[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwUK4vwRnX0DL4Am24yKKVcZ35uSV2q7DNJ4QVtdpzUE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":133,"fingerprints":235},"simple-crm-profile-page","Simple CRM Profile Page Addon","0.2","S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushkov\u002F","\u003Cp>Simple CRM is a WordPress plugin that lets you define custom fields to extend user profiles and it is also a framework for integration with all kind of CRM API webservices.\u003Cbr \u002F>\nProfile Page Addon adds shortcode support to integrate user profile page with your theme. Integrates also with Simple CRM fields.\u003C\u002Fp>\n\u003Cp>Plugin sponsored by \u003Ca href=\"http:\u002F\u002Fvivanista.com\" rel=\"nofollow ugc\">Vivanista.com\u003C\u002Fa>\u003C\u002Fp>\n","Adds public profile page support to Simple CRM",10,3320,0,"2011-06-21T00:37:00.000Z","3.1.4","3.0","",[19,20,21,22,23],"crm","fields","profile","public-profile","users","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-crm-profile-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-crm-profile-page.0.2.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"sushkov",8,490,30,84,"2026-04-04T14:44:28.027Z",[38,50,72,91,112],{"slug":39,"name":40,"version":41,"author":7,"author_profile":8,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":13,"num_ratings":13,"last_updated":45,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":46,"homepage":48,"download_link":49,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-crm-buddypress-xprofile","Simple CRM BuddyPress Addon","0.1","\u003Cp>Simple CRM is a WordPress plugin that lets you define custom fields to extend user profiles and it is also a framework for integration with all kind of CRM API webservices. BuddyPress addon can export and import XProfile data to it.\u003C\u002Fp>\n\u003Cp>Plugin sponsored by \u003Ca href=\"http:\u002F\u002Fvivanista.com\" rel=\"nofollow ugc\">Vivanista.com\u003C\u002Fa>\u003C\u002Fp>\n","Imports BuddyPress XProfile data to Simple CRM...",2872,"2011-04-12T20:51:00.000Z",[47,19,20,21,23],"buddypress","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-crm-buddypress-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-crm-buddypress-xprofile.0.1.zip",{"slug":51,"name":52,"version":53,"author":54,"author_profile":55,"description":56,"short_description":57,"active_installs":58,"downloaded":59,"rating":60,"num_ratings":61,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":65,"tags":66,"homepage":70,"download_link":71,"security_score":60,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"jsm-show-user-meta","JSM Show User Metadata","4.8.0","JS Morisset","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsmoriss\u002F","\u003Cp>The JSM Show User Metadata plugin displays user profile meta keys and unserialized values in a metabox at the bottom of the user profile editing page.\u003C\u002Fp>\n\u003Cp>There are no plugin settings – simply install and activate the plugin.\u003C\u002Fp>\n\u003Ch4>Available Filters for Developers\u003C\u002Fh4>\n\u003Cp>Filter the user meta shown in the metabox:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_metabox_table_metadata' ( array $metadata, $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Array of regular expressions to exclude meta keys:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_metabox_table_exclude_keys' ( array $exclude_keys, $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to show user meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_show_metabox_capability' ( 'manage_options', $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Show user meta for a screen base (defaults to true):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_show_metabox_screen_base' ( true, $screen_base )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to delete user meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_delete_meta_capability' ( 'manage_options', $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Icon for the delete user meta button:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_delete_meta_icon_class' ( 'dashicons dashicons-table-row-delete' )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Related Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-comment-meta\u002F\" rel=\"ugc\">JSM Show Comment Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-order-meta\u002F\" rel=\"ugc\">JSM Show Order Metadata for WooCommerce HPOS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-post-meta\u002F\" rel=\"ugc\">JSM Show Post Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-term-meta\u002F\" rel=\"ugc\">JSM Show Term Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-user-meta\u002F\" rel=\"ugc\">JSM Show User Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-registered-shortcodes\u002F\" rel=\"ugc\">JSM Show Registered Shortcodes\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Show user metadata in a metabox when editing users - a great tool for debugging issues with user