[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fdfK7Bg3I89Dsoquoxgra2AIrx7IMwAzG_3wRZroQOTM":3,"$fvD2Gto0myxXrzYpz3jEzhA8odRDQk8fCw5GyZV_0t0M":298,"$fyYoV8PWWShkskipgUJo4muUIAJuEFlFfr7swn12zsY4":303},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":21,"download_link":22,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25,"discovery_status":26,"vulnerabilities":27,"developer":28,"crawl_stats":24,"alternatives":35,"analysis":130,"fingerprints":279},"screeney","Screeney","1.0.0","Daryll Doyle","https:\u002F\u002Fprofiles.wordpress.org\u002Fenshrined\u002F","\u003Cp>Whether you’re developing a new site or just looking to iron out any issues, Screeney helps you to visually capture client feedback and action it quickly.\u003C\u002Fp>\n\u003Cp>This plugin allows you to connect your website to the Screeney bug tracking application so there’s no longer a need to add code to your website.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fscreeney.com\u002F\" rel=\"nofollow ugc\">Visit the Screeney website to get an account\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","Connects your website with the Screeney bug tracking web application.",0,1153,"2018-02-15T16:52:00.000Z","4.9.29","4.0","5.6",[18,19,20],"qa","quality-assurance","testing","https:\u002F\u002Fscreeney.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscreeney.1.0.0.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":23,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"enshrined",4,120,30,84,"2026-05-20T02:35:40.886Z",[36,58,76,94,114],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":46,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"editoria11y-accessibility-checker","Editoria11y Accessibility Checker","2.1.12","Editoria11y maintainers","https:\u002F\u002Fprofiles.wordpress.org\u002Feditoria11y\u002F","\u003Cp>Editoria11y (“editorial accessibility ally”) is a quality assurance tool built for an author’s workflow:\u003C\u002Fp>\n\u003Col>\n\u003Cli>It provides instant feedback in the post and page editors. Authors do not need to remember to press a button or visit a dashboard to check their work.\u003C\u002Fli>\n\u003Cli>It checks in context on pages, not just within the post editor, allowing it to test content edited in widgets or theme features.\u003C\u002Fli>\n\u003Cli>It focuses exclusively on \u003Cstrong>content\u003C\u002Fstrong> issues: assisting authors at improving the things that are their responsibility.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>This plugin is the WordPress adaptation of the open-source \u003Ca href=\"https:\u002F\u002Feditoria11y.princeton.edu\" rel=\"nofollow ugc\">Editoria11y library\u003C\u002Fa>. Tests run in the browser and findings are stored in your own database; nothing is sent to any third party. It is meant to \u003Cstrong>supplement\u003C\u002Fstrong>, not replace, \u003Ca href=\"https:\u002F\u002Fwebaim.org\u002Fresources\u002Fevalquickref\u002F\" rel=\"nofollow ugc\">testing your code and visual design\u003C\u002Fa> with developer-focused tools and testing practices.\u003C\u002Fp>\n\u003Ch3>The authoring experience\u003C\u002Fh3>\n\u003Cp>Check out a \u003Ca href=\"https:\u002F\u002Feditoria11y.princeton.edu\u002Fnext\" rel=\"nofollow ugc\">demo of the checker itself\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>When \u003Cstrong>logged-in authors and editors\u003C\u002Fstrong> are viewing pages, Editoria11y inserts tooltips marking any issues present on the current page. Issues are also highlighted while editing in the Block Editor (Gutenberg) and Classic Editor (TinyMCE).\u003C\u002Fli>\n\u003Cli>Tooltips explain each problem and what actions are needed to resolve it. Some issues are “manual checks,” which have buttons to ignore the check or mark the content as OK.