[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8bRimdrMJnIruUVI_tlxO2vvH0zzIdNYBJzHx342OjM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":140,"fingerprints":297},"say-what","Say What?","2.2.6","Lee Willis","https:\u002F\u002Fprofiles.wordpress.org\u002Fleewillis77\u002F","\u003Cp>An easy-to-use plugin that allows you to change translatable strings from plugins \u002F themes and WordPress core without editing code. Simply enter the current string, and what you want to replace it with and the plugin will automatically do the rest!\u003C\u002Fp>\n\u003Cp>The plugin’s available for forking and contribution over on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fleewillis77\u002Fsay-what\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Check out \u003Ca href=\"https:\u002F\u002Fplugins.leewillis.co.uk\u002Fdownloads\u002Fsay-what-pro\u002F\" rel=\"nofollow ugc\">Say What Pro\u003C\u002Fa> for:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>String Discovery and autocomplete\u003C\u002Fstrong> – find the strings you need without diving through code. Works with server-side and Javascript-rendered strings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Improved performance\u003C\u002Fstrong> using text-domain-specific filters\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Wildcard string replacements\u003C\u002Fstrong> – replace individual words, or fragments across your whole site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-lingual support\u003C\u002Fstrong> – set different replacements for different languages on multi-lingual sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Import\u002Fexport features\u003C\u002Fstrong> – Easy import\u002Fexport of replacements through the user interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support this free plugin\u003C\u002Fh3>\n\u003Cp>As a business, we already donate a percentage of our profits from premium plugins to global climate change projects. You’re free to use this plugin free of charge, but if you do, please consider \u003Ca href=\"https:\u002F\u002Fecologi.com\u002Fademtisoftware?gift-trees&r=ademtisoftware\" rel=\"nofollow ugc\">buying the world some trees\u003C\u002Fa> in return. You’ll be creating employment for local families and restoring wildlife habitats.\u003C\u002Fp>\n","An easy-to-use plugin that allows you to change translatable strings from plugins \u002F themes and WordPress core without editing code.",40000,696389,86,91,"2026-03-03T09:31:00.000Z","6.9.4","6.2","7.4",[20,21,22],"change","string","translation","https:\u002F\u002Fgithub.com\u002Fleewillis77\u002Fsay-what","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsay-what.2.2.6.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":25,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"leewillis77",4,41140,30,94,"2026-04-04T15:27:39.399Z",[38,62,81,102,120],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":60,"download_link":61,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"wp-override-translations","WP Override String Translations","3.0.0","Vincenzo","https:\u002F\u002Fprofiles.wordpress.org\u002Fvluongo\u002F","\u003Cp>Lets you override default texts from your admin panel.\u003Cbr \u002F>\nThe plugin trades both the Woocommerce texts and the well written WordPress core texts and its plugins or widgets.\u003Cbr \u002F>\n\u003Cbr \u002F>\nThe plugin also allows you to replace strings with text composed of HTML.\u003Cbr \u002F>\nIt will translate all _e(”) or __(”) string calls, so check the PHP sourcecode of the plugin or theme you need to translate.\u003Cbr \u002F>\n\u003Cbr \u002F>\nIt will NOT translate any dynamic strings like %s or %d, so “%s has been added to your cart.” is not translatable.