[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f_JswslCm0KVi6LgTzEqdN_sd6C94TW3_bttgZbCovPw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":24,"download_link":25,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":123,"fingerprints":298},"show-me-the-admin","Show Me The Admin","1.2.1","Rachel Cherry","https:\u002F\u002Fprofiles.wordpress.org\u002Fbamadesigner\u002F","\u003Cp>The WordPress toolbar makes it really easy to move between viewing your site and editing your site but sometimes the toolbar itself can be intrusive.\u003C\u002Fp>\n\u003Cp>“Show Me The Admin” is a WordPress plugin that hides your toolbar and enables you to make it appear, and disappear, using a variety of methods.\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Hide your toolbar and make it appear by typing a phrase\u003C\u002Fli>\n\u003Cli>Hide your toolbar and show WordPress button in top left corner to click to appear\u003C\u002Fli>\n\u003Cli>Hide your toolbar and make it appear when mouse hovers near top of window\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Show Me The Admin is also multisite-friendly.\u003C\u002Fstrong> Please use the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fbamadesigner\u002Fshow-me-the-admin\" rel=\"nofollow ugc\">Show Me The Admin GitHub repo\u003C\u002Fa> to contribute, submit issues, and suggest features.\u003C\u002Fp>\n\u003Cp>Your “Show Toolbar when viewing site” profile setting must be enabled.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Cp>Show Me The Admin has filters setup to allow you to tweak the plugin.\u003C\u002Fp>\n\u003Ch4>Filter the settings\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F**\n * Filters the \"Show Me The Admin\" settings.\n *\n * @param   array - $settings - the original settings\n * @return  array - the filtered settings\n *\u002F\nadd_filter( 'show_me_the_admin_settings', 'filter_show_me_the_admin_settings' );\nfunction filter_show_me_the_admin_settings( $settings ) {\n\n    \u002F\u002F Change the settings\n\n    \u002F\u002F For example, change the phrase you type to show the toolbar, default is 'showme'\n    $settings[ 'show_phrase' ] = 'hello';\n\n    \u002F\u002F Or change the phrase you type to hide the toolbar, default is 'hideme'\n    $settings[ 'hide_phrase' ] = 'goodbye';\n\n    \u002F\u002F Return the settings\n    return $settings;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter the phrase to show the toolbar\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F**\n * Filters the phrase to show the toolbar.\n *\n * @param   string - $show_phrase - the original phrase\n * @return  string - the filtered phrase\n *\u002F\nadd_filter( 'show_me_the_admin_show_phrase', 'filter_show_me_the_admin_show_phrase' );\nfunction filter_show_me_the_admin_show_phrase( $show_phrase ) {\n\n    \u002F\u002F Change the phrase, default is 'showme'\n    $show_phrase = 'hello';\n\n    \u002F\u002F Return the phrase\n    return $show_phrase;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter the phrase to hide the toolbar\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F**\n * Filters the phrase to hide the toolbar.\n *\n * @param   string - $hide_phrase - the original phrase\n * @return  string - the filtered phrase\n *\u002F\nadd_filter( 'show_me_the_admin_hide_phrase', 'filter_show_me_the_admin_hide_phrase' );\nfunction filter_show_me_the_admin_hide_phrase( $hide_phrase ) {\n\n    \u002F\u002F Change the phrase, default is 'hideme'\n    $hide_phrase = 'goodbye';\n\n    \u002F\u002F Return the phrase\n    return $hide_phrase;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Filter the text for the dropdown login button\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>\u002F**\n * Filters the text for the \"Show Me The Admin\"\n * dropdown login button.\n *\n * @param   string - $text - the original text\n * @return  string - the filtered text\n *\u002F\nadd_filter( 'show_me_the_admin_login_text', 'filter_show_me_the_admin_login_text' );\nfunction filter_show_me_the_admin_login_text( $text ) {\n\n \u002F\u002F Change the text, default is 'Login to WordPress'\n $text = 'Login to the admin';\n\n \u002F\u002F Return the text\n return $text;\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Hides your admin toolbar and enables you to make it appear, and disappear, using a variety of methods.",10,3003,100,6,"","4.9.29","3.0",[19,20,21,22,23],"admin","admin-bar","adminbar","bar","toolbar","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fshow-me-the-admin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fshow-me-the-admin.1.2.1.