[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwEnOMy7M8SK89n0zB9NJGCt0g_HykBjNwXgFgi_oiBo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":142,"fingerprints":236},"script-logic","Script Logic","0.3","Tahir Yasin","https:\u002F\u002Fprofiles.wordpress.org\u002Ftahiryasin\u002F","\u003Cp>This plugin lists all JavaScripts and Style sheets with a control field that lets you control CSS & JavaScript files to include only on the pages where you actually need them. The text field lets you use WP’s \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">Conditional Tags\u003C\u002Fa>, or any general PHP code.\u003C\u002Fp>\n\u003Cp>NOTE: The script logic you introduce is evaluated directly. Anyone who has permission to manage options will have the right to add any code, including malicious and possibly destructive code. There is an optional filter ‘script_logic_eval_override’ which you can use to bypass the EVAL with your own code if needed. (See \u003Ca href=\"other_notes\u002F\" rel=\"nofollow ugc\">Other Notes\u003C\u002Fa>).\u003C\u002Fp>\n\u003Ch3>Writing Logic Code\u003C\u002Fh3>\n\u003Cp>The text in the ‘Logic’ field can be full PHP code and should return ‘true’ when you need the script to load. If there is no ‘return’ in the text, an implicit ‘return’ is added to the start and a ‘;’ is added on the end. (This is just to make single statements like is_home() more convenient.)\u003C\u002Fp>\n\u003Ch4>The Basics\u003C\u002Fh4>\n\u003Cp>Make good use of \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FConditional_Tags\" rel=\"nofollow ugc\">WP’s own conditional tags\u003C\u002Fa>. You can vary and combine code using:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>!\u003C\u002Fcode> (NOT) to \u003Cstrong>reverse\u003C\u002Fstrong> the logic, eg \u003Ccode>!is_home()\u003C\u002Fcode> is TRUE when this is NOT the home page.\u003C\u002Fli>\n\u003Cli>\u003Ccode>||\u003C\u002Fcode> (OR) to \u003Cstrong>combine\u003C\u002Fstrong> conditions. \u003Ccode>X OR Y\u003C\u002Fcode> is TRUE when either X is true or Y is true.\u003C\u002Fli>\n\u003Cli>\u003Ccode>&&\u003C\u002Fcode> (AND) to make conditions \u003Cstrong>more specific\u003C\u002Fstrong>. \u003Ccode>X AND Y\u003C\u002Fcode> is TRUE when both X is true and Y is true.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>There are lots of great code examples on the WP forums, and on WP sites across the net. But the WP Codex is also full of good examples to adapt, such as \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTemplate_Tags\u002Fin_category#Testing_if_a_post_is_in_a_descendant_category\" rel=\"nofollow ugc\">Test if post is in a descendent category\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Examples\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>is_home()\u003C\u002Fcode> — just the main blog page\u003C\u002Fli>\n\u003Cli>\u003Ccode>!is_page('about')\u003C\u002Fcode> — everywhere EXCEPT this specific WP ‘page’\u003C\u002Fli>\n\u003Cli>\u003Ccode>!is_user_logged_in()\u003C\u002Fcode> — shown when a user is not logged in\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_category(array(5,9,10,11))\u003C\u002Fcode> — category page of one of the given category IDs\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_single() && in_category('baked-goods')\u003C\u002Fcode> — single post that’s in the category with this slug\u003C\u002Fli>\n\u003Cli>\u003Ccode>strpos($_SERVER['HTTP_REFERER'], \"google.com\")!=false\u003C\u002Fcode> — script to load when clicked through from a google search\u003C\u002Fli>\n\u003Cli>\u003Ccode>is_category() && in_array($cat, get_term_children( 5, 'category'))\u003C\u002Fcode> — category page that’s a descendent of category 5\u003C\u002Fli>\n\u003Cli>\u003Ccode>global $post; return (in_array(77,get_post_ancestors($post)));\u003C\u002Fcode> — WP page that is a child of page 77\u003C\u002Fli>\n\u003Cli>\u003Ccode>global $post; return (is_page('home') || ($post->post_parent==\"13\"));\u003C\u002Fcode> — home page OR the page that’s a child of page 13\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Note the extra ‘;’ on the end where there is an explicit ‘return’.