[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZkN4O_TF5xemeFg1Re5i-XB8QgZu9zKawUEiNVzfCS0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":16,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":133,"fingerprints":297},"server-info-wp","Server Info WP","2.1","Tyler","https:\u002F\u002Fprofiles.wordpress.org\u002Ftylerthedude\u002F","\u003Cp>Take the hassle out of server administration with Server Info WP. This simple plugin will add three dashboard widgets to easily allow you to monitor your server. These widgets will display important information about your server such as CPU usage, PHP memory usage, and other necessities needed for properly running your server.\u003C\u002Fp>\n","Easily monitor your server by watching your server usage and resources with three widgets.",30,2468,0,"2020-04-17T01:00:00.000Z","5.4.19","","5.3",[19,20,21,22,23],"server-info","server-information","server-monitor","server-monitoring","server-usage","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-info-wp.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":25,"avg_patch_time_days":11,"trust_score":33,"computed_at":34},"tylerthedude",2,130,84,"2026-04-04T07:14:25.151Z",[36,56,75,95,115],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":13,"num_ratings":13,"last_updated":46,"tested_up_to":47,"requires_at_least":48,"requires_php":49,"tags":50,"homepage":54,"download_link":55,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wp-tech-lookup","WP Tech Lookup","1.1","Ashish Ajani","https:\u002F\u002Fprofiles.wordpress.org\u002Fashishajani\u002F","\u003Cp>WP Tech Lookup is a simple WordPress utiliy plugin. Once installed it will show important information including hosting server information, WordPress information, database information, file permissions and WordPress cron job information.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Ch4>Hosting server information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Hosting server name and IP address\u003C\u002Fli>\n\u003Cli>Server protocol, CGI version and software\u003C\u002Fli>\n\u003Cli>Server operating system and available ports\u003C\u002Fli>\n\u003Cli>PHP version and maximum limit of size, vars, memory and execution time\u003C\u002Fli>\n\u003Cli>Status of PHP variables like globals and safe mode\u003C\u002Fli>\n\u003Cli>Database software details\u003C\u002Fli>\n\u003Cli>Database version and maximum number of connections allowed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress version\u003C\u002Fli>\n\u003Cli>Themes information including active theme, version, author, etc…\u003C\u002Fli>\n\u003Cli>Active plugins and CPT details (if used)\u003C\u002Fli>\n\u003Cli>Database connection and character set information\u003C\u002Fli>\n\u003Cli>WordPress debug mode status\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress directory permissions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of all main WordPress directory with path\u003C\u002Fli>\n\u003Cli>Recommended and current directory permissions\u003C\u002Fli>\n\u003Cli>Status indicator for wrong and right directory permissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Database information\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>All database tables and engine for each table\u003C\u002Fli>\n\u003Cli>Date when last updated\u003C\u002Fli>\n\u003Cli>Number of records in each table\u003C\u002Fli>\n\u003Cli>Table size\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>WordPress schedule actions\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of all WordPress cron jobs\u003C\u002Fli>\n\u003Cli>Event action and key\u003C\u002Fli>\n\u003Cli>Cron schedule status\u003C\u002Fli>\n\u003Cli>Cron interval\u003C\u002Fli>\n\u003Cli>Last execution time\u003C\u002Fli>\n\u003Cli>Cron arguments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>In case if you like to know more about this plugin or have any suggestions\u002Fcomments then please drop me a contact request from \u003Ca href=\"http:\u002F\u002Ffreelancer-coder.com\" rel=\"nofollow ugc\">http:\u002F\u002Ffreelancer-coder.com\u003C\u002Fa>.\u003C\u002Fp>\n","WP Tech Lookup plugin is to see all the necessary information about server at one place.",10,1598,"2024-03-08T12:49:00.000Z","6.4.8","4.7","7.4",[51,52,20,21,53],"mysql-information","php-information","wordpress-information","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-tech-lookup\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-tech-lookup.1.1.zip",{"slug":21,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":63,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":16,"tags":69,"homepage":73,"download_link":74,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"Server Monitor","0.2.1","vendocrat","https:\u002F\u002Fprofiles.wordpress.org\u002Fvendocrat\u002F","\u003Cp>Our Server Monitor plugin adds thre simple widgets to your WordPress Dashboard displaying general info about your server, PHP, your database and your WordPress installation.