\u003C\u002Fli>\n\u003Cli>Clicking the main toggle shows and hides the tooltips.\u003C\u002Fli>\n\u003Cli>The main toggle also allows authors to jump to the next issue, restore previously dismissed alerts, visualize text alternatives for images on the page (“alts”), view the document’s heading outline, and view site-wide detection lists.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The admin experience\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Filterable reports let you explore recent issues, which pages have the most issues, which issues are most common, and which issues have been dismissed. These populate and update when published content is viewed by logged-in authors.\u003C\u002Fli>\n\u003Cli>Various settings are available to constrain checks to specific parts of the page and tweak the sensitivity of several tests.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>The tests\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Text alternatives for visual content\n\u003Cul>\n\u003Cli>Images with no alt text\u003C\u002Fli>\n\u003Cli>Images with a filename as alt text\u003C\u002Fli>\n\u003Cli>Images with very long alt text\u003C\u002Fli>\n\u003Cli>Images with fake alt text to get around field validation (e.g. “TBD”)\u003C\u002Fli>\n\u003Cli>Alt text that contains redundant text like “image of” or “photo of”\u003C\u002Fli>\n\u003Cli>Images in links with alt text that appears to be describing the image instead of the link destination\u003C\u002Fli>\n\u003Cli>Embedded visualizations that usually require a text alternative\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Meaningful links\n\u003Cul>\n\u003Cli>Links with no text\u003C\u002Fli>\n\u003Cli>Links titled with a filename\u003C\u002Fli>\n\u003Cli>Links only titled with generic text: “click here,” “learn more,” “download,” etc.\u003C\u002Fli>\n\u003Cli>Links that open in a new window without warning\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Document outline and structure\n\u003Cul>\n\u003Cli>Skipped heading levels\u003C\u002Fli>\n\u003Cli>Empty headings\u003C\u002Fli>\n\u003Cli>Very long headings\u003C\u002Fli>\n\u003Cli>Suspiciously short blockquotes that may actually be headings\u003C\u002Fli>\n\u003Cli>All-bold paragraphs with no punctuation that may actually be headings\u003C\u002Fli>\n\u003Cli>Suspicious formatting that should probably be converted to a list (sequences of sentences that start with asterisks, emoji or incrementing numbers\u002Fletters)\u003C\u002Fli>\n\u003Cli>Tables without headers\u003C\u002Fli>\n\u003Cli>Empty table header cells\u003C\u002Fli>\n\u003Cli>Tables with document headers (“Header 3”) instead of table headers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>General quality assurance\n\u003Cul>\n\u003Cli>LARGE QUANTITIES OF CAPS LOCK TEXT\u003C\u002Fli>\n\u003Cli>Links to PDFs and other documents, reminding the user to test the download for accessibility or provide an alternate, accessible format\u003C\u002Fli>\n\u003Cli>Video embeds, reminding the user to add closed captions\u003C\u002Fli>\n\u003Cli>Audio embeds, reminding the user to provide a transcript\u003C\u002Fli>\n\u003Cli>Social media embeds, reminding the user to provide alt attributes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Feditoria11y.princeton.edu\u002Fconfiguration\u002F#customtests\" rel=\"nofollow ugc\">Custom results\u003C\u002Fa> provided by your JS\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credit\u003C\u002Fh3>\n\u003Cp>Editoria11y’s WordPress plugin is maintained by Princeton University’s \u003Ca href=\"https:\u002F\u002Fwds.princeton.edu\u002F\" rel=\"nofollow ugc\">Web Development Services\u003C\u002Fa> team:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fitmaybejj\" rel=\"nofollow ugc\">John Jameson\u003C\u002Fa>: Editoria11y JS and CMS