[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fa5yFjzt8MybwHb6VUWML4TDT2VhgwzdswA9VLq1xSAU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":146,"fingerprints":559},"secure-role-restricted-draft-previews","Secure Role-Restricted Draft Previews","1.0.1","Pixy Puala","https:\u002F\u002Fprofiles.wordpress.org\u002Fpixypuala\u002F","\u003Cp>\u003Cstrong>Why this plugin?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WordPress core preview links work well for editors, and \u003Cem>Public Post Preview\u003C\u002Fem> shares via anonymous nonces.\u003Cbr \u002F>\nThis plugin adds a missing middle ground: \u003Cstrong>draft previews that are secured by authentication and access control\u003Cbr \u002F>\nlists (ACLs)\u003C\u002Fstrong> — role-based, user-specific, or per-email tokens — plus analytics and a one-click revoke-all.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Universal Compatibility\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Works seamlessly with:\u003Cbr \u002F>\n* Full Site Editing (FSE) themes\u003Cbr \u002F>\n* Block themes (modern WordPress)\u003Cbr \u002F>\n* Classic PHP-based themes\u003Cbr \u002F>\n* All page builders including Elementor, WPBakery, Divi, etc.\u003Cbr \u002F>\n* WooCommerce product drafts\u003Cbr \u002F>\n* Any CSS framework including Tailwind CSS v4+\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create expiring preview links (default 72h; configurable).\u003C\u002Fli>\n\u003Cli>Restrict by \u003Cstrong>roles\u003C\u002Fstrong>, \u003Cstrong>specific users\u003C\u002Fstrong>, or \u003Cstrong>per-email tokens\u003C\u002Fstrong> (no login for recipients).\u003C\u002Fli>\n\u003Cli>Require HTTPS for previews (on by default).\u003C\u002Fli>\n\u003Cli>Per-link analytics: allowed\u002Fdenied events, hashed IP, user agent (privacy-friendly).\u003C\u002Fli>\n\u003Cli>Meta box in the editor (Post\u002FPage by default; filterable) to generate, copy, and revoke.\u003C\u002Fli>\n\u003Cli>“Revoke All” for a post.\u003C\u002Fli>\n\u003Cli>Everything prefixed (\u003Ccode>srpl_\u003C\u002Fcode>), sanitized, and aligned with WordPress coding standards.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How it works\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Each generated link has a unique token, TTL, and ACL:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Role-based Access:\u003C\u002Fstrong> Requires login. Only users with allowed roles can view the preview.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>User-based Access:\u003C\u002Fstrong> Requires login. Only specific user IDs can access the preview.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email Token Access:\u003C\u002Fstrong> No login required. Recipients receive unique URLs with email verification tokens.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>When a link is visited, SRPL validates the token, expiry, and ACL, then renders the draft with your theme’s header\u002Ffooter. Events are logged (when enabled) to a small custom table (\u003Ccode>wp_srpl_events\u003C\u002Fcode>) with \u003Cstrong>hashed IP\u003C\u002Fstrong> for privacy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IPs are hashed using \u003Ccode>hash_hmac(sha256, ip, wp_salt('auth'))\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>You can disable analytics entirely under \u003Cstrong>Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Secure Previews\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Developer Friendly\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fully documented filters and actions\u003C\u002Fli>\n\u003Cli>Clean, object-oriented codebase\u003C\u002Fli>\n\u003Cli>PSR-4 autoloading\u003C\u002Fli>\n\u003Cli>Extensive inline documentation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Filters\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>srpl_supported_post_types\u003C\u002Fcode> – Modify post types that support preview links\u003C\u002Fli>\n\u003Cli>\u003Ccode>srpl_default_ttl_hours\u003C\u002Fcode> – Change default