\u003C\u002Fp>\n\u003Cp>We’ve kept the plugin as simple as possible and therefore made no settings available. But, as not all of you may need all of the information made available via this handy plugin, we’ve splitted it into three widgets. And as you know, you can simply hide them from the Options tab in your WordPress dashboard! Just click “Options” on the top right corner of your browser window and untick the widgets you don’t need.\u003C\u002Fp>\n\u003Cp>Oh, and for the speed junkies (like us), all data will be stored and served via a transient. This way the plugin will have no impact on your dashboard loading time!\u003C\u002Fp>\n\u003Cp>Widget #1: \u003Cstrong>General\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Host Name\u003C\u002Fli>\n\u003Cli>Server IP\u003C\u002Fli>\n\u003Cli>Server Path\u003C\u002Fli>\n\u003Cli>Server Load\u003C\u002Fli>\n\u003Cli>Uptime\u003C\u002Fli>\n\u003Cli>Server Info (Software)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Widget #2: \u003Cstrong>PHP & Database\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>PHP Version\u003C\u002Fli>\n\u003Cli>PHP Post Max Size\u003C\u002Fli>\n\u003Cli>PHP Time Limit\u003C\u002Fli>\n\u003Cli>PHP Max Input Vars\u003C\u002Fli>\n\u003Cli>MySQL Version\u003C\u002Fli>\n\u003Cli>Database Size\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Widget #3: \u003Cstrong>System Status\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>WordPress Version\u003C\u002Fli>\n\u003Cli>Multisite?\u003C\u002Fli>\n\u003Cli>Active Plugins\u003C\u002Fli>\n\u003Cli>Memory Limit\u003C\u002Fli>\n\u003Cli>Max Upload Size\u003C\u002Fli>\n\u003Cli>Debug Mode\u003C\u002Fli>\n\u003Cli>Language\u003C\u002Fli>\n\u003Cli>Timezone\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contributions\u003C\u002Fh4>\n\u003Cp>Contributions are warmly welcome via \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvendocrat\u002FWordPress-Server-Monitor\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>Translations included:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>German\u003C\u002Fli>\n\u003Cli>Italian\u003C\u002Fli>\n\u003Cli>Greek (thanks to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fsamourkasidis\" rel=\"ugc\">Anestis Samourkasidis\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All our plugins are fully localized\u002Ftranslateable by default and include a .pot-file! Please contact us via \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fvendocrat\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa> or hit us on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvendocrat\u002FWordPress-Server-Monitor\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>, if you have a translation you want to contribute!\u003C\u002Fp>\n\u003Ch4>We’d love to hear from you!\u003C\u002Fh4>\n\u003Cp>Follow us on \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fvendocrat\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>, like us on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fvendocrat\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa>, circle us on \u003Ca href=\"https:\u002F\u002Fplus.google.com\u002F+vendocrat\" rel=\"nofollow ugc\">Google+\u003C\u002Fa> or fork us on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvendocrat\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>!\u003C\u002Fp>\n","Adds three simple widgets to your WordPress Dashboard displaying fundamental info about your server and installation.",100,6222,5,"2014-12-20T21:12:00.000Z","4.1.42","3.5",[70,71,72,21,22],"administration","monitoring","server","http:\u002F\u002Fvendocr.at\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-monitor.0.2.1.zip",{"slug":76,"name":77,"version":78,"author":79,"author_profile":80,"description":81,"short_description":82,"active_installs":63,"downloaded":83,"rating":84,"num_ratings":85,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":16,"tags":89,"homepage":93,"download_link":94,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"what-template-am-i-using","What Template Am I Using","0.2.0","webdeveric","https:\u002F\u002Fprofiles.wordpress.org\u002Fwebdeveric\u002F","\u003Cp>This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.