[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fMqlbm4JhBWGfPho_mxOxJNt1Zpwy6WNtI9Nxmyho734":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":141,"fingerprints":281},"sf-author-url-control","SF Author Url Control","1.2","Grégory Viguier","https:\u002F\u002Fprofiles.wordpress.org\u002Fgreglone\u002F","\u003Cp>With this plugin, administrators can change the default author base in the registered users profile url, and the author slug of each user.\u003Cbr \u002F>\nChanging an author slug is a good thing for security (if your login is “This Is Me”, your slug will be “this-is-me”, a bit easy to guess).\u003Cbr \u002F>\nThe plugin adds 2 fields for this purpose, one in permalinks settings, the other in a user profile.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Default: \u003Cem>example.com\u002Fauthor_base\u002Fauthor_nicename\u002F\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Customized: \u003Cem>example.com\u002Fjedi\u002Fobiwan\u002F\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How to edit the slugs\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Go to \u003Cem>Settings\u003C\u002Fem> > \u003Cem>Permalinks\u003C\u002Fem> to edit the author base: “author” => “jedi”\u003C\u002Fli>\n\u003Cli>Go to \u003Cem>Users\u003C\u002Fem> > \u003Cem>“Any user profile”\u003C\u002Fem> to edit the user slug: “agent-smith” => “obiwan”\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English\u003C\u002Fli>\n\u003Cli>French\u003C\u002Fli>\n\u003Cli>German by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Fcarny88\" rel=\"ugc\">Carny88\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Spanish by \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fprofile\u002Foliverbar\" rel=\"ugc\">Oliver\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Multisite\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>The plugin is ready for Multisite.\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows administrators or capable users to change the users profile url.",1000,21067,100,11,"2016-04-03T20:36:00.000Z","4.5.33","3.0","",[20,21,22,23,24],"author","custom","customize","permalink","slug","https:\u002F\u002Fwww.screenfeed.fr\u002Fauturl\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsf-author-url-control.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"greglone",5,7410,30,84,"2026-04-04T08:55:21.636Z",[40,63,82,102,120],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":13,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":17,"requires_php":53,"tags":54,"homepage":58,"download_link":59,"security_score":60,"vuln_count":61,"unpatched_count":28,"last_vuln_date":62,"fetched_at":30},"remove-cpt-base","Remove CPT base","6.7","kubiq","https:\u002F\u002Fprofiles.wordpress.org\u002Fkubiq\u002F","\u003Cp>Remove custom post type base slug from url\u003C\u002Fp>\n\u003Cul>\n\u003Cli>possibility to select specific custom post type(s)\u003C\u002Fli>\n\u003Cli>auto redirect old slugs to no-base slugs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Yoast SEO specifics\u003C\u002Fh3>\n\u003Cp>If you’re using Yoast SEO plugin, after you change something in the Remove CPT base plugin, you should deactivate Yoast SEO and activate it back again to refresh its yoast_indexable database table, so it will generate correct og:url, canonical url and JSON-LD urls.\u003C\u002Fp>\n","Remove custom post type base slug from url",10000,96204,33,"2025-12-01T22:03:00.000Z","6.9.4","5.6",[55,56,23,57,24],"base","custom-post-type","remove","https:\u002F\u002Fwww.paypal.me\u002Fjakubnovaksl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-cpt-base.6.7.zip",99,1,"2022-05-06 13:29:00",{"slug":64,"name":65,"version":66,"author":67,"author_profile":68,"description":69,"short_description":70,"active_installs":13,"downloaded":71,"rating":13,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":18,"download_link":81,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"custom-permalinks-for-custom-post-types","Custom Permalinks for Custom Post Types","1.0.1","Aluka","https:\u002F\u002Fprofiles.wordpress.org\u002Fcx4djv\u002F","\u003Cp>Custom Permalinks for Custom Post Types is a plugin for WordPress which allow you change the permalink structure of Custom Post Types.\u003C\u002Fp>\n\u003Cp>It supports the following features:\u003Cbr \u002F>\n* Remove base slug of all public Custom Post Types\u003Cbr \u002F>\n* Supports multiple taxonomies for permalink\u003Cbr \u002F>\n* Supports hierarchical taxonomies for permalink\u003Cbr \u002F>\n* Allows to select primary term for permalink\u003Cbr \u002F>\n* Allows to exclude Custom Post Types from being affected by this plugin\u003C\u002Fp>\n\u003Ch3>Compatibility\u003C\u002Fh3>\n\u003Cp>This plugin is compatible with: WooCommerce, Polylang, WPML\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>This plugin doesn’t collect\u002Fstore any user related information.