expiration time (in hours)\u003C\u002Fli>\n\u003Cli>\u003Ccode>srpl_force_ssl\u003C\u002Fcode> – Control whether previews are forced to use HTTPS\u003C\u002Fli>\n\u003Cli>\u003Ccode>srpl_analytics_enabled\u003C\u002Fcode> – Enable or disable analytics collection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Functions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>LinkManager::create($post_id, $args)\u003C\u002Fcode> – Create a new preview link\u003C\u002Fli>\n\u003Cli>\u003Ccode>LinkManager::revoke($link_id)\u003C\u002Fcode> – Revoke a specific link\u003C\u002Fli>\n\u003Cli>\u003Ccode>LinkManager::revoke_all_for_post($post_id)\u003C\u002Fcode> – Revoke all links for a post\u003C\u002Fli>\n\u003Cli>\u003Ccode>LinkManager::find_by_token($token)\u003C\u002Fcode> – Find a link by its token\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Database Structure\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Post Meta for Links: _srpl_token, _srpl_mode, _srpl_roles, _srpl_users, _srpl_emails, _srpl_expires, _srpl_revoked, _srpl_hits, _srpl_last_access\u003C\u002Fli>\n\u003Cli>Analytics Table: wp_srpl_events (link_id, post_id, user_id, outcome, ip_hash, ua, created_at)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is free software, licensed under the GPL v2 or later.\u003C\u002Fp>\n","Generate secure, expiring preview URLs for drafts with role\u002Fuser restrictions. Compatible with FSE, Block Themes, and Classic Themes.",0,229,"2025-10-02T15:00:00.000Z","6.8.5","6.4","8.1",[18,19,20,21,22],"access-control","drafts","preview","roles","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsecure-role-restricted-draft-previews\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecure-role-restricted-draft-previews.1.0.1.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"pixypuala",2,30,94,"2026-04-05T09:47:22.084Z",[36,62,83,106,127],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":11,"last_vuln_date":61,"fetched_at":27},"advanced-access-manager","Advanced Access Manager – Access Governance for WordPress","7.1.0","AAM Plugin","https:\u002F\u002Fprofiles.wordpress.org\u002Fvasyltech\u002F","\u003Cp>\u003Cstrong>Advanced Access Manager (AAM)\u003C\u002Fstrong> introduces \u003Cstrong>Access Governance for WordPress\u003C\u002Fstrong> – a systematic approach to securing your site by controlling who can access what, when, and why.\u003C\u002Fp>\n\u003Cp>Most WordPress security plugins focus on external threats like malware, firewalls, and brute-force attacks. AAM addresses the \u003Cstrong>root cause of the #1 WordPress security risk: broken access controls, excessive privileges, and misconfigured roles\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Instead of reacting to attacks, AAM helps you \u003Cstrong>design security into your WordPress site\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>What Access Governance means in practice\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Mitigate Broken Access Controls\u003C\u002Fstrong>. Ensure roles, users, and permissions are correctly configured to prevent unauthorized actions and privilege escalation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Eliminate Excessive Privileges\u003C\u002Fstrong>. Identify overpowered users and reduce access to critical functionality, admin areas, and APIs.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Secure Content by Design\u003C\u002Fstrong>. Control who can view, edit, publish, or delete posts, pages, media, taxonomies, and custom content types.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Govern Access with Policy\u003C\u002Fstrong>. Define access rules using JSON Access Policies — portable, auditable, and automation-friendly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Build Custom Security Logic\u003C\u002Fstrong>. Use the AAM PHP Framework to create advanced, programmatic access controls tailored to your application.