[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1AiPA8RuRDoQ5WCxxSSZeuCEWy82-QAyOnSkS-HJ8Jo":3,"$fJp57KiSQZ1lLJxsfp2z8iM_8Y8GXaljZYPFPmfKF_nA":553,"$fToFnU_11Z3f6t9ndf-Gc5ZmsAlf9EbPF5j07mVICpLU":557},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":113,"fingerprints":533},"sbs-settings","SbS Settings","1.0.2","onepixelwp","https:\u002F\u002Fprofiles.wordpress.org\u002Fonepixelwp\u002F","\u003Cp>SbS Settings gives you a single, clean settings page to tune WordPress and WooCommerce without installing a dozen separate plugins. Every option is a simple toggle — changes save instantly via AJAX with no page reload.\u003C\u002Fp>\n\u003Cp>Settings are organized into six tabs:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WooCommerce\u003C\u002Fstrong>\u003Cbr \u002F>\nControl every aspect of WooCommerce bloat: disable or slim down WC Admin, hide upsells and marketplace notices, remove onboarding emails, dequeue scripts and styles on non-shop pages, disable Cart Fragments, remove Stripe scripts, and turn off WooCommerce Blocks on the front-end.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Admin Panel\u003C\u002Fstrong>\u003Cbr \u002F>\nClean up the WordPress back-end: remove the Help tab, permanently dismiss admin notices per-user, hide the WordPress logo and footer credit, disable autosave, control which dashboard widgets appear, replace the login page logo, and add one-click post duplication to all post types.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Performance\u003C\u002Fstrong>\u003Cbr \u002F>\nSpeed up your site: remove emoji scripts, jQuery Migrate, wp-embed, DNS prefetch, version query strings, Windows Live Writer and RSD links, RSS links, and the generator meta tag. Disable unused sidebar widgets, limit comment scripts to pages that need them, control JPEG compression quality, suppress unwanted image sizes on upload, and rate-limit Facebook’s crawler bot.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>WordPress Core\u003C\u002Fstrong>\u003Cbr \u002F>\nHarden and slim down WordPress: close comments and pings per post type (existing posts updated immediately), disable auto-updates for themes\u002Fplugins\u002Fcore, disable the file editor (\u003Ccode>DISALLOW_FILE_EDIT\u003C\u002Fcode>), turn off post revisions, disable Application Passwords, block user enumeration via \u003Ccode>?author=N\u003C\u002Fcode> and the REST API, configure session duration for “Remember Me” and normal logins, and disable XML-RPC, the Heartbeat API, and REST API access for guests.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block Editor\u003C\u002Fstrong>\u003Cbr \u002F>\nGutenberg controls: disable the block editor entirely (falls back to Classic Editor), restore the classic widget screen, auto-close the Welcome Guide, disable the Block Directory and default block patterns, prevent fullscreen mode on open, and disable the Template Editor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Third-party\u003C\u002Fstrong>\u003Cbr \u002F>\nTargeted tweaks for popular plugins — disable dashboard widgets added by any plugin, enable Fail2ban login logging, and apply specific fixes for: Jetpack, Elementor, SkyVerge, Yoast SEO, Contact Form 7, UpdraftPlus, Advanced Custom Fields, WPML, WP Desk, and Flexible Shipping \u002F Octolize.\u003C\u002Fp>\n","All-in-one WordPress & WooCommerce optimization. Modern AJAX toggle UI, completely free.",10,236,0,"2026-04-02T00:05:00.000Z","6.9.4","5.5","7.4",[19,20,21,22,23],"cleanup","optimization","performance","security","woocommerce","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsbs-settings.zip",100,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},1,30,94,"2026-05-20T01:16:33.402Z",[37,53,69,87,99],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":13,"num_ratings":13,"last_updated":47,"tested_up_to":15,"requires_at_least":48,"requires_php":17,"tags":49,"homepage":51,"download_link":52,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"rationalcleanup","RationalCleanup","1.1.0","rationalwp","https:\u002F\u002Fprofiles.wordpress.org\u002Frationalwp\u002F","\u003Cp>RationalCleanup removes unnecessary WordPress features, hardens security, and improves performance. All 24 options are toggleable with sensible defaults that balance security and compatibility.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Head Tags\u003C\u002Fstrong>\u003Cbr \u002F>\nRemove unnecessary meta tags and links from the document head:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress generator meta tag (hides version number)\u003C\u002Fli>\n\u003Cli>Remove WLW manifest link\u003C\u002Fli>\n\u003Cli>Remove RSD link\u003C\u002Fli>\n\u003Cli>Remove shortlink\u003C\u002Fli>\n\u003Cli>Remove REST API discovery link\u003C\u002Fli>\n\u003Cli>Remove RSS feed links\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Frontend Bloat\u003C\u002Fstrong>\u003Cbr \u002F>\nRemove scripts and styles that most sites don’t need:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove emoji detection scripts and styles\u003C\u002Fli>\n\u003Cli>Remove jQuery Migrate from frontend\u003C\u002Fli>\n\u003Cli>Remove Gutenberg block library CSS\u003C\u002Fli>\n\u003Cli>Remove global styles and SVG filters\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security\u003C\u002Fstrong>\u003Cbr \u002F>\nHarden WordPress against common attack vectors:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable XML-RPC completely (prevents brute force and DDoS attacks)\u003C\u002Fli>\n\u003Cli>Prevent user enumeration (blocks author archives and REST API user endpoints)\u003C\u002Fli>\n\u003Cli>Obfuscate login error messages (prevents username discovery)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Performance\u003C\u002Fstrong>\u003Cbr \u002F>\nReduce unnecessary