\u003C\u002Fp>\n","Remove base slug of Custom Post Types and change the permalink structure of Custom Post Types.",5100,3,"2020-04-13T09:38:00.000Z","5.4.19","4.5.0","5.3",[78,56,23,79,80],"custom-permalinks","primary-term","remove-slug","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcustom-permalinks-for-custom-post-types.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":13,"num_ratings":61,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":95,"tags":96,"homepage":100,"download_link":101,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simply-change-author-url","Simply Change Author URL","1.1.2","Devi","https:\u002F\u002Fprofiles.wordpress.org\u002Fdev_vahid\u002F","\u003Cp>The plugin Changes wordpress user slug for security reasons, it prevents access to the usernames of registered users on your site.\u003C\u002Fp>\n\u003Cp>By using “Simply Change Author URL” The WordPress default users(authors) Slug and URL addresses will be changed automatically.\u003C\u002Fp>\n\u003Cp>By Default Author URL is: \u003Ccode>example.com\u002Fauthor\u002F[username]\u002F\u003C\u002Fcode>\u003Cbr \u002F>\nafter install this plugin URLs will be changed to: \u003Ccode>example.com\u002Fuser\u002F[user_id]\u002F\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>This will protects the usernames from being easily accessible by cyber attackers.\u003C\u002Fp>\n\u003Cp>This plugin also:\u003Cbr \u002F>\n1. Removes wordpress api user endpoints. (they contain information about users)\u003Cbr \u002F>\n1. Changes canonical links generated by yoast.\u003C\u002Fp>\n","Changes wordpress user slug for security, it prevents access to the usernames of registered users on your site.",40,1740,"2022-07-25T09:41:00.000Z","6.0.11","4.0.1","5.6.20",[20,97,98,23,99],"author-base","author-slug","security","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimply-change-author-url\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimply-change-author-url.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":36,"downloaded":110,"rating":28,"num_ratings":28,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":18,"download_link":118,"security_score":119,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"slug-translater","SLUG TRANSLATER","1.2.2","Isamu Takeda","https:\u002F\u002Fprofiles.wordpress.org\u002Fitmaroon\u002F","\u003Cul>\n\u003Cli>At the moment, it has a function to translate Japanese into English and replace the sanitized one.\u003C\u002Fli>\n\u003Cli>The default setting is to replace it when the post is saved.\u003C\u002Fli>\n\u003Cli>If you want to replace saved posts, you can set it on the setting screen.\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Categories, terms, and tags can also be replaced.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>English translation function\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This plugin uses the API of “Minna no Jido Honyaku”.\u003C\u002Fli>\n\u003Cli>Please register as a user of \u003Ca href=\"https:\u002F\u002Fmt-auto-minhon-mlt.ucri.jgn-x.jp\u002F\" rel=\"nofollow ugc\">Minna no Jido Honyaku\u003C\u002Fa> in advance and obtain the authentication information.\u003C\u002Fli>\n\u003Cli>You can register the authentication information from the setting screen.\u003C\u002Fli>\n\u003Cli>This plugin uses the API of “Google Cloud Translation API”.\u003C\u002Fli>\n\u003Cli>Get the project ID and API key obtained by creating a project and enabling the Cloud Translation API from the \u003Ca href=\"https:\u002F\u002Fconsole.cloud.google.com\u002Fhome\u002Fdashboard\" rel=\"nofollow ugc\">Google Cloud Platform dashboard\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>You can register the authentication information from the setting screen.