\u003C\u002Fp>\n\u003Cp>The info is only displayed for users that have the edit_theme_options capability.\u003C\u002Fp>\n\u003Cp>Information displayed:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Current template\u003C\u002Fli>\n\u003Cli>General Information (post type, are you on the front page, etc.)\u003C\u002Fli>\n\u003Cli>Additional files used. For example, header.php or footer.php\u003C\u002Fli>\n\u003Cli>What sidebars are being used and what widgets are in them.\u003C\u002Fli>\n\u003Cli>List of enqueued scripts and styles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>This plugin is intended for use by theme developers and it requires a standards compliant browser. This plugin will not work in IE8 or below.\u003C\u002Fstrong>\u003C\u002Fp>\n","This plugin is intended for theme developers to use. It shows the current template being used to render the page, current post type, and much more.",9190,96,13,"2015-12-08T05:17:00.000Z","4.4.0","3.1.0",[90,20,91,92],"debug","template","theme-development","http:\u002F\u002Fphplug.in\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwhat-template-am-i-using.0.2.0.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":63,"num_ratings":105,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":16,"tags":109,"homepage":113,"download_link":114,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"go-newrelic","Gigaom New Relic","0.3","Casey Bisson","https:\u002F\u002Fprofiles.wordpress.org\u002Fmisterbisson\u002F","\u003Cp>Supports both \u003Ca href=\"http:\u002F\u002Fnewrelic.com\" rel=\"nofollow ugc\">New Relic\u003C\u002Fa> APM and Browser monitoring to give a clear picture of how your site performs both on the server and in the browser.\u003C\u002Fp>\n\u003Ch4>Application Performance Monitoring (APM)\u003C\u002Fh4>\n\u003Cp>Automatically detects if the \u003Ca href=\"https:\u002F\u002Fdocs.newrelic.com\u002Fdocs\u002Fagents\u002Fphp-agent\u002Fgetting-started\u002Fnew-relic-php\" rel=\"nofollow ugc\">APM extensions\u003C\u002Fa> are installed on the server. If so, the plugin will start reporting into the New Relic account associated with the \u003Ca href=\"https:\u002F\u002Fdocs.newrelic.com\u002Fdocs\u002Fagents\u002Fphp-agent\u002Fgetting-started\u002Fnew-relic-php#license_key\" rel=\"nofollow ugc\">license key used when installing the extension\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>There’s no UI, but the plugin automatically sets the app name and other configuration values ideally for each request. The app name is based on the blog’s name. User-facing and dashboard activity are reported as separate apps so you can set different QoS and alert settings for each. Even  cron and admin-ajax activity are separated out for individual tracking.\u003C\u002Fp>\n\u003Cp>Each blog in a multi-site installation is tracked separately, using the name of the blog as the app name.\u003C\u002Fp>\n\u003Ch4>Browser monitoring (RUM)\u003C\u002Fh4>\n\u003Cp>Real user monitoring (browser monitoring) is automatically enabled if the APM extension is active, but in situations where the APM extension can’t be used, the plugin can still be used to track browser performance.\u003C\u002Fp>\n\u003Cp>This mode requires some configuration:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Get \u003Ca href=\"https:\u002F\u002Fdocs.newrelic.com\u002Fdocs\u002Fbrowser\u002Fnew-relic-browser\u002Finstallation-configuration\u002Fadding-apps-new-relic-browser#copy-paste-app\" rel=\"nofollow ugc\">the tracking JavaScript from New Relic\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Go to your WordPress dashboard -> Settings -> New Relic Settings and paste in the JavaScript\u003C\u002Fli>\n\u003Cli>Go to the New Relic dashboard to see your site reporting performance data!\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The plugin extracts the configuration details from the JS and inserts them with a clean copy of the JS on each page (this cannot be used to inject arbitrary JS into the page).\u003C\u002Fp>\n\u003Cp>Due to limitations of the Browser monitoring service\u002FAPI, Browser-only monitoring does not include all the data or separate reporting of activity in separate apps as APM does.\u003C\u002Fp>\n\u003Ch4>In the WordPress.org plugin repo\u003C\u002Fh4>\n\u003Cp>Here: https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgo-newrelic\u002F\u003C\u002Fp>\n\u003Ch4>Fork me!