metadata.",3000,95927,100,2,"2026-03-11T18:12:00.000Z","6.9.4","6.0","7.4.33",[67,68,69,21,23],"custom-fields","inspector","metadata","https:\u002F\u002Fsurniaulula.com\u002Fextend\u002Fplugins\u002Fjsm-show-user-meta\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjsm-show-user-meta.4.8.0.zip",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":85,"requires_at_least":86,"requires_php":17,"tags":87,"homepage":89,"download_link":90,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp2wp-full-sync","BuddyPress to WordPress Full Sync","0.3.7","Sergio De Falco","https:\u002F\u002Fprofiles.wordpress.org\u002Fsgr33n\u002F","\u003Cp>BuddyPress to WordPress Full Sync lets BuddyPress xProfile fields to synchronize with WordPress user fields with a user interface completely fused inside the BuddyPress profile fields management.\u003C\u002Fp>\n\u003Ch4>Let us know you care about this plugin\u003C\u002Fh4>\n\u003Cp>Please let us know how much you care about BuddyPress to WordPress Full Sync Plugin development rating it (5 stars).\u003C\u002Fp>\n","BuddyPress to WordPress Full Sync lets BuddyPress xProfile fields to synchronize with WordPress user fields",200,16106,96,12,"2021-06-16T08:01:00.000Z","5.7.15","4.0",[47,20,21,23,88],"xprofile","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp2wp-full-sync\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp2wp-full-sync.0.3.7.zip",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":63,"requires_at_least":86,"requires_php":17,"tags":104,"homepage":108,"download_link":109,"security_score":110,"vuln_count":61,"unpatched_count":13,"last_vuln_date":111,"fetched_at":28},"one-user-avatar","One User Avatar | User Profile Picture","2.5.4","One Designs","https:\u002F\u002Fprofiles.wordpress.org\u002Fonedesigns\u002F","\u003Cp>WordPress currently only allows you to use custom avatars that are uploaded through \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa>. \u003Cstrong>One User Avatar\u003C\u002Fstrong> enables you to use any photo uploaded into your Media Library as an avatar. This means you use the same uploader and library as your posts. No extra folders or image editing functions are necessary. This plugin is a fork of WP User Avatar v2.2.16.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>One User Avatar\u003C\u002Fstrong> also lets you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload your own Default Avatar in your One User Avatar settings.\u003C\u002Fli>\n\u003Cli>Show the user’s \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatar or Default Avatar if the user doesn’t have a One User Avatar image.\u003C\u002Fli>\n\u003Cli>Disable \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatars and use only local avatars.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar_upload]\u003C\u002Fcode> shortcode to add a standalone uploader to a front page or widget. This uploader is only visible to logged-in users.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar]\u003C\u002Fcode> shortcode in your posts. These shortcodes will work with any theme, whether it has avatar support or not.\u003C\u002Fli>\n\u003Cli>Allow Contributors and Subscribers to upload their own avatars.\u003C\u002Fli>\n\u003Cli>Limit upload file size and image dimensions for Contributors and Subscribers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>One User Avatar\u003Cbr \u002F>\nCopyright (c) 2023 One Designs https:\u002F\u002Fonedesigns.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fonedesigns\u002Fone-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is based on WP User Avatar v2.2.16\u003Cbr \u002F>\nCopyright (c) 2020-2021 ProfilePress https:\u002F\u002Fprofilepress.net\u002F\u003Cbr \u002F>\nCopyright (c) 2014-2020 Flippercode https:\u002F\u002Fwww.flippercode.com\u002F\u003Cbr \u002F>\nCopyright (c) 2013-2014 Bangbay Siboliban http:\u002F\u002Fbangbay.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fprofilepress\u002Fwp-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Ch3>Advanced Settings\u003C\u002Fh3>\n\u003Ch4>Add One User Avatar to your own profile edit page\u003C\u002Fh4>\n\u003Cp>You can use the [avatar_upload] shortcode to add a standalone uploader to any page. It’s best to use this uploader by itself and without other profile fields.\u003C\u002Fp>\n\u003Cp>If you’re building your own profile edit page with other fields, One User Avatar is automatically added to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">show_user_profile\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">edit_user_profile\u003C\u002Fa> hooks. If you’d rather have One User Avatar in its own section, you could add another hook:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>do_action( 'edit_user_avatar', $current_user );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then, to add One User Avatar to that hook and remove it from the other hooks outside of the administration panel, you would add this code to the \u003Ccode>functions.php\u003C\u002Fcode> file of your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_avatar_filter() {\n    \u002F\u002F