integrations\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fjasonpartyka\" rel=\"nofollow ugc\">Jason Partyka\u003C\u002Fa>: Devops\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbkosborne\" rel=\"nofollow ugc\">Brian Osborne\u003C\u002Fa>: Code review\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.drupal.org\u002Fu\u002Fnotmike\" rel=\"nofollow ugc\">Michael Muzzie\u003C\u002Fa>: Wapuu photos\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Editoria11y began as a fork of the Toronto Metropolitan University’s \u003Ca href=\"https:\u002F\u002Fsa11y.netlify.app\u002F\" rel=\"nofollow ugc\">Sa11y Accessibility Checker\u003C\u002Fa>, and our teams regularly pass new code and ideas back and forth.\u003C\u002Fp>\n","Content accessibility checker written to be intuitive and useful for non-technical authors and editors.",1000,20091,100,5,"2026-03-07T01:25:00.000Z","7.0","6.0","7.2",[53,54,19,55],"accessibility-checker","automated-testing","seo","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feditoria11y-accessibility-checker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feditoria11y-accessibility-checker.2.1.12.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":11,"num_ratings":11,"last_updated":67,"tested_up_to":68,"requires_at_least":15,"requires_php":69,"tags":70,"homepage":74,"download_link":75,"security_score":23,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"o3-cli-services","O3 CLI Services","1.0.2","o3world","https:\u002F\u002Fprofiles.wordpress.org\u002Fo3world\u002F","\u003Cp>In its current version, O3 CLI Services exposes two WordPress REST API endpoints\u003Cbr \u002F>\nto empower developers and QA engineers to query URL paths of WordPress posts by\u003Cbr \u002F>\npost types, category types, and menus.\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Use the \u002Fwp-json\u002Fo3-cli-api\u002Furl-sources API endpoint to get a list of sources of\u003Cbr \u002F>\nURL paths, and use the \u002Fwp-json\u002Fo3-cli-api\u002Furls API to get a list of URL paths\u003Cbr \u002F>\nof posts in the system, using your sources as URL query parameter filters.\u003C\u002Fp>\n\u003Cp>Source filters for \u002Fwp-json\u002Fo3-cli-api\u002Furls:\u003Cbr \u002F>\n  – post_types\u003Cbr \u002F>\n    – Include a comma-separated list of post type machine names.\u003Cbr \u002F>\n  – categories\u003Cbr \u002F>\n    – Include a comma-separated list of category slugs.\u003Cbr \u002F>\n  – menus\u003Cbr \u002F>\n    – Include a comma-separated list of menu slugs.\u003Cbr \u002F>\n  – limit\u003Cbr \u002F>\n    – Include an integer limit to control the maximum number of URL paths to\u003Cbr \u002F>\n    return for each machine name in any source.\u003C\u002Fp>\n\u003Cp>An example request:\u003C\u002Fp>\n\u003Cp>GET http:\u002F\u002Fexample.com\u002Fwp-json\u002Fo3-cli-api\u002Furls?post_types=post,product&categories=food,travel&menus=main-navigation,footer-menu&limit=50\u003C\u002Fp>\n\u003Cp>The above example requests the URL paths of posts of post types with the machine\u003Cbr \u002F>\nnames of ‘post’ and ‘product’, having categories with ‘food’ and ‘travel’ slugs,\u003Cbr \u002F>\nas well as items in menus with ‘main-navigation’ and ‘footer-menu’ slugs. As\u003Cbr \u002F>\nwith any WordPress REST API endpoints, the above request returns a JSON array.\u003C\u002Fp>\n\u003Cp>The O3 CLI automatically generates requests like the above, and it empowers\u003Cbr \u002F>\ndevelopers and QA engineers to dynamically generate visual regression tests,\u003Cbr \u002F>\namong other needs. See the documentation at\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fo3-cli.