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Audit\u003C\u002Fstrong>. Detect risky role assignments, misconfigurations, and compromised accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Access Control\u003C\u002Fstrong>. Manage permissions for any user, role, or visitor with precision.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Role & Capability Management\u003C\u002Fstrong>. Customize WordPress roles and capabilities beyond defaults.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Admin & Menu Control\u003C\u002Fstrong>. Restrict dashboard areas and tailor the admin experience per user or role.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>API & Endpoint Protection\u003C\u002Fstrong>. Secure REST and XML-RPC access with fine-grained controls.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Modern Authentication Options\u003C\u002Fstrong>. Support passwordless and secure login flows.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer-Ready Framework\u003C\u002Fstrong>. Extend WordPress security using AAM’s powerful SDK.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ad-Free & Transparent\u003C\u002Fstrong>. – No ads, no tracking, no bloat.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Built for Security-Conscious WordPress Users\u003C\u002Fh4>\n\u003Cp>AAM is trusted by \u003Cstrong>150,000+ websites\u003C\u002Fstrong> to deliver enterprise-grade access control without unnecessary complexity. Whether you’re a site owner, agency, developer, or security professional, AAM gives you \u003Cstrong>full control over WordPress access — by design\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Most core features are free. Advanced capabilities are available via premium add-ons.\u003C\u002Fp>\n\u003Cp>No hidden tracking. No data collection. No unwanted changes.\u003Cbr \u002F>\nJust \u003Cstrong>security you can reason about, audit, and trust\u003C\u002Fstrong>.\u003C\u002Fp>\n","Access Governance for WordPress. Control roles, users, content, admin areas, and APIs to prevent broken access controls and excessive privileges.",100000,7384389,84,420,"2026-03-08T15:53:00.000Z","6.9.4","5.8.0","5.6.0",[53,54,55,22,56],"access-governance","api-security","restricted-content","user-roles","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-access-manager.7.1.0.zip",95,11,"2024-03-20 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":44,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"public-post-preview","Public Post Preview","3.1.0","Dominik Schilling","https:\u002F\u002Fprofiles.wordpress.org\u002Focean90\u002F","\u003Cp>Share a link to anonymous users to preview a draft of a post (or any other public post type) before it is published.\u003C\u002Fp>\n\u003Cp>Have you ever been writing a post with the help of someone who does not have access to your site and needed to give them the ability to preview it before publishing? This plugin takes care of that by generating an URL with an expiring nonce that can be given out for public preview.\u003C\u002Fp>\n\u003Cp>\u003Cem>Previously this plugin was maintained by \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fsivel\u002F\" rel=\"nofollow ugc\">Matt Martz\u003C\u002Fa> and was an idea of \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fjdingman\u002F\" rel=\"nofollow ugc\">Jonathan Dingman\u003C\u002Fa>. Photo by \u003Ca href=\"https:\u002F\u002Funsplash.com\u002Fphotos\u002Fopened-book-on-grass-during-daytime-bhBONc07WsI\" rel=\"nofollow ugc\">Annelies Geneyn\u003C\u002Fa>.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>To enable a public post preview check the box in the document settings. In the classic editor it’s in the “Publish” meta box.\u003C\u002Fli>\n\u003Cli>The link will be displayed if the checkbox is checked, you can copy and share the link with your friends.\u003C\u002Fli>\n\u003Cli>To disable a preview uncheck the box again.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allow anonymous users to preview a draft of a post before it is published.",1584582,90,79,"2026-03-01T16:13:00.000Z","7.0","6.6","8.0",[78,19,79,20,80],"anonymous","posts","public","https:\u002F\u002Fgithub.com\u002Focean90\u002Fpublic-post-preview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpublic-post-preview.3.1.0.