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Related Links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fitmaroon\u002Fslug_translater\" rel=\"nofollow ugc\">Github\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section 1\u003C\u002Fh3>\n","Translate the slug generated in Japanese into English and replace it with an appropriate format.",1260,"2025-01-25T06:22:00.000Z","6.7.5","6.3","8.2.10",[21,23,116,24,117],"post","translate","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fslug-translater.1.2.2.zip",92,{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":28,"num_ratings":28,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":18,"tags":133,"homepage":139,"download_link":140,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"all-in-one-demo-importexport","All in one demo Export\u002FImport","0.1","Sanyogg Shelar","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodexdemon\u002F","\u003Ch4>Customizer Export\u002FImport\u003C\u002Fh4>\n\u003Cp>The All in one demo Import\u002FExport plugin allows you to export or import your WordPress customizer settings, Posts, pages, other custom post types, Comments\u003Cbr \u002F>\nCustom fields, post meta, Categories, tags and terms from custom taxonomies and Authors from directly within the customizer interface! If your theme makes use of the WordPress customizer for its settings, this plugin is for you!\u003C\u002Fp>\n\u003Cp>Please visit my website for more info on the \u003Ca href=\"https:\u002F\u002Fwww.sanyog.in\u002Fwordpess-plugin\u002Fall-in-one-demo-import-export\" rel=\"nofollow ugc\">All in one demo Export\u002FImport plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cp>Exporting customizer settings is easy. Click the export button from within the customizer and a file will automatically begin downloading with your settings. Export files are named after your theme and can only be used to import settings for the theme or child theme that they came from. Export files contain a serialized dump of mods retrieved using the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fget_theme_mods\" rel=\"nofollow ugc\">get_theme_mods\u003C\u002Fa> function or customizer settings saved as options.\u003C\u002Fp>\n\u003Cp>Importing customizer settings is just as easy. Choose the export file you would like to import, select whether you would like to download and import images (similar to importing posts), and finally, click the import button. Once your settings have been imported the page will refresh and your new design will be displayed.\u003C\u002Fp>\n\u003Ch3>Contribute!\u003C\u002Fh3>\n\u003Cp>We’d love to hear your feedback as to how we could improve the All in one demo Customizer Export\u002FImport plugin, or better yet, see theme developers actively contribute! Don’t hesitate to let us know if you’re interested in contributing as we would gladly have others on board.\u003C\u002Fp>\n","Easily export or import your WordPress customizer settings!",20,2373,"2017-12-26T11:02:00.000Z","4.9.29","3.6",[134,135,136,137,138],"authors","custom-taxonomies","customizer","pages-and-other-custom-post-types","posts","https:\u002F\u002Fwww.sanyog.in\u002Fwordpess-plugin\u002Fall-in-one-demo-import-export","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fall-in-one-demo-importexport.zip",{"attackSurface":142,"codeSignals":204,"taintFlows":224,"riskAssessment":273,"analyzedAt":280},{"hooks":143,"ajaxHandlers":200,"restRoutes":201,"shortcodes":202,"cronEvents":203,"entryPointCount":28,"unprotectedCount":28},[144,150,154,159,164,168,172,175,179,182,186,189,193,196],{"type":145,"name":146,"callback":147,"file":148,"line":149},"action","init","sf_auc_lang_init","inc\\admin.php",49,{"type":145,"name":151,"callback":152,"file":148,"line":153},"admin_notices","sf_auc_activation_message",73,{"type":155,"name":156,"callback":157,"file":148,"line":158},"filter","manage_users_columns","sf_auc_manage_users_columns",103,{"type":155,"name":160,"callback":161,"priority":162,"file":148,"line":163},"manage_users_custom_column","sf_auc_manage_users_custom_column",10,113,{"type":145,"name":165,"callback":166,"file":148,"line":167},"admin_print_scripts-users.php","sf_auc_manage_users_column_css",138,{"type":145,"name":169,"callback":170,"file":148,"line":171},"load-options-permalink.php","sf_auc_register_setting",151,{"type":145,"name":169,"callback":173,"file":148,"line":174},"sf_auc_save_author_base",196,{"type":145,"name":176,"callback":177,"file":148,"line":178},"show_user_profile","sf_auc_edit_user_options",292,{"type":145,"name":180,"callback":177,"file":148,"line":181},"edit_user_profile",293,{"type":145,"name":183,"callback":184,"file":148,"line":185},"personal_options_update","sf_auc_save_user_options",329,{"type":145,"name":187,"callback":184,"file":148,"line":188},"edit_user_profile_update",330,{"type":145,"name":190,"callback":191,"priority":162,"file":148,"line":192},"user_profile_update_errors","sf_auc_user_profile_slug_generic_error",359,{"type":145,"name":190,"callback":194,"priority":162,"file":148,"line":195},"sf_auc_user_profile_slug_error",362,{"type":145,"name":146,"callback":197,"file":198,"line":199},"sf_auc_author_base","sf-author-url-control.php",42,[],[],[],[],{"dangerousFunctions":205,"sqlUsage":206,"outputEscaping":208,"fileOperations":28,"externalRequests":28,"nonceChecks":222,"capabilityChecks":72,"bundledLibraries":223},[],{"prepared":28,"raw":28,"locations":207},[],{"escaped":209,"rawEcho":34,"locations":210},16,[211,214,216,218,220],{"file":148,"line":212,"context":213},173,"raw