[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fqV8HiboQecb4jL1wsBUnfYgb1VVO9hwg6HshjZq2ILU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":133,"fingerprints":204},"security-header-generator","Security Header Generator","5.4.77","Kevin Pirnie","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevp75\u002F","\u003Cp>This plugin generates the proper security HTTP response headers, attempts to generate a valid Content Security Policy, and sets browser permissions if configured.\u003C\u002Fp>\n","This plugin generates the proper security HTTP response headers to keep your site secured.",500,24333,96,6,"2026-02-03T14:10:00.000Z","7.0","6.0.9","8.2",[20,21,22,23,24],"content-security-policy","permissions","permissions-policy","security","security-headers","https:\u002F\u002Fkevinpirnie.com\u002Fblog\u002F2021\u002F10\u002F13\u002Fwordpress-plugin-security-header-generator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header-generator.5.4.77.zip",100,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"kevp75",2,1500,30,94,"2026-04-04T00:36:28.724Z",[40,61,80,99,117],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":14,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"csp-manager","Content Security Policy Manager","1.2.1","Patrick Sletvold","https:\u002F\u002Fprofiles.wordpress.org\u002F16patsle\u002F","\u003Cp>\u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong> is a WordPress plugin that allows you to easily configure \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FCSP\" rel=\"nofollow ugc\">Content Security Policy headers\u003C\u002Fa> for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.\u003C\u002Fp>\n\u003Cp>Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.\u003C\u002Fp>\n","Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors",2000,33739,86,"2022-08-09T17:33:00.000Z","6.1.10","4.6","7.2",[20,56,23,24,57],"csp","xss","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-manager.1.2.1.zip",85,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":27,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":16,"tags":75,"homepage":58,"download_link":79,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"security-header","HTTP Security Header","3.1","MOHIT GOYAL","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohitgoyal1108\u002F","\u003Cp>\u003Cstrong>HTTP Security Header\u003C\u002Fstrong> helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.\u003C\u002Fp>\n\u003Cp>This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.\u003C\u002Fp>\n\u003Ch3>🔎 Scan Your Website Security Headers\u003C\u002Fh3>\n\u003Cp>Before configuring headers, instantly check your website’s current security score using our online header scanner:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Finspiredmonks.com\u002Fhttp-security-header-scanner\u002F\" rel=\"nofollow ugc\">Scan Your Website Security Headers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✔ Enter your website URL\u003Cbr \u002F>\n✔ Get instant Security Grade (A+ to F)\u003Cbr \u002F>\n✔ See which headers are Present or Missing\u003Cbr \u002F>\n✔ Get clear, actionable recommendations\u003Cbr \u002F>\n✔ Easily fix them using this plugin\u003C\u002Fp>\n\u003Cp>Used by thousands of websites to enhance security and protect user data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual toggles for enabling\u002Fdisabling headers\u003Cbr \u002F>\n– Option to use \u003Cstrong>default or custom header values\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure fallback if a header is misconfigured\u003Cbr \u002F>\n– Integrated \u003Cstrong>header validation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Support for all major browser-supported headers\u003Cbr \u002F>\n– Nonce-based saving and admin notices\u003Cbr \u002F>\n– WP Multisite compatible\u003Cbr \u002F>\n– “Disable All” and “Reset to Important Headers” actions\u003Cbr \u002F>\n– Per-header input validation with real-time error fallback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Strict-Transport-Security (HSTS)\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Content-Security-Policy\u003Cbr \u002F>\n* Permissions-Policy\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight and performance-focused  \u003C\u002Fli>\n\u003Cli>No front-end impact  \u003C\u002Fli>\n\u003Cli>Choose default or custom header values  \u003C\u002Fli>\n\u003Cli>Secure validation and auto-fallbacks  \u003C\u002Fli>\n\u003Cli>Seamless plugin compatibility (including WP Rocket)  \u003C\u002Fli>\n\u003Cli>Fully translation-ready and i18n-compliant  \u003C\u002Fli>\n\u003Cli>Nonce-protected admin save actions  \u003C\u002Fli>\n\u003Cli>Optional reset-to-default support  \u003C\u002Fli>\n\u003Cli>Reset