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":71,"num_ratings":93,"last_updated":94,"tested_up_to":95,"requires_at_least":96,"requires_php":57,"tags":97,"homepage":101,"download_link":102,"security_score":103,"vuln_count":104,"unpatched_count":11,"last_vuln_date":105,"fetched_at":27},"underconstruction","underConstruction","1.22","Garrett Grimm","https:\u002F\u002Fprofiles.wordpress.org\u002Fgrimmdude\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fappsumo.com\u002Fsearch?tags=wordpress&utm_source=sumo&utm_medium=wp-widget&utm_campaign=social-media-widget\" rel=\"nofollow ugc\">Check out the latest WordPress deals for your site.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Creates a ‘Coming Soon’ page that will show for all users who are not logged in. Useful for developing a site on a live server, without the world being able to see it\u003C\u002Fp>\n","Creates a 'Coming Soon' page that will show for all users who are not logged in",40000,1745115,111,"2024-03-08T05:10:00.000Z","6.4.8","2.7",[98,20,99,22,100],"construction","private","under-construction","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Funderconstruction\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funderconstruction.1.22.zip",82,5,"2024-03-29 00:00:00",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":25,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":119,"requires_php":57,"tags":120,"homepage":124,"download_link":125,"security_score":126,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-draftsforfriends","WP-DraftsForFriends","1.0.2","Lester Chan","https:\u002F\u002Fprofiles.wordpress.org\u002Fgamerz\u002F","\u003Cp>This plugin will generate a unique link that you can send to your friends to allow them to preview your draft before they are published. You are able to set the expiry for the link as well.\u003C\u002Fp>\n\u003Cp>Modified from Drafts for Friends originally by Neville Longbottom.\u003C\u002Fp>\n\u003Ch3>Build Status\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftravis-ci.org\u002Flesterchan\u002Fwp-draftsforfriends\" rel=\"nofollow ugc\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Development\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-draftsforfriends\" title=\"https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-draftsforfriends\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Flesterchan\u002Fwp-draftsforfriends\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Plugin icon by \u003Ca href=\"http:\u002F\u002Fwww.freepik.com\" rel=\"nofollow ugc\">Freepik\u003C\u002Fa> from \u003Ca href=\"http:\u002F\u002Fwww.flaticon.com\" rel=\"nofollow ugc\">Flaticon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Donations\u003C\u002Fh3>\n\u003Cp>I spent most of my free time creating, updating, maintaining and supporting these plugins, if you really love my plugins and could spare me a couple of bucks, I will really appreciate it. If not feel free to use it without any obligations.\u003C\u002Fp>\n","Now you don't need to add friends as users to the blog in order to let them preview your drafts",2000,18060,6,"2023-08-09T02:59:00.000Z","6.3.8","3.7",[19,121,122,20,123],"drafts-for-friends","friends","send","http:\u002F\u002Flesterchan.net\u002Fportfolio\u002Fprogramming\u002Fphp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-draftsforfriends.zip",85,{"slug":128,"name":129,"version":130,"author":131,"author_profile":132,"description":133,"short_description":134,"active_installs":135,"downloaded":136,"rating":25,"num_ratings":137,"last_updated":138,"tested_up_to":14,"requires_at_least":139,"requires_php":74,"tags":140,"homepage":144,"download_link":145,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"menu-by-user-roles","Menu By User Roles","2.0.4","kahnu044","https:\u002F\u002Fprofiles.wordpress.org\u002Fkahnu044\u002F","\u003Cp>Menu By User Roles is a WordPress plugin that allows you to control the visibility of menu items based on user roles. You can assign specific user roles to each menu item, ensuring that only users with those roles can see and access the corresponding links.