WordPress overhead:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable self-pingbacks\u003C\u002Fli>\n\u003Cli>Throttle Heartbeat API (reduces server load)\u003C\u002Fli>\n\u003Cli>Extend autosave interval (reduces database writes)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\nDisable major WordPress subsystems:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable comments system completely\u003C\u002Fli>\n\u003Cli>Disable block editor (force classic editor)\u003C\u002Fli>\n\u003Cli>Disable REST API for non-authenticated users\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Admin Cleanup\u003C\u002Fstrong>\u003Cbr \u002F>\nDeclutter the WordPress admin dashboard:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove WordPress Events and News widget\u003C\u002Fli>\n\u003Cli>Remove Quick Draft widget\u003C\u002Fli>\n\u003Cli>Remove At a Glance widget\u003C\u002Fli>\n\u003Cli>Remove Activity widget\u003C\u002Fli>\n\u003Cli>Remove Site Health Status widget\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Opinionated Defaults\u003C\u002Fh4>\n\u003Cp>RationalCleanup uses sensible defaults:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security options:\u003C\u002Fstrong> Enabled by default (XML-RPC disabled, user enumeration blocked)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Head cleanup:\u003C\u002Fstrong> Mostly enabled (safe, no compatibility issues)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Frontend cleanup:\u003C\u002Fstrong> Emoji and jQuery Migrate removal enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Breaking features:\u003C\u002Fstrong> Disabled by default (comments, block editor, REST API restrictions)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin widgets:\u003C\u002Fstrong> Disabled by default\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>RationalWP Menu\u003C\u002Fh4>\n\u003Cp>This plugin uses a shared parent menu for all RationalWP plugins. When activated, you’ll see a \u003Cstrong>RationalWP\u003C\u002Fstrong> menu in your admin sidebar containing links to all installed RationalWP plugins.\u003C\u002Fp>\n","Clean up legacy WordPress bloat, improve security, and optimize performance with toggleable, opinionated defaults.",200,237,"2026-02-06T20:58:00.000Z","5.0",[19,50,20,21,22],"disable-xmlrpc","https:\u002F\u002Frationalwp.com\u002Fplugins\u002Fcleanup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frationalcleanup.1.1.0.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":13,"last_updated":63,"tested_up_to":15,"requires_at_least":64,"requires_php":17,"tags":65,"homepage":67,"download_link":68,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wonderful-secure-cleanup","Wonderful Secure Cleanup","1.3.0","wonderfulplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fwonderfulplugins\u002F","\u003Cp>Keep your WordPress site clean and secure! \u003Cstrong>Wonderful Secure Cleanup\u003C\u002Fstrong> provides a simple interface to disable unnecessary and often risky core features.\u003C\u002Fp>\n\u003Cp>This plugin helps you harden your WordPress installation by reducing the attack surface. It selectively disables functions like comments, XML-RPC, pingbacks, and RSS feeds. By blocking risky endpoints like \u003Ccode>xmlrpc.php\u003C\u002Fcode> and feed URLs, you can significantly reduce spam and automated attacks, leading to better security and improved performance.\u003C\u002Fp>\n\u003Cp>It is the ideal tool for business websites, landing pages, and any WordPress setup that doesn’t require legacy blogging functionality.\u003C\u002Fp>\n","A simple way to clean and secure WordPress by disabling unnecessary features like comments, XML-RPC, and RSS feeds.",60,498,"2025-12-03T08:35:00.000Z","6.2",[19,66,20,21,22],"hardening","https:\u002F\u002Fwonderfulplugins.eu\u002Fwonderful-secure-cleanup","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwonderful-secure-cleanup.1.3.0.zip",{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":26,"num_ratings":79,"last_updated":80,"tested_up_to":15,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":85,"download_link":86,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"zenpress","ZenPress","2.2.5","Quentin Le Duff","https:\u002F\u002Fprofiles.wordpress.org\u002Fquentinldd\u002F","\u003Cp>ZenPress is a lightweight, high-performance plugin that improves your WordPress and WooCommerce sites through a range of supportive actions.\u003Cbr \u002F>\nCombined with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcache-enabler\u002F\" rel=\"ugc\">Cache Enabler\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fautoptimize\u002F\" rel=\"ugc\">Autoptimize\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsqlite-object-cache\u002F\" rel=\"ugc\">SQLite Object Cache\u003C\u002Fa>, you can use ZenPress as a reliable, free alternative to major premium performance plugins.\u003Cbr \u002F>\nBy integrating directly into the WordPress core interface, ZenPress provides a simpler experience without the need for complex custom dashboards. You can improve your site’s performance and security without ads, pro versions, or database clutter.\u003C\u002Fp>\n\u003Ch4>Why choose ZenPress?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Use curated settings presets to help you optimize your site instantly.\u003C\u002Fli>\n\u003Cli>Experience deep integration with the WordPress core interface for a lightweight, familiar experience.\u003C\u002Fli>\n\u003Cli>Choose a free, reliable alternative to premium performance plugins.\u003C\u002Fli>\n\u003Cli>Keep your site fast and clean by disabling unused features.\u003C\u002Fli>\n\u003Cli>Harden your security by turning off unused features and protecting weak spots.\u003C\u002Fli>\n\u003Cli>Reduce bloat from third-party plugins.