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"bamadesigner",3,410,83,30,82,"2026-04-04T01:16:13.299Z",[39,58,77,92,108],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":35,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":15,"tags":53,"homepage":15,"download_link":55,"security_score":56,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":57},"hide-admin-bar-from-non-admins","Hide Admin Bar from Non-Admins","1.0.2","Andrew Lima","https:\u002F\u002Fprofiles.wordpress.org\u002Fandrewza\u002F","\u003Ch3>Install, activate, and you’re done.\u003C\u002Fh3>\n\u003Cp>This plugin hides the WordPress Toolbar (admin bar) for all visitors and users without the ‘administrator’ role. It’s a very simple plugin with no settings to configure.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use this plugin for sites with only one admin who needs access to the dashboard and the admin bar.\u003C\u002Fli>\n\u003Cli>This plugin is super lightweight, with just a few lines of code.\u003C\u002Fli>\n\u003Cli>If you need to show the toolbar for other user roles, use the filter \u003Ccode>habfna_show_admin_bar_roles\u003C\u002Fcode>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is a tweak of the code by Yoast to hide the admin bar for non-admins only.\u003C\u002Fp>\n","Hides the WordPress toolbar (admin bar) for all non-admin users. Simple plugin with no settings to configure.",10000,237108,86,"2024-11-18T14:39:00.000Z","6.7.5","5.2",[20,21,54,23],"dashboard","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhide-admin-bar-from-non-admins.1.0.2.zip",92,"2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":68,"num_ratings":69,"last_updated":70,"tested_up_to":16,"requires_at_least":71,"requires_php":15,"tags":72,"homepage":15,"download_link":75,"security_score":76,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":57},"disable-toolbar","Disable Toolbar","1.0","Michael Dance","https:\u002F\u002Fprofiles.wordpress.org\u002Fseventhsteel\u002F","\u003Cp>This humble plugin adds an option in Settings > General that controls who sees the WP Toolbar when viewing your site.\u003C\u002Fp>\n\u003Cp>You can turn the Toolbar on or off per user role.\u003C\u002Fp>\n\u003Cp>Note that this controls the public, front-end version of your site. When viewing the dashboard, the toolbar always appears.\u003C\u002Fp>\n\u003Cp>How is this different from other plugins that do similar things? It’s smaller, cleaner, and doesn’t add any unnecesary settings pages. It’s also smart enough to hide the Toolbar option on user profiles if that user is already restricted from seeing the toolbar.\u003C\u002Fp>\n","Control who sees the WP Toolbar when viewing your site.",2000,27311,98,17,"2017-11-09T15:51:00.000Z","3.1",[20,21,73,74,23],"hide-admin-bar","hide-toolbar","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdisable-toolbar.1.0.zip",85,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":26,"num_ratings":26,"last_updated":15,"tested_up_to":86,"requires_at_least":15,"requires_php":15,"tags":87,"homepage":90,"download_link":91,"security_score":13,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":28},"ibar","iBar","19.05","Linesh Jose","https:\u002F\u002Fprofiles.wordpress.org\u002Flineshjose\u002F","\u003Cp>This is a \u003Cstrong>Mac OSX Menubar\u003C\u002Fstrong> like \u003Cstrong>WordPres\u003C\u002Fstrong> adminbar\u002Ftoolbar theme, designed for Mac and WordPress lovers. Read more about \u003Ca href=\"https:\u002F\u002Flinesh.com\u002Fprojects\u002Fibar\u002F\" rel=\"nofollow ugc\">iBar\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support & more informations visit https:\u002F\u002Flinesh.com\u002Fforums\u002Fforum\u002Fplugins\u002Fibar\u002F.\u003C\u002Fp>\n","This is a Mac OSX Menubar like WordPres adminbar\u002Ftoolbar theme, designed for Mac and WordPress lovers.",2374,"5.2.24",[20,21,88,89,23],"mac-like-admin-bar","macos","https:\u002F\u002Flinesh.com\u002Fprojects\u002Fibar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fibar.zip",{"slug":93,"name":94,"version":61,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":11,"downloaded":99,"rating":26,"num_ratings":26,"last_updated":100,"tested_up_to":86,"requires_at_least":101,"requires_php":102,"tags":103,"homepage":106,"download_link":107,"security_score":76,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":57},"limecall-widget","Limecall","LimeCall","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohamedmamdouh1\u002F","\u003Cp>Limecall is a callback widget that enable your customers to speak to you instantly within few seconds and help you increase your web conversions.\u003Cbr \u002F>\nWhat can I do with Limecall ?\u003Cbr \u002F>\n– widget is the smartest way to generate more sales qualified leads and calls from your website visitors with targeted automation.\u003Cbr \u002F>\n– It will help you to connect instantly\u003Cbr \u002F>\n– Provides click2call funtionality (no need of phone number, connects from one browser to another)\u003Cbr \u002F>\n– You can schedule calls as per your convinenece\u003Cbr \u002F>\n– You can qulify your sales calls\u003Cbr \u002F>\n– Capture the prospects 24*7\u003Cbr \u002F>\n– Integrate with your favorite tools\u003C\u002Fp>\n","Limecall is a callback widget that enable your customers to speak to you instantly within few seconds and help you increase your web conversions.",960,"2020-04-01T13:20:00.000Z","4.6","5.2.4",[20,21,104,105,23],"bbpress","bbpress-2-0","https:\u002F\u002Flimecall.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flimecall-widget.zip",{"slug":109,"name":110,"version":61,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":11,"downloaded":115,"rating":13,"num_ratings":32,"last_updated":116,"tested_up_to":117,"requires_at_least":118,"requires_php":15,"tags":119,"homepage":15,"download_link":122,"security_score":76,"vuln_count":26,"unpatched_count":26,"last_vuln_date":27,"fetched_at":57},"sbl-admin-bar","SBL Admin Bar","Steven Lienhard","https:\u002F\u002Fprofiles.wordpress.org\u002Flienhard\u002F","\u003Cp>Is the Admin Bar in the way while designing the site?  Enter control-shift-a while logged into the front end of the site to toggle the admin bar on\u002Foff.  You will see a temporary dialog confirming if the admin bar is on or off.  Refresh the page to see the result.\u003C\u002Fp>\n\u003Cp>You can enable or disable this feature by user role from the admin under Settings => SBL Admin Bar\u003C\u002Fp>\n","SBL Admin Bar allows you to dynamically turn the Admin Bar on\u002Foff using the hotkeys CONTROL-SHIFT-A. Can be enabled and disabled by user role.",883,"2020-12-12T20:34:00.000Z","5.6.17","4.3",[20,21,120,121,23],"hotkey","hotkeys","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsbl-admin-bar.1.0.zip",{"attackSurface":124,"codeSignals":204,"taintFlows":236,"riskAssessment":284,"analyzedAt":297},{"hooks":125,"ajaxHandlers":192,"restRoutes":201,"shortcodes":202,"cronEvents":203,"entryPointCount":169,"unprotectedCount":169},[126,132,136,139,143,147,152,156,160,163,167,171,176,179,182,188],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","network_admin_menu","add_network_settings_page","inc\\admin.php",94,{"type":127,"name":133,"callback":134,"file":130,"line":135},"admin_menu","add_settings_page",97,{"type":127,"name":137,"callback":138,"file":130,"line":13},"admin_head-settings_page_show-me-the-admin","add_settings_meta_boxes",{"type":127,"name":140,"callback":141,"file":130,"line":142},"admin_enqueue_scripts","enqueue_styles_scripts",103,{"type":127,"name":144,"callback":145,"file":130,"line":146},"update_wpmu_options","update_network_settings",106,{"type":127,"name":148,"callback":149,"priority":150,"file":130,"line":151},"admin_init","register_settings",1,109,{"type":127,"name":153,"callback":154,"priority":26,"file":130,"line":155},"profile_personal_options","add_user_profile_settings",112,{"type":127,"name":157,"callback":158,"priority":26,"file":130,"line":159},"personal_options_update","save_user_profile_settings",115,{"type":127,"name":161,"callback":158,"priority":26,"file":130,"line":162},"edit_user_profile_update",116,{"type":127,"name":164,"callback":165,"file":130,"line":166},"admin_notices","print_user_admin_notice",119,{"type":127,"name":148,"callback":168,"priority":169,"file":130,"line":170},"user_reset_network_settings",2,126,{"type":127,"name":172,"callback":173,"file":174,"line":175},"init","textdomain","show-me-the-admin.php",132,{"type":127,"name":177,"callback":177,"priority":150,"file":174,"line":178},"upgrader_process_complete",138,{"type":127,"name":180,"callback":141,"file":174,"line":181},"wp_enqueue_scripts",141,{"type":183,"name":184,"callback":185,"priority":186,"file":174,"line":187},"filter","body_class","filter_body_class",100000,144,{"type":127,"name":189,"callback":190,"priority":66,"file":174,"line":191},"wp_footer","print_login_button",147,[193,198],{"action":194,"nopriv":195,"callback":196,"hasNonce":195,"hasCapCheck":195,"file":130,"line":197},"smta_add_users_setting_notice",false,"add_users_setting_notice",122,{"action":199,"nopriv":195,"callback":199,"hasNonce":195,"hasCapCheck":195,"file":130,"line":200},"smta_add_user_notice",123,[],[],[],{"dangerousFunctions":205,"sqlUsage":206,"outputEscaping":212,"fileOperations":26,"externalRequests":26,"nonceChecks":169,"capabilityChecks":234,"bundledLibraries":235},[],{"prepared":26,"raw":150,"locations":207},[208],{"file":209,"line":210,"context":211},"uninstall.php",19,"$wpdb->query() with variable interpolation",{"escaped":213,"rawEcho":11,"locations":214},14,[215,218,220,222,224,225,227,229,231,233],{"file":130,"line":216,"context":217},421,"raw output",{"file":130,"line":219,"context":217},422,{"file":130,"line":221,"context":217},429,{"file":130,"line":223,"context":217},481,{"file":130,"line":223,"context":217},{"file":130,"line":226,"context":217},653,{"file":130,"line":228,"context":217},668,{"file":130,"line":230,"context":217},672,{"file":174,"line":232,"context":217},699,{"file":174,"line":232,"context":217},5,[],[237,254,268,276],{"entryPoint":238,"graph":239,"unsanitizedCount":150,"severity":253},"print_login_button (show-me-the-admin.php:675)",{"nodes":240,"edges":251},[241,246],{"id":242,"type":243,"label":244,"file":174,"line":245},"n0","source","$_SERVER",694,{"id":247,"type":248,"label":249,"file":174,"line":232,"wp_function":250},"n1","sink","echo() [XSS]","echo",[252],{"from":242,"to":247,"sanitized":195},"medium",{"entryPoint":255,"graph":256,"unsanitizedCount":26,"severity":267},"update_network_settings (inc\\admin.php:750)",{"nodes":257,"edges":264},[258,261],{"id":242,"type":243,"label":259,"file":130,"line":260},"$_REQUEST['_wp_http_referer']",777,{"id":247,"type":248,"label":262,"file":130,"line":260,"wp_function":263},"wp_redirect() [Open Redirect]","wp_redirect",[265],{"from":242,"to":247,"sanitized":266},true,"low",{"entryPoint":269,"graph":270,"unsanitizedCount":26,"severity":267},"\u003Cadmin> (inc\\admin.php:0)",{"nodes":271,"edges":274},[272,273],{"id":242,"type":243,"label":259,"file":130,"line":260},{"id":247,"type":248,"label":262,"file":130,"line":260,"wp_function":263},[275],{"from":242,"to":247,"sanitized":266},{"entryPoint":277,"graph":278,"unsanitizedCount":150,"severity":267},"\u003Cshow-me-the-admin> (show-me-the-admin.php:0)",{"nodes":279,"edges":282},[280,281],{"id":242,"type":243,"label":244,"file":174,"line":245},{"id":247,"type":248,"label":249,"file":174,"line":232,"wp_function":250},[283],{"from":242,"to":247,"sanitized":195},{"summary":285,"deductions":286},"The \"show-me-the-admin\" plugin v1.2.1 exhibits a concerning security posture primarily due to its unprotected AJAX endpoints. While the plugin demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests, the presence of two AJAX handlers without authentication checks presents a significant attack surface. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended consequences or information disclosure.\n\nThe static analysis also highlights a SQL query that is not using prepared statements, which, while only one instance, increases the risk of SQL injection if the query is exposed to user-supplied input. The taint analysis indicates two flows with unsanitized paths, which, despite not being classified as critical or high severity, still represent potential areas where data could be manipulated or misused.\n\nThe absence of any recorded vulnerability history is a positive sign, suggesting the plugin has not been historically prone to security flaws. However, this should not lead to complacency, especially given the identified unprotected entry points and the raw SQL query. The plugin has strengths in its minimal external dependencies and lack of dangerous functions, but the immediate risks associated with its entry points require careful consideration.",[287,289,292,294],{"reason":288,"points":11},"AJAX handlers without auth checks",{"reason":290,"points":291},"SQL query not using prepared statements",7,{"reason":293,"points":234},"Flows with unsanitized paths",{"reason":295,"points":296},"Low percentage of properly escaped output",4,"2026-03-16T23:11:46.700Z",{"wat":299,"direct":308},{"assetPaths":300,"generatorPatterns":303,"scriptPaths":304,"versionParams":305},[301,302],"\u002Fwp-content\u002Fplugins\u002Fshow-me-the-admin\u002Fassets\u002Fcss\u002Fshow-me-the-admin.css","\u002Fwp-content\u002Fplugins\u002Fshow-me-the-admin\u002Fassets\u002Fjs\u002Fshow-me-the-admin.js",[],[302],[306,307],"show-me-the-admin\u002Fassets\u002Fcss\u002Fshow-me-the-admin.css?ver=","show-me-the-admin\u002Fassets\u002Fjs\u002Fshow-me-the-admin.js?ver=",{"cssClasses":309,"htmlComments":310,"htmlAttributes":313,"restEndpoints":315,"jsGlobals":316,"shortcodeOutput":318},[],[311,312],"\u003C!-- Show Me The Admin -->","\u003C!-- BEGIN Show Me The Admin -->",[314],"data-mouseleave-delay",[],[317],"show_me_the_admin_script_vars",[]]