\u003C\u002Fh4>\n\u003Cp>This plugin is on Github: https:\u002F\u002Fgithub.com\u002FgigaOM\u002Fgo-newrelic\u003C\u002Fp>\n","Configures New Relic to better track performance, errors, and uptime of WordPress sites, including multisite",50,12171,4,"2014-11-04T14:34:00.000Z","4.0.38","3.5.1",[71,110,111,22,112],"newrelic","performance-monitoring","telemetry","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fgo-newrelic\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgo-newrelic.zip",{"slug":116,"name":117,"version":118,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":11,"downloaded":123,"rating":13,"num_ratings":13,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":16,"tags":127,"homepage":131,"download_link":132,"security_score":63,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27},"wpheka-web-server-information","Web Server Information","1.7","akshayaswaroop","https:\u002F\u002Fprofiles.wordpress.org\u002Fakshayaswaroop\u002F","\u003Cp>\u003Cstrong>Web Server Information\u003C\u002Fstrong> plugin allows you to check full information about the web server PHP\u002FMysql configurations including libraries, system type and OS version.\u003C\u002Fp>\n\u003Ch4>Features List:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display \u003Cstrong>server OS\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Display \u003Cstrong>server software\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Display \u003Cstrong>server IP address\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Display \u003Cstrong>server port\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Display \u003Cstrong>server location\u003C\u002Fstrong> detected by ip address using \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Fapi:serialized_php\" rel=\"nofollow ugc\">IP-API.com\u003C\u002Fa> .See \u003Ca href=\"https:\u002F\u002Fip-api.com\u002Fdocs\u002Flegal\" rel=\"nofollow ugc\">Terms and Policies\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Display \u003Cstrong>server hostname\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Display \u003Cstrong>server document root\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Detailed information about the \u003Cstrong>PHP version\u003C\u002Fstrong> you are using and \u003Cstrong>installed modules\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Detailed information about your \u003Cstrong>Database\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>Display \u003Cstrong>PHP, Mysql, Web server, WordPress version\u003C\u002Fstrong> info in admin footer.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If you enjoyed this plugin then please put a review, that will encourage me to bring some more …\u003C\u002Fp>\n","Web Server Information plugin will give you detailed information about your hosting server's configuration and installed modules.",4731,"2026-02-12T18:26:00.000Z","6.9.4","4.8",[128,129,20,130],"php","php-info","server-stats","https:\u002F\u002Fwww.wpheka.com\u002Fproduct\u002Fphp-information\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwpheka-web-server-information.1.7.zip",{"attackSurface":134,"codeSignals":154,"taintFlows":283,"riskAssessment":284,"analyzedAt":296},{"hooks":135,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":13,"unprotectedCount":13},[136,142,146],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","load-index.php","init","init.php",57,{"type":137,"name":143,"callback":144,"file":140,"line":145},"wp_dashboard_setup","dashboard_widgets",58,{"type":137,"name":147,"callback":148,"file":140,"line":149},"admin_enqueue_scripts","load_styles_scripts",59,[],[],[],[],{"dangerousFunctions":155,"sqlUsage":170,"outputEscaping":172,"fileOperations":31,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":282},[156,160,164,167],{"fn":157,"file":140,"line":158,"context":159},"exec",119,"$this->uptime = function_exists( 'exec' ) ? @exec( 'uptime -p' ) : __( 'N\u002FA (make sure exec function",{"fn":161,"file":140,"line":162,"context":163},"unserialize",131,"$this->server_location = function_exists( 'file_get_contents' ) && isset( $this->server_ip ) ? unser",{"fn":157,"file":140,"line":165,"context":166},173,"$this->processes = function_exists( 'exec' ) ? @exec( 'ps aux | wc -l' ) : __( 'N\u002FA (make sure exec ",{"fn":157,"file":140,"line":168,"context":169},182,"$this->windows_cpu_usage = function_exists( 'exec' ) ? @exec( 'wmic cpu get loadpercentage \u002Fall' ) :",{"prepared":13,"raw":13,"locations":171},[],{"escaped":13,"rawEcho":173,"locations":174},53,[175,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278,280],{"file":140,"line":176,"context":177},206,"raw