\u003C\u002Fp>\n\u003Ch3>The ‘script_logic_eval_override’ filter\u003C\u002Fh3>\n\u003Cp>Before the Script Logic code is evaluated for each script, the text of the Script Logic code is passed through this filter. If the filter returns a BOOLEAN result, this is used instead to determine if the script should load. Return TRUE to load.\u003C\u002Fp>\n","Script Logic lets you control on which pages scripts and style sheets load using WP's conditional tags.",10,2523,60,2,"2014-07-10T10:22:00.000Z","3.9.40","2.8","",[20,21,22,23,24],"admin","conditional-tags","script","speed","style","http:\u002F\u002Fscriptbaker.com\u002Fscript-logic","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fscript-logic.0.3.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"tahiryasin",3,430,30,84,"2026-04-04T11:00:41.476Z",[40,64,85,104,124],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":61,"download_link":62,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gonzales","Assets manager, dequeue scripts, dequeue styles for WordPress","2.2.1","webcraftic","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebcraftic\u002F","\u003Cp>\u003Cstrong>Assets Manager is no longer under active development. We recommend using \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-cloudflare-page-cache\u002F\" rel=\"ugc\">Super Page Cache\u003C\u002Fa> as it includes all Assets Manager features plus powerful caching capabilities.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In October 2025, Assets Manager was acquired by Super Page Cache. We’re retiring Assets Manager in favor of Super Page Cache to ensure users have access to the same asset optimization features they’re using now, plus additional caching capabilities for improved performance, compatibility, and a superior user experience.\u003C\u002Fp>\n\u003Cp>You should know that, a lot of WordPress plugins developers forget performance when creating plugins. This means that a lot of them load self scripts\u002Fstyles on every single post and or page of your site. This is not good, because it slows your site down.\u003C\u002Fp>\n\u003Cp>That’s why we created the WP Asset manager, with it, you can choose which scripts and styles should be loaded on the page, and which ones do not. One example of this would be with the Contact Form 7 plugin. With two clicks you can disable it everywhere except for on your contact page.\u003C\u002Fp>\n\u003Cp>THIS PLUGIN’S BENEFITS INCLUDE\u003C\u002Fp>\n\u003Cp>Decreases number of HTTP requests loaded (important for faster load)\u003Cbr \u002F>\nReduces the HTML code of the actual page (that’s even better if GZIP compression is enabled)\u003Cbr \u002F>\nMakes source code easier to scan in case you’re a developer and want to search for something\u003Cbr \u002F>\nRemove possible conflicts between plugins\u002Ftheme (e.g. 2 JavaScript files that are loading from different plugins and they interfere one with another)\u003Cbr \u002F>\nBetter performance score if you test your URL on websites such as GTmetrix, PageSpeed Insights, Pingdom Website Speed Test\u003Cbr \u002F>\nGoogle will love your website more as it would be faster and fast page load is nowadays a factor in search ranking\u003Cbr \u002F>\nYour server access log files (e.g the Apache ones) will be easier to scan and would take less space on your server\u003C\u002Fp>\n\u003Cp>We used some useful functions from plugins \u003Cstrong>Asset Queue Manager\u003C\u002Fstrong>, \u003Cstrong>WP Asset CleanUp (Page Speed Optimizer)\u003C\u002Fstrong>, \u003Cstrong>Clearfy – disable unused features\u003C\u002Fstrong>, \u003Cstrong>wp disable\u003C\u002Fstrong>, \u003Cstrong>Disabler\u003C\u002Fstrong>, \u003Cstrong>Admin Tweaks\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>English – default, always included\u003C\u002Fli>\n\u003Cli>French – Thank you very much to user (kingteamdunet)\u003C\u002Fli>\n\u003Cli>Russian\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you want to help with the translation, please contact me through this site or through the contacts inside the plugin.