\u003C\u002Fp>\n\u003Cp>For more information and usage instructions, visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkahnu044\u002Fmenu-by-user-roles\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support and inquiries, please \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkahnu044\u002Fmenu-by-user-roles\u002Fissues\" rel=\"nofollow ugc\">open an issue on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the GPL-2.0+ License. See \u003Ccode>LICENSE\u003C\u002Fcode> for more information.\u003C\u002Fp>\n\u003Ch3>Author\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fkahnu044\" rel=\"nofollow ugc\">Kahnu Charan Swain\u003C\u002Fa>\u003C\u002Fp>\n","Menu By User Roles allows you to control the visibility of menu items based on user roles.",1000,8453,3,"2025-10-02T15:41:00.000Z","5.0",[18,141,142,143,56],"role-based-menus","site-navigation","tags-menu-visibility","https:\u002F\u002Fgithub.com\u002Fkahnu044\u002Fmenu-by-user-roles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmenu-by-user-roles.2.0.4.zip",{"attackSurface":147,"codeSignals":254,"taintFlows":510,"riskAssessment":553,"analyzedAt":558},{"hooks":148,"ajaxHandlers":233,"restRoutes":251,"shortcodes":252,"cronEvents":253,"entryPointCount":116,"unprotectedCount":11},[149,155,159,163,167,171,176,180,184,188,191,196,199,202,204,207,209,211,213,214,215,216,217,219,220,221,222,223,225,226,228,229,231,232],{"type":150,"name":151,"callback":152,"file":153,"line":154},"action","add_meta_boxes","add_metabox","inc\\Admin\\Admin.php",16,{"type":150,"name":156,"callback":157,"file":153,"line":158},"admin_enqueue_scripts","enqueue",17,{"type":150,"name":160,"callback":161,"file":153,"line":162},"admin_menu","settings_page",18,{"type":150,"name":164,"callback":165,"file":153,"line":166},"admin_init","register_settings",19,{"type":150,"name":168,"callback":169,"file":153,"line":170},"admin_notices","closure",381,{"type":150,"name":172,"callback":173,"file":174,"line":175},"init","add_rewrite_rules","inc\\Core\\Router.php",13,{"type":177,"name":178,"callback":169,"file":174,"line":179},"filter","query_vars",14,{"type":150,"name":181,"callback":182,"file":174,"line":183},"template_redirect","maybe_handle",28,{"type":177,"name":185,"callback":169,"priority":186,"file":174,"line":187},"user_has_cap",10,76,{"type":177,"name":189,"callback":169,"file":174,"line":190},"template_include",86,{"type":150,"name":192,"callback":193,"file":194,"line":195},"srpl_activate","run","inc\\Setup\\Migration.php",77,{"type":150,"name":164,"callback":197,"file":194,"line":198},"maybe_run",80,{"type":150,"name":168,"callback":200,"file":201,"line":46},"migration_notice","inc\\Support\\Migration.php",{"type":150,"name":168,"callback":169,"file":201,"line":203},130,{"type":150,"name":164,"callback":169,"file":205,"line":206},"secure-role-restricted-draft-previews.php",37,{"type":150,"name":164,"callback":169,"file":205,"line":208},44,{"type":150,"name":172,"callback":169,"file":205,"line":210},67,{"type":150,"name":151,"callback":152,"file":212,"line":154},"trunk\\inc\\Admin\\Admin.php",{"type":150,"name":156,"callback":157,"file":212,"line":158},{"type":150,"name":160,"callback":161,"file":212,"line":162},{"type":150,"name":164,"callback":165,"file":212,"line":166},{"type":150,"name":168,"callback":169,"file":212,"line":170},{"type":150,"name":172,"callback":173,"file":218,"line":175},"trunk\\inc\\Core\\Router.php",{"type":177,"name":178,"callback":169,"file":218,"line":179},{"type":150,"name":181,"callback":182,"file":218,"line":183},{"type":177,"name":185,"callback":169,"priority":186,"file":218,"line":187},{"type":177,"name":189,"callback":169,"file":218,"line":190},{"type":150,"name":192,"callback":193,"file":224,"line":195},"trunk\\inc\\Setup\\Migration.php",{"type":150,"name":164,"callback":197,"file":224