output",{"file":140,"line":179,"context":177},208,{"file":140,"line":181,"context":177},210,{"file":140,"line":183,"context":177},212,{"file":140,"line":185,"context":177},217,{"file":140,"line":187,"context":177},218,{"file":140,"line":189,"context":177},222,{"file":140,"line":191,"context":177},223,{"file":140,"line":193,"context":177},227,{"file":140,"line":195,"context":177},228,{"file":140,"line":197,"context":177},232,{"file":140,"line":199,"context":177},233,{"file":140,"line":201,"context":177},237,{"file":140,"line":203,"context":177},238,{"file":140,"line":205,"context":177},242,{"file":140,"line":207,"context":177},245,{"file":140,"line":209,"context":177},247,{"file":140,"line":211,"context":177},252,{"file":140,"line":213,"context":177},253,{"file":140,"line":215,"context":177},257,{"file":140,"line":217,"context":177},258,{"file":140,"line":219,"context":177},262,{"file":140,"line":221,"context":177},263,{"file":140,"line":223,"context":177},266,{"file":140,"line":225,"context":177},267,{"file":140,"line":227,"context":177},277,{"file":140,"line":229,"context":177},278,{"file":140,"line":231,"context":177},282,{"file":140,"line":233,"context":177},284,{"file":140,"line":235,"context":177},288,{"file":140,"line":237,"context":177},290,{"file":140,"line":239,"context":177},294,{"file":140,"line":241,"context":177},295,{"file":140,"line":243,"context":177},299,{"file":140,"line":245,"context":177},301,{"file":140,"line":247,"context":177},305,{"file":140,"line":249,"context":177},307,{"file":140,"line":251,"context":177},311,{"file":140,"line":253,"context":177},313,{"file":140,"line":255,"context":177},317,{"file":140,"line":257,"context":177},319,{"file":140,"line":259,"context":177},329,{"file":140,"line":261,"context":177},330,{"file":140,"line":263,"context":177},334,{"file":140,"line":265,"context":177},335,{"file":140,"line":267,"context":177},339,{"file":140,"line":269,"context":177},340,{"file":140,"line":271,"context":177},344,{"file":140,"line":273,"context":177},345,{"file":140,"line":275,"context":177},349,{"file":140,"line":277,"context":177},350,{"file":140,"line":279,"context":177},354,{"file":140,"line":281,"context":177},355,[],[],{"summary":285,"deductions":286},"The server-info-wp v2.1 plugin presents a mixed security posture.  On the positive side, it has a remarkably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events.  Furthermore, all SQL queries use prepared statements, and there are no recorded vulnerabilities (CVEs) in its history, suggesting a history of reasonably secure development.  However, significant concerns arise from the static code analysis.  The presence of dangerous functions like 'exec' and 'unserialize' is a major red flag, especially when coupled with a complete lack of nonce checks and capability checks on any entry points (though none were identified).  The most critical weakness is the complete absence of output escaping, meaning any data processed or displayed by the plugin could be vulnerable to cross-site scripting (XSS) attacks. The taint analysis shows no flows, which is positive, but the lack of proper sanitization and escaping on outputs remains a significant risk.\n\nIn conclusion, while the plugin's attack surface is minimal and its vulnerability history is clean, the static code analysis reveals several deeply concerning practices. The use of 'exec' and 'unserialize' without clear sanitization or authorization mechanisms, combined with a 0% rate of output escaping, creates a substantial risk of arbitrary code execution and XSS vulnerabilities.  The absence of any form of input validation or authorization checks on the code, even with a small attack surface, is a notable weakness.  Despite the lack of known CVEs, the identified code signals warrant immediate attention and remediation to improve the plugin's overall security.",[287,290,292,294],{"reason":288,"points":289},"Dangerous functions (exec, unserialize) present",15,{"reason":291,"points":289},"0% output escaping",{"reason":293,"points":65},"0 Nonce checks",{"reason":295,"points":65},"0 Capability checks","2026-03-16T22:25:37.692Z",{"wat":298,"direct":307},{"assetPaths":299,"generatorPatterns":302,"scriptPaths":303,"versionParams":304},[300,301],"\u002Fwp-content\u002Fplugins\u002Fserver-info-wp\u002Fstylesheets\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Fserver-info-wp\u002Fjs\u002Fmain.js",[],[301],[305,306],"server-info-wp\u002Fstylesheets\u002Fmain.css?ver=","server-info-wp\u002Fjs\u002Fmain.js?ver=",{"cssClasses":308,"htmlComments":309,"htmlAttributes":310,"restEndpoints":311,"jsGlobals":312,"shortcodeOutput":313},[],[],[],[],[],[314,315,316],"Server Info WP: General","Server Info WP: PHP","Server Info WP: WordPress"]