\u003C\u002Fp>\n","O3 CLI Services integrates any WordPress site with the O3 CLI (https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fo3-cli) tool.",999,"2019-12-18T19:08:00.000Z","5.3.21","",[71,72,19,73,20],"automation","o3-cli","regression-testing","https:\u002F\u002Fgithub.com\u002Fo3world\u002Fo3-cli-wordpress-services\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fo3-cli-services.1.0.2.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":11,"downloaded":84,"rating":11,"num_ratings":11,"last_updated":85,"tested_up_to":86,"requires_at_least":50,"requires_php":87,"tags":88,"homepage":92,"download_link":93,"security_score":46,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"precisionqa","PrecisionQA","0.0.1","Kishan Gondaliya","https:\u002F\u002Fprofiles.wordpress.org\u002Fkishu7270\u002F","\u003Cul>\n\u003Cli>Automate creation of Gravity Forms.\u003C\u002Fli>\n\u003Cli>Create\u002Fseed Custom Post Types.\u003C\u002Fli>\n\u003Cli>Embed forms into posts\u002Fpages.\u003C\u002Fli>\n\u003Cli>Performance test utility to bulk-generate content with embedded forms.\u003C\u002Fli>\n\u003C\u002Ful>\n","A comprehensive testing utility for WordPress developers and QA testers.",236,"2025-09-09T19:36:00.000Z","6.8.5","7.4",[89,90,91,18,20],"custom-post-types","forms","gravity-forms","https:\u002F\u002Fkishan-gondaliya-7270.vercel.app","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprecisionqa.0.0.1.zip",{"slug":95,"name":96,"version":97,"author":98,"author_profile":99,"description":100,"short_description":101,"active_installs":11,"downloaded":102,"rating":46,"num_ratings":103,"last_updated":104,"tested_up_to":105,"requires_at_least":106,"requires_php":107,"tags":108,"homepage":111,"download_link":112,"security_score":46,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":113},"qa-assistant","QA Assistant","2.0.3","Mohammad Obayed Mamur","https:\u002F\u002Fprofiles.wordpress.org\u002Fobayedmamur\u002F","\u003Cp>QA Assistant is a powerful WordPress plugin designed specifically for Software Quality Assurance Engineers. It provides advanced Git branch management directly from the WordPress admin bar, making it easier to test different plugin versions and manage development workflows.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>🔄 \u003Cstrong>GitHub Desktop-like Branch Switching\u003C\u002Fstrong> – Switch between Git branches with a single click directly from the WordPress admin bar\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Current Branch Indicator\u003C\u002Fstrong> – Visual indicators show which branch you’re currently on with color-coded status\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Uncommitted Changes Detection\u003C\u002Fstrong> – Get warnings before switching branches when you have unsaved changes\u003C\u002Fp>\n\u003Cp>🔒 \u003Cstrong>Force Switch Option\u003C\u002Fstrong> – Option to discard local changes and force switch to another branch\u003C\u002Fp>\n\u003Cp>📢 \u003Cstrong>Real-time Notifications\u003C\u002Fstrong> – Instant feedback on all Git operations with success\u002Ferror messages\u003C\u002Fp>\n\u003Cp>🎨 \u003Cstrong>Enhanced User Interface\u003C\u002Fstrong> – Modern, intuitive interface with loading states and visual feedback\u003C\u002Fp>\n\u003Cp>🛡️ \u003Cstrong>Security Enhanced\u003C\u002Fstrong> – Proper nonce verification and input sanitization for all AJAX operations\u003C\u002Fp>\n\u003Cp>🔧 \u003Cstrong>Error Handling\u003C\u002Fstrong> – Comprehensive error handling with user-friendly error messages\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Perfect for:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Plugin developers testing different branches\u003Cbr \u002F>\n– QA engineers managing multiple plugin versions\u003Cbr \u002F>\n– Development teams working with Git workflows\u003Cbr \u002F>\n– Anyone who needs quick branch switching in WordPress admin\u003C\u002Fp>\n\u003Ch3>Services\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Git PHP: https:\u002F\u002Fgithub.com\u002Fczproject\u002Fgit-php\u003Cbr \u002F>\nLibrary for working with Git repositories in PHP.