,"line":198},{"type":150,"name":168,"callback":200,"file":227,"line":46},"trunk\\inc\\Support\\Migration.php",{"type":150,"name":168,"callback":169,"file":227,"line":203},{"type":150,"name":164,"callback":169,"file":230,"line":206},"trunk\\secure-role-restricted-draft-previews.php",{"type":150,"name":164,"callback":169,"file":230,"line":208},{"type":150,"name":172,"callback":169,"file":230,"line":210},[234,240,244,248,249,250],{"action":235,"nopriv":236,"callback":237,"hasNonce":238,"hasCapCheck":238,"file":153,"line":239},"srpl_create_link",false,"ajax_create_link",true,21,{"action":241,"nopriv":236,"callback":242,"hasNonce":238,"hasCapCheck":238,"file":153,"line":243},"srpl_revoke_link","ajax_revoke_link",22,{"action":245,"nopriv":236,"callback":246,"hasNonce":238,"hasCapCheck":238,"file":153,"line":247},"srpl_revoke_all","ajax_revoke_all",23,{"action":235,"nopriv":236,"callback":237,"hasNonce":238,"hasCapCheck":238,"file":212,"line":239},{"action":241,"nopriv":236,"callback":242,"hasNonce":238,"hasCapCheck":238,"file":212,"line":243},{"action":245,"nopriv":236,"callback":246,"hasNonce":238,"hasCapCheck":238,"file":212,"line":247},[],[],[],{"dangerousFunctions":255,"sqlUsage":256,"outputEscaping":259,"fileOperations":507,"externalRequests":11,"nonceChecks":186,"capabilityChecks":508,"bundledLibraries":509},[],{"prepared":257,"raw":11,"locations":258},4,[],{"escaped":260,"rawEcho":261,"locations":262},78,166,[263,266,268,270,272,273,274,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,312,313,315,316,318,319,321,323,325,327,329,331,333,335,337,338,340,341,343,344,346,348,350,352,354,356,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505],{"file":153,"line":264,"context":265},68,"raw output",{"file":153,"line":267,"context":265},72,{"file":153,"line":269,"context":265},74,{"file":153,"line":271,"context":265},75,{"file":153,"line":187,"context":265},{"file":153,"line":195,"context":265},{"file":153,"line":275,"context":265},96,{"file":153,"line":277,"context":265},102,{"file":153,"line":279,"context":265},108,{"file":153,"line":281,"context":265},113,{"file":153,"line":283,"context":265},123,{"file":153,"line":285,"context":265},151,{"file":153,"line":287,"context":265},382,{"file":153,"line":289,"context":265},390,{"file":153,"line":291,"context":265},428,{"file":153,"line":293,"context":265},429,{"file":153,"line":295,"context":265},433,{"file":153,"line":297,"context":265},434,{"file":153,"line":299,"context":265},436,{"file":153,"line":301,"context":265},437,{"file":153,"line":303,"context":265},438,{"file":153,"line":305,"context":265},439,{"file":153,"line":307,"context":265},440,{"file":153,"line":309,"context":265},443,{"file":153,"line":311,"context":265},445,{"file":153,"line":311,"context":265},{"file":153,"line":314,"context":265},446,{"file":153,"line":314,"context":265},{"file":153,"line":317,"context":265},447,{"file":153,"line":317,"context":265},{"file":153,"line":320,"context":265},452,{"file":153,"line":322,"context":265},453,{"file":153,"line":324,"context":265},455,{"file":153,"line":326,"context":265},456,{"file":153,"line":328,"context":265},457,{"file":153,"line":330,"context":265},458,{"file":153,"line":332,"context":265},459,{"file":153,"line":334,"context":265},462,{"file":153,"line":336,"context":265},464,{"file":153,"line":336,"context":265},{"file":153,"line":339,"context":265},465,{"file":153,"line":339,"context":265},{"file":153,"line":342,"context":265},466,{"file":153,"line":342,"context":265},{"file":153,"line":345,"context":265},471,{"file":153,"line":347,"context":265},472,{"file":153,"line":349,"context":265},473,{"file":153,"line":351,"context":265},475,{"file":153,"line":353,"context":265},476,{"file":153,"line":355,"context":265},482,{"file":153,"line":357,"context":265},483,{"file":153,"line":359,"context":265},488,{"file":153,"line":361,"context":265},489,{"file":153,"line":363,"context":265},494,{"file":153,"line":365,"context":265},495,{"file":153,"line":367,"context":265},500,{"file":153,"line":369,"context":265},501,{"