\u003C\u002Fli>\n\u003Cli>Enjoy an ultra-lightweight and future-proof design.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>ZenPress includes the following features:\u003C\u002Fp>\n\u003Ch4>Dashboard Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Navigate easily between categories like Core, Gutenberg, and WooCommerce using a structured tabbed interface.\u003C\u002Fli>\n\u003Cli>Identify features quickly with visual icons organized by Performance, Security, and User Interface.\u003C\u002Fli>\n\u003Cli>Select from three ready-to-use presets: Corporate, Blog, or E-commerce: each optimized for your specific site type.\u003C\u002Fli>\n\u003Cli>Understand every choice with concise descriptions that explain the benefits to your site.\u003C\u002Fli>\n\u003Cli>Use a fully accessible interface that includes ARIA-compliant tabs and full keyboard navigation support.\u003C\u002Fli>\n\u003Cli>Benefit from a design that matches the WordPress core look and feel, supporting the latest block editor features.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Core Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Block user enumeration.\u003C\u002Fli>\n\u003Cli>Clean up the admin bar.\u003C\u002Fli>\n\u003Cli>Disable “WordPress” spelling correction.\u003C\u002Fli>\n\u003Cli>Disable all feeds (RSS, Atom, comments).\u003C\u002Fli>\n\u003Cli>Disable application passwords.\u003C\u002Fli>\n\u003Cli>Disable author archives.\u003C\u002Fli>\n\u003Cli>Disable autosave (classic editor).\u003C\u002Fli>\n\u003Cli>Disable Dashicons (admin icons).\u003C\u002Fli>\n\u003Cli>Disable default lazy loading for images.\u003C\u002Fli>\n\u003Cli>Disable DNS prefetch.\u003C\u002Fli>\n\u003Cli>Disable jQuery Migrate script.\u003C\u002Fli>\n\u003Cli>Disable login language selector.\u003C\u002Fli>\n\u003Cli>Disable oEmbed.\u003C\u002Fli>\n\u003Cli>Disable password strength meter.\u003C\u002Fli>\n\u003Cli>Disable PDF thumbnails.\u003C\u002Fli>\n\u003Cli>Disable pingbacks and trackbacks.\u003C\u002Fli>\n\u003Cli>Disable prev\u002Fnext post links in head.\u003C\u002Fli>\n\u003Cli>Disable shortlink.\u003C\u002Fli>\n\u003Cli>Disable Windows Live Writer link.\u003C\u002Fli>\n\u003Cli>Disable WordPress emoji scripts and styles.\u003C\u002Fli>\n\u003Cli>Disable XML-RPC and RSD link.\u003C\u002Fli>\n\u003Cli>Hide WordPress version.\u003C\u002Fli>\n\u003Cli>Limit post revisions to 10.\u003C\u002Fli>\n\u003Cli>Limit REST API to logged-in users.\u003C\u002Fli>\n\u003Cli>Remove “Thanks for using WordPress” from footer.\u003C\u002Fli>\n\u003Cli>Remove Help tab.\u003C\u002Fli>\n\u003Cli>Remove REST API links from page source.\u003C\u002Fli>\n\u003Cli>Remove WordPress logo from admin bar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Gutenberg Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable default pattern categories in Site Editor.\u003C\u002Fli>\n\u003Cli>Load block styles separately.\u003C\u002Fli>\n\u003Cli>Remove WordPress default block patterns.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WooCommerce Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Disable Stripe scripts on product and cart pages.\u003C\u002Fli>\n\u003Cli>Disable WooCommerce cart fragments.\u003C\u002Fli>\n\u003Cli>Disable WooCommerce scripts and styles on non-shop pages.\u003C\u002Fli>\n\u003Cli>Disable WooCommerce widgets.\u003C\u002Fli>\n\u003Cli>Hide WooCommerce version.\u003C\u002Fli>\n\u003Cli>Remove WooCommerce default block patterns.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Ads-blocker Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean up the Dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Tools Settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Protect login from brute force.\u003C\u002Fli>\n\u003Cli>Show cache actions in admin bar.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Integrations\u003C\u002Fh4>\n\u003Cp>ZenPress integrates with Cache Enabler, Autoptimize, and SQLite Object Cache. When any of these plugins is active, the Tools tab shows integration status and one-click autoconfig actions.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin bar: Adds a ZenPress menu to the admin bar with “Clear all caches” and options for each active cache (page, static files, object cache). Only appears when Cache Enabler, Autoptimize, or SQLite Object Cache is active. Hides those plugins’ own admin bar buttons.\u003C\u002Fli>\n\u003Cli>Autoptimize: Minify JS and CSS, combine CSS, static file caching, 404 fallbacks.\u003C\u002Fli>\n\u003Cli>Cache Enabler: Clear cache on content changes, WebP, compression, minify HTML.\u003C\u002Fli>\n\u003Cli>SQLite Object Cache: Enable “Use APCu” in the plugin if available.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Presets\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Corporate website: For business sites and portfolios. Focuses on security, performance, and removing unused features like RSS and author archives.\u003C\u002Fli>\n\u003Cli>Blog: For content-focused blogs. Keeps RSS and other blog features while improving performance and security.\u003C\u002Fli>\n\u003Cli>E-commerce: For WooCommerce stores. Performance and security plus WooCommerce optimizations for faster checkout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Accessibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>You can navigate the dashboard with confidence using an interface built to WCAG 2.1 AA accessibility standards.\u003C\u002Fli>\n\u003Cli>Move through settings efficiently using only your keyboard; we fully support the use of Tab, Arrow keys, Home, End, and Enter for all interactions.\u003C\u002Fli>\n\u003Cli>Experience faster navigation with automatic tab activation, which displays panels immediately as you move focus between sections.