[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPKpsUZUEZDNWrsQra2k6YQBNvzJ62VW_n6mmIKoArIo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":24,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":36,"analysis":143,"fingerprints":287},"shieldfy","Shieldfy Security Firewall and Anti Virus","3.6.0","Shieldfy","https:\u002F\u002Fprofiles.wordpress.org\u002Feslamsalem\u002F","\u003Ch4>Start Protecting Your Website Block attacks targeting your website.\u003C\u002Fh4>\n\u003Cp>Shieldfy works as an external shields loads before your website and filter all requests , passing only trusted non harmful traffic and block other malicious traffic\u003C\u002Fp>\n\u003Cp>Shieldfy Engine can identify and block several attacks including and not limited to\u003Cbr \u002F>\nUnrestricted file uploads , XSS (cross site scripting) , SQLI (SQL Injection) , RCE (Remote Code Execution), LFI\u002FRFI (Local\u002FRemote File Inclution) and many other\u003C\u002Fp>\n\u003Ch4>IP Analysis and Risk Score.\u003C\u002Fh4>\n\u003Cp>Shieldfy identify the persona of your blog visitors via IP , UserAgent , if user connectos through TOR , VPN , Proxy and more Trying to detect if that user wants to do something bad or not.\u003C\u002Fp>\n\u003Ch4>Fast High level support\u003C\u002Fh4>\n\u003Cp>Shieldfy security team is always here for help , our support is here for you anytime 24\u002F7.\u003C\u002Fp>\n","Shieldfy is a cloud-based security shield for your website to protect it from web attacks and malwares.",40,7982,100,3,"","4.9.29","3.0.1",[19,20,21,22,23],"antimalware","antivirus","security","sql-injection","xss","https:\u002F\u002Fshieldfy.io\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshieldfy.3.6.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"eslamsalem",1,30,94,"2026-04-03T19:57:47.593Z",[37,58,82,102,123],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":26,"num_ratings":26,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":56,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":57},"cybershield-waf","Cybershield Firewall","0.1.6","SECURAS TECHNOLOGIES","https:\u002F\u002Fprofiles.wordpress.org\u002Fsecuras\u002F","\u003Cp>Experience effective web security with CyberShield, the advanced Web Application Firewall (WAF) from Securas Technologies, designed to actively protect your digital assets from emerging threats and cyberattacks.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Comprehensive Dashboard\u003C\u002Fstrong>: Easily navigate through the firewall features. CyberShield gathers all the data from your security features on one dashboard, enabling a quick check on your website’s security posture.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Statistics\u003C\u002Fstrong>: Measure and improve your cybersecurity performance with comprehensive statistics.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>PHP Configuration Audit\u003C\u002Fstrong>: Enhances your PHP settings including error reporting, file permissions, session management, and encryption to prevent common vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>At-risk Visitor Identification\u003C\u002Fstrong>: Prevent cyberattacks with our advanced detection and prevention system that identifies at-risk visitors.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SQL Injection Protection\u003C\u002Fstrong>: Our AI-powered detection scans and sanitizes every query that reaches your database to prevent SQL injection attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bot Detection\u003C\u002Fstrong>: Conserve bandwidth and resources by filtering out harmful or irrelevant bots, including scrapers, spammers, and crawlers.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Auto-Ban\u003C\u002Fstrong>: Automatically ban IPs that exhibit suspicious activity, helping to keep your website secure with minimal downtime.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Exposed Services Monitoring\u003C\u002Fstrong>: Identify and report any network services that are publicly accessible and may be vulnerable to exploitation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Leaked Data Monitoring\u003C\u002Fstrong>: Continuously scan various sources to detect if your credentials have been compromised, ensuring rapid response to secure your accounts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>More Features\u003C\u002Fstrong>: Explore additional capabilities on our \u003Ca href=\"https:\u002F\u002Fsecuras.fr\u002Fcybershield-security\u002F\" rel=\"nofollow ugc\">CyberShield Official Page\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>IP Geolocation\u003C\u002Fstrong>: Identify the location of your visitors and block or allow access based on their location using https:\u002F\u002Fipinfo.io\u002F.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>[0.1.6] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.5] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.4] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.3] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.2] – 2024-10-25\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.1] – 2023-08-27\u003C\u002Fh3>\n\u003Ch3>Minor Bug Fix\u003C\u002Fh3>\n\u003Ch3>[0.1.0] – 2023-08-27\u003C\u002Fh3>\n\u003Ch3>Added\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Service Check Module: Enhances monitoring and diagnostics.\u003C\u002Fli>\n\u003Cli>AI Threat Detection Module: Specializes in detecting SQL injection attacks.\u003C\u002Fli>\n\u003Cli>Support Ticketing System: Streamlined helpdesk for better user assistance.\u003C\u002Fli>\n\u003Cli>Multi-Language Support: Now available in French, English, and Arabic.\u003C\u002Fli>\n\u003Cli>Client PHPinfo Fetching Function: Gathers configuration information for support purposes.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Thrid Party Libraries\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002F\" rel=\"nofollow ugc\">IPInfo\u003C\u002Fa>: We use Ipinfo for IP geolocation services. By using this plugin, you agree to the following terms and conditions:\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fprivacy-policy\" rel=\"nofollow ugc\">IpInfo’s privacy policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fipinfo.io\u002Fterms\" rel=\"nofollow ugc\">IpInfo’s terms of service\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Got more questions? \u003Ca href=\"mailto:contact@securas.fr\" title=\"Securas Contact\" rel=\"nofollow ugc\">Contact us!