\u003C\u002Fp>\n","Thanks to this plugin you can translate all the strings of your portal through the admin panel.",1000,12497,78,7,"2025-10-03T19:34:00.000Z","5.9.13","5.0","7.0",[55,56,57,58,59],"gettext","ngettext","override-translation","string-translations","woocommerce-translate","https:\u002F\u002Fwordpress-plugins.luongovincenzo.it\u002F#wp-override-translations","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-override-translations.zip",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":25,"downloaded":70,"rating":25,"num_ratings":71,"last_updated":72,"tested_up_to":16,"requires_at_least":52,"requires_php":73,"tags":74,"homepage":79,"download_link":80,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"string-replacer","String Replacer","1.4.3","BaiatuLuTata","https:\u002F\u002Fprofiles.wordpress.org\u002Fbaiatulutata\u002F","\u003Cp>String Replacer lets you define pairs of strings to search and replace across your WordPress site — including content, post titles, footer text, and outgoing emails. It works instantly and includes a simple admin interface for managing replacements.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Replace strings in:\n\u003Cul>\n\u003Cli>Post \u003Cstrong>titles\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Post \u003Cstrong>content\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Site-wide output (e.g., \u003Cstrong>footer\u003C\u002Fstrong>, \u003Cstrong>widgets\u003C\u002Fstrong>, etc.)\u003C\u002Fli>\n\u003Cli>Outgoing \u003Cstrong>emails\u003C\u002Fstrong> (\u003Ccode>wp_mail()\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Simple \u003Cstrong>admin UI\u003C\u002Fstrong> with:\n\u003Cul>\n\u003Cli>Add\u002Fremove rows\u003C\u002Fli>\n\u003Cli>Live search\u003C\u002Fli>\n\u003Cli>Pagination\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Replaces email addresses and works inside \u003Ccode>mailto:\u003C\u002Fcode> links\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Preserves leading and trailing spaces\u003C\u002Fstrong> in replacement strings\u003C\u002Fli>\n\u003Cli>Supports multilingual and branding replacement use cases\u003C\u002Fli>\n\u003Cli>Fully local, compliant with WordPress plugin guidelines\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Col>\n\u003Cli>In the admin screen, add one or more rows:\n\u003Cul>\n\u003Cli>“Original String” (e.g., \u003Ccode>Hello\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>“Replacement String” (e.g., \u003Ccode>Bonjour\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Save your changes.\u003C\u002Fli>\n\u003Cli>The plugin will handle replacements in frontend output and emails automatically.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Examples\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Replace \u003Ccode>support@oldsite.com\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>help@newbrand.com\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Replace \u003Ccode>Hello\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>Bonjour\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Replace \u003Ccode>ACME Inc.\u003C\u002Fcode> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>NewCorp\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Replace \u003Ccode>\"Hello \"\u003C\u002Fcode> (with a space) \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Ccode>\"Hi \"\u003C\u002Fcode> (space preserved)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Filters & Extensibility\u003C\u002Fh3>\n\u003Cp>This plugin hooks into:\u003Cbr \u002F>\n– \u003Ccode>the_title\u003C\u002Fcode> and \u003Ccode>the_content\u003C\u002Fcode>\u003Cbr \u002F>\n– \u003Ccode>template_redirect\u003C\u002Fcode> output buffering\u003Cbr \u002F>\n– \u003Ccode>wp_mail\u003C\u002Fcode> filter (subject, message, and headers)\u003C\u002Fp>\n\u003Cp>Developers can use \u003Ccode>STRIRE_replace_strings( $text )\u003C\u002Fcode> to apply replacements manually in custom contexts.