\u003C\u002Fli>\n\u003Cli>Always identify your position on the page through highly visible focus indicators on every interactive button and link.\u003C\u002Fli>\n\u003Cli>Every element is optimized for screen readers and assistive technologies with descriptive ARIA labels to provide clear context for every setting.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Roadmap\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Use new Gutenberg Icon component for categories & subcategories icons instead of Dashicons.\u003C\u002Fli>\n\u003Cli>Additional presets for specific use cases.\u003C\u002Fli>\n\u003Cli>Documentation pages with detailed guides.\u003C\u002Fli>\n\u003Cli>Manage Heartbeat API (frontend + backend + admin whitelist).\u003C\u002Fli>\n\u003Cli>Remove “site health” page.\u003C\u002Fli>\n\u003Cli>Remove “Privacy tools”.\u003C\u002Fli>\n\u003Cli>Disable WooCommerce tracking.\u003C\u002Fli>\n\u003Cli>Disable marketing hub.\u003C\u002Fli>\n\u003Cli>Disable dashboard setup widget.\u003C\u002Fli>\n\u003Cli>Disable new product editor.\u003C\u002Fli>\n\u003Cli>Disable WooCommerce blocks.\u003C\u002Fli>\n\u003Cli>Disable WooCommerce promo emails.\u003C\u002Fli>\n\u003Cli>Disable CF7 CSS & JS.\u003C\u002Fli>\n\u003Cli>Disable Elementor bloat.\u003C\u002Fli>\n\u003Cli>Disable WP Bakery bloat.\u003C\u002Fli>\n\u003Cli>Disable Divi bloat.\u003C\u002Fli>\n\u003Cli>Disable Yoast SEO bloat.\u003C\u002Fli>\n\u003Cli>Disable Jetpack bloat.\u003C\u002Fli>\n\u003Cli>Disable Updraft bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy Statement\u003C\u002Fh3>\n\u003Cp>ZenPress is private by default and always will be. It does not store any data. It does not send data to any third party, nor does it include any third party resources.\u003C\u002Fp>\n\u003Ch3>Accessibility Statement\u003C\u002Fh3>\n\u003Cp>ZenPress aims to be fully accessible to all of its users.\u003C\u002Fp>\n","Speed up and harden your site with a single click: cleans up unused features, protects security gaps, and configures cache integrations automatically.",50,1854,3,"2026-02-26T16:30:00.000Z","6.0","8.1",[84,20,21,22,23],"bloat","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fzenpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzenpress.2.2.5.zip",{"slug":88,"name":89,"version":90,"author":91,"author_profile":92,"description":93,"short_description":94,"active_installs":13,"downloaded":95,"rating":13,"num_ratings":13,"last_updated":96,"tested_up_to":15,"requires_at_least":48,"requires_php":24,"tags":97,"homepage":24,"download_link":98,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"mi13-clean-up","Mi13 Clean Up","1.1","mi13","https:\u002F\u002Fprofiles.wordpress.org\u002Fmi13\u002F","\u003Ch3>Описание\u003C\u002Fh3>\n\u003Cp>Mi13 Clean Up — плагин для радикальной очистки WordPress от «мусора»:\u003Cbr \u002F>\n* Глобальные стили (Global Styles);\u003Cbr \u002F>\n* jQuery (если не нужен);\u003Cbr \u002F>\n* Медиаплееры WordPress;\u003Cbr \u002F>\n* Автоматическое редактирование .htaccess;\u003Cbr \u002F>\n* Иконки сайта (favicon и др.);\u003C\u002Fp>\n\u003Cp>Плагин даёт полный контроль над тем, что остаётся на вашем сайте. Всё настраивается через удобную админ панель.\u003Cbr \u002F>\nДля чего это я написал \u003Ca href=\"https:\u002F\u002Ft.me\u002Fgalaksy_king\u002F94\" rel=\"nofollow ugc\">пост\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Установка\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Загрузите папку \u003Ccode>mi13-clean-up\u003C\u002Fcode> в \u003Ccode>\u002Fwp-content\u002Fplugins\u002F\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Активируйте плагин через меню «Плагины» в админке.\u003C\u002Fli>\n\u003Cli>Перейдите в «Настройки» \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> «WP Clean‑Up» и выберите, что удалить.\u003C\u002Fli>\n\u003Cli>Нажмите «Сохранить изменения».\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Настройки\u003C\u002Fh3>\n\u003Cp>В админ панели вы увидите список опций с описанием каждой. Отметьте флажками то, что хотите удалить.\u003C\u002Fp>\n\u003Ch3>Авторство\u003C\u002Fh3>\n\u003Cp>Этот плагин создан при поддержке \u003Cstrong>Алисы\u003C\u002Fstrong> — Помощника от Яндекса.\u003C\u002Fp>\n\u003Cp>[]\u003C\u002Fp>\n","Описание",162,"2026-02-18T14:12:00.000Z",[19,20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmi13-clean-up.zip",{"slug":100,"name":101,"version":40,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":13,"downloaded":106,"rating":13,"num_ratings":13,"last_updated":107,"tested_up_to":15,"requires_at_least":81,"requires_php":108,"tags":109,"homepage":111,"download_link":112,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"session-shredder-for-woocommerce","Session Shredder for WooCommerce","Rynald0s","https:\u002F\u002Fprofiles.wordpress.org\u002Frynald0s\u002F","\u003Cp>Session Shredder is a production-grade, rule-based session cleanup plugin for WooCommerce 10.3+.\u003C\u002Fp>\n\u003Cp>WooCommerce 10.3 introduces experimental guest session storage and auto-pruning. Session Shredder builds directly on this already available foundation and adds behavior-based heuristics that predict which sessions are \u003Cstrong>zombies\u003C\u002Fstrong> (safe to prune) versus \u003Cstrong>keepers\u003C\u002Fstrong> (should be retained).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Highlights\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>– \u003Cstrong>Heuristic pruning\u003C\u002Fstrong> – Uses anonymized features (session age, pageviews, cart value, etc.) and conservative rules to identify low-value sessions.\u003Cbr \u002F>\n– \u003Cstrong>Configurable rules & thresholds\u003C\u002Fstrong> – Tune base age, hard timeout, bounce detection, and cart-protection rules from a dedicated WooCommerce settings screen.