\u003C\u002Fa>\u003C\u002Fp>\n","CyberShield, Your First Line of Defense Against Web Attacks.",10,979,"2024-10-27T15:54:00.000Z","6.6.5","5.4","7.2",[21,22,52,53,23],"waf","web-application-firewall","https:\u002F\u002Fcyber-shield.fr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcybershield-waf.0.1.6.zip",92,"2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":73,"tags":74,"homepage":78,"download_link":79,"security_score":80,"vuln_count":14,"unpatched_count":26,"last_vuln_date":81,"fetched_at":57},"wp-malware-removal","Malcure Malware Shield — Removal, Repair, Monitor","19.8","Malcure Web Security","https:\u002F\u002Fprofiles.wordpress.org\u002Fmalcure\u002F","\u003Cp>Is your website acting strangely? Seeing ‘Deceptive Site Ahead’ warnings, Japanese spam, SEO spam, or random redirects? Time to fix and monitor your site with \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Malcure Malware Shield: The Powerful Antivirus\u003C\u002Fh3>\n\u003Cp>Just as your computer requires antivirus, your website demands specialized \u003Cstrong>antivirus-grade protection\u003C\u002Fstrong>. Malcure Malware Shield delivers comprehensive, \u003Cstrong>antivirus-style\u003C\u002Fstrong> detection with advanced signatures to identify viruses, trojans, backdoors, adware, and ransomware. Unlike basic security plugins, it operates with the precision of an antivirus engine, scanning every layer of your site—from core files to the database—to ensure your website remains virus-free and secure.\u003C\u002Fp>\n\u003Ch3>Malware Removal, Hack Repair & SEO Spam Cleanup\u003C\u002Fh3>\n\u003Cp>Malware attacks are evolving. Standard scanners often miss hidden backdoors and database infections. If your current security plugin says “All Clear” but your site is still broken, you need \u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Malcure Malware Shield\u003C\u002Fstrong> is the intelligent, lightweight security solution. We believe security should be simple on the surface but deep under the hood. No complex settings. No bloat. Just activate and scan.\u003C\u002Fp>\n\u003Cp>Lightweight, API-driven scanning runs only on demand or on scheduled scans — no persistent background processes.\u003C\u002Fp>\n\u003Cp>Unlike scanners that delay new malware definitions for days, Malcure delivers real-time threat intelligence to every user so you’re protected against the latest threats as soon as they emerge.\u003C\u002Fp>\n\u003Ch3>What Our Users Say\u003C\u002Fh3>\n\u003Cp>Quotes are verbatim from WordPress.org support reviews, except for bracketed edits (for example, competitor names removed).\u003C\u002Fp>\n\u003Ch4>Best by far, better than [competitor name removed] and other giants\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“You can see it is a bunch of geeks that created this, with skill and visual creativity at that. I spent hours trying to find a plugin like this. So many options and such bad results until now. Great job guys. You deserve it. Simple and effective. (Disclaimer to other potential readers: there are many types of hacks\u002Fmalware out there, every scenario is different, but start with the Malcure scan and see how it goes. 9\u002F10 you won’t be disappointed, my guess)” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-by-far-better-than-wordfence-and-other-giants\u002F\" rel=\"ugc\">@dalingzaf\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>The ONLY plugin that scans files…\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“I am a web developer and have tried many malware removal plugins, including popular ones [competitor names removed]. However, none of them detected some unusual files that were actually malware causing regular attacks. Some of these files were in JPG format.” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fthe-only-plugin-that-scans-files-in-real-time-2\u002F\" rel=\"ugc\">@devzeeshanx\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Best Malware Removal Plugin in just few minutes\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“Most security plugins that are free only scan the code, but Malcure Malware Removal Plugin scans the wordpress database and the code files in few minutes. Accurately shows which Database table row is infected and it helps resolve the hacking attempt instantly. Saves a lot of time for the developers. Thank You Team Malcure” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fbest-malware-removal-plugin-in-just-few-minutes\u002F\" rel=\"ugc\">@s3630\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>It’s not just a “teaser”\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“This plugin really found the malware, and removed it. Really for free. Thanks guys, I’m going to donate now!” — \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fits-not-just-a-teaser\u002F\" rel=\"ugc\">@halucska\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Malware Removal & Hack Repair\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Checksum Verification:\u003C\u002Fstrong> We verify core, plugin, and theme file integrity against the official repository checksums served by our SaaS API endpoint.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Deep Scan:\u003C\u002Fstrong> If checksums fail, Malcure runs a full scan against malware detection signatures detecting estimated 50,000+ variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Inspect & Repair:\u003C\u002Fstrong> Inspect infected database records and files. Assists in cleaning compromised files and database entries.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Specialist:\u003C\u002Fstrong> Detects and removes the notorious “Japanese Keyword Hack” and pharma spam from your files and database, helping restore your Google rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Virus Scanner & Threat Detection\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Database Scan:\u003C\u002Fstrong> Scans database tables for malicious injections and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors and obfuscated code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Detection:\u003C\u002Fstrong> Checks your core, plugins, and themes for known security flaws.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DeepScan™ Technology:\u003C\u002Fstrong> Scans backups, archives, images, and hidden files where malware hides.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Ultra-High Precision:\u003C\u002Fstrong> Uses intelligent checksum verification (comparing your files to official core\u002Fplugin\u002Ftheme checksums) to dramatically reduce false alarms compared to heuristic-only scanners.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Intelligent Health Monitor\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Always-On Guard:\u003C\u002Fstrong> Continuous monitoring via \u003Cstrong>Scheduled Scans\u003C\u002Fstrong> (daily\u002Fweekly\u002Fmonthly) configurable cadence.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Instant Alerts:\u003C\u002Fstrong> Every time a scheduled scan completes, you get an instant email report telling you if your site is clean or infected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Event Log:\u003C\u002Fstrong> Track the events leading up to a malware incident for faster root-cause analysis.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Powered by Malcure API: Real-Time Threat Intelligence\u003C\u002Fh3>\n\u003Cp>Hackers don’t sleep, and neither do we. Malcure Malware Shield connects to our real-time API to fetch the latest threat definitions.\u003C\u002Fp>\n\u003Cp>This plugin relies on the Malcure API to provide real-time threat intelligence and checksum verification.