Remove from show_user_profile hook\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Remove from edit_user_profile hook\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Add to edit_user_avatar hook\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n}\n\n\u002F\u002F Loads only outside of administration panel\nif ( ! is_admin() ) {\n    add_action( 'init','my_avatar_filter' );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>HTML Wrapper\u003C\u002Fh4>\n\u003Cp>You can change the HTML wrapper of the One User Avatar section by using the functions \u003Ccode>wpua_before_avatar\u003C\u002Fcode> and \u003Ccode>wpua_after_avatar\u003C\u002Fcode>. By default, the avatar code is structured like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv class=\"wpua-edit-container\">\n    \u003Ch3>Avatar\u003C\u002Fh3>\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Original Size\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Thumbnail\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To strip out the div container and h3 heading, you would add the following filters to the \u003Ccode>functions.php\u003C\u002Fcode> file in your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>remove_action( 'wpua_before_avatar', 'wpua_do_before_avatar' );\nremove_action( 'wpua_after_avatar', 'wpua_do_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To add your own wrapper, you could create something like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_before_avatar() {\n    echo '\u003Cdiv id=\"my-avatar\">';\n}\nadd_action( 'wpua_before_avatar', 'my_before_avatar' );\n\nfunction my_after_avatar() {\n    echo '\u003C\u002Fdiv>';\n}\nadd_action( 'wpua_after_avatar', 'my_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would output:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv id=\"my-avatar\">\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Original Size\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Thumbnail\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.",100000,490816,94,41,"2026-01-12T00:58:00.000Z",[105,106,107,21,23],"avatar","bbpress","gravatar","https:\u002F\u002Fonedesigns.com\u002Fplugins\u002Fone-user-avatar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-user-avatar.2.5.4.zip",99,"2021-09-20 00:00:00",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":99,"downloaded":120,"rating":121,"num_ratings":122,"last_updated":123,"tested_up_to":63,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":128,"download_link":129,"security_score":130,"vuln_count":131,"unpatched_count":13,"last_vuln_date":132,"fetched_at":28},"simple-local-avatars","Simple Local Avatars","2.8.6","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Adds an avatar upload field to user profiles if the current user has media permissions. Generates requested sizes on demand just like Gravatar! Simple and lightweight.\u003C\u002Fp>\n\u003Cp>Just edit a user profile, and scroll down to the new “Avatar” field. The plug-in will take care of cropping and sizing!\u003C\u002Fp>\n\u003Col>\n\u003Cli>Stores avatars in the “uploads” folder where all of your other media is kept.\u003C\u002Fli>\n\u003Cli>Has a simple, native interface.\u003C\u002Fli>\n\u003Cli>Fully supports Gravatar and default avatars if no local avatar is set for the user – but also allows you turn off Gravatar.\u003C\u002Fli>\n\u003Cli>Generates the requested avatar size on demand (and stores the new size for efficiency), so it looks great, just like Gravatar!\u003C\u002Fli>\n\u003Cli>Lets you decide whether lower privilege users (subscribers, contributors) can upload their own avatar.\u003C\u002Fli>\n\u003Cli>Enables rating of local avatars, just like Gravatar.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Support Level\u003C\u002Fh3>\n\u003Cp>Simple Local Avatars’ support level is marked as \u003Ccode>stable\u003C\u002Fcode>.  10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns.  We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes.  We otherwise intend to keep this tested up to the most recent version of WordPress.\u003C\u002Fp>\n","Adds an avatar upload field to user profiles. Generates requested sizes on demand just like Gravatar!",2395990,92,89,"2026-02-17T19:34:00.000Z","6.6","7.4",[105,107,21,127,23],"user-photos","https:\u002F\u002F10up.com\u002Fplugins\u002Fsimple-local-avatars-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-local-avatars.2.8.6.zip",93,6,"2025-08-11 18:20:29",{"attackSurface":134,"codeSignals":171,"taintFlows":199,"riskAssessment":227,"analyzedAt":234},{"hooks":135,"ajaxHandlers":163,"restRoutes":164,"shortcodes":165,"cronEvents":169,"entryPointCount":170,"unprotectedCount":13},[136,142,145,149,153,158],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","scrm_options_screen","screen","includes\\pp.class.php",9,{"type":137,"name":143,"callback":144,"file":140,"line":11},"scrm_options_screen_updated","screen_update",{"type":137,"name":146,"callback":147,"file":140,"line":148},"wp_head","process",11,{"type":137,"name":150,"callback":151,"file":140,"line":152},"login_form","redirect_to",13,{"type":154,"name":155,"callback":156,"file":140,"line":157},"filter","scrm_force_redirect_url","admin_redirect_to",14,{"type":137,"name":159,"callback":160,"file":161,"line":162},"init","scrm_pp_textdomain","simple-crm-profile-page.php",22,[],[],[166],{"tag":167,"callback":168,"file":140,"line":83},"scrm_pp","pp",[],1,{"dangerousFunctions":172,"sqlUsage":173,"outputEscaping":175,"fileOperations":13,"externalRequests":13,"nonceChecks":61,"capabilityChecks":13,"bundledLibraries":198},[],{"prepared":13,"raw":13,"locations":174},[],{"escaped":32,"rawEcho":83,"locations":176},[177,181,183,185,187,188,189,190,192,194,195,197],{"file":178,"line":179,"context":180},"includes\\templates\\info.php",26,"raw output",{"file":182,"line":170,"context":180},"includes\\templates\\profile_page.php",{"file":182,"line":184,"context":180},27,{"file":182,"line":186,"context":180},28,{"file":182,"line":186,"context":180},{"file":182,"line":34,"context":180},{"file":182,"line":34,"context":180},{"file":182,"line":191,"context":180},38,{"file":182,"line":193,"context":180},40,{"file":182,"line":193,"context":180},{"file":182,"line":196,"context":180},43,{"file":182,"line":196,"context":180},[],[200,219],{"entryPoint":201,"graph":202,"unsanitizedCount":13,"severity":218},"screen_update (includes\\pp.class.php:29)",{"nodes":203,"edges":215},[204,209],{"id":205,"type":206,"label":207,"file":140,"line":208},"n0","source","$_POST",32,{"id":210,"type":211,"label":212,"file":140,"line":213,"wp_function":214},"n1","sink","update_option() [Settings Manipulation]",33,"update_option",[216],{"from":205,"to":210,"sanitized":217},true,"low",{"entryPoint":220,"graph":221,"unsanitizedCount":13,"severity":218},"\u003Cpp.class> (includes\\pp.class.php:0)",{"nodes":222,"edges":225},[223,224],{"id":205,"type":206,"label":207,"file":140,"line":208},{"id":210,"type":211,"label":212,"file":140,"line":213,"wp_function":214},[226],{"from":205,"to":210,"sanitized":217},{"summary":228,"deductions":229},"The \"simple-crm-profile-page\" v0.2 plugin exhibits a generally positive security posture, with several good practices in place. The absence of AJAX handlers, REST API routes, cron events, and external HTTP requests significantly limits the potential attack surface. Furthermore, the analysis indicates a complete lack of direct SQL queries, with all queries (though none were found in the initial scan) presumably handled through prepared statements, which is a strong defense against SQL injection. The presence of two nonce checks also suggests an attempt to secure certain actions. The vulnerability history shows no recorded CVEs, which is a promising sign of a well-maintained or less targeted plugin.\n\nHowever, there are areas for improvement that introduce some level of risk. The 40% rate of properly escaped output is a concern, as 60% of outputs are potentially unescaped. This could lead to Cross-Site Scripting (XSS) vulnerabilities if sensitive data is displayed without proper sanitization. Additionally, the complete absence of capability checks is a significant weakness. This means that any functionality exposed, even through its single shortcode, is likely accessible to any logged-in user, regardless of their role or permissions. While the attack surface is small, the lack of permission enforcement on the existing entry point is a notable oversight.\n\nIn conclusion, while the plugin benefits from a small attack surface and secure handling of database interactions, the unescaped output and lack of capability checks present clear security risks. The absence of past vulnerabilities is positive, but it's crucial to address the identified code weaknesses to maintain a strong security profile.",[230,232],{"reason":231,"points":131},"Unescaped output identified",{"reason":233,"points":32},"Missing capability checks","2026-03-17T01:27:43.727Z",{"wat":236,"direct":249},{"assetPaths":237,"generatorPatterns":242,"scriptPaths":243,"versionParams":244},[238,239,240,241],"\u002Fwp-content\u002Fplugins\u002Fsimple-crm-profile-page\u002Fincludes\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fsimple-crm-profile-page\u002Fincludes\u002Fjs\u002Fpublic.js","\u002Fwp-content\u002Fplugins\u002Fsimple-crm-profile-page\u002Fincludes\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsimple-crm-profile-page\u002Fincludes\u002Fcss\u002Fpublic.css",[],[],[245,246,247,248],"simple-crm-profile-page\u002Fincludes\u002Fjs\u002Fadmin.js?ver=","simple-crm-profile-page\u002Fincludes\u002Fjs\u002Fpublic.js?ver=","simple-crm-profile-page\u002Fincludes\u002Fcss\u002Fadmin.css?ver=","simple-crm-profile-page\u002Fincludes\u002Fcss\u002Fpublic.css?ver=",{"cssClasses":250,"htmlComments":253,"htmlAttributes":255,"restEndpoints":257,"jsGlobals":258,"shortcodeOutput":259},[251,252],"scrm-pp-profile-page-form","scrm-pp-profile-page-field",[254],"\u003C!-- Simple CRM Profile Page Addon -->",[256],"data-scrm-pp-nonce",[],[],[260,261],"\u003Cdiv class=\"scrm-pp-profile-page-form\">","\u003Cdiv class=\"scrm-pp-profile-page-field\">"]