\u003Cbr \u002F>\n– \u003Cstrong>Safe thresholds\u003C\u002Fstrong> – Only considers sessions past a base age window and is biased towards keeping anything that shows meaningful activity or cart value.\u003Cbr \u002F>\n– \u003Cstrong>Robust behavior\u003C\u002Fstrong> – Even if tracking data is sparse, a conservative rule-based strategy kicks in (e.g. hard 72h timeout, bounces with no cart value).\u003Cbr \u002F>\n– \u003Cstrong>Privacy-first\u003C\u002Fstrong> – No PII is stored. Session IDs and countries are hashed; only coarse behavioral data is used.\u003Cbr \u002F>\n– \u003Cstrong>Native Woo 10.3 integration\u003C\u002Fstrong> – Reads from the WooCommerce session table (supports both legacy and new tables) and plays nicely with the core experimental pruning.\u003Cbr \u002F>\n– \u003Cstrong>HPOS compatible\u003C\u002Fstrong> – Declares compatibility with WooCommerce High-Performance Order Storage (custom order tables) and never touches orders, only session data.\u003Cbr \u002F>\n– \u003Cstrong>Admin dashboard\u003C\u002Fstrong> – Under \u003Cstrong>WooCommerce \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Session Shredder\u003C\u002Fstrong> you get active sessions, pruned counts, a Chart.js visualization of active & pruned sessions per run, and a compact “Recent runs” summary.\u003Cbr \u002F>\n– \u003Cstrong>Logging & observability\u003C\u002Fstrong> – Uses \u003Ccode>wc_get_logger()\u003C\u002Fcode> for info\u002Ferror logging; integrates cleanly with existing WooCommerce logs.\u003C\u002Fp>\n\u003Cp>Session Shredder is structured for real-world stores and designed as a companion to WooCommerce’s experimental guest session engine. It stays fully rule-based out of the box, but developers can extend it via hooks if they ever want to plug in external scoring services or AI endpoints.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why not rely only on the WooCommerce experimental pruning?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>– Core experimental pruning is largely age-based and opaque.\u003Cbr \u002F>\n– Session Shredder adds behavior-aware rules (pageviews, cart value, bounce flag) on top of age.\u003Cbr \u002F>\n– You get a dry-run mode to analyze impact before deleting anything.\u003Cbr \u002F>\n– The dashboard gives you visibility into how many sessions were pruned per run and how many sessions remained active.\u003Cbr \u002F>\n– WP-CLI commands let you script and automate analyze\u002Fprune runs.\u003Cbr \u002F>\n– It works alongside WooCommerce experimental guest sessions and HPOS rather than replacing them: Woo can still prune based on its own rules, while Session Shredder adds a tunable, rule-based layer with better reporting.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Feature collection\u003C\u002Fstrong>\u003Cbr \u002F>\n– On each page load, Session Shredder tracks session activity:\u003Cbr \u002F>\n – Session age (hours since first seen)\u003Cbr \u002F>\n – Pageviews count\u003Cbr \u002F>\n – Cart value (numeric)\u003Cbr \u002F>\n – Whether anything was added to cart\u003Cbr \u002F>\n – Geolocation hash (hashed billing\u002Fshipping country)\u003Cbr \u002F>\n – Simple bounce indicator (single pageview, no cart)\u003Cbr \u002F>\n– Features are stored per-session in non-autoloaded options and never include raw session IDs or user identifiers.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Rule-based pruning\u003C\u002Fstrong>\u003Cbr \u002F>\n– An hourly cron (\u003Ccode>session_shredder_cron\u003C\u002Fcode>) scans the WooCommerce session table for candidates based on age.\u003Cbr \u002F>\n– For each candidate, the plugin:\u003Cbr \u002F>\n – Loads stored features\u003Cbr \u002F>\n – Applies conservative rules like:\u003Cbr \u002F>\n   – Session older than a hard timeout window (e.g. 72 hours)\u003Cbr \u002F>\n   – Single pageview and no cart value\u003Cbr \u002F>\n– If the rules deem the session a low-value “zombie”, it is pruned.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Stats & visualization\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>– After each real run, Session Shredder records:\u003Cbr \u002F>\n – Total pruned sessions (lifetime and today)\u003Cbr \u002F>\n – A short history of recent runs, including how many sessions were pruned and how many remained active before\u002Fafter each run\u003Cbr \u002F>\n– The admin dashboard renders a Chart.js line graph of active & pruned sessions per run via a secure AJAX endpoint, plus a compact “Recent runs” table.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>For developers\u003C\u002Fh3>\n\u003Cp>Session Shredder exposes a small set of hooks and CLI commands so you can integrate it into more advanced workflows without forking the plugin.\u003C\u002Fp>\n\u003Ch4>Hooks\u003C\u002Fh4>\n\u003Cp>– \u003Ccode>session_shredder_features( array $features, string $session_hash )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Filter the behavior feature array before it is stored and later used for pruning decisions.\u003Cbr \u002F>\n  – \u003Ccode>$session_hash\u003C\u002Fcode> is a hashed identifier of the session (no raw IDs or PII).\u003C\u002Fp>\n\u003Cp>– \u003Ccode>session_shredder_base_age_hours( float $base_age_hours )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Adjust the base age window (in hours) before sessions are considered as prune candidates.\u003C\u002Fp>\n\u003Cp>– \u003Ccode>session_shredder_should_prune( bool $should_prune, array $features )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Override or refine the core rule-based decision for a given session.\u003C\u002Fp>\n\u003Cp>– \u003Ccode>session_shredder_feature_options_soft_limit( int $soft_limit )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Adjust the soft cap for how many per-session feature options (\u003Ccode>session_shredder_features_*\u003C\u002Fcode>) are kept in \u003Ccode>wp_options\u003C\u002Fcode> before garbage collection trims the oldest entries.\u003C\u002Fp>\n\u003Cp>– \u003Ccode>session_shredder_feature_options_gc_batch( int $batch_size )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Adjust how many feature options are removed per garbage-collection pass when the soft limit is exceeded. Larger values clean up faster; smaller values spread work over more runs.\u003C\u002Fp>\n\u003Cp>– \u003Ccode>session_shredder_before_run( float $base_age_hours, bool $dry_run )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Fires before a prune run (cron, manual, or CLI) starts.\u003C\u002Fp>\n\u003Cp>– \u003Ccode>session_shredder_after_run( int $pruned_count, bool $dry_run )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Fires after a prune run completes (dry-run or real).\u003C\u002Fp>\n\u003Cp>– \u003Ccode>session_shredder_pruned( int $pruned_count )\u003C\u002Fcode>\u003Cbr \u002F>\n  – Fires after a \u003Cstrong>real\u003C\u002Fstrong> prune run that actually deletes sessions; useful for logging or additional cleanup.\u003C\u002Fp>\n\u003Ch4>WP-CLI commands\u003C\u002Fh4>\n\u003Cp>If WP-CLI is available, Session Shredder registers the following commands:\u003C\u002Fp>\n\u003Cp>– \u003Ccode>wp session-shredder analyze\u003C\u002Fcode>\u003Cbr \u002F>\n  – Performs a dry run using the current rules and settings.\u003Cbr \u002F>\n  – Outputs the total number of sessions and how many \u003Cstrong>would\u003C\u002Fstrong> be pruned, without deleting anything.\u003C\u002Fp>\n\u003Cp>– \u003Ccode>wp session-shredder prune\u003C\u002Fcode>\u003Cbr \u002F>\n  – Runs a real prune using the current rules and settings.\u003Cbr \u002F>\n  – Deletes matching sessions, updates stats, and logs a summary.\u003C\u002Fp>\n","Smart rule-based pruning for WooCommerce 10.3+. Enhances experimental session storage with behavior signals to remove zombie sessions and cut DB size.",148,"2025-12-06T15:34:00.000Z","8.0",[19,20,21,110,23],"sessions","https:\u002F\u002Fmambaspeed.com\u002Fsession-shredder\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsession-shredder-for-woocommerce.1.1.0.zip",{"attackSurface":114,"codeSignals":480,"taintFlows":491,"riskAssessment":525,"analyzedAt":532},{"hooks":115,"ajaxHandlers":446,"restRoutes":477,"shortcodes":478,"cronEvents":479,"entryPointCount":11,"unprotectedCount":11},[116,122,126,130,133,136,139,142,146,150,154,156,159,161,165,167,170,175,177,179,182,185,187,191,193,195,197,200,203,206,209,212,215,217,221,225,228,231,233,235,238,241,244,246,249,252,255,258,261,264,267,270,273,276,279,282,284,286,291,294,297,300,304,307,310,313,316,318,321,324,326,329,332,335,338,341,343,345,347,350,353,357,360,363,366,369,371,373,375,377,380,382,385,388,390,392,394,396,398,401,404,407,410,413,416,419,422,425,428,432,435,438,441,443],{"type":117,"name":118,"callback":119,"file":120,"line":121},"action","admin_menu","closure","includes\u002Fadmin\u002Fpage.php",4,{"type":117,"name":123,"callback":119,"file":124,"line":125},"init","includes\u002Ffunctions.php",69,{"type":127,"name":128,"callback":119,"file":124,"line":129},"filter","wp_insert_post_data",74,{"type":127,"name":131,"callback":119,"priority":11,"file":124,"line":132},"comments_open",83,{"type":127,"name":134,"callback":119,"priority":11,"file":124,"line":135},"pings_open",88,{"type":117,"name":137,"callback":119,"priority":11,"file":124,"line":138},"updated_option",95,{"type":117,"name":140,"callback":119,"file":124,"line":141},"plugins_loaded",117,{"type":127,"name":143,"callback":144,"file":124,"line":145},"woocommerce_admin_disabled","__return_true",124,{"type":127,"name":147,"callback":119,"priority":148,"file":124,"line":149},"woocommerce_admin_features",90,127,{"type":117,"name":151,"callback":119,"priority":152,"file":124,"line":153},"admin_enqueue_scripts",19,128,{"type":117,"name":151,"callback":119,"file":124,"line":155},132,{"type":127,"name":157,"callback":119,"file":124,"line":158},"woocommerce_admin_get_feature_config",142,{"type":117,"name":151,"callback":119,"file":124,"line":160},154,{"type":127,"name":162,"callback":163,"file":124,"line":164},"woocommerce_marketing_menu_items","__return_empty_array",163,{"type":127,"name":147,"callback":119,"file":124,"line":166},164,{"type":127,"name":168,"callback":144,"file":124,"line":169},"woocommerce_helper_suppress_admin_notices",173,{"type":127,"name":171,"callback":172,"priority":173,"file":124,"line":174},"woocommerce_allow_marketplace_suggestions","__return_false",999,178,{"type":117,"name":118,"callback":119,"priority":173,"file":124,"line":176},183,{"type":117,"name":151,"callback":119,"file":124,"line":178},198,{"type":117,"name":180,"callback":119,"priority":32,"file":124,"line":181},"woocommerce_email_footer",211,{"type":127,"name":183,"callback":119,"priority":32,"file":124,"line":184},"woocommerce_email_footer_text",212,{"type":117,"name":151,"callback":119,"priority":26,"file":124,"line":186},221,{"type":117,"name":188,"callback":119,"priority":189,"file":124,"line":190},"wp_enqueue_scripts",99,235,{"type":117,"name":188,"callback":119,"priority":189,"file":124,"line":192},246,{"type":117,"name":188,"callback":119,"priority":45,"file":124,"line":194},253,{"type":117,"name":188,"callback":119,"priority":26,"file":124,"line":196},270,{"type":117,"name":198,"callback":119,"priority":32,"file":124,"line":199},"admin_head",286,{"type":117,"name":201,"callback":119,"file":124,"line":202},"admin_init",295,{"type":117,"name":204,"callback":119,"file":124,"line":205},"wp_dashboard_setup",301,{"type":117,"name":204,"callback":119,"priority":207,"file":124,"line":208},9999,323,{"type":117,"name":204,"callback":119,"priority":210,"file":124,"line":211},9998,337,{"type