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Data Transmission:\u003C\u002Fstrong> To perform scans, the plugin sends file checksums and your site’s domain to Malcure servers. No sensitive user data is transmitted.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms & Privacy:\u003C\u002Fstrong> Use of the API is subject to our \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=1720&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Terms of Use\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=3&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Privacy Policy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Zero-Day Alerts:\u003C\u002Fstrong> Our API serves new threat-intelligence in real-time, ensuring the site is scanned against the latest vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Checksums:\u003C\u002Fstrong> We verify your core files, themes, and plugins against the official repository checksums using our API, ensuring absolute integrity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight:\u003C\u002Fstrong> The scanner only uses minimum resources to keep your server fast and responsive.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why Keep Malcure Malware Shield Installed?\u003C\u002Fh3>\n\u003Ch4>Reinfection Risk & Continuous Monitoring\u003C\u002Fh4>\n\u003Cp>Malware cleanup is not a one-and-done task. New vulnerabilities and reinfections can appear without warning, so continuous monitoring and scheduled scans help catch issues early—before SEO damage, blacklists, or downtime. You get email notification with the results to rest assured that the site is clean or when immediate action is required.\u003C\u002Fp>\n\u003Cp>Cleaning your site is just step one. Malcure is your anti-malware health monitor.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Continuous Monitoring:\u003C\u002Fstrong> Scheduled scans watch your site for changes so you don’t have to.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time Event Log:\u003C\u002Fstrong> See exactly what’s happening on your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Early Warning:\u003C\u002Fstrong> Catch new infections before Google blacklists you.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Prevention:\u003C\u002Fstrong> Scheduled scans and integrity checks catch reinfections before they spread.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Bloat:\u003C\u002Fstrong> Designed to run on-demand or as per schedule without slowing down your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Who This Plugin Is For\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Site owners\u003C\u002Fstrong> who want clear, actionable results (what was flagged and where).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Agencies & developers\u003C\u002Fstrong> who need fast triage across multiple sites.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce \u002F membership \u002F lead-gen sites\u003C\u002Fstrong> where downtime, SEO brand-reputation damage are expensive.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Anyone\u003C\u002Fstrong> who wants a scanner that cuts through the noise to focus on \u003Cem>signal\u003C\u002Fem>—real threats with practical remediation paths.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>How It Works (Scan \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Review \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Clean \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Monitor)\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>Scan\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Go to \u003Cstrong>Malcure Scanner\u003C\u002Fstrong> in your Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Run a scan to check your files and database for vulnerabilities, malware, backdoors, suspicious code, and integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Review\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Malcure reports findings with clear locations (file paths \u002F database records) so you can verify what changed and why it was flagged.\u003C\u002Fli>\n\u003Cli>Use the results to decide what should be repaired, deleted, or kept (for example, legitimate custom code).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Clean & Recover\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The free edition helps you identify issues, inspect data and understand what needs fixing.\u003C\u002Fli>\n\u003Cli>The Advanced Edition adds Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>Monitor\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set up scheduled scans to keep your site continuously monitored.\u003C\u002Fli>\n\u003Cli>Get email alerts for new infections or integrity issues.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Is It Free?\u003C\u002Fh4>\n\u003Cp>We believe in 100% transparency.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Professional-grade Detection (Knowledge). You see every infected file and database row (exact file path & line number), so you can clean it yourself for free.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Free Forever:\u003C\u002Fstrong> Real-time Threat Intelligence & Monitoring.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pro Upgrade:\u003C\u002Fstrong> Whitelisting, Advanced Scan Filters, File Operations, WP CLI Automation, Deployment, Bulk Client-Servicing Features, Background Scan & Premium Support (Expertise).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>You are never forced to pay to \u003Cem>find\u003C\u002Fem> a hack.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FEbSbxiTOc8k?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Core Features (Free Forever)\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Deep Malware Scan:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and your entire database for vulnerabilities, viruses, trojans, backdoors, and \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">malicious redirects\u003C\u002Fa>.\n\u003Cul>\n\u003Cli>\u003Cstrong>Files:\u003C\u002Fstrong> Scans core files, themes, plugins, images, and uploads for backdoors, shells including variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Database:\u003C\u002Fstrong> Scans database tables for malicious injections, recurring malware and spam links.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>SEO Spam Detection:\u003C\u002Fstrong> Specifically checks page titles and database records for “Japanese Keyword Hack”, “Pharma Hack” and other SEO spam symptoms.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerability Scanner:\u003C\u002Fstrong> Checks your installed plugins and themes against our real-time database of known security vulnerabilities.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Checksum Verification:\u003C\u002Fstrong> Automatically verifies your core files, themes, and plugins against the official checksums. If a file has been tampered with, we know instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Uncompromising Detection:\u003C\u002Fstrong> Detects variants like C99, R57, RootShell, dolohan, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx, obfuscated code and many more known and unknown variants.