\u003Cbr \u002F>\nLibrary requires PHP 5.6 or later and \u003Ccode>git\u003C\u002Fcode> client (path to Git must be in system variable \u003Ccode>PATH\u003C\u002Fcode>).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Git installers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>for Linux – https:\u002F\u002Fgit-scm.com\u002Fdownload\u002Flinux\u003C\u002Fli>\n\u003Cli>for Windows – https:\u002F\u002Fgit-scm.com\u002Fdownload\u002Fwin\u003C\u002Fli>\n\u003Cli>for others – https:\u002F\u002Fgit-scm.com\u002Fdownloads\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External services\u003C\u002Fh3>\n\u003Cp>This plugin does NOT connect to any external services or APIs. All Git operations are performed locally on your server.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Local Git Repository Access:\u003C\u002Fstrong>\u003Cbr \u002F>\n– The plugin reads local Git repository information from \u003Ccode>.git\u002FHEAD\u003C\u002Fcode> files within your WordPress plugin directories\u003Cbr \u002F>\n– This is used to display current branch information and enable branch switching functionality\u003Cbr \u002F>\n– No data is transmitted to external servers\u003Cbr \u002F>\n– All Git operations (branch switching, pulling changes) are performed locally using your server’s Git installation\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Data Handling:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Only local Git repository metadata is accessed (branch names, commit information)\u003Cbr \u002F>\n– No personal data or sensitive information is transmitted externally\u003Cbr \u002F>\n– All operations remain within your WordPress installation and local Git repositories\u003C\u002Fp>\n","A comprehensive tool for Software Quality Assurance Engineers with advanced Git branch management capabilities.",300,2,"2026-02-26T05:07:00.000Z","6.9.4","5.0","8.0",[109,95,19,110],"help","sqa-helper-tool","https:\u002F\u002Fobayedmamur.com\u002Fqa-assistant","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqa-assistant.2.0.3.zip","2026-04-06T09:54:40.288Z",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":11,"downloaded":122,"rating":11,"num_ratings":11,"last_updated":123,"tested_up_to":105,"requires_at_least":124,"requires_php":87,"tags":125,"homepage":128,"download_link":129,"security_score":46,"vuln_count":11,"unpatched_count":11,"last_vuln_date":24,"fetched_at":25},"qalimucho-for-woocommerce","QAlimucho for WooCommerce","1.0.1","adanselm","https:\u002F\u002Fprofiles.wordpress.org\u002Fadanselm\u002F","\u003Cp>QAlimucho enables automated end-to-end testing of your WooCommerce checkout flow without processing real payments. Perfect for QA teams, developers, and automated testing pipelines.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Test payment gateway that bypasses real payment processing\u003C\u002Fli>\n\u003Cli>Secret key authentication for security\u003C\u002Fli>\n\u003Cli>Automatic cleanup of test orders (1 hour retention)\u003C\u002Fli>\n\u003Cli>Manual cleanup option from admin panel\u003C\u002Fli>\n\u003Cli>REST API for integration with testing tools\u003C\u002Fli>\n\u003Cli>HPOS (High-Performance Order Storage) compatible\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install and activate the plugin\u003C\u002Fli>\n\u003Cli>Copy the secret key from Settings > QAlimucho\u003C\u002Fli>\n\u003Cli>Configure your QAlimucho web testing tool with the secret\u003C\u002Fli>\n\u003Cli>Run automated checkout tests – orders complete instantly without payment\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Security:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Test gateway only visible