\u003C\u002Fp>\n","Increase the speed of the pages by disabling unused scripts (.JS) and styles (.CSS). Make your website REACTIVE!",2000,81906,86,53,"2026-01-13T11:12:00.000Z","6.9.4","5.6","7.2",[57,58,59,23,60],"dequeue-script","dequeue-style","pagespeed","unload-style","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgonzales\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgonzales.2.2.1.zip",100,{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":74,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":54,"requires_php":78,"tags":79,"homepage":83,"download_link":84,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wc-speed-drain-repair","WC Speed Repair","4.5","WP Fix It - WordPress Experts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfixit\u002F","\u003Cp>WooCommerce is powerful but it loads dozens of scripts and styles even when they are re not needed, which can slow your site down.\u003Cbr \u002F>\nThis plugin gives you an instant performance boost by letting you disable unnecessary WooCommerce frontend assets on non WooCommerce pages.\u003Cbr \u002F>\n\u003Cstrong>Features\u003C\u002Fstrong>\u003Cbr \u002F>\n– One-click toggles for each WooCommerce asset JS and CSS\u003Cbr \u002F>\n– Grouped by functionality: Core Scripts, Cart, Block Styles, General Styles\u003Cbr \u002F>\n– Savings Test Tool per URL\u003Cbr \u002F>\n– Custom WooCommerce handle entry for global disable\u003Cbr \u002F>\n– Front end WooCommerce Assets menu\u003Cbr \u002F>\n– Per page list of script assets loading with disable option\u003Cbr \u002F>\n– Per page list of style assets loading with disable option\u003Cbr \u002F>\n– Meta box for custom handle input per page disable rules\u003Cbr \u002F>\n– Select All and Deselect All buttons to quickly apply optimizations\u003Cbr \u002F>\nBy reducing what loads on non-commerce pages, your site becomes leaner and faster especially for blog, landing, or informational pages.\u003Cbr \u002F>\n\u003Cstrong>How It Works\u003C\u002Fstrong>\u003Cbr \u002F>\nOnly WooCommerce pages (like shop, cart, checkout, and product pages) truly need WooCommerce assets.\u003Cbr \u002F>\nSo this plugin:\u003Cbr \u002F>\n– Lets you turn off WooCommerce assets on non-WooCommerce pages\u003Cbr \u002F>\n– Automatically preserves functionality where needed (e.g. checkout\u002Fcart)\u003Cbr \u002F>\n– Saves bandwidth, server load, and improves core Web Vitals\u003Cbr \u002F>\nThere’s no need to write any code or modify theme files.\u003C\u002Fp>\n","Make WooCommerce sites BLAZING fast by disabling unused scripts and styles with one click toggles.",1000,52080,76,25,"2025-07-08T13:37:00.000Z","6.8.5","7.4",[80,81,82],"disabling-unused-woocommerce-scripts-and-styles","make-woocommerce-sites-blazing-fast","woocommerce-speed","https:\u002F\u002Fwww.wpfixit.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwc-speed-drain-repair.4.5.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":11,"downloaded":93,"rating":63,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":18,"tags":98,"homepage":102,"download_link":103,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"nuno-sarmento-custom-css-js","Nuno Sarmento Custom CSS – JS","1.0.3","Nuno Sarmento","https:\u002F\u002Fprofiles.wordpress.org\u002Fnunosarmento\u002F","\u003Cp>Custom CSS & JS plugin allows us to add custom CSS and Javascript functions on your WordPress website without editing any theme’s style and script files, the plugin also allows us to add external URLs with your style or script\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom CSS, JS and external URLs(scripts, CSS) on individual posts.\u003C\u002Fli>\n\u003Cli>Custom CSS, JS and external URLs(scripts, CSS) on pages.