output",{"file":148,"line":215,"context":213},315,{"file":148,"line":217,"context":213},317,{"file":148,"line":219,"context":213},319,{"file":148,"line":221,"context":213},320,2,[],[225,249],{"entryPoint":226,"graph":227,"unsanitizedCount":61,"severity":248},"sf_auc_save_author_base (inc\\admin.php:198)",{"nodes":228,"edges":244},[229,234,238],{"id":230,"type":231,"label":232,"file":148,"line":233},"n0","source","$_POST",282,{"id":235,"type":236,"label":237,"file":148,"line":233},"n1","transform","→ sf_auc_set_author_base()",{"id":239,"type":240,"label":241,"file":148,"line":242,"wp_function":243},"n2","sink","update_option() [Settings Manipulation]",393,"update_option",[245,247],{"from":230,"to":235,"sanitized":246},false,{"from":235,"to":239,"sanitized":246},"low",{"entryPoint":250,"graph":251,"unsanitizedCount":61,"severity":248},"\u003Cadmin> (inc\\admin.php:0)",{"nodes":252,"edges":267},[253,255,258,259,261,263,265],{"id":230,"type":231,"label":232,"file":148,"line":254},207,{"id":235,"type":240,"label":256,"file":148,"line":217,"wp_function":257},"echo() [XSS]","echo",{"id":239,"type":231,"label":232,"file":148,"line":254},{"id":260,"type":240,"label":241,"file":148,"line":242,"wp_function":243},"n3",{"id":262,"type":231,"label":232,"file":148,"line":233},"n4",{"id":264,"type":236,"label":237,"file":148,"line":233},"n5",{"id":266,"type":240,"label":241,"file":148,"line":242,"wp_function":243},"n6",[268,270,271,272],{"from":230,"to":235,"sanitized":269},true,{"from":239,"to":260,"sanitized":269},{"from":262,"to":264,"sanitized":246},{"from":264,"to":266,"sanitized":246},{"summary":274,"deductions":275},"The \"sf-author-url-control\" plugin v1.2 demonstrates a strong security posture based on the provided static analysis.  The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with exposed attack surfaces significantly limits potential entry points for attackers.  The code analysis also shows good practices with 100% of SQL queries using prepared statements and a reasonable rate of output escaping (76%).  Furthermore, the presence of nonce and capability checks, even with a relatively small number of flows analyzed, indicates a conscious effort to implement basic security measures.  The plugin's vulnerability history is entirely clean, with no recorded CVEs, which is a significant positive indicator of its security over time.\n\nWhile the overall picture is positive, the taint analysis does reveal two flows with unsanitized paths. Although these did not escalate to critical or high severity in this specific analysis, unsanitized paths can still lead to issues if they interact with other parts of the application or if the context of their use is not fully understood.  The 76% output escaping, while good, implies that 24% of outputs are not properly escaped, which could potentially lead to cross-site scripting (XSS) vulnerabilities in specific scenarios.  These are minor concerns in the context of the plugin's overall security, but they represent areas where further scrutiny might be beneficial.\n\nIn conclusion, \"sf-author-url-control\" v1.2 appears to be a securely developed plugin with no known vulnerabilities and good security practices implemented. The limited attack surface, secure SQL handling, and history of no CVEs are significant strengths. The minor concerns regarding unsanitized paths and a small percentage of unescaped outputs do not detract significantly from its generally strong security profile.",[276,278],{"reason":277,"points":34},"Flows with unsanitized paths",{"reason":279,"points":72},"Unescaped output percentage (24%)","2026-03-16T18:49:23.987Z",{"wat":282,"direct":291},{"assetPaths":283,"generatorPatterns":286,"scriptPaths":287,"versionParams":288},[284,285],"\u002Fwp-content\u002Fplugins\u002Fsf-author-url-control\u002Finc\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fsf-author-url-control\u002Fcss\u002Fadmin.css",[],[284],[289,290],"sf-author-url-control\u002Finc\u002Fadmin.js?ver=","sf-author-url-control\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":292,"htmlComments":293,"htmlAttributes":294,"restEndpoints":295,"jsGlobals":296,"shortcodeOutput":297},[],[],[],[],[],[]]