when valid secret key is provided\u003C\u002Fli>\n\u003Cli>Orders marked as test orders and auto-deleted\u003C\u002Fli>\n\u003Cli>Rate limiting on API endpoints\u003C\u002Fli>\n\u003Cli>Timing-safe secret comparison\u003C\u002Fli>\n\u003C\u002Ful>\n","Enable automated checkout testing for WooCommerce without real payments.",79,"2026-03-23T12:43:00.000Z","5.8",[71,126,18,20,127],"checkout","woocommerce","https:\u002F\u002Fqalimucho.com\u002Fwp-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fqalimucho-for-woocommerce.1.0.1.zip",{"attackSurface":131,"codeSignals":166,"taintFlows":197,"riskAssessment":261,"analyzedAt":278},{"hooks":132,"ajaxHandlers":157,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":165,"unprotectedCount":165},[133,139,142,144,147,150,154],{"type":134,"name":135,"callback":136,"file":137,"line":138},"action","plugins_loaded","anonymous","includes\u002Fclass-screeney.php",150,{"type":134,"name":140,"callback":136,"file":137,"line":141},"admin_enqueue_scripts",165,{"type":134,"name":140,"callback":136,"file":137,"line":143},166,{"type":134,"name":145,"callback":136,"file":137,"line":146},"admin_menu",168,{"type":134,"name":148,"callback":136,"file":137,"line":149},"init",169,{"type":151,"name":152,"callback":136,"file":137,"line":153},"filter","query_vars",172,{"type":134,"name":155,"callback":136,"file":137,"line":156},"wp_enqueue_scripts",187,[158],{"action":159,"nopriv":160,"callback":136,"hasNonce":160,"hasCapCheck":160,"file":137,"line":161},"screeney_mark_complete",false,170,[],[],[],1,{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":11,"externalRequests":103,"nonceChecks":11,"capabilityChecks":11,"bundledLibraries":196},[],{"prepared":11,"raw":11,"locations":169},[],{"escaped":103,"rawEcho":171,"locations":172},12,[173,177,180,182,184,185,187,189,191,192,194,195],{"file":174,"line":175,"context":176},"admin\u002Fclass-screeney-admin.php",295,"raw output",{"file":178,"line":179,"context":176},"admin\u002Fpartials\u002Fissues.php",23,{"file":181,"line":179,"context":176},"admin\u002Fpartials\u002Fproject.php",{"file":181,"line":183,"context":176},28,{"file":181,"line":183,"context":176},{"file":186,"line":179,"context":176},"admin\u002Fpartials\u002Fsettings.php",{"file":186,"line":188,"context":176},25,{"file":186,"line":190,"context":176},32,{"file":186,"line":190,"context":176},{"file":193,"line":179,"context":176},"admin\u002Fpartials\u002Fteam.php",{"file":193,"line":183,"context":176},{"file":193,"line":183,"context":176},[],[198,229,252],{"entryPoint":199,"graph":200,"unsanitizedCount":103,"severity":228},"ajax_mark_completed (admin\u002Fclass-screeney-admin.php:282)",{"nodes":201,"edges":224},[202,207,212,215,219],{"id":203,"type":204,"label":205,"file":174,"line":206},"n0","source","$_POST",283,{"id":208,"type":209,"label":210,"file":174,"line":175,"wp_function":211},"n1","sink","echo() [XSS]","echo",{"id":213,"type":204,"label":205,"file":174,"line":214},"n2",288,{"id":216,"type":217,"label":218,"file":174,"line":214},"n3","transform","→ screeney_post()",{"id":220,"type":209,"label":221,"file":222,"line":31,"wp_function":223},"n4","wp_remote_post() [SSRF]","screeney.php","wp_remote_post",[225,226,227],{"from":203,"to":208,"sanitized":160},{"from":213,"to":216,"sanitized":160},{"from":216,"to":220,"sanitized":160},"medium",{"entryPoint":230,"graph":231,"unsanitizedCount":251,"severity":228},"\u003Cclass-screeney-admin> (admin\u002Fclass-screeney-admin.php:0)",{"nodes":232,"edges":246},[233,236,239,240,241,242,244],{"id":203,"type":204,"label":234,"file":174,"line":235},"$_POST['screeney_roles']",213,{"id":208,"type":209,"label":237,"file":174,"line":235,"wp_function":238},"update_option() [Settings