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Attack Surface Hardening & Firewall:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Block Path Traversal:\u003C\u002Fstrong> Stops attackers from accessing sensitive system files.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Block PHP Uploads:\u003C\u002Fstrong> Prevents malicious scripts from being uploaded to your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stop User Enumeration:\u003C\u002Fstrong> Blocks bots from fishing for your username.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>REST API Protection:\u003C\u002Fstrong> Prevents user data leakage via the WP REST API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1622&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Security Hardening\u003C\u002Fa>:\u003C\u002Fstrong> Learn more about securing your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Recurrence Watchdog (Background Monitor):\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Set it and forget it:\u003C\u002Fstrong> Malcure runs silently in the background using scheduled scans (configurable cadence) + integrity baseline to monitor changes.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Stay Ahead:\u003C\u002Fstrong> Automatically catch new infections before they spread or damage your SEO rankings.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Incident Response Toolkit:\u003C\u002Fstrong>\n\u003Cul>\n\u003Cli>\u003Cstrong>Nuke User Sessions:\u003C\u002Fstrong> Instantly force-logout every user on the site to kick out intruders.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Salt Shuffler:\u003C\u002Fstrong> One-click rotation of \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">security keys (salts)\u003C\u002Fa> to invalidate all browser cookies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Forensic Flight Recorder (Event Log):\u003C\u002Fstrong> Track every security event. Know exactly \u003Cem>when\u003C\u002Fem> and \u003Cem>how\u003C\u002Fem> a breach might have occurred with our 100-day event log.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Search Console Integration:\u003C\u002Fstrong> Connect directly to Google to fetch security warnings and blacklist status in real-time.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-Time API Updates:\u003C\u002Fstrong> Connects to the Malcure Cloud to fetch the latest threats and vulnerabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Upgrade to Advanced Edition\u003C\u002Fh4>\n\u003Cp>For mission-critical websites that demand comprehensive protection and recovery tools.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>1-Click Surgical Repair:\u003C\u002Fstrong> Inspect, Delete, or Repair infected files instantly.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Whitelisting:\u003C\u002Fstrong> Stop false alarms. Supports files, folders, and \u003Cstrong>Database Records\u003C\u002Fstrong>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WP-CLI Integration:\u003C\u002Fstrong> Complete command-line control for automated scanning and reporting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Definition Updates:\u003C\u002Fstrong> Definitions update automatically in the background.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>On-Demand Background Scans:\u003C\u002Fstrong> Trigger deep scans immediately without keeping your browser open.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Scan Filters:\u003C\u002Fstrong> For when you are specifically looking for something in the files or database or want to include, exclude specific files & directories\u003C\u002Fli>\n\u003Cli>\u003Cstrong>File Operations:\u003C\u002Fstrong> Critical file operations like deletion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Bulk Client-Servicing Features:\u003C\u002Fstrong> Like copying scan results to generate report for clients.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Background Scan:\u003C\u002Fstrong> For when you want to trigger a scan and forget it. The scan continues and emails you upon completion.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Premium Support (Expertise):\u003C\u002Fstrong> When you want to consult or want to exploit advanced features or need help troubleshooting.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>High-Priority Support:\u003C\u002Fstrong> Direct access to our security analysts.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Get Malcure Advanced Edition\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Additional Resources for Malware Removal\u003C\u002Fh4>\n\u003Cp>Follow these expert guides to remove malware, recover lost traffic, and restore your online reputation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=1540&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">A step by step guide to remove the malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=13946&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Japanese Keyword Hack: How to Remove SEO Spam\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5728&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">What is the Pharma Hack & How to fix it\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14143&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix Google Ads Disapproved for Malicious Software\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14477&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent SQL Injection Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5265&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Live Malware Infection Removal & Analysis\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=7207&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix “This Site May Harm Your Computer” Warning\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=60&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Comprehensive Guide to Removing JavaScript Redirect Malware\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5699&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Fix a Blank WP-Admin Page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=9102&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure WP CLI Integration & Cheatsheet\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=14375&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Prevent Brute Force Attacks\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5230&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">How to Change Salt Keys\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Expert Malware Removal Service\u003C\u002Fh4>\n\u003Cp>In over your head? Our security analysts are on standby. We offer a complete \u003Cstrong>Malware Removal Service\u003C\u002Fstrong> that includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>100% Removal Guarantee:\u003C\u002Fstrong> We guarantee to remove all malware from your website.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Same Day Service:\u003C\u002Fstrong> Fast turnaround time to get your business back online.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Manual Inspection:\u003C\u002Fstrong> Our experts manually inspect critical files (htaccess, wp-config, index.php) and your database.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist Removal:\u003C\u002Fstrong> We handle the removal of your site from blacklists like Google, Norton, McAfee, etc.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Hardening:\u003C\u002Fstrong> We identify the root cause and patch vulnerabilities to prevent future infections.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>15-Day Cover:\u003C\u002Fstrong> Security analysts available 24\u002F7\u002F365 to ensure your site stays clean.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">\u003Cstrong>Book Expert Malware Removal\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Troubleshooting\u003C\u002Fh3>\n\u003Ch4>Some files are detected by Malcure Malware Shield as “suspicious”. What gives?\u003C\u002Fh4>\n\u003Cp>Malcure’s DeepScan checks each file for malware. However some files aren’t pure malware but may contain code that is suspicious and could potentially do nasty things. You should carefully review and analyse them to see if they indeed do anything nasty.\u003C\u002Fp>\n\u003Ch4>I can’t get Malcure Malware Shield to work. It hangs \u002F doesn’t complete the scan \u002F breaks for some reason.\u003C\u002Fh4>\n\u003Cp>If you think that the plugin is broken, \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Malcure Malware Shield (or for that matter other plugins) may break on malware affected \u002F broken websites. \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Malcure Advanced Edition\u003C\u002Fa> integrates with WP CLI and allows you to complete the scan from WP CLI even when the site is blocked by the webhost or when you are unable to login to the website.\u003C\u002Fp>\n\u003Ch4>My site is infected however Malcure Malware Shield doesn’t detect the infection.\u003C\u002Fh4>\n\u003Cp>Malware keeps evolving. If you come across malware that Malcure Malware Shield is not able to identify, you may \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=157&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">please report it here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>The scan gets stuck midway. What should I do?\u003C\u002Fh4>\n\u003Cp>In case of such an event, please file a support request with us and we’ll be more than happy to troubleshoot the issue.\u003C\u002Fp>\n\u003Cp>Please visit \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=5677&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">this page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I cleaned my site but it got infected again. What should I do?\u003C\u002Fh4>\n\u003Cp>Malware cleanup is a waste of time and effort unless you find the root cause behind the malware infection and monitor for recurrence. How was someone able to infect your website? Have you plugged in that security hole?\u003C\u002Fp>\n\u003Cp>Please read \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002Fblog\u002Fsecurity\u002Fwhy-do-wordpress-websites-get-hacked\u002F?utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Why Do Websites Get Hacked\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Google Safe Browsing site status (or some other scanner) still shows my site as infected. What should I do?\u003C\u002Fh4>\n\u003Cp>First make sure you purge your site cache. Second, Google (and other scanners) cache the results for some time. You’ll need to force or refresh the scan. You can also file a request with us to \u003Ca href=\"https:\u002F\u002Fwww.malcure.com\u002F?p=107&utm_source=readmefaq&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">get your site off any blacklists\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>I found a suspicious file, what now?\u003C\u002Fh4>\n\u003Cp>If Malcure flags it, it’s likely malicious. You can inspect the file content using our built-in inspector. If you’re unsure, consider our \u003Ca href=\"https:\u002F\u002Fmalcure.com\u002F?p=107&utm_source=readme&utm_medium=web&utm_campaign=wpmr\" rel=\"nofollow ugc\">Expert Malware Removal Service\u003C\u002Fa>.\u003C\u002Fp>\n","Fast malware removal & security shield. Fix hacks, stop redirects, clean SEO spam. Real-time threat intelligence. No bloat.",10000,605372,88,69,"2026-02-13T05:45:00.000Z","6.9.4","3.7.4","5.6",[20,75,21,76,77],"malware-scanner","virus","vulnerability-scanner","https:\u002F\u002Fmalcure.com\u002F?p=116&utm_source=plugin-header&utm_medium=web&utm_campaign=wpmr","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-malware-removal.19.8.zip",96,"2025-09-03 00:00:00",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":13,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":73,"tags":96,"homepage":100,"download_link":101,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":57},"prevent-xss-vulnerability","Prevent XSS Vulnerability","2.1.0","Sami Ahmed Siddiqui","https:\u002F\u002Fprofiles.wordpress.org\u002Fsasiddiqui\u002F","\u003Cp>This plugin helps safeguard your website against two common types of Cross-Site Scripting (XSS) vulnerabilities:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Reflected XSS:\u003C\u002Fstrong> This happens when harmful scripts are hidden in a website’s URL. If a user clicks a link with such a script, it can run in their browser, potentially stealing their data or taking control of their system.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Self-XSS:\u003C\u002Fstrong> This occurs when a user’s own input on your website is displayed back to them in an unsafe way, allowing malicious scripts to run in their browser.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin provides several layers of protection:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Blocking:\u003C\u002Fstrong> When active, the plugin checks URLs for specific characters. If it finds any of these characters in the URL, it redirects the user to prevent a potential XSS attack. You can customize which characters to block or allow.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Opening Round Bracket \u003Ccode>(\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Closing Round Bracket \u003Ccode>)\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Less than Sign \u003Ccode>\u003C\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Greater than Sign \u003Ccode>>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Opening Square Bracket \u003Ccode>[\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Closing Square Bracket \u003Ccode>]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Opening Curly Bracket \u003Ccode>{\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Pipe or Vertical Bar \u003Ccode>|\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Closing Curly Bracket \u003Ccode>}\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Encoding:\u003C\u002Fstrong> For an extra layer of security, the plugin encodes certain characters found in URL parameters. This stops harmful code from running, even if it’s present in the URL. You can also choose to exclude specific parameters from being encoded.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Exclamation Mark \u003Ccode>!\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Double Quotation \u003Ccode>\"\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Single Quotation \u003Ccode>'\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Opening Round Bracket \u003Ccode>(\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Closing Round Bracket \u003Ccode>)\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Asterisk Sign \u003Ccode>*\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Less than Sign \u003Ccode>\u003C\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Greater than Sign \u003Ccode>>\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Grave Accent “`\u003C\u002Fli>\n\u003Cli>Cap Sign \u003Ccode>^\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Opening Square Bracket \u003Ccode>[\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Closing Square Bracket \u003Ccode>]\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Opening Curly Bracket \u003Ccode>{\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Pipe or Vertical Bar \u003Ccode>|\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Closing Curly Bracket \u003Ccode>}\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Escaping HTML in \u003Ccode>$_GET\u003C\u002Fcode>:\u003C\u002Fstrong> This plugin automatically makes HTML characters safe within the \u003Ccode>$_GET\u003C\u002Fcode> variable. This is vital if your website pulls data from URLs and displays it as part of your web page. It helps prevent malicious scripts from being injected through user-provided input.\u003C\u002Fp>\n\u003Ch3>Important Notes:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>After activating the plugin, \u003Cstrong>thoroughly test your website forms\u003C\u002Fstrong>, especially if you use WooCommerce. Make sure the plugin doesn’t interfere with your shopping cart and checkout processes.\u003C\u002Fli>\n\u003Cli>We welcome bug reports for this plugin on GitHub: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsamiahmedsiddiqui\u002Fprevent-xss-vulnerability\u002Fissues\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fsamiahmedsiddiqui\u002Fprevent-xss-vulnerability\u002Fissues\u003C\u002Fa>. Please remember that GitHub is for bug reports only, not general support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By using this plugin and following these recommendations, you can significantly improve your website’s defense against XSS attacks.\u003C\u002Fp>\n","This WP plugin blocks XSS by encoding harmful URL characters & safely handling HTML in $_GET. Customizable settings for enhanced website security.",7000,76473,7,"2025-07-22T14:10:00.000Z","6.8.5","3.5",[97,98,21,99,23],"attack","cross-site-scripting","vulnerability","https:\u002F\u002Fwww.yasglobal.com\u002Fweb-design-development\u002Fwordpress\u002Fprevent-xss-vulnerability\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprevent-xss-vulnerability.2.1.0.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":50,"tags":117,"homepage":15,"download_link":121,"security_score":122,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":57},"csp-manager","Content Security Policy Manager","1.2.1","Patrick Sletvold","https:\u002F\u002Fprofiles.wordpress.org\u002F16patsle\u002F","\u003Cp>\u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong> is a WordPress plugin that allows you to easily configure \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FCSP\" rel=\"nofollow ugc\">Content Security Policy headers\u003C\u002Fa> for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.\u003C\u002Fp>\n\u003Cp>Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.\u003C\u002Fp>\n","Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors",2000,33739,86,6,"2022-08-09T17:33:00.000Z","6.1.10","4.6",[118,119,21,120,23],"content-security-policy","csp","security-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-manager.1.2.1.zip",85,{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":110,"downloaded":131,"rating":132,"num_ratings":133,"last_updated":134,"tested_up_to":94,"requires_at_least":135,"requires_php":73,"tags":136,"homepage":15,"download_link":139,"security_score":140,"vuln_count":141,"unpatched_count":26,"last_vuln_date":142,"fetched_at":57},"virusdie","Virusdie – One-click website security","1.1.8","Virusdie","https:\u002F\u002Fprofiles.wordpress.org\u002Fvirusdie\u002F","\u003Cp>ONE-CLICK WEBSITE SECURITY WITH VIRUSDIE WORDPRESS PLUGIN\u003C\u002Fp>\n\u003Ch3>Welcome to the most anticipated website security plugin – Virusdie WordPress Plugin!\u003C\u002Fh3>\n\u003Cp>Managing website security like malware scanning and removal, website hardening, patch management, real-time website protection against online attacks, and blacklist monitoring – is an automatic pleasure and we can prove it!\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>More than 3 million\u003C\u002Fstrong> connected websites!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>99.87% malware and vulnerabilities detection rate.\u003C\u002Fstrong> The best detection rate in the industry. Virusdie detects as many threats as possible, including new kinds of threats\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No false positives.\u003C\u002Fstrong> False positives rate — less than 0.0002%. You can always be sure that your antivirus won’t mislead you)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website cleanup in one click.\u003C\u002Fstrong> The industry’s safest automatic cleanup procedures ensure that your site will remain stable after cleanup (automatic malware removal)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Real-time website protection\u003C\u002Fstrong> against attacks by Website Firewall (protection against bad bots, DoS, XSS, SQL injections, suspicious uploads and activities, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Virtual and real patch management\u003C\u002Fstrong> (website hardening). It makes a virtual patch automatically or updates your vulnerable plug-ins and other site components in seconds, minimizing the risk of future problems.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Blacklist monitoring and blacklisting tool\u003C\u002Fstrong> that help you save time for unblacklisting by an automated un-blacklist wizard.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smooth onboarding:\u003C\u002Fstrong> only dashboard with all you need. Manage Virusdie tools in a click! Your website is in full view: entire web-security status on one page.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Friendly and responsive Virusdie support team.\u003C\u002Fstrong> We are welcome to help you and answer your questions.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To avoid interruptions to your business, you need to keep your site free of viruses. As they say, shit happens — but when it does, you have to clean it up, and fast. Today, Virusdie makes it possible to resolve 100% of the security issues most businesses face, either fully or partially automatically. We’ve taken powerful website security tools and made them friendly and automatic in WordPress plugin format. Now, you can scan, clean, and protect your site from a single panel with just one click of the mouse. What’s more, you won’t need any help to use Virusdie. This means that you’ll save tons of time while keeping your site’s security under your control!\u003C\u002Fp>\n\u003Ch4>Free plan feature list:\u003C\u002Fh4>\n\u003Cp>1. Antivirus:\u003C\u002Fp>\n\u003Col>\n\u003Cli>No extreme server CPU load while scanning!\u003C\u002Fli>\n\u003Cli>Instant malware database update. The antivirus database is automatically updated in the background, so you won’t even have to think about doing anything manually to be sure you can eliminate as many viruses and vulnerabilities as possible.\u003C\u002Fli>\n\u003Cli>Scans once a month:\n\u003Cul>\n\u003Cli>Scanning website files for malware: all website files (not just CMS’ files), themes, plugins, PHP, JS, HTML, images, files with no type, any binary files and system files, .htaccess, and files with custom types and archives.\u003C\u002Fli>\n\u003Cli>Scanning website database. Scan posts and comments for bad URLs and suspicious content, scan posts and comments for malware and injections.\u003C\u002Fli>\n\u003Cli>Scanning for malware types (threats): malware, malicious redirects, Trojans, backdoors, shell scripts, malicious codes, bad URLs and SEO spam, defaces, code injections, browser coin miners.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Detailed scan reports with malware and threats description and recommendations.\u003C\u002Fli>\n\u003Cli>Add files to the exclusion list to ignore them in future scans.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#3rdPage\" rel=\"nofollow ugc\">Virusdie Antivirus\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>2. WAF:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Don’t slow down your website while you’re using WAF!\u003C\u002Fli>\n\u003Cli>Instant Firewall rules database update.\u003C\u002Fli>\n\u003Cli>Bad requests, hacks attempts and attacks detection.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#6page\" rel=\"nofollow ugc\">Virusdie Firewall\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>3. Patch Management (website hardening)\u003C\u002Fp>\n\u003Col>\n\u003Cli>Instant vulnerabilities database update.\u003C\u002Fli>\n\u003Cli>Check site (files, themes, plugins and components) for known security vulnerabilities and alerts you if found.\u003C\u002Fli>\n\u003Cli>Scan once a month.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#4rdPage\" rel=\"nofollow ugc\">Virusdie Patch Manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>4. Blacklists Monitoring\u003C\u002Fp>\n\u003Col>\n\u003Cli>Checking your website more than 60+ blacklists automatically.\u003C\u002Fli>\n\u003Cli>One-click to un-blacklist.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#7page\" rel=\"nofollow ugc\">Virusdie Blacklist Monitoring\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Premium plan feature list:\u003C\u002Fh4>\n\u003Cp>(In addition to the free plan’ feature list)\u003C\u002Fp>\n\u003Cp>1. Antivirus:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Daily scans and Unlimited scans.\u003C\u002Fli>\n\u003Cli>Automatic malware removal: The safest in the industry automatic malware removal – Your website continues to run stably after the automated cleanup.\u003C\u002Fli>\n\u003Cli>Unlimited site cleanups.\u003C\u002Fli>\n\u003Cli>File editor.\u003C\u002Fli>\n\u003Cli>Malicious code highlighting in the file editor.\u003C\u002Fli>\n\u003Cli>Pre-cleanup file backups.\u003C\u002Fli>\n\u003Cli>Exclusion list to add files and ignore them in future scans.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#3rdPage\" rel=\"nofollow ugc\">Virusdie Antivirus\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>1. Firewall:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Basic bad request protection.\u003C\u002Fli>\n\u003Cli>XSS and SQL injection protection.\u003C\u002Fli>\n\u003Cli>DoS-attacks protection.\u003C\u002Fli>\n\u003Cli>Brute force protection by limiting login attempts.\u003C\u002Fli>\n\u003Cli>Content scraping protection.\u003C\u002Fli>\n\u003Cli>Malicious uploads prevention.\u003C\u002Fli>\n\u003Cli>IP whitelisting\u002Fblacklisting.\u003C\u002Fli>\n\u003Cli>URL blocking.\u003C\u002Fli>\n\u003Cli>Country blocking.\u003C\u002Fli>\n\u003Cli>History of blocked requests.\u003C\u002Fli>\n\u003Cli>Make custom rules to block requests based by: IP Range, Hostname, User Agent and Referrer.\u003C\u002Fli>\n\u003Cli>Make custom rules generic type for POST\u002FGET requests.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#6page\" rel=\"nofollow ugc\">Virusdie Firewall\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Patch Management:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Daily and Unlimited scans.\u003C\u002Fli>\n\u003Cli>Automatic virtual vulnerability patching (website hardening).\u003C\u002Fli>\n\u003Cli>Automatic real patch management.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Find out more about \u003Ca href=\"https:\u002F\u002Fvirusdie.com\u002Ftools\u002F#4rdPage\" rel=\"nofollow ugc\">Virusdie Patch Manager\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Coming soon:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Teamwork:\u003C\u002Fstrong> you will be able to share access to your site with your team. Simple and secure!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website sharing.\u003C\u002Fstrong> You’ll be able to share your website access with your digital agency who manage your website security – with one click!\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Website insurance and security expert marketplace:\u003C\u002Fstrong> for being confident that in the event of a complex website infection or damage to your site, getting help from third-party security experts to restore your site won’t cost you any more than the minimum cost in your insurance policy.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Firewall statistics and attack attempts reports will be available on the free tier plan!\u003C\u002Fstrong> Keep your finger on the website pulse even for free!\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Join us on \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002FWebSecCommunityVirusdie\" rel=\"nofollow ugc\">Facebook Community\u003C\u002Fa> and find out more about Virusdie cloud security tools.\u003C\u002Fp>\n","Malware scanning & removal, website hardening, patching vulnerabilities, real-time protection against online attacks, blacklist monitoring in a click!",34436,80,9,"2026-01-30T22:05:00.000Z","5.0",[20,137,75,21,138],"firewall","security-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fvirusdie.1.1.8.zip",95,4,"2026-02-18 00:00:00",{"attackSurface":144,"codeSignals":171,"taintFlows":201,"riskAssessment":270,"analyzedAt":286},{"hooks":145,"ajaxHandlers":167,"restRoutes":168,"shortcodes":169,"cronEvents":170,"entryPointCount":26,"unprotectedCount":26},[146,152,155,159,163],{"type":147,"name":148,"callback":149,"file":150,"line":151},"action","muplugins_loaded","shieldfy_firewall_init_check","bootstrap.php",20,{"type":147,"name":153,"callback":149,"file":150,"line":154},"plugins_loaded",21,{"type":147,"name":156,"callback":157,"file":150,"line":158},"admin_menu","shieldfy_plugin_menu",23,{"type":147,"name":160,"callback":161,"file":150,"line":162},"admin_enqueue_scripts","shieldfy_include_assets",24,{"type":147,"name":164,"callback":165,"file":150,"line":166},"admin_notices","shieldfy_admin_notice",25,[],[],[],[],{"dangerousFunctions":172,"sqlUsage":178,"outputEscaping":180,"fileOperations":199,"externalRequests":32,"nonceChecks":26,"capabilityChecks":26,"bundledLibraries":200},[173],{"fn":174,"file":175,"line":176,"context":177},"unserialize","shieldfy.client.php",203,"if (($result = @unserialize($value)) === false)",{"prepared":26,"raw":26,"locations":179},[],{"escaped":26,"rawEcho":133,"locations":181},[182,185,187,188,189,191,193,194,197],{"file":150,"line":183,"context":184},76,"raw output",{"file":186,"line":158,"context":184},"pages\\dashboard.php",{"file":186,"line":162,"context":184},{"file":186,"line":33,"context":184},{"file":186,"line":190,"context":184},31,{"file":186,"line":192,"context":184},32,{"file":186,"line":192,"context":184},{"file":195,"line":196,"context":184},"pages\\install.php",58,{"file":175,"line":198,"context":184},1092,13,[],[202,220,242,258],{"entryPoint":203,"graph":204,"unsanitizedCount":32,"severity":219},"end (shieldfy.client.php:1086)",{"nodes":205,"edges":216},[206,211],{"id":207,"type":208,"label":209,"file":175,"line":210},"n0","source","$_SERVER['SERVER_PROTOCOL']",1087,{"id":212,"type":213,"label":214,"file":175,"line":210,"wp_function":215},"n1","sink","header() [Header Injection]","header",[217],{"from":207,"to":212,"sanitized":218},false,"medium",{"entryPoint":221,"graph":222,"unsanitizedCount":14,"severity":219},"run (shieldfy.client.php:1180)",{"nodes":223,"edges":239},[224,227,231,234],{"id":207,"type":208,"label":225,"file":175,"line":226},"$_SERVER",1202,{"id":212,"type":213,"label":228,"file":175,"line":229,"wp_function":230},"file_get_contents() [SSRF\u002FLFI]",1233,"file_get_contents",{"id":232,"type":208,"label":233,"file":175,"line":226},"n2","$_SERVER (x2)",{"id":235,"type":213,"label":236,"file":175,"line":237,"wp_function":238},"n3","file_put_contents() [File Write]",1247,"file_put_contents",[240,241],{"from":207,"to":212,"sanitized":218},{"from":232,"to":235,"sanitized":218},{"entryPoint":243,"graph":244,"unsanitizedCount":141,"severity":219},"\u003Cshieldfy.client> (shieldfy.client.php:0)",{"nodes":245,"edges":254},[246,247,248,249,250,252],{"id":207,"type":208,"label":209,"file":175,"line":210},{"id":212,"type":213,"label":214,"file":175,"line":210,"wp_function":215},{"id":232,"type":208,"label":225,"file":175,"line":226},{"id":235,"type":213,"label":228,"file":175,"line":229,"wp_function":230},{"id":251,"type":208,"label":233,"file":175,"line":226},"n4",{"id":253,"type":213,"label":236,"file":175,"line":237,"wp_function":238},"n5",[255,256,257],{"from":207,"to":212,"sanitized":218},{"from":232,"to":235,"sanitized":218},{"from":251,"to":253,"sanitized":218},{"entryPoint":259,"graph":260,"unsanitizedCount":141,"severity":269},"\u003Cdashboard> (pages\\dashboard.php:0)",{"nodes":261,"edges":267},[262,264],{"id":207,"type":208,"label":263,"file":186,"line":14},"$_SERVER (x4)",{"id":212,"type":213,"label":265,"file":186,"line":33,"wp_function":266},"echo() [XSS]","echo",[268],{"from":207,"to":212,"sanitized":218},"low",{"summary":271,"deductions":272},"The plugin \"shieldfy\" v3.6.0 presents a mixed security posture. While it boasts a zero-attack surface from an external perspective (no AJAX handlers, REST API routes, shortcodes, or cron events) and a clean vulnerability history with no known CVEs, several concerning code signals warrant attention. The presence of the `unserialize` function is a significant red flag, as it can lead to Remote Code Execution (RCE) if used with untrusted input.  Furthermore, the fact that 0% of output is properly escaped suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website.  The taint analysis also indicates that all analyzed flows have unsanitized paths, which, while not currently classified as critical or high severity, suggests potential weaknesses in how data is handled.\n\nThe lack of nonce checks and capability checks on any entry points (since there are none) is less of a direct concern in this specific version due to the limited attack surface. However, it highlights a general lack of robust authorization and validation mechanisms, which could become problematic if the plugin's attack surface expands in future versions or if specific entry points are introduced without proper checks. The absence of vulnerabilities in its history is positive but should not be taken as a guarantee of future security, especially given the identified code signals.\n\nIn conclusion, \"shieldfy\" v3.6.0 has a strong foundation in terms of a limited attack surface and no known exploitable vulnerabilities. However, the direct use of `unserialize` without proper sanitization and the complete lack of output escaping represent significant security weaknesses that could be exploited. These issues require immediate attention to prevent potential RCE and XSS attacks.",[273,276,279,281,284],{"reason":274,"points":275},"Dangerous function 'unserialize' detected",15,{"reason":277,"points":278},"0% of output properly escaped",8,{"reason":280,"points":92},"All analyzed taint flows have unsanitized paths",{"reason":282,"points":283},"No nonce checks on entry points",5,{"reason":285,"points":283},"No capability checks on entry points","2026-03-16T22:04:36.479Z",{"wat":288,"direct":297},{"assetPaths":289,"generatorPatterns":292,"scriptPaths":293,"versionParams":294},[290,291],"\u002Fwp-content\u002Fplugins\u002Fshieldfy\u002Fassets\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fshieldfy\u002Fassets\u002Fjs\u002Fmain.js",[],[291],[295,296],"shieldfy\u002Fassets\u002Fcss\u002Fstyle.css?ver=","shieldfy\u002Fassets\u002Fjs\u002Fmain.js?ver=",{"cssClasses":298,"htmlComments":300,"htmlAttributes":307,"restEndpoints":309,"jsGlobals":310,"shortcodeOutput":312},[299],"shieldfy-admin-notice",[301,302,303,304,305,306],"\u003C!-- File: bootstrap.php -->","\u003C!-- Author: Shieldfy Security Team -->","\u003C!-- Author URI: https:\u002F\u002Fshieldfy.io\u002F -->","\u003C!-- Helper Classes -->","\u003C!-- API Class -->","\u003C!-- [if lt IE 9]>\u003Cscript src=\"https:\u002F\u002Foss.maxcdn.com\u002Fhtml5shiv\u002F3.7.2\u002Fhtml5shiv.min.js\">\u003C\u002Fscript>\u003Cscript src=\"https:\u002F\u002Foss.maxcdn.com\u002Frespond\u002F1.4.2\u002Frespond.min.js\">\u003C\u002Fscript>\u003C![endif] -->",[308],"data-shieldfy-input",[],[311],"shieldfy_active",[]]