\u003C\u002Fli>\n\u003Cli>Custom CSS, JS and external URLs(scripts, CSS) across the whole website.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FHRJLXe2eCSA?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Cp>If you have suggestions for a new add-on, feel free to email me at hello@nuno-sarmento.com\u003C\u002Fp>\n","Custom CSS & JavaScripts functions.",2076,1,"2020-11-27T10:05:00.000Z","5.6.17","3.0.1",[20,99,100,101,24],"css","custom","javascript","https:\u002F\u002Fen-gb.wordpress.org\u002Fplugins\u002Fnuno-sarmento-custom-css-js\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnuno-sarmento-custom-css-js.1.0.3.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":11,"downloaded":112,"rating":28,"num_ratings":28,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":116,"tags":117,"homepage":122,"download_link":123,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"remove-scripts-styles","Remove Scripts & Styles","1.0","Benjamin Intal","https:\u002F\u002Fprofiles.wordpress.org\u002Fbfintal\u002F","\u003Cp>Deregister & dequeue scripts and styles per page. Use the script or style handle to disable specific files.\u003C\u002Fp>\n\u003Cp>This is for advanced users for tweaking and optimizing webpage loading speeds.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Note: This plugin requires Advanced Custom Fields to be installed.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Remove:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enqueued Theme stylesheets\u003C\u002Fli>\n\u003Cli>Enqueued Theme scripts\u003C\u002Fli>\n\u003Cli>Enqueued Plugin stylesheets\u003C\u002Fli>\n\u003Cli>Enqueued Plugin scripts\u003C\u002Fli>\n\u003C\u002Ful>\n","Deregister & dequeue scripts and styles per page. Speed tweaking for advanced users.",1422,"2018-08-30T23:46:00.000Z","4.9.29","4.1","5.3",[118,119,120,121,23],"loading-time","optimization","remove-scripts","remove-styles","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fremove-scripts-styles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-scripts-styles.1.0.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":28,"downloaded":132,"rating":28,"num_ratings":28,"last_updated":18,"tested_up_to":96,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":139,"download_link":140,"security_score":63,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":141},"lh-dequeue-buddypress","LH Dequeue Buddypress","1.04","shawfactor","https:\u002F\u002Fprofiles.wordpress.org\u002Fshawfactor\u002F","\u003Cp>This plugin simply removes the scripts and styles that buddypress adds to your site, but only for non logged in users. Logged in users who need the buddyoress functionality are not effected\u003C\u002Fp>\n\u003Cp>Thus speeding up the experience of normal vistors\u003C\u002Fp>\n\u003Cp>This plugin would be more appropriate on a site that has a private buddypress area whilst also having general public facing content.\u003C\u002Fp>\n","Dequeue the scripts and styles that buddypress adds for non logged in users.",1371,"4.0",[135,136,137,23,138],"buddypress","dequeue","scripts","styles","https:\u002F\u002Flhero.org\u002Fportfolio\u002Flh-dequeue-buddypress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flh-dequeue-buddypress.zip","2026-03-15T14:44:11.924Z",{"attackSurface":143,"codeSignals":174,"taintFlows":224,"riskAssessment":225,"analyzedAt":235},{"hooks":144,"ajaxHandlers":170,"restRoutes":171,"shortcodes":172,"cronEvents":173,"entryPointCount":28,"unprotectedCount":28},[145,151,154,158,162,166],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_enqueue_scripts","load_custom_scripts","script-logic.php",26,{"type":146,"name":152,"callback":152,"file":149,"line":153},"switch_theme",27,{"type":146,"name":155,"callback":156,"file":149,"line":157},"admin_init","register",28,{"type":146,"name":159,"callback":160,"file":149,"line":161},"admin_menu","menu",29,{"type":146,"name":163,"callback":164,"file":149,"line":165},"wp_print_scripts","inspect_scripts",31,{"type":146,"name":167,"callback":168,"file":149,"line":169},"wp_enqueue_scripts","inspect_styles",32,[],[],[],[],{"dangerousFunctions":175,"sqlUsage":189,"outputEscaping":191,"fileOperations":14,"externalRequests":28,"nonceChecks":28,"capabilityChecks":94,"bundledLibraries":223},[176,181,184,187],{"fn":177,"file":178,"line":179,"context":180},"unserialize","options.php",14,"$registered_scripts = unserialize(get_option('sb_registered_scripts'));",{"fn":177,"file":178,"line":182,"context":183},15,"$registered_styles = unserialize(get_option('sb_registered_styles'));",{"fn":177,"file":149,"line":185,"context":186},104,"$sl_settings = unserialize($sl_settings);",{"fn":177,"file":149,"line":188,"context":186},169,{"prepared":28,"raw":28,"locations":190},[],{"escaped":28,"rawEcho":192,"locations":193},16,[194,196,197,199,201,203,205,206,208,210,212,214,216,217,219,221],{"file":178,"line":34,"context":195},"raw output",{"file":178,"line":34,"context":195},{"file":178,"line":198,"context":195},41,{"file":178,"line":200,"context":195},42,{"file":178,"line":202,"context":195},43,{"file":178,"line":204,"context":195},47,{"file":178,"line":204,"context":195},{"file":178,"line":207,"context":195},55,{"file":178,"line":209,"context":195},81,{"file":178,"line":211,"context":195},82,{"file":178,"line":213,"context":195},83,{"file":178,"line":215,"context":195},87,{"file":178,"line":215,"context":195},{"file":178,"line":218,"context":195},93,{"file":178,"line":220,"context":195},108,{"file":178,"line":222,"context":195},109,[],[],{"summary":226,"deductions":227},"The \"script-logic\" plugin v0.3 exhibits a mixed security posture. On the positive side, it demonstrates good practices by having no recorded CVEs and no detected taint flows, indicating a generally stable codebase with respect to known vulnerabilities and complex data injection risks. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its direct attack surface. Furthermore, all SQL queries utilize prepared statements, which is a crucial security measure against SQL injection. The plugin also has one capability check, which is better than none.\n\nHowever, several critical security concerns are present. The use of the `unserialize` function, especially without clear input validation or context, is a major risk, as unserialization of untrusted data can lead to remote code execution. The complete lack of output escaping for all identified output points is highly alarming and presents a significant risk of Cross-Site Scripting (XSS) vulnerabilities. The absence of nonce checks on potential entry points, though the attack surface is currently zero, means that if entry points were introduced in the future, they would likely be unprotected. The vulnerability history being clean is a strength, but the active code risks, particularly unserialize and unescaped output, overshadow this positive aspect.\n\nIn conclusion, while the plugin has a clean vulnerability history and has implemented prepared statements for SQL, the presence of `unserialize` and the complete lack of output escaping represent critical security flaws that could easily be exploited. The absence of entry points is a protective factor, but the inherent risks within the code itself make this plugin a significant concern.",[228,230,232],{"reason":229,"points":182},"Presence of 'unserialize' function",{"reason":231,"points":192},"100% of output unescaped",{"reason":233,"points":234},"No nonce checks on entry points",5,"2026-03-17T00:33:00.703Z",{"wat":237,"direct":246},{"assetPaths":238,"generatorPatterns":241,"scriptPaths":242,"versionParams":243},[239,240],"\u002Fwp-content\u002Fplugins\u002Fscript-logic\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fscript-logic\u002Fjs\u002Fscriptlogic.js",[],[239,240],[244,245],"script-logic\u002Fjs\u002Fadmin.js?ver=","script-logic\u002Fjs\u002Fscriptlogic.js?ver=",{"cssClasses":247,"htmlComments":248,"htmlAttributes":249,"restEndpoints":250,"jsGlobals":251,"shortcodeOutput":253},[],[],[],[],[252],"scriptLogicObj",[]]