[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fYQ2bqIVM_CivzJQSsHIH-HjbQ8RnSWGD_oH51sfGoUE":3,"$fPmhMuR5AHfufV5g4xiOr3nHQhC35mEKHPSrByURD4Js":237,"$fOsSQvO57bbTk6aATyRl1jWno8Le8wxHpcmPXa8ENOp8":242},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":37,"analysis":123,"fingerprints":216},"simple-crm","Simple CRM","0.1","S","https:\u002F\u002Fprofiles.wordpress.org\u002Fsushkov\u002F","\u003Cp>Simple CRM is a WordPress plugin that lets you define custom fields to extend user profiles and it is also a framework for integration with all kind of CRM API webservices.\u003C\u002Fp>\n\u003Cp>Plugin sponsored by \u003Ca href=\"http:\u002F\u002Fvivanista.com\" rel=\"nofollow ugc\">Vivanista.com\u003C\u002Fa>\u003C\u002Fp>\n","Helps you manage user profile fields and more...",10,3094,0,"2011-04-12T20:35:00.000Z","3.1.4","3.0","",[19,20,21,22,23],"crm","fields","profile","users","vivanista","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-crm\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-crm.0.1.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":11,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"sushkov",510,30,84,"2026-05-20T08:02:29.771Z",[38,49,61,83,102],{"slug":39,"name":40,"version":6,"author":7,"author_profile":8,"description":41,"short_description":42,"active_installs":11,"downloaded":43,"rating":13,"num_ratings":13,"last_updated":44,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":45,"homepage":47,"download_link":48,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-crm-buddypress-xprofile","Simple CRM BuddyPress Addon","\u003Cp>Simple CRM is a WordPress plugin that lets you define custom fields to extend user profiles and it is also a framework for integration with all kind of CRM API webservices. BuddyPress addon can export and import XProfile data to it.\u003C\u002Fp>\n\u003Cp>Plugin sponsored by \u003Ca href=\"http:\u002F\u002Fvivanista.com\" rel=\"nofollow ugc\">Vivanista.com\u003C\u002Fa>\u003C\u002Fp>\n","Imports BuddyPress XProfile data to Simple CRM...",2905,"2011-04-12T20:51:00.000Z",[46,19,20,21,22],"buddypress","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-crm-buddypress-users","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-crm-buddypress-xprofile.0.1.zip",{"slug":50,"name":51,"version":52,"author":7,"author_profile":8,"description":53,"short_description":54,"active_installs":11,"downloaded":55,"rating":13,"num_ratings":13,"last_updated":56,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":57,"homepage":59,"download_link":60,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-crm-profile-page","Simple CRM Profile Page Addon","0.2","\u003Cp>Simple CRM is a WordPress plugin that lets you define custom fields to extend user profiles and it is also a framework for integration with all kind of CRM API webservices.\u003Cbr \u002F>\nProfile Page Addon adds shortcode support to integrate user profile page with your theme. Integrates also with Simple CRM fields.\u003C\u002Fp>\n\u003Cp>Plugin sponsored by \u003Ca href=\"http:\u002F\u002Fvivanista.com\" rel=\"nofollow ugc\">Vivanista.com\u003C\u002Fa>\u003C\u002Fp>\n","Adds public profile page support to Simple CRM",3353,"2011-06-21T00:37:00.000Z",[19,20,21,58,22],"public-profile","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fsimple-crm-profile-page\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-crm-profile-page.0.2.zip",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":71,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"jsm-show-user-meta","JSM Show User Metadata","4.8.0","JS Morisset","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsmoriss\u002F","\u003Cp>The JSM Show User Metadata plugin displays user profile meta keys and unserialized values in a metabox at the bottom of the user profile editing page.\u003C\u002Fp>\n\u003Cp>There are no plugin settings – simply install and activate the plugin.\u003C\u002Fp>\n\u003Ch4>Available Filters for Developers\u003C\u002Fh4>\n\u003Cp>Filter the user meta shown in the metabox:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_metabox_table_metadata' ( array $metadata, $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Array of regular expressions to exclude meta keys:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_metabox_table_exclude_keys' ( array $exclude_keys, $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to show user meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_show_metabox_capability' ( 'manage_options', $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Show user meta for a screen base (defaults to true):\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_show_metabox_screen_base' ( true, $screen_base )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Capability required to delete user meta:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_delete_meta_capability' ( 'manage_options', $user_obj )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Icon for the delete user meta button:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>'jsmsum_delete_meta_icon_class' ( 'dashicons dashicons-table-row-delete' )\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Related Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-comment-meta\u002F\" rel=\"ugc\">JSM Show Comment Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-order-meta\u002F\" rel=\"ugc\">JSM Show Order Metadata for WooCommerce HPOS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-post-meta\u002F\" rel=\"ugc\">JSM Show Post Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-term-meta\u002F\" rel=\"ugc\">JSM Show Term Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-user-meta\u002F\" rel=\"ugc\">JSM Show User Metadata\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fjsm-show-registered-shortcodes\u002F\" rel=\"ugc\">JSM Show Registered Shortcodes\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Show user metadata in a metabox when editing users - a great tool for debugging issues with user metadata.",3000,96652,100,2,"2026-03-25T12:16:00.000Z","6.9.4","6.0","7.4.33",[78,79,80,21,22],"custom-fields","inspector","metadata","https:\u002F\u002Fsurniaulula.com\u002Fextend\u002Fplugins\u002Fjsm-show-user-meta\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjsm-show-user-meta.4.8.0.