or disable all headers with one click\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.",800,4254,3,"2025-12-30T17:44:00.000Z","6.9.4","5.0",[76,20,77,24,78],"clickjacking","http-security-header","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header.3.1.zip",{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":27,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":73,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":97,"download_link":98,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"csp-antsst","CSP Friendly Security","1.5.2","Pascal CESCATO","https:\u002F\u002Fprofiles.wordpress.org\u002Fpcescato\u002F","\u003Cp>Adds a CSP header compatible with most WP plugins without breaking styles.\u003C\u002Fp>\n","Adds a CSP header compatible with most WP plugins without breaking styles.",2755,70,4,"2026-01-01T13:42:00.000Z","5.9","7.3",[20,56,95,24,96],"nonces","sha256-hashes","https:\u002F\u002Ftsw.ovh\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-antsst.1.5.2.zip",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":107,"downloaded":108,"rating":27,"num_ratings":34,"last_updated":109,"tested_up_to":110,"requires_at_least":74,"requires_php":54,"tags":111,"homepage":114,"download_link":115,"security_score":116,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"abdal-security-headers","Abdal Security Headers","5.1.3","Ebrahim Shafiei (EbraSha)","https:\u002F\u002Fprofiles.wordpress.org\u002Fprofshafiei\u002F","\u003Cp>Abdal Security Headers is a powerful WordPress plugin that enhances your website’s security through HTTP security headers. It provides an easy-to-use interface for managing security policies and protecting against common web vulnerabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Modern UI with iOS-style switches\u003C\u002Fli>\n\u003Cli>Real-time CSP Header Preview\u003C\u002Fli>\n\u003Cli>Automatic security header configuration\u003C\u002Fli>\n\u003Cli>Protection against XSS attacks\u003C\u002Fli>\n\u003Cli>Prevention of clickjacking attempts\u003C\u002Fli>\n\u003Cli>MIME-type sniffing protection\u003C\u002Fli>\n\u003Cli>Strict HTTPS enforcement\u003C\u002Fli>\n\u003Cli>Full RTL support\u003C\u002Fli>\n\u003Cli>Mobile-responsive interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security Headers Managed:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security (HSTS)\u003C\u002Fli>\n\u003Cli>Content-Security-Policy (CSP)\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Cp>This plugin is available in the following languages:\u003Cbr \u002F>\n– English (en_US)\u003Cbr \u002F>\n– Persian (fa_IR)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the \u003Cstrong>GPLv2 or later\u003C\u002Fstrong> License.\u003Cbr \u002F>\nLicense details: \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>\u003C\u002Fp>\n","Enhance WordPress security with essential HTTP security headers, protecting against XSS, clickjacking, and other common web vulnerabilities.",10,2827,"2025-03-13T14:27:00.000Z","6.7.5",[20,112,23,24,113],"hsts","x-frame-options","https:\u002F\u002Fgithub.com\u002Febrasha\u002Fabdal-security-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabdal-security-headers.5.1.3.zip",92,{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":28,"downloaded":125,"rating":28,"num_ratings":28,"last_updated":126,"tested_up_to":127,"requires_at_least":74,"requires_php":16,"tags":128,"homepage":58,"download_link":132,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wps-protect-login-url-security-headers","WPS Protect: Login URL & Security Headers","1.1","Muhammad Junaid Tariq","https:\u002F\u002Fprofiles.wordpress.org\u002Fjunaid434\u002F","\u003Cp>The \u003Cstrong>WPS Protect: Login URL & Security Headers\u003C\u002Fstrong> plugin enhances your WordPress site security with multiple layers of protection. It provides a comprehensive solution for securing your WordPress installation through custom login URL protection, advanced security headers, and SSL enforcement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>\u003Cstrong>Custom Login URL Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change and hide the default WordPress login URL\u003C\u002Fli>\n\u003Cli>Protect against brute force attacks\u003C\u002Fli>\n\u003Cli>Maintain compatibility with wp-admin access\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Advanced Security Headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-Frame-Options: Prevent clickjacking attacks\u003C\u002Fli>\n\u003Cli>X-XSS-Protection: Enable browser’s XSS filtering\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options: Prevent MIME-type sniffing\u003C\u002Fli>\n\u003Cli>Content-Security-Policy (CSP): Control resource loading\u003C\u002Fli>\n\u003Cli>Permissions-Policy: Control browser features and APIs\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security (HSTS): Enforce HTTPS\u003C\u002Fli>\n\u003Cli>Referrer-Policy: Control referrer information\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin: Manage CORS policies\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>SSL Enforcement\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Force HTTPS across your site\u003C\u002Fli>\n\u003Cli>Secure cookie handling\u003C\u002Fli>\n\u003Cli>Mixed content protection\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tab-based admin interface\u003C\u002Fli>\n\u003Cli>Easy configuration of all security features\u003C\u002Fli>\n\u003Cli>Recommended values for security headers\u003C\u002Fli>\n\u003Cli>Real-time feedback on settings changes\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","The WPS Protect: Login URL & Security Headers plugin enhances your WordPress site security with multiple layers of protection.",312,"2025-06-25T11:17:00.000Z","6.8.5",[129,130,22,23,131],"headers","login","ssl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-protect-login-url-security-headers.1.1.zip",{"attackSurface":134,"codeSignals":185,"taintFlows":196,"riskAssessment":197,"analyzedAt":203},{"hooks":135,"ajaxHandlers":177,"restRoutes":182,"shortcodes":183,"cronEvents":184,"entryPointCount":140,"unprotectedCount":140},[136,143,145,147,150,153,157,160,163,166,170,173],{"type":137,"name":138,"callback":139,"priority":140,"file":141,"line":142},"action","plugins_loaded","closure",1,"work\\common.php",115,{"type":137,"name":138,"callback":139,"priority":34,"file":141,"line":144},126,{"type":137,"name":138,"callback":139,"file":141,"line":146},133,{"type":137,"name":148,"callback":139,"file":141,"line":149},"admin_enqueue_scripts",146,{"type":137,"name":151,"callback":139,"file":141,"line":152},"admin_notices",168,{"type":137,"name":154,"callback":139,"file":155,"line":156},"send_headers","work\\inc\\kcp-cspgen-headers.php",83,{"type":137,"name":158,"callback":139,"file":155,"line":159},"rest_api_init",121,{"type":161,"name":162,"callback":139,"file":155,"line":146},"filter","rest_pre_serve_request",{"type":137,"name":164,"callback":139,"file":155,"line":165},"admin_init",178,{"type":137,"name":151,"callback":167,"file":168,"line":169},"maybe_show_notice","work\\inc\\kcp-cspgen-migration-backup.php",46,{"type":137,"name":148,"callback":171,"file":168,"line":172},"maybe_enqueue_script",49,{"type":161,"name":174,"callback":139,"file":175,"line":176},"submenu_file","work\\inc\\kcp-cspgen-settings.php",125,[178],{"action":179,"nopriv":180,"callback":139,"hasNonce":180,"hasCapCheck":180,"file":141,"line":181},"wpsh_load_preset",false,185,[],[],[],{"dangerousFunctions":186,"sqlUsage":187,"outputEscaping":189,"fileOperations":28,"externalRequests":28,"nonceChecks":34,"capabilityChecks":90,"bundledLibraries":195},[],{"prepared":28,"raw":28,"locations":188},[],{"escaped":190,"rawEcho":140,"locations":191},16,[192],{"file":168,"line":193,"context":194},268,"raw output",[],[],{"summary":198,"deductions":199},"The security-header-generator plugin v6.0.23 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and having a high percentage of properly escaped output. It also includes nonce and capability checks, and lacks any known critical or high vulnerability history, suggesting a generally well-maintained codebase.\n\nHowever, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point for potential attacks that could be exploited by unauthenticated users. While taint analysis shows no identified vulnerabilities, the absence of authentication on an exposed AJAX endpoint is a critical oversight that could be leveraged in conjunction with other potential plugin or WordPress core vulnerabilities.\n\nGiven the clean vulnerability history, it's possible this is an oversight. The plugin's strengths in other security areas are noteworthy, but the unprotected AJAX endpoint represents a clear and present risk that needs immediate attention to ensure a robust security posture.",[200],{"reason":201,"points":202},"AJAX handler without auth checks",8,"2026-03-16T19:33:11.075Z",{"wat":205,"direct":214},{"assetPaths":206,"generatorPatterns":209,"scriptPaths":210,"versionParams":211},[207,208],"\u002Fwp-content\u002Fplugins\u002Fsecurity-header-generator\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fsecurity-header-generator\u002Fassets\u002Fjs\u002Fscript.js",[],[208],[212,213],"security-header-generator\u002Fstyle.css?ver=","security-header-generator\u002Fscript.js?ver=",{"cssClasses":215,"htmlComments":216,"htmlAttributes":217,"restEndpoints":218,"jsGlobals":219,"shortcodeOutput":221},[],[],[],[],[220],"wpshPresets",[]]