file":153,"line":371,"context":265},503,{"file":153,"line":373,"context":265},504,{"file":153,"line":375,"context":265},507,{"file":153,"line":377,"context":265},508,{"file":153,"line":379,"context":265},510,{"file":153,"line":381,"context":265},511,{"file":153,"line":383,"context":265},512,{"file":153,"line":385,"context":265},513,{"file":153,"line":387,"context":265},516,{"file":153,"line":389,"context":265},517,{"file":153,"line":391,"context":265},519,{"file":153,"line":393,"context":265},520,{"file":153,"line":395,"context":265},525,{"file":153,"line":397,"context":265},527,{"file":153,"line":399,"context":265},528,{"file":153,"line":401,"context":265},529,{"file":153,"line":403,"context":265},530,{"file":153,"line":405,"context":265},531,{"file":153,"line":407,"context":265},534,{"file":153,"line":409,"context":265},535,{"file":153,"line":411,"context":265},537,{"file":153,"line":413,"context":265},538,{"file":153,"line":415,"context":265},539,{"file":153,"line":417,"context":265},540,{"file":153,"line":419,"context":265},542,{"file":421,"line":422,"context":265},"templates\\preview.php",24,{"file":212,"line":264,"context":265},{"file":212,"line":267,"context":265},{"file":212,"line":269,"context":265},{"file":212,"line":271,"context":265},{"file":212,"line":187,"context":265},{"file":212,"line":195,"context":265},{"file":212,"line":275,"context":265},{"file":212,"line":277,"context":265},{"file":212,"line":279,"context":265},{"file":212,"line":281,"context":265},{"file":212,"line":283,"context":265},{"file":212,"line":285,"context":265},{"file":212,"line":287,"context":265},{"file":212,"line":289,"context":265},{"file":212,"line":291,"context":265},{"file":212,"line":293,"context":265},{"file":212,"line":295,"context":265},{"file":212,"line":297,"context":265},{"file":212,"line":299,"context":265},{"file":212,"line":301,"context":265},{"file":212,"line":303,"context":265},{"file":212,"line":305,"context":265},{"file":212,"line":307,"context":265},{"file":212,"line":309,"context":265},{"file":212,"line":311,"context":265},{"file":212,"line":311,"context":265},{"file":212,"line":314,"context":265},{"file":212,"line":314,"context":265},{"file":212,"line":317,"context":265},{"file":212,"line":317,"context":265},{"file":212,"line":320,"context":265},{"file":212,"line":322,"context":265},{"file":212,"line":324,"context":265},{"file":212,"line":326,"context":265},{"file":212,"line":328,"context":265},{"file":212,"line":330,"context":265},{"file":212,"line":332,"context":265},{"file":212,"line":334,"context":265},{"file":212,"line":336,"context":265},{"file":212,"line":336,"context":265},{"file":212,"line":339,"context":265},{"file":212,"line":339,"context":265},{"file":212,"line":342,"context":265},{"file":212,"line":342,"context":265},{"file":212,"line":345,"context":265},{"file":212,"line":347,"context":265},{"file":212,"line":349,"context":265},{"file":212,"line":351,"context":265},{"file":212,"line":353,"context":265},{"file":212,"line":355,"context":265},{"file":212,"line":357,"context":265},{"file":212,"line":359,"context":265},{"file":212,"line":361,"context":265},{"file":212,"line":363,"context":265},{"file":212,"line":365,"context":265},{"file":212,"line":367,"context":265},{"file":212,"line":369,"context":265},{"file":212,"line":371,"context":265},{"file":212,"line":373,"context":265},{"file":212,"line":375,"context":265},{"file":212,"line":377,"context":265},{"file":212,"line":379,"context":265},{"file":212,"line":381,"context":265},{"file":212,"line":383,"context":265},{"file":212,"line":385,"context":265},{"file":212,"line":387,"context":265},{"file":212,"line":389,"context":265},{"file":212,"line":391,"context":265},{"file":212,"line":393,"context":265},{"file":212,"line":395,"context":265},{"file":212,"line":397,"context":265},{"file":212,"line":399,"context":265},{"file":212,"line":401,"context":265},{"file":212,"line":403,"context":265},{"file":212,"line":405,"context":265},{"file":212,"line":407,"context":265},{"file":212,"line":409,"context":265},{"file":212,"line":411,"context":265},{"file":212,"line":413,"context":265},{"file":212,"line":415,"context":265},{"file":212,"line":417,"context":265},{"file":212,"line":419,"context":265},{"file":506,"line":422,"context":265},"trunk\\templates\\preview.php",8,12,[],[511,529,537,545],{"entryPoint":512,"graph":513,"unsanitizedCount":11,"severity":528},"render_settings (inc\\Admin\\Admin.php:373)",{"nodes":514,"edges":526},[515,520],{"id":516,"type":517,"label":518,"file":153,"line":519},"n0","source","$_POST",378,{"id":521,"type":522,"label":523,"file":153,"line":524,"wp_function":525},"n1","sink","update_option() [Settings Manipulation]",379,"update_option",[527],{"from":516,"to":521,"sanitized":238},"low",{"entryPoint":530,"graph":531,"unsanitizedCount":11,"severity":528},"\u003CAdmin> (inc\\Admin\\Admin.php:0)",{"nodes":532,"edges":535},[533,534],{"id":516,"type":517,"label":518,"file":153,"line":519},{"id":521,"type":522,"label":523,"file":153,"line":524,"wp_function":525},[536],{"from":516,"to":521,"sanitized":238},{"entryPoint":538,"graph":539,"unsanitizedCount":11,"severity":528},"render_settings (trunk\\inc\\Admin\\Admin.php:373)",{"nodes":540,"edges":543},[541,542],{"id":516,"type":517,"label":518,"file":212,"line":519},{"id":521,"type":522,"label":523,"file":212,"line":524,"wp_function":525},[544],{"from":516,"to":521,"sanitized":238},{"entryPoint":546,"graph":547,"unsanitizedCount":11,"severity":528},"\u003CAdmin> (trunk\\inc\\Admin\\Admin.php:0)",{"nodes":548,"edges":551},[549,550],{"id":516,"type":517,"label":518,"file":212,"line":519},{"id":521,"type":522,"label":523,"file":212,"line":524,"wp_function":525},[552],{"from":516,"to":521,"sanitized":238},{"summary":554,"deductions":555},"The \"secure-role-restricted-draft-previews\" plugin v1.0.1 exhibits a generally strong security posture based on the provided static analysis. A significant positive is the complete absence of raw SQL queries, with all 4 identified queries using prepared statements. The plugin also demonstrates good practice by implementing nonce checks and capability checks on its entry points, suggesting an effort to prevent unauthorized actions. Furthermore, the lack of any recorded vulnerabilities in its history is a reassuring indicator of past development diligence.\n\nHowever, a notable concern arises from the output escaping analysis, where only 32% of the 244 total outputs are properly escaped. This leaves a considerable portion of output vulnerable to cross-site scripting (XSS) attacks if user-supplied data is incorporated into these unescaped outputs. While the taint analysis shows no unsanitized paths, the potential for XSS through unescaped output remains a significant risk. The plugin also performs 8 file operations, which, while not explicitly flagged as insecure, warrants attention in a broader security review to ensure proper sanitization and access control.\n\nIn conclusion, the plugin has several strengths, particularly in its handling of database queries and authentication mechanisms. The absence of historical vulnerabilities is positive. The primary weakness lies in the insufficient output escaping, which presents a tangible risk of XSS vulnerabilities. Addressing this output escaping issue should be the priority for improving the plugin's overall security.",[556],{"reason":557,"points":507},"Low percentage of properly escaped output","2026-03-17T06:29:30.568Z",{"wat":560,"direct":569},{"assetPaths":561,"generatorPatterns":564,"scriptPaths":565,"versionParams":566},[562,563],"\u002Fwp-content\u002Fplugins\u002Fsecure-role-restricted-draft-previews\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsecure-role-restricted-draft-previews\u002Fassets\u002Fjs\u002Fadmin.js",[],[563],[567,568],"secure-role-restricted-draft-previews\u002Fassets\u002Fcss\u002Fadmin.css?ver=","secure-role-restricted-draft-previews\u002Fassets\u002Fjs\u002Fadmin.js?ver=",{"cssClasses":570,"htmlComments":571,"htmlAttributes":572,"restEndpoints":573,"jsGlobals":574,"shortcodeOutput":576},[],[],[],[],[575],"SRPL",[]]