":117,"name":213,"callback":119,"file":124,"line":214},"wp_before_admin_bar_render",370,{"type":117,"name":151,"callback":119,"file":124,"line":216},378,{"type":127,"name":218,"callback":219,"file":124,"line":220},"admin_footer_text","__return_empty_string",387,{"type":127,"name":222,"callback":219,"priority":223,"file":124,"line":224},"update_footer",11,388,{"type":117,"name":226,"callback":119,"priority":207,"file":124,"line":227},"admin_print_scripts",395,{"type":117,"name":229,"callback":119,"file":124,"line":230},"admin_notices",435,{"type":117,"name":151,"callback":119,"file":124,"line":232},443,{"type":117,"name":201,"callback":119,"file":124,"line":234},465,{"type":117,"name":236,"callback":119,"file":124,"line":237},"post_submitbox_misc_actions",480,{"type":117,"name":239,"callback":119,"file":124,"line":240},"admin_action_sbsset_duplicate",493,{"type":117,"name":242,"callback":119,"file":124,"line":243},"login_enqueue_scripts",543,{"type":117,"name":242,"callback":119,"file":124,"line":245},571,{"type":127,"name":247,"callback":119,"file":124,"line":248},"login_headerurl",578,{"type":127,"name":250,"callback":119,"file":124,"line":251},"login_headertext",583,{"type":127,"name":253,"callback":172,"file":124,"line":254},"login_display_language_dropdown",590,{"type":117,"name":256,"callback":119,"priority":26,"file":124,"line":257},"wp_print_scripts",600,{"type":127,"name":259,"callback":172,"file":124,"line":260},"show_recent_comments_widget_style",617,{"type":117,"name":262,"callback":119,"file":124,"line":263},"template_redirect",618,{"type":117,"name":265,"callback":119,"priority":26,"file":124,"line":266},"wp_print_styles",632,{"type":127,"name":268,"callback":119,"priority":11,"file":124,"line":269},"wp_resource_hints",642,{"type":117,"name":271,"callback":119,"file":124,"line":272},"wp_default_scripts",654,{"type":117,"name":274,"callback":119,"priority":189,"file":124,"line":275},"widgets_init",665,{"type":127,"name":277,"callback":219,"file":124,"line":278},"the_generator",696,{"type":127,"name":280,"callback":119,"file":124,"line":281},"tiny_mce_plugins",708,{"type":117,"name":188,"callback":119,"file":124,"line":283},713,{"type":127,"name":277,"callback":219,"file":124,"line":285},738,{"type":127,"name":287,"callback":288,"priority":289,"file":124,"line":290},"script_loader_src","sbsset_remove_ver",15,768,{"type":127,"name":292,"callback":288,"priority":289,"file":124,"line":293},"style_loader_src",769,{"type":127,"name":295,"callback":172,"file":124,"line":296},"auto_update_theme",779,{"type":127,"name":298,"callback":172,"file":124,"line":299},"auto_update_plugin",784,{"type":127,"name":301,"callback":302,"file":124,"line":303},"pre_site_transient_update_core","__return_null",789,{"type":127,"name":305,"callback":172,"file":124,"line":306},"auto_update_core",790,{"type":127,"name":308,"callback":119,"file":124,"line":309},"wp_revisions_to_keep",800,{"type":127,"name":311,"callback":172,"file":124,"line":312},"wp_is_application_passwords_available",805,{"type":127,"name":314,"callback":172,"file":124,"line":315},"xmlrpc_enabled",810,{"type":117,"name":123,"callback":119,"file":124,"line":317},815,{"type":127,"name":319,"callback":119,"file":124,"line":320},"rest_authentication_errors",822,{"type":127,"name":322,"callback":172,"priority":26,"file":124,"line":323},"use_block_editor_for_post_type",838,{"type":117,"name":188,"callback":119,"priority":26,"file":124,"line":325},839,{"type":127,"name":327,"callback":172,"priority":26,"file":124,"line":328},"gutenberg_use_widgets_block_editor",846,{"type":127,"name":330,"callback":172,"file":124,"line":331},"use_widgets_block_editor",847,{"type":117,"name":333,"callback":119,"file":124,"line":334},"after_setup_theme",848,{"type":117,"name":336,"callback":119,"file":124,"line":337},"enqueue_block_editor_assets",855,{"type":127,"name":339,"callback":119,"file":124,"line":340},"block_editor_settings_all",869,{"type":117,"name":123,"callback":119,"file":124,"line":342},877,{"type":117,"name":336,"callback":119,"file":124,"line":344},884,{"type":117,"name":123,"callback":119,"file":124,"line":346},897,{"type":127,"name":348,"callback":172,"file":124,"line":349},"jetpack_connection_banner_enable",909,{"type":127,"name":351,"callback":119,"priority":11,"file":124,"line":352},"woocommerce_show_admin_notice",910,{"type":127,"name":354,"callback":172,"priority":355,"file":124,"line":356},"jetpack_just_in_time_msgs",20,918,{"type":127,"name":358,"callback":172,"priority":355,"file":124,"line":359},"jetpack_show_promotions",919,{"type":127,"name":361,"callback":172,"file":124,"line":362},"jetpack_blaze_enabled",924,{"type":117,"name":204,"callback":119,"priority":364,"file":124,"line":365},40,929,{"type":127,"name":367,"callback":172,"file":124,"line":368},"elementor\u002Ffrontend\u002Fprint_google_fonts",936,{"type":117,"name":118,"callback":119,"priority":189,"file":124,"line":370},941,{"type":117,"name":151,"callback":119,"priority":355,"file":124,"line":372},944,{"type":117,"name":151,"callback":119,"file":124,"line":374},951,{"type":117,"name":213,"callback":119,"file":124,"line":376},960,{"type":127,"name":378,"callback":172,"file":124,"line":379},"wpseo_debug_markers",968,{"type":117,"name":204,"callback":119,"file":124,"line":381},973,{"type":127,"name":383,"callback":172,"file":124,"line":384},"wpcf7_load_js",980,{"type":127,"name":386,"callback":172,"file":124,"line":387},"wpcf7_load_css",981,{"type":117,"name":213,"callback":119,"file":124,"line":389},986,{"type":117,"name":198,"callback":119,"file":124,"line":391},994,{"type":117,"name":140,"callback":119,"priority":355,"file":124,"line":393},1003,{"type":117,"name":204,"callback":119,"priority":355,"file":124,"line":395},1013,{"type":117,"name":118,"callback":119,"priority":173,"file