\u003C\u002Fp>\n\u003Ch3>Author\u003C\u002Fh3>\n\u003Cp>Created by \u003Cstrong>Ionut Baldazar\u003C\u002Fstrong>\u003Cbr \u002F>\nGitHub: https:\u002F\u002Fgithub.com\u002Fbaiatulutata\u003Cbr \u002F>\nEmail: baiatulutata@woomag.ro\u003C\u002Fp>\n","Replace any string visible to site visitors or found in outgoing emails—titles, content, footers, and more. Comes with a dynamic admin interface.",956,2,"2025-12-08T08:39:00.000Z","7.2",[75,76,77,78,22],"admin-tool","content-filter","email-filter","string-replace","https:\u002F\u002Fgithub.com\u002Fbaiatulutata\u002Fstring-replacer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstring-replacer.1.4.3.zip",{"slug":82,"name":83,"version":84,"author":85,"author_profile":86,"description":87,"short_description":88,"active_installs":25,"downloaded":89,"rating":26,"num_ratings":26,"last_updated":90,"tested_up_to":91,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":99,"download_link":100,"security_score":101,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"string-translation-importer-wpml","WPML String Translation Importer","1.0.0","Arif","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarifamir\u002F","\u003Cp>WPML String Translation Importer is used to import wpml string translations to update their translations.\u003C\u002Fp>\n","WPML String Translation Importer is used to import wpml string translations to update their translations.",4980,"2018-02-08T05:57:00.000Z","4.9.29","4.3","",[95,96,97,98],"csv","importer","string-translation","wpml","https:\u002F\u002Fgithub.com\u002Farifamir\u002Fwpml-string-translation-importer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fstring-translation-importer-wpml.1.0.0.zip",85,{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":26,"downloaded":110,"rating":26,"num_ratings":26,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":93,"download_link":119,"security_score":25,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"just-translate","Just Translate","0.0.10","Akah Subarkah","https:\u002F\u002Fprofiles.wordpress.org\u002Fvaksin\u002F","\u003Cp>\u003Cstrong>Just Translate\u003C\u002Fstrong> is a lightweight plugin that enables you to manage translations of your WordPress website easily from the admin panel. It automatically detects and stores any string that appears on your website and supports language prefixes in URLs (like \u003Ccode>\u002Fen\u002F\u003C\u002Fcode>, \u003Ccode>\u002Fid\u002F\u003C\u002Fcode>, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically capture and store untranslated strings  \u003C\u002Fli>\n\u003Cli>Define multiple supported languages  \u003C\u002Fli>\n\u003Cli>Friendly admin UI for translation management  \u003C\u002Fli>\n\u003Cli>Filter translated\u002Funtranslated strings  \u003C\u002Fli>\n\u003Cli>Bulk delete strings  \u003C\u002Fli>\n\u003Cli>Frontend-based translation (theme-agnostic)\u003C\u002Fli>\n\u003Cli>SEO friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Shortcode\u003C\u002Fh3>\n\u003Cpre>\u003Ccode>[wpjt_language_switcher]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Parameters:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>hide_flag\u003C\u002Fcode> – Hide language flag icon (default: \u003Ccode>false\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>\u003Ccode>show_name\u003C\u002Fcode> – Show language name (default: \u003Ccode>false\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>\u003Ccode>display_name\u003C\u002Fcode> – Define the type of name to display when \u003Ccode>show_name=true\u003C\u002Fcode>\u003Cbr \u002F>\nOptions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>locale\u003C\u002Fcode>: e.g., \u003Ccode>id-ID\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>lang\u003C\u002Fcode>: e.g., \u003Ccode>id\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>name\u003C\u002Fcode>: e.g., \u003Ccode>Indonesian (Indonesia)\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>native_name\u003C\u002Fcode>: e.g., \u003Ccode>Indonesia (Indonesia)\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>english_name\u003C\u002Fcode>: e.g., \u003Ccode>Indonesian (Indonesia)\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>lang_name\u003C\u002Fcode>: e.g., \u003Ccode>Indonesian\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>lang_native_name\u003C\u002Fcode>: e.g., \u003Ccode>Indonesia\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>lang_english_name\u003C\u002Fcode>: e.g., \u003Ccode>Indonesian\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Example usage:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[wpjt_language_switcher show_name=true display_name=lang_native_name]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Hooks\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>1. wpjt_locale_slug\u003C\u002Fstrong>\u003Cbr \u002F>\nFilter the URL slug for a given locale.