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":17,"tags":98,"homepage":100,"download_link":101,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"bp2wp-full-sync","BuddyPress to WordPress Full Sync","0.3.7","Sergio De Falco","https:\u002F\u002Fprofiles.wordpress.org\u002Fsgr33n\u002F","\u003Cp>BuddyPress to WordPress Full Sync lets BuddyPress xProfile fields to synchronize with WordPress user fields with a user interface completely fused inside the BuddyPress profile fields management.\u003C\u002Fp>\n\u003Ch4>Let us know you care about this plugin\u003C\u002Fh4>\n\u003Cp>Please let us know how much you care about BuddyPress to WordPress Full Sync Plugin development rating it (5 stars).\u003C\u002Fp>\n","BuddyPress to WordPress Full Sync lets BuddyPress xProfile fields to synchronize with WordPress user fields",200,16183,96,12,"2021-06-16T08:01:00.000Z","5.7.15","4.0",[46,20,21,22,99],"xprofile","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbp2wp-full-sync\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp2wp-full-sync.0.3.7.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":113,"last_updated":114,"tested_up_to":74,"requires_at_least":97,"requires_php":17,"tags":115,"homepage":119,"download_link":120,"security_score":121,"vuln_count":72,"unpatched_count":13,"last_vuln_date":122,"fetched_at":28},"one-user-avatar","One User Avatar | User Profile Picture","2.5.4","One Designs","https:\u002F\u002Fprofiles.wordpress.org\u002Fonedesigns\u002F","\u003Cp>WordPress currently only allows you to use custom avatars that are uploaded through \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa>. \u003Cstrong>One User Avatar\u003C\u002Fstrong> enables you to use any photo uploaded into your Media Library as an avatar. This means you use the same uploader and library as your posts. No extra folders or image editing functions are necessary. This plugin is a fork of WP User Avatar v2.2.16.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>One User Avatar\u003C\u002Fstrong> also lets you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Upload your own Default Avatar in your One User Avatar settings.\u003C\u002Fli>\n\u003Cli>Show the user’s \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatar or Default Avatar if the user doesn’t have a One User Avatar image.\u003C\u002Fli>\n\u003Cli>Disable \u003Ca href=\"http:\u002F\u002Fgravatar.com\u002F\" rel=\"nofollow ugc\">Gravatar\u003C\u002Fa> avatars and use only local avatars.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar_upload]\u003C\u002Fcode> shortcode to add a standalone uploader to a front page or widget. This uploader is only visible to logged-in users.\u003C\u002Fli>\n\u003Cli>Use the \u003Ccode>[avatar]\u003C\u002Fcode> shortcode in your posts. These shortcodes will work with any theme, whether it has avatar support or not.\u003C\u002Fli>\n\u003Cli>Allow Contributors and Subscribers to upload their own avatars.\u003C\u002Fli>\n\u003Cli>Limit upload file size and image dimensions for Contributors and Subscribers.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Copyright\u003C\u002Fh3>\n\u003Cp>One User Avatar\u003Cbr \u002F>\nCopyright (c) 2023 One Designs https:\u002F\u002Fonedesigns.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fonedesigns\u002Fone-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is based on WP User Avatar v2.2.16\u003Cbr \u002F>\nCopyright (c) 2020-2021 ProfilePress https:\u002F\u002Fprofilepress.net\u002F\u003Cbr \u002F>\nCopyright (c) 2014-2020 Flippercode https:\u002F\u002Fwww.flippercode.com\u002F\u003Cbr \u002F>\nCopyright (c) 2013-2014 Bangbay Siboliban http:\u002F\u002Fbangbay.com\u002F\u003Cbr \u002F>\nLicense: GPLv2\u003Cbr \u002F>\nSource: https:\u002F\u002Fgithub.com\u002Fprofilepress\u002Fwp-user-avatar\u003C\u002Fp>\n\u003Cp>One User Avatar is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 2 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\u003Cbr \u002F>\nGNU General Public License for more details.\u003C\u002Fp>\n\u003Ch3>Advanced Settings\u003C\u002Fh3>\n\u003Ch4>Add One User Avatar to your own profile edit page\u003C\u002Fh4>\n\u003Cp>You can use the [avatar_upload] shortcode to add a standalone uploader to any page. It’s best to use this uploader by itself and without other profile fields.\u003C\u002Fp>\n\u003Cp>If you’re building your own profile edit page with other fields, One User Avatar is automatically added to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">show_user_profile\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\u002FAction_Reference\u002Fshow_user_profile\" rel=\"nofollow ugc\">edit_user_profile\u003C\u002Fa> hooks. If you’d rather have One User Avatar in its own section, you could add another hook:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>do_action( 'edit_user_avatar', $current_user );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Then, to add One User Avatar to that hook and remove it from the other hooks outside of the administration panel, you would add this code to the \u003Ccode>functions.php\u003C\u002Fcode> file of your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_avatar_filter() {\n    \u002F\u002F Remove from show_user_profile hook\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'show_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Remove from edit_user_profile hook\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    remove_action( 'edit_user_profile', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n\n    \u002F\u002F Add to edit_user_avatar hook\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_action_show_user_profile' ) );\n    add_action( 'edit_user_avatar', array( 'wp_user_avatar', 'wpua_media_upload_scripts' ) );\n}\n\n\u002F\u002F Loads only outside of administration panel\nif ( ! is_admin() ) {\n    add_action( 'init','my_avatar_filter' );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>HTML Wrapper\u003C\u002Fh4>\n\u003Cp>You can change the HTML wrapper of the One User Avatar section by using the functions \u003Ccode>wpua_before_avatar\u003C\u002Fcode> and \u003Ccode>wpua_after_avatar\u003C\u002Fcode>. By default, the avatar code is structured like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv class=\"wpