[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fjS0loniv9-AZpRFIXiWiaepAVEegOYaGIFEkMa9hSV4":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":36,"analysis":128,"fingerprints":301},"shift8-push","Shift8 Push","1.0.2","shift8","https:\u002F\u002Fprofiles.wordpress.org\u002Fshift8\u002F","\u003Cp>This is a plugin that pushes a single post or page to an external site via the REST API\u003C\u002Fp>\n\u003Ch3>Instructions for setup\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Generate core WordPress application user & password on the destination server. You can follow the official WordPress \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F11\u002F05\u002Fapplication-passwords-integration-guide\u002F\" rel=\"nofollow ugc\">instructions for generating an application password\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Setup plugin on your source server and configure application user & password\u003C\u002Fli>\n\u003Cli>When editing a single post or page, a “Push” button will appear to push the changes to the server.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Want to see the plugin in action?\u003C\u002Fh3>\n\u003Cp>There isn’t anything to see! This is transparent API interactions from the source server to the destination server.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Fully pushes all content of a single post or page from your source server (i.e. staging) to the destination server (i.e. production)\u003C\u002Fli>\n\u003Cli>If the page or post doesnt exist, it will create it and clone the slug\u003C\u002Fli>\n\u003Cli>If the page or post exists, it will overwrite the content with the source server.\u003C\u002Fli>\n\u003C\u002Ful>\n","This is a plugin that pushes a single post or page to an external site via the REST API",0,787,20,1,"","6.3.8","3.0.1",[19,20,21,22],"content","production","push","staging","https:\u002F\u002Fgithub.com\u002Fstardothosting\u002Fshift8-push","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshift8-push.zip",100,null,"2026-03-15T10:48:56.248Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":32,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},11,980,93,30,89,"2026-04-04T00:52:01.748Z",[37,59,76,91,109],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":25,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"display-environment-type","Display Environment Type","1.6.0","Stoil Dobreff","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdobreff\u002F","\u003Cp>WordPress 5.5 introduced a way to differentiate between environment types (development, staging, production). This plugin shows your site’s environment type in the admin bar and the dashboard “At a Glance” widget.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2020\u002F07\u002F24\u002Fnew-wp_get_environment_type-function-in-wordpress-5-5\u002F\" rel=\"nofollow ugc\">More info about the feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>To gain additional control — for example, setting the environment or other values from the WP admin (when \u003Ccode>wp-config.php\u003C\u002Fcode> is writable) — consider installing our other plugin \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>Recommended Plugins\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002F0-day-analytics\u002F\" rel=\"ugc\">0 Day Analytics\u003C\u002Fa> — a powerful plugin for sites that need more insight into errors and runtime behavior. It includes a Cron manager, a Transient manager (database-backed), DB manager, Snippet manager, Mail manager, Plugin Version Switcher available from the Plugins page and many more.\u003C\u002Fli>\n\u003C\u002Ful>\n","Displays WordPress 5.5's environment type setting in the admin bar and the \"At a Glance\" dashboard widget.",1000,135115,4,"2025-12-19T15:09:00.000Z","6.9.4","5.5","7.4",[53,54,55,20,22],"development","dtap","environment","https:\u002F\u002Froytanck.com\u002F2020\u002F08\u002F21\u002Fnew-wordpress-plugin-display-environment-type\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisplay-environment-type.1.6.0.zip","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":25,"downloaded":67,"rating":11,"num_ratings":11,"last_updated":68,"tested_up_to":69,"requires_at_least":17,"requires_php":70,"tags":71,"homepage":74,"download_link":75,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"apex-digital-toolbox","Apex Digital Toolbox","1.5.0","nwells","https:\u002F\u002Fprofiles.wordpress.org\u002Fnwells\u002F","\u003Cp>Too many plugins installed to do basic things? This plugin tries to bring some common ones into one plugin to make life that little bit easier.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Current functionality\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Identify the production URL so as to apply specific logic or hooks depending on which environment the site is in\u003C\u002Fli>\n\u003Cli>Block visitors to the staging site based on IP or by using a specific cookie – great for showing clients but not the world\u003C\u002Fli>\n\u003Cli>Find & replace functionality – great for changing from a staging URL to a production URL\u003C\u002Fli>\n\u003Cli>Auto 301 redirect to the site domain for WordPress – useful to ensure everyone is using the correct path i.e. with www (or not) and https (or not)\u003C\u002Fli>\n\u003Cli>Add additional classes to the main body tag to easily target device and operating system i.e. iOS, Android, Chrome, etc…\u003C\u002Fli>\n\u003Cli>Sitemap generator to display a list of pages (or any post type) on the site as well as offering the ability to exclude pages\u003C\u002Fli>\n\u003Cli>WooCommerce settings to disable categories list on single product page, remove reviews tab, remove product count on categories\u003C\u002Fli>\n\u003Cli>When using Visual Composer you can automatically load in any PHP files that make use of vc_map() within your theme\u003C\u002Fli>\n\u003Cli>When using Gravity Forms & Bootstrap all correct classes will be applied to input boxes and buttons. Also, a new field type is added to add columns to forms as well as placing the submit button wherever you like\u003C\u002Fli>\n\u003Cli>Gravity Forms confirmation message appear underneath any fixed header when using AJAX. This hook allows you to scroll to the correct position based on the header\u003C\u002Fli>\n\u003Cli>Can specify a stylesheet that you want to appear last in the enqueue – useful for overwriting parent themes or other plugins\u003C\u002Fli>\n\u003Cli>YouTube embedded videos can have the title, related videos, and controls switched off\u003C\u002Fli>\n\u003Cli>Change the sender name and email address for emails sent\u003C\u002Fli>\n\u003Cli>Short code for displaying the current year – useful for keeping copyright notices up-to-date\u003C\u002Fli>\n\u003Cli>WooCommerce template tweaks for improved usability when using the Jupiter theme\u003C\u002Fli>\n\u003Cli>Set parent hierarchy pages as place holders so they don’t provide links in menus to empty pages\u003C\u002Fli>\n\u003Cli>Simple short code for the current page title – useful to add in to links\u003C\u002Fli>\n\u003Cli>Disable certain notifications for admin\u003C\u002Fli>\n\u003Cli>Added Relevanssi support for XforWooCommerce filter plugin when AJAX is in use\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Coming soon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Drag & drop page re-ordering\u003C\u002Fli>\n\u003Cli>Improve noindexing on WooCommerce hidden products as well as ensuring the don’t appear in sitemaps both HTML & XML\u003C\u002Fli>\n\u003Cli>Auto hide a page from any menu when its status is no longer published\u003C\u002Fli>\n\u003Cli>Additional default settings for Visual Composer to make it easier to extend and remove built in elements & templates\u003C\u002Fli>\n\u003Cli>More to come!\u003C\u002Fli>\n\u003C\u002Ful>\n","Too many plugins installed to do basic things? Bring some common functions ones into one plugin to make life that little bit easier for developers.",5947,"2026-02-17T02:06:00.000Z","6.7.5","7.1",[72,20,73,22],"administration","setup","https:\u002F\u002Fwww.apexdigital.co.nz\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapex-digital-toolbox.1.5.0.zip",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":25,"num_ratings":14,"last_updated":86,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":87,"homepage":15,"download_link":90,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"environment-debug-admin-toolbar","Environment & Debug Bar","1.4.0","Medium Rare","https:\u002F\u002Fprofiles.wordpress.org\u002Fmediumraredev\u002F","\u003Cp>This plugin will tell you what environment type you are on, and what the debug settings are.\u003C\u002Fp>\n\u003Cp>If you have only one version of your site this plugin may not be useful to you.\u003C\u002Fp>\n\u003Cp>Make sure every version of your site has its \u003Cem>ENV\u003C\u002Fem> defined in wp-config.php. We support both the new official WP_ENVIRONMENT_TYPE constant, and the community classic WP_ENV.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'WP_ENVIRONMENT_TYPE', 'production' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch3>Medium Rare\u003C\u002Fh3>\n\u003Cp>We hope you like this Medium Rare plugin. We take a lot of pride in our work, and try to make it the absolute best we can.\u003C\u002Fp>\n\u003Cp>This plugin is fully free, and will never have a pro version. A small gift, from us, to you.\u003C\u002Fp>\n\u003Cp>If you’re interested in our other plugins, and future plugins, we invite you to visit our website at \u003Ca href=\"https:\u002F\u002Fmediumrare.dev\u002F\" rel=\"nofollow ugc\">mediumrare.dev\u003C\u002Fa>. Our newsletter is the best way to never miss a Medium Rare plugin launch.\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you want to contribute, development takes place on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FBrugman\u002Fenvironment-debug-admin-toolbar\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","Display your environment and debug info in the toolbar.",40,3378,"2025-12-09T15:03:00.000Z",[88,89,55,20,22],"debug","env","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fenvironment-debug-admin-toolbar.1.4.0.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":33,"downloaded":99,"rating":11,"num_ratings":11,"last_updated":100,"tested_up_to":101,"requires_at_least":102,"requires_php":103,"tags":104,"homepage":15,"download_link":107,"security_score":108,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"plx-multi-environments","PLX Multi-Environments","1.0.1","Webmaster","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattstone-plx\u002F","\u003Cp>PLX Multi-Environments manages separate Development, Staging, and Production environments directly from within the WordPress Admin screen.\u003C\u002Fp>\n\u003Cp>Once the separate configuration files have been installed and your existing wp-config.php settings have been backed up\u003Cbr \u002F>\nyou\\’re then free to enter each of your environments database settings. When you push your files between servers you no\u003Cbr \u002F>\nlonger need to edit the configuration.\u003C\u002Fp>\n\u003Cp>Important: Although the plugin will automatically backup your current settings to wp-config.backup.php, we strongly recommend backing up\u003Cbr \u002F>\nyour wp-config.php file before completing the plugin installation.\u003C\u002Fp>\n","Manage separate Development, Staging, and Production environments directly from the Wordpress Admin screen.",1807,"2017-11-22T12:30:00.000Z","4.9.29","3.5","5.6",[105,106,55,20,22],"dev","developer","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fplx-multi-environments.1.0.1.zip",85,{"slug":110,"name":111,"version":112,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":13,"downloaded":117,"rating":25,"num_ratings":118,"last_updated":119,"tested_up_to":120,"requires_at_least":121,"requires_php":15,"tags":122,"homepage":126,"download_link":127,"security_score":108,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":58},"pushlive","PushLive – Staging Sites to Live in One Click","0.6.8","Jamin Szczesny","https:\u002F\u002Fprofiles.wordpress.org\u002Fjxaxmxixn\u002F","\u003Cp>\u003Cstrong>PushLive allows you to have a fully functioning staging site or Multisite environment for editing and development that you then with a single click individually push to the live site when you’re ready.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Now works with Multisite!\u003C\u002Fstrong> – Featuring Independent Pushes for Each Site\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Coming Soon (Next Major Release): PushLive Replicate\u003C\u002Fstrong> – Easily create a staging site from your current live site\u003C\u002Fp>\n\u003Cblockquote>\n\u003Ch4>With PushLive you ( or your clients ) will make all initial and future edits on the staging site, push them to the live site, and in most cases never actually touch the live site except to enjoy its awesomeness\u003C\u002Fh4>\n\u003Ch4>&nbsp;\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\nPlease read the \u003Ca href=\"installation#sections\" rel=\"nofollow ugc\">Installation and Setup Instructions\u003C\u002Fa>\n\u003C\u002Fli>\n\u003Cli>\nSingle Site WordPress installations – PushLive is compatable with nearly all available Plugins\n\u003C\u002Fli>\n\u003Cli>\nSpecial Multisite WordPress installations – PushLive is installed at the Network Admin level and best used when building and testing the site from the ground up because some Plugins are simply not compatable with PushLive in a Multisite environment\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cstrong>Requires:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Linux based server\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Major features in PushLive include:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Fast staging to live pushes that only update the new or changed content as necessary.\u003C\u002Fli>\n\u003Cli>Individual and Independent pushes for each site if using Multisite.\u003C\u002Fli>\n\u003Cli>Easy 1 page, top to bottom setup and configuration.\u003C\u002Fli>\n\u003Cli>A visible log of all previous pushes can be viewed on the main PushLive page.\u003C\u002Fli>\n\u003Cli>Require all users to log in to view the staging server \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Other Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Creates database backups during every push\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>History:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>This was originally a simple tried and true Joomla 1.5 component my company developed many years ago\u003C\u002Fli>\n\u003Cli>I then updated it for Joomla 2.5 and added some new features\u003C\u002Fli>\n\u003Cli>Updated it for Joomla 3.5 and again added some new features\u003C\u002Fli>\n\u003Cli>Rewrote it for WordPress for my own use about a year ago\u003C\u002Fli>\n\u003Cli>Decided shortly after that I would become a WordPress developer and release it publicly\u003C\u002Fli>\n\u003Cli>9 months of using it later I finally released it with some new features and minor bugs fixed\u003C\u002Fli>\n\u003Cli>Historically PushLive has always served us\u002Fme good use so it should be something you can trust and rely on as well\u003C\u002Fli>\n\u003Cli>We have NEVER had a major issue with PushLive we had to recover from, but you should always back up your site\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Banner Imagery:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Photo by: Tom Johnson (https:\u002F\u002Fwww.facebook.com\u002Ftigger1759)\u003C\u002Fli>\n\u003C\u002Ful>\n","Allows you to have a fully functioning development Staging Site or Multisite that you can individually Push to Live when ready.",6188,3,"2015-11-08T03:30:00.000Z","4.3.34","4",[123,110,124,22,125],"1-squared","stage","staging-site","http:\u002F\u002F1squared.com\u002Fpushlive","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpushlive.0.6.8.zip",{"attackSurface":129,"codeSignals":189,"taintFlows":240,"riskAssessment":288,"analyzedAt":300},{"hooks":130,"ajaxHandlers":172,"restRoutes":178,"shortcodes":186,"cronEvents":187,"entryPointCount":188,"unprotectedCount":14},[131,137,142,145,150,154,158,162,168],{"type":132,"name":133,"callback":134,"file":135,"line":136},"action","admin_enqueue_scripts","load_shift8_push_wp_admin_style","components\\enqueuing.php",24,{"type":132,"name":138,"callback":139,"file":140,"line":141},"rest_api_init","shift8_push_create_api_posts_meta_field","components\\functions.php",312,{"type":132,"name":138,"callback":143,"file":140,"line":144},"closure",363,{"type":132,"name":146,"callback":147,"file":148,"line":149},"admin_head","shift8_push_custom_favicon","components\\settings.php",13,{"type":132,"name":151,"callback":152,"file":148,"line":153},"admin_menu","shift8_push_create_menu",27,{"type":132,"name":155,"callback":156,"file":148,"line":157},"admin_init","register_shift8_push_settings",35,{"type":132,"name":159,"callback":160,"file":148,"line":161},"init","shift8_push_init",104,{"type":163,"name":164,"callback":165,"priority":166,"file":148,"line":167},"filter","pre_update_option_shift8_push_application_password","shift8_push_update_application_password",10,106,{"type":132,"name":169,"callback":170,"file":148,"line":171},"post_submitbox_misc_actions","shift8_push_button",118,[173],{"action":174,"nopriv":175,"callback":174,"hasNonce":176,"hasCapCheck":175,"file":140,"line":177},"shift8_push_push",false,true,49,[179],{"namespace":180,"route":181,"methods":182,"callback":184,"permissionCallback":26,"file":140,"line":185},"shift8\u002Fv1","\u002Fmeta\u002F",[183],"POST","shift8_push_rest_meta",364,[],[],2,{"dangerousFunctions":190,"sqlUsage":195,"outputEscaping":197,"fileOperations":11,"externalRequests":238,"nonceChecks":188,"capabilityChecks":14,"bundledLibraries":239},[191],{"fn":192,"file":140,"line":193,"context":194},"unserialize",416,"if ( is_string( $data ) && ( $unserialized = @unserialize( $data ) ) !== false ) {",{"prepared":188,"raw":11,"locations":196},[],{"escaped":198,"rawEcho":199,"locations":200},42,18,[201,204,206,208,210,212,214,216,218,220,222,224,226,228,231,233,234,236],{"file":140,"line":202,"context":203},97,"raw output",{"file":140,"line":205,"context":203},191,{"file":140,"line":207,"context":203},195,{"file":140,"line":209,"context":203},227,{"file":140,"line":211,"context":203},231,{"file":140,"line":213,"context":203},303,{"file":140,"line":215,"context":203},304,{"file":140,"line":217,"context":203},305,{"file":140,"line":219,"context":203},306,{"file":140,"line":221,"context":203},307,{"file":140,"line":223,"context":203},308,{"file":148,"line":225,"context":203},15,{"file":148,"line":227,"context":203},130,{"file":229,"line":230,"context":203},"shift8-push.php",45,{"file":229,"line":232,"context":203},46,{"file":229,"line":34,"context":203},{"file":229,"line":235,"context":203},136,{"file":229,"line":237,"context":203},169,6,[],[241,264],{"entryPoint":242,"graph":243,"unsanitizedCount":11,"severity":263},"shift8_push_push (components\\functions.php:50)",{"nodes":244,"edges":260},[245,250,254],{"id":246,"type":247,"label":248,"file":140,"line":249},"n0","source","$_GET",58,{"id":251,"type":252,"label":253,"file":140,"line":249},"n1","transform","→ shift8_push_poll()",{"id":255,"type":256,"label":257,"file":140,"line":258,"wp_function":259},"n2","sink","wp_remote_post() [SSRF]",166,"wp_remote_post",[261,262],{"from":246,"to":251,"sanitized":175},{"from":251,"to":255,"sanitized":176},"low",{"entryPoint":265,"graph":266,"unsanitizedCount":11,"severity":263},"\u003Cfunctions> (components\\functions.php:0)",{"nodes":267,"edges":283},[268,270,274,275,277,279,281],{"id":246,"type":247,"label":248,"file":140,"line":269},57,{"id":251,"type":256,"label":271,"file":140,"line":272,"wp_function":273},"wp_remote_get() [SSRF]",151,"wp_remote_get",{"id":255,"type":247,"label":248,"file":140,"line":269},{"id":276,"type":256,"label":257,"file":140,"line":258,"wp_function":259},"n3",{"id":278,"type":247,"label":248,"file":140,"line":249},"n4",{"id":280,"type":252,"label":253,"file":140,"line":249},"n5",{"id":282,"type":256,"label":257,"file":140,"line":258,"wp_function":259},"n6",[284,285,286,287],{"from":246,"to":251,"sanitized":176},{"from":255,"to":276,"sanitized":176},{"from":278,"to":280,"sanitized":175},{"from":280,"to":282,"sanitized":176},{"summary":289,"deductions":290},"The 'shift8-push' plugin version 1.0.2 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries and has a clean vulnerability history with no recorded CVEs.  It also has a reasonable number of output escaping implementations, though not all are properly escaped.  However, there are several areas of concern that warrant attention.\n\nThe static analysis reveals an unprotected REST API route, which represents a direct attack vector.  The presence of the `unserialize` function is a significant risk, as it can lead to remote code execution if user-supplied data is processed without proper sanitization, even though the taint analysis did not reveal immediate critical or high severity flows.  Furthermore, the plugin makes external HTTP requests, which could be exploited if not handled securely. The number of entry points is relatively low, but the presence of an unprotected entry point is a notable weakness.\n\nOverall, while the plugin has a strong track record and uses some secure coding practices, the unprotected REST API route and the use of `unserialize` introduce significant risks. The lack of recorded vulnerabilities could be due to its limited usage or the effectiveness of its existing security measures against discovered threats. However, these identified risks, if exploited, could lead to serious security breaches, making it crucial for users to be aware of and mitigate these potential vulnerabilities.",[291,293,296,298],{"reason":292,"points":166},"REST API route without permission callbacks",{"reason":294,"points":295},"Use of dangerous function: unserialize",8,{"reason":297,"points":238},"Outputs not properly escaped (30%)",{"reason":299,"points":118},"External HTTP requests present","2026-03-17T05:47:01.507Z",{"wat":302,"direct":315},{"assetPaths":303,"generatorPatterns":308,"scriptPaths":309,"versionParams":310},[304,305,306,307],"\u002Fwp-content\u002Fplugins\u002Fshift8-push\u002Fcss\u002Fshift8-push-admin-style.css","\u002Fwp-content\u002Fplugins\u002Fshift8-push\u002Fcss\u002Fshift8-push-style.css","\u002Fwp-content\u002Fplugins\u002Fshift8-push\u002Fjs\u002Fshift8-push-admin-script.js","\u002Fwp-content\u002Fplugins\u002Fshift8-push\u002Fjs\u002Fshift8-push-script.js",[],[306,307],[311,312,313,314],"shift8-push\u002Fcss\u002Fshift8-push-admin-style.css?ver=","shift8-push\u002Fcss\u002Fshift8-push-style.css?ver=","shift8-push\u002Fjs\u002Fshift8-push-admin-script.js?ver=","shift8-push\u002Fjs\u002Fshift8-push-script.js?ver=",{"cssClasses":316,"htmlComments":330,"htmlAttributes":335,"restEndpoints":341,"jsGlobals":344,"shortcodeOutput":346},[317,318,319,320,321,322,323,324,325,326,327,328,329],"shift8-push-table","shift8-push-admin-tab-active","shift8-push-admin-tab-inactive","shift8-push-tooltip","shift8-push-tooltiptext","shift8-push-spinner","shift8-push-prereg-note","shift8-push-controls","shift8-push-button-container","shift8-push-button","shift8-push-button-check","shift8-push-response","shift8-push-button-copyclipboard",[331,332,333,334],"\u003C!-- Composer dependencies -->","\u003C!-- Admin welcome page -->","\u003C!-- Admin settings page -->","\u003C!-- SUPPORT TAB -->",[336,337,338,339,340],"shift8_push_src_url","shift8_push_dst_url","shift8_push_application_user","shift8_push_application_password","shift8_push_enabled",[342,343],"\u002Fwp-json\u002Fshift8-push\u002Fv1\u002Fpush","\u002Fwp-json\u002Fshift8-push\u002Fv1\u002Fpull",[345],"Shift8PushCopyToClipboard",[]]