Manipulation]","update_option",{"id":213,"type":204,"label":205,"file":174,"line":206},{"id":216,"type":209,"label":210,"file":174,"line":175,"wp_function":211},{"id":220,"type":204,"label":205,"file":174,"line":214},{"id":243,"type":217,"label":218,"file":174,"line":214},"n5",{"id":245,"type":209,"label":221,"file":222,"line":31,"wp_function":223},"n6",[247,248,249,250],{"from":203,"to":208,"sanitized":160},{"from":213,"to":216,"sanitized":160},{"from":220,"to":243,"sanitized":160},{"from":243,"to":245,"sanitized":160},3,{"entryPoint":253,"graph":254,"unsanitizedCount":165,"severity":260},"save_variables (admin\u002Fclass-screeney-admin.php:185)",{"nodes":255,"edges":258},[256,257],{"id":203,"type":204,"label":234,"file":174,"line":235},{"id":208,"type":209,"label":237,"file":174,"line":235,"wp_function":238},[259],{"from":203,"to":208,"sanitized":160},"low",{"summary":262,"deductions":263},"The 'screeney' v1.0.0 plugin exhibits a concerning security posture primarily due to a significant lack of authentication and authorization checks on its identified entry points. While the plugin demonstrates good practices in avoiding dangerous functions and utilizing prepared statements for SQL queries, these strengths are overshadowed by critical weaknesses in how it handles user input and access control.\n\nThe static analysis reveals one AJAX handler that lacks any authentication checks, presenting a direct pathway for unauthenticated users to interact with plugin functionalities. This is further exacerbated by the taint analysis, which found three flows with unsanitized paths, indicating potential vulnerabilities where user-supplied data might be improperly handled. The absence of nonce checks and capability checks on this AJAX handler is a major security concern, as it allows any visitor to potentially trigger plugin actions.\n\nDespite the lack of recorded vulnerability history, which is a positive indicator, the presence of critical weaknesses in the code itself suggests a high potential for exploitation. The plugin's limited attack surface (one AJAX handler) is problematic because that single point is completely unprotected. In conclusion, while the plugin avoids some common pitfalls like raw SQL or dangerous functions, the fundamental lack of security measures on its primary entry point makes it a high-risk plugin. Improvements are urgently needed to implement proper authentication, authorization, and input sanitization.",[264,267,270,273,275],{"reason":265,"points":266},"AJAX handler without auth checks",10,{"reason":268,"points":269},"Flows with unsanitized paths",9,{"reason":271,"points":272},"Missing nonce checks",7,{"reason":274,"points":272},"Missing capability checks",{"reason":276,"points":277},"Low output escaping percentage",6,"2026-04-16T14:20:52.171Z",{"wat":280,"direct":291},{"assetPaths":281,"generatorPatterns":284,"scriptPaths":285,"versionParams":287},[282,283],"\u002Fwp-content\u002Fplugins\u002Fscreeney\u002Fadmin\u002Fcss\u002Fscreeney-admin.css","\u002Fwp-content\u002Fplugins\u002Fscreeney\u002Fincludes\u002Fjs\u002Fscreeney-public.js",[],[286],"\u002Fwp-content\u002Fplugins\u002Fscreeney\u002Fadmin\u002Fjs\u002Fscreeney-admin.js",[288,289,290],"screeney-admin.css?ver=","screeney-public.js?ver=","screeney-admin.js?ver=",{"cssClasses":292,"htmlComments":293,"htmlAttributes":294,"restEndpoints":295,"jsGlobals":296,"shortcodeOutput":297},[],[],[],[],[],[],{"error":299,"url":300,"statusCode":301,"statusMessage":302,"message":302},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fscreeney\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":165,"versions":304},[305],{"version":6,"download_url":22,"svn_tag_url":306,"released_at":24,"has_diff":160,"diff_files_changed":307,"diff_lines":24,"trac_diff_url":24,"vulnerabilities":308,"is_current":299},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fscreeney\u002Ftags\u002F1.0.0\u002F",[],[]]