEscaping":148,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":426},[],{"prepared":140,"raw":67,"locations":141},76,[142,146],{"file":143,"line":144,"context":145},"includes\\Db\\Uninstaller.php",233,"$wpdb->query() with variable interpolation",{"file":143,"line":147,"context":145},249,{"escaped":149,"rawEcho":150,"locations":151},5,135,[152,156,159,161,163,165,167,169,171,173,175,177,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207,209,211,213,215,217,219,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,273,275,277,279,281,283,285,287,289,291,293,295,297,299,301,303,305,307,309,311,313,315,317,319,321,323,325,327,329,331,333,335,337,339,341,343,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,423],{"file":153,"line":154,"context":155},"includes\\Helper\\Messages.php",112,"raw output",{"file":157,"line":158,"context":155},"includes\\Pages\\NewScan.php",121,{"file":157,"line":160,"context":155},274,{"file":157,"line":162,"context":155},279,{"file":157,"line":164,"context":155},284,{"file":157,"line":166,"context":155},291,{"file":157,"line":168,"context":155},292,{"file":157,"line":170,"context":155},299,{"file":157,"line":172,"context":155},372,{"file":157,"line":174,"context":155},377,{"file":157,"line":176,"context":155},378,{"file":157,"line":178,"context":155},383,{"file":157,"line":180,"context":155},392,{"file":157,"line":182,"context":155},402,{"file":157,"line":184,"context":155},410,{"file":157,"line":186,"context":155},474,{"file":157,"line":188,"context":155},478,{"file":157,"line":190,"context":155},479,{"file":157,"line":192,"context":155},483,{"file":157,"line":194,"context":155},485,{"file":157,"line":196,"context":155},488,{"file":157,"line":198,"context":155},491,{"file":157,"line":200,"context":155},552,{"file":157,"line":202,"context":155},556,{"file":157,"line":204,"context":155},557,{"file":157,"line":206,"context":155},561,{"file":157,"line":208,"context":155},627,{"file":157,"line":210,"context":155},630,{"file":157,"line":212,"context":155},631,{"file":157,"line":214,"context":155},634,{"file":157,"line":216,"context":155},637,{"file":157,"line":218,"context":155},664,{"file":220,"line":221,"context":155},"includes\\Pages\\ScanHistory.php",234,{"file":220,"line":223,"context":155},238,{"file":220,"line":225,"context":155},239,{"file":220,"line":227,"context":155},240,{"file":220,"line":229,"context":155},241,{"file":220,"line":231,"context":155},242,{"file":220,"line":233,"context":155},243,{"file":220,"line":235,"context":155},244,{"file":220,"line":237,"context":155},245,{"file":220,"line":239,"context":155},246,{"file":220,"line":241,"context":155},247,{"file":220,"line":243,"context":155},248,{"file":220,"line":245,"context":155},326,{"file":220,"line":247,"context":155},327,{"file":220,"line":249,"context":155},328,{"file":220,"line":251,"context":155},329,{"file":220,"line":253,"context":155},330,{"file":220,"line":255,"context":155},331,{"file":220,"line":257,"context":155},332,{"file":220,"line":259,"context":155},333,{"file":220,"line":261,"context":155},334,{"file":220,"line":263,"context":155},335,{"file":220,"line":265,"context":155},336,{"file":220,"line":267,"context":155},340,{"file":220,"line":269,"context":155},349,{"file":220,"line":271,"context":155},361,{"file":220,"line":182,"context":155},{"file":220,"line":274,"context":155},403,{"file":220,"line":276,"context":155},420,{"file":220,"line":278,"context":155},421,{"file":220,"line":280,"context":155},425,{"file":220,"line":282,"context":155},426,{"file":220,"line":284,"context":155},430,{"file":220,"line":286,"context":155},431,{"file":220,"line":288,"context":155},435,{"file":220,"line":290,"context":155},436,{"file":220,"line":292,"context":155},440,{"file":220,"line":294,"context":155},454,{"file":220,"line":296,"context":155},460,{"file":220,"line":298,"context":155},461,{"file":220,"line":300,"context":155},462,{"file":220,"line":302,"context":155},463,{"file":220,"line":304,"context":155},464,{"file":220,"line":306,"context":155},507,{"file":220,"line":308,"context":155},508,{"file":220,"line":310,"context":155},512,{"file":220,"line":312,"context":155},516,{"file":220,"line":314,"context":155},525,{"file":220,"line":316,"context":155},537,{"file":220,"line":318,"context":155},541,{"file":220,"line":320,"context":155},590,{"file":220,"line":322,"context":155},598,{"file":220,"line":324,"context":155},604,{"file":220,"line":326,"context":155},606,{"file":220,"line":328,"context":155},611,{"file":220,"line":330,"context":155},613,{"file":220,"line":332,"context":155},646,{"file":220,"line":334,"context":155},647,{"file":220,"line":336,"context":155},652,{"file":220,"line":338,"context":155},653,{"file":220,"line":340,"context":155},658,{"file":220,"line":342,"context":155},659,{"file":220,"line":218,"context":155},{"file":220,"line":345,"context":155},665,{"file":220,"line":347,"context":155},670,{"file":220,"line":349,"context":155},671,{"file":220,"line":351,"context":155},676,{"file":220,"line":353,"context":155},677,{"file":220,"line":355,"context":155},682,{"file":220,"line":357,"context":155},683,{"file":220,"line":359,"context":155},688,{"file":220,"line":361,"context":155},689,{"file":220,"line":363,"context":155},694,{"file":220,"line":365,"context":155},695,{"file":220,"line":367,"context":155},700,{"file":220,"line":369,"context":155},701,{"file":220,"line":371,"context":155},718,{"file":220,"line":373,"context":155},726,{"file":220,"line":375,"context":155},730,{"file":220,"line":377,"context":155},732,{"file":220,"line":379,"context":155},733,{"file":220,"line":381,"context":155},734,{"file":220,"line":383,"context":155},737,{"file":220,"line":385,"context":155},770,{"file":220,"line":387,"context":155},772,{"file":220,"line":389,"context":155},775,{"file":220,"line":391,"context":155},778,{"file":220,"line":393,"context":155},779,{"file":220,"line":395,"context":155},780,{"file":220,"line":397,"context":155},783,{"file":220,"line":399,"context":155},787,{"file":220,"line":401,"context":155},788,{"file":220,"line":403,"context":155},801,{"file":220,"line":405,"context":155},803,{"file":220,"line":407,"context":155},813,{"file":220,"line":409,"context":155},816,{"file":220,"line":411,"context":155},817,{"file":220,"line":413,"context":155},830,{"file":220,"line":415,"context":155},831,{"file":220,"line":417,"context":155},837,{"file":220,"line":419,"context":155},840,{"file":421,"line":422,"context":155},"includes\\Pages\\Settings.php",198,{"file":424,"line":425,"context":155},"sajjetti-audit.php",58,[],[],{"summary":429,"deductions":430},"The sajjetti-audit v1.0.0 plugin presents a mixed security picture. On the positive side, the plugin boasts a remarkably small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, the static analysis shows no critical or high severity taint flows, a clean history of known CVEs, and a strong adherence to using prepared statements for SQL queries.  This indicates a generally well-developed plugin with good awareness of common web vulnerabilities.\n\nHowever, significant concerns arise from the lack of proper output escaping, with only 4% of outputs being properly escaped. This creates a high risk of cross-site scripting (XSS) vulnerabilities, where malicious code could be injected into the website. Additionally, the absence of any nonce or capability checks across all entry points, combined with a complete lack of direct security checks (nonce\u002Fcapability checks), is a critical oversight. This means that even if the attack surface were larger, any potential entry points would be entirely unprotected against unauthorized actions.\n\nIn conclusion, while the plugin excels in minimizing its attack surface and handling SQL securely, the severe deficiency in output escaping and the complete lack of authorization checks are major security weaknesses. These issues, if exploited, could lead to significant compromise. The absence of historical vulnerabilities is positive but cannot negate the current, evident risks.",[431,434,437],{"reason":432,"points":433},"Output escaping is severely lacking",15,{"reason":435,"points":436},"No nonce checks found",10,{"reason":438,"points":436},"No capability checks found","2026-03-17T06:39:19.539Z",{"wat":441,"direct":454},{"assetPaths":442,"generatorPatterns":447,"scriptPaths":448,"versionParams":449},[443,444,445,446],"\u002Fwp-content\u002Fplugins\u002Fsajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-global.css","\u002Fwp-content\u002Fplugins\u002Fsajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-onboard.css","\u002Fwp-content\u002Fplugins\u002Fsajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-page-min.css","\u002Fwp-content\u002Fplugins\u002Fsajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-page.css",[],[],[450,451,452,453],"sajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-onboard.css?ver=","sajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-global.css?ver=","sajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-page-min.css?ver=","sajjetti-audit\u002Fassets\u002Fcss\u002Fadmin-page.css?ver=",{"cssClasses":455,"htmlComments":458,"htmlAttributes":459,"restEndpoints":460,"jsGlobals":461,"shortcodeOutput":462},[456,457],"sajjetti-admin-notice","sajjetti-audit-notice-error",[],[],[],[],[]]