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wpjt_locale_slug', function($slug, $locale) {\n    $slugs = [\n        'ja-JP' => 'japanese',\n        'id-ID' => 'my-slug',\n        'en-US' => 'en',\n    ];\n    return $slugs[$locale] ?? $slug;\n}, 10, 2);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>2. wpjt_setting_locales\u003C\u002Fstrong>\u003Cbr \u002F>\nAdd or remove locale codes in the settings panel.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wpjt_setting_locales', function($locales) {\n    $locales[] = 'jv-ID';\n    $locales[] = 'su-ID';\n    return $locales;\n});\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>3. wpjt_should_skip_string\u003C\u002Fstrong>\u003Cbr \u002F>\nSkip specific strings from being translated.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wpjt_should_skip_string', function($skip, $string) {\n    if (trim($string) === 'WordPress') {\n        $skip = true;\n    }\n    return $skip;\n}, 10, 2);\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Automatically captures and translates text strings using a custom translation panel with multi-language support.",525,"2025-09-12T10:18:00.000Z","6.8.5","6.5","8.1",[116,117,118,97,22],"i18n","language","multilingual","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjust-translate.0.0.10.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":130,"num_ratings":131,"last_updated":132,"tested_up_to":16,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":136,"download_link":137,"security_score":138,"vuln_count":32,"unpatched_count":26,"last_vuln_date":139,"fetched_at":28},"loco-translate","Loco Translate","2.8.3","Tim W","https:\u002F\u002Fprofiles.wordpress.org\u002Ftimwhitlock\u002F","\u003Cp>Loco Translate provides in-browser editing of WordPress translation files and integration with automatic translation services.\u003C\u002Fp>\n\u003Cp>It also provides Gettext\u002Flocalization tools for developers, such as extracting strings and generating templates.\u003C\u002Fp>\n\u003Cp>Features include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Built-in translation editor within WordPress admin\u003C\u002Fli>\n\u003Cli>Integration with translation APIs including DeepL, Google, Lecto, Microsoft and OpenAI.\u003C\u002Fli>\n\u003Cli>Create and update language files directly in your theme or plugin\u003C\u002Fli>\n\u003Cli>Extraction of translatable strings from your source code\u003C\u002Fli>\n\u003Cli>Native MO file compilation without the need for Gettext on your system\u003C\u002Fli>\n\u003Cli>JSON (Jed) file compilation compatible with WordPress script localization\u003C\u002Fli>\n\u003Cli>Support for standard PO features including comments, references and plural forms\u003C\u002Fli>\n\u003Cli>PO source view with clickable source code references\u003C\u002Fli>\n\u003Cli>Protected language directory for saving custom translations\u003C\u002Fli>\n\u003Cli>Configurable PO file backups with diff and restore capability\u003C\u002Fli>\n\u003Cli>Built-in WordPress locale codes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Official \u003Ca href=\"https:\u002F\u002Flocalise.biz\u002F\" rel=\"nofollow ugc\">Loco\u003C\u002Fa> WordPress plugin by Tim Whitlock.\u003Cbr \u002F>\nFor more information please visit our \u003Ca href=\"https:\u002F\u002Flocalise.biz\u002Fwordpress\u002Fplugin\" rel=\"nofollow ugc\">plugin page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Keyboard shortcuts\u003C\u002Fh3>\n\u003Cp>The PO file editor supports the following keyboard shortcuts for faster translating:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Done and Next: \u003Ccode>Ctrl ↵\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Next string: \u003Ccode>Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↓\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Previous string: \u003Ccode>Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↑\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Next untranslated: \u003Ccode>Shift Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↓\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Previous untranslated: \u003Ccode>Shift Ctrl \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">↑\u003C\u002Fspan>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Copy from source text: \u003Ccode>Ctrl B\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Clear translation: \u003Ccode>Ctrl K\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Toggle Fuzzy: \u003Ccode>Ctrl U\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Save PO \u002F compile MO: \u003Ccode>Ctrl S\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Toggle invisibles: \u003Ccode>Shift Ctrl I\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Suggest translation: \u003Ccode>Ctrl J\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Mac users can use ⌘ Cmd instead of Ctrl.\u003C\u002Fp>\n","Translate WordPress plugins and themes directly in your browser. Versatile PO file editor with integrated AI translation providers.",1000000,34331592,96,447,"2026-03-14T11:53:00.000Z","6.6",[116,135,117,118,22],"l10n","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Floco-translate\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Floco-translate.2.8.3.zip",95,"2026-03-30 15:35:09",{"attackSurface":141,"codeSignals":180,"taintFlows":194,"riskAssessment":288,"analyzedAt":296},{"hooks":142,"ajaxHandlers":176,"restRoutes":177,"shortcodes":178,"cronEvents":179,"entryPointCount":26,"unprotectedCount":26},[143,148,151,155,156,158,161,164,167,170,172],{"type":144,"name":145,"callback":145,"file":146,"line":147},"action","admin_menu","src\\Admin.php",31,{"type":144,"name":149,"callback":149,"file":146,"line":150},"admin_init",32,{"type":152,"name":55,"callback":55,"priority":153,"file":154,"line":34},"filter",10,"src\\Frontend.php",{"type":152,"name":56,"callback":56,"priority":153,"file":154,"line":147},{"type":152,"name":157,"callback":157,"priority":153,"file":154,"line":150},"gettext_with_context",{"type":152,"name":159,"callback":159,"priority":153,"file":154,"line":160},"ngettext_with_context",33,{"type":144,"name":162,"callback":162,"file":154,"line":163},"wp_enqueue_scripts",34,{"type":144,"name":165,"callback":162,"file":154,"line":166},"admin_enqueue_scripts",35,{"type":144,"name":168,"callback":168,"file":169,"line":166},"init","src\\Main.php",{"type":144,"name":149,"callback":149,"file":169,"line":171},36,{"type":152,"name":173,"callback":174,"file":169,"line":175},"say_what_domain_aliases","register_domain_alias",37,[],[],[],[],{"dangerousFunctions":181,"sqlUsage":182,"outputEscaping":185,"fileOperations":26,"externalRequests":26,"nonceChecks":191,"capabilityChecks":192,"bundledLibraries":193},[],{"prepared":183,"raw":26,"locations":184},21,[],{"escaped":147,"rawEcho":71,"locations":186},[187,190],{"file":188,"line":153,"context":189},"html\\say-what-admin-delete.php","raw output",{"file":188,"line":153,"context":189},3,1,[],[195,214,226,237,256,268,280],{"entryPoint":196,"graph":197,"unsanitizedCount":26,"severity":213},"admin_delete (src\\Admin.php:137)",{"nodes":198,"edges":210},[199,204],{"id":200,"type":201,"label":202,"file":146,"line":203},"n0","source","$_GET",151,{"id":205,"type":206,"label":207,"file":146,"line":208,"wp_function":209},"n1","sink","get_row() [SQLi]",155,"get_row",[211],{"from":200,"to":205,"sanitized":212},true,"low",{"entryPoint":215,"graph":216,"unsanitizedCount":26,"severity":213},"admin_delete_confirmed (src\\Admin.php:176)",{"nodes":217,"edges":224},[218,220],{"id":200,"type":201,"label":202,"file":146,"line":219},179,{"id":205,"type":206,"label":221,"file":146,"line":222,"wp_function":223},"query() [SQLi]",192,"query",[225],{"from":200,"to":205,"sanitized":212},{"entryPoint":227,"graph":228,"unsanitizedCount":26,"severity":213},"save (src\\Admin.php:252)",{"nodes":229,"edges":235},[230,233],{"id":200,"type":201,"label":231,"file":146,"line":232},"$_POST (x2)",265,{"id":205,"type":206,"label":221,"file":146,"line":234,"wp_function":223},270,[236],{"from":200,"to":205,"sanitized":212},{"entryPoint":238,"graph":239,"unsanitizedCount":26,"severity":213},"\u003CAdmin> (src\\Admin.php:0)",{"nodes":240,"edges":252},[241,243,244,246,248,250],{"id":200,"type":201,"label":242,"file":146,"line":203},"$_GET (x2)",{"id":205,"type":206,"label":207,"file":146,"line":208,"wp_function":209},{"id":245,"type":201,"label":202,"file":146,"line":219},"n2",{"id":247,"type":206,"label":221,"file":146,"line":222,"wp_function":223},"n3",{"id":249,"type":201,"label":231,"file":146,"line":232},"n4",{"id":251,"type":206,"label":221,"file":146,"line":234,"wp_function":223},"n5",[253,254,255],{"from":200,"to":205,"sanitized":212},{"from":245,"to":247,"sanitized":212},{"from":249,"to":251,"sanitized":212},{"entryPoint":257,"graph":258,"unsanitizedCount":192,"severity":267},"admin_addedit (src\\Admin.php:207)",{"nodes":259,"edges":264},[260,262],{"id":200,"type":201,"label":202,"file":146,"line":261},212,{"id":205,"type":206,"label":207,"file":146,"line":263,"wp_function":209},217,[265],{"from":200,"to":205,"sanitized":266},false,"high",{"entryPoint":269,"graph":270,"unsanitizedCount":192,"severity":267},"prepare_items (src\\ListTable.php:45)",{"nodes":271,"edges":278},[272,275],{"id":200,"type":201,"label":202,"file":273,"line":274},"src\\ListTable.php",54,{"id":205,"type":206,"label":276,"file":273,"line":48,"wp_function":277},"get_results() [SQLi]","get_results",[279],{"from":200,"to":205,"sanitized":266},{"entryPoint":281,"graph":282,"unsanitizedCount":192,"severity":267},"\u003CListTable> (src\\ListTable.php:0)",{"nodes":283,"edges":286},[284,285],{"id":200,"type":201,"label":202,"file":273,"line":274},{"id":205,"type":206,"label":276,"file":273,"line":48,"wp_function":277},[287],{"from":200,"to":205,"sanitized":266},{"summary":289,"deductions":290},"The 'say-what' plugin version 2.2.6 demonstrates a generally strong security posture, adhering to several key WordPress security best practices. The absence of known CVEs and the consistent use of prepared statements for all SQL queries are significant strengths. Furthermore, the plugin correctly implements nonce checks and capability checks, and its output escaping is also largely effective, with a high percentage of outputs being properly escaped. This suggests a conscientious development approach focused on mitigating common web vulnerabilities.\n\nHowever, the static analysis reveals some areas for concern. Specifically, the taint analysis highlights three flows with unsanitized paths, all categorized as high severity. While there are no publicly known vulnerabilities, these internal findings suggest potential avenues for exploitation if not properly addressed. The presence of unsanitized paths could lead to issues like path traversal or information disclosure if user-supplied input is not rigorously validated and sanitized before being used in file operations or other sensitive functions. The fact that these are not flagged as critical is a positive, but their existence warrants investigation.\n\nIn conclusion, 'say-what' v2.2.6 is a plugin that has implemented many security best practices effectively, as evidenced by its clean vulnerability history and secure SQL handling. The primary concern lies in the three high-severity taint flows with unsanitized paths. Addressing these specific code paths will be crucial to further hardening the plugin's security. While the overall risk appears moderate, proactive remediation of these identified flows is recommended to prevent potential future vulnerabilities.",[291,294,295],{"reason":292,"points":293},"High severity taint flow with unsanitized path",12,{"reason":292,"points":293},{"reason":292,"points":293},"2026-03-16T17:20:53.541Z",{"wat":298,"direct":305},{"assetPaths":299,"generatorPatterns":301,"scriptPaths":302,"versionParams":303},[300],"\u002Fwp-content\u002Fplugins\u002Fsay-what\u002Fcss\u002Fadmin.css",[],[],[304],"say-what\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":306,"htmlComments":307,"htmlAttributes":308,"restEndpoints":309,"jsGlobals":310,"shortcodeOutput":311},[],[],[],[],[],[]]