":124,"line":397},1022,{"type":127,"name":399,"callback":119,"file":124,"line":400},"jpeg_quality",1035,{"type":127,"name":402,"callback":119,"file":124,"line":403},"wp_editor_set_quality",1036,{"type":127,"name":405,"callback":119,"file":124,"line":406},"intermediate_image_sizes_advanced",1041,{"type":127,"name":408,"callback":119,"file":124,"line":409},"intermediate_image_sizes",1047,{"type":127,"name":411,"callback":119,"priority":189,"file":124,"line":412},"auth_cookie_expiration",1058,{"type":127,"name":414,"callback":119,"priority":11,"file":124,"line":415},"redirect_canonical",1071,{"type":127,"name":417,"callback":119,"file":124,"line":418},"rest_endpoints",1077,{"type":117,"name":420,"callback":119,"priority":11,"file":124,"line":421},"wp_login",1100,{"type":117,"name":423,"callback":119,"file":124,"line":424},"wp_login_failed",1105,{"type":117,"name":426,"callback":119,"priority":11,"file":124,"line":427},"xmlrpc_login_error",1115,{"type":127,"name":429,"callback":119,"priority":430,"file":124,"line":431},"xmlrpc_pingback_error",5,1123,{"type":117,"name":433,"callback":119,"priority":189,"file":124,"line":434},"wp_head",1137,{"type":117,"name":436,"callback":119,"priority":32,"file":124,"line":437},"wp_body_open",1145,{"type":117,"name":140,"callback":119,"file":439,"line":440},"sbs-settings.php",77,{"type":117,"name":151,"callback":119,"file":439,"line":442},91,{"type":117,"name":444,"callback":119,"file":439,"line":445},"before_woocommerce_init",114,[447,452,454,456,459,462,465,468,471,474],{"action":448,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":451},"sbsset_save_option",false,"includes\u002Fadmin\u002Fajax.php",109,{"action":453,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":153},"sbsset_toggle_array_item",{"action":455,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":95},"sbsset_save_numeric",{"action":457,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":458},"sbsset_save_textarea",186,{"action":460,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":461},"sbsset_get_image_sizes",204,{"action":463,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":464},"sbsset_dismiss_notice",229,{"action":466,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":467},"sbsset_get_dashboard_widgets",251,{"action":469,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":470},"sbsset_save_logo",276,{"action":472,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":473},"sbsset_export_settings",292,{"action":475,"nopriv":449,"callback":119,"hasNonce":449,"hasCapCheck":449,"file":450,"line":476},"sbsset_import_settings",321,[],[],[],{"dangerousFunctions":481,"sqlUsage":482,"outputEscaping":485,"fileOperations":488,"externalRequests":13,"nonceChecks":223,"capabilityChecks":489,"bundledLibraries":490},[],{"prepared":483,"raw":13,"locations":484},2,[],{"escaped":486,"rawEcho":13,"locations":487},118,[],6,16,[],[492,510],{"entryPoint":493,"graph":494,"unsanitizedCount":483,"severity":509},"\u003Csbs-settings> (sbs-settings.php:0)",{"nodes":495,"edges":507},[496,501],{"id":497,"type":498,"label":499,"file":439,"line":500},"n0","source","$_SERVER (x2)",43,{"id":502,"type":503,"label":504,"file":439,"line":505,"wp_function":506},"n1","sink","header() [Header Injection]",49,"header",[508],{"from":497,"to":502,"sanitized":449},"medium",{"entryPoint":511,"graph":512,"unsanitizedCount":13,"severity":524},"\u003Cajax> (includes\u002Fadmin\u002Fajax.php:0)",{"nodes":513,"edges":521},[514,517],{"id":497,"type":498,"label":515,"file":450,"line":516},"$_POST (x8)",113,{"id":502,"type":503,"label":518,"file":450,"line":519,"wp_function":520},"update_option() [Settings Manipulation]",123,"update_option",[522],{"from":497,"to":502,"sanitized":523},true,"low",{"summary":526,"deductions":527},"The \"sbs-settings\" v1.0.2 plugin exhibits a concerning security posture primarily due to its extensive unprotected AJAX endpoints. While the code displays strong adherence to secure coding practices like prepared SQL statements and output escaping, the lack of authentication on all 10 identified AJAX handlers presents a significant attack surface.  The taint analysis indicates one flow with unsanitized paths, though it's not classified as critical or high severity, which warrants attention. The plugin's clean vulnerability history is a positive sign, suggesting diligent development and maintenance. However, the absence of any recorded vulnerabilities could also mean it hasn't been extensively tested or targeted.  The core weakness lies in the fundamental security principle of access control for AJAX operations, which if exploited, could lead to unauthorized actions or data manipulation.  The plugin has strengths in its internal code hygiene but a critical flaw in its external interface security.",[528,530],{"reason":529,"points":11},"AJAX handlers without auth checks",{"reason":531,"points":430},"Flow with unsanitized paths (taint analysis)","2026-04-16T12:06:04.560Z",{"wat":534,"direct":543},{"assetPaths":535,"generatorPatterns":538,"scriptPaths":539,"versionParams":540},[536,537],"\u002Fwp-content\u002Fplugins\u002Fsbs-settings\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsbs-settings\u002Fassets\u002Fjs\u002Fadmin.js",[],[537],[541,542],"sbs-settings\u002Fassets\u002Fcss\u002Fadmin.css?ver=","sbs-settings\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":544,"htmlComments":545,"htmlAttributes":547,"restEndpoints":549,"jsGlobals":550,"shortcodeOutput":552},[],[546],"\u003C!-- Silence is golden. -->",[548],"data-nonce=\"sbsset_nonce\"",[],[551],"sbssetData",[],{"error":523,"url":554,"statusCode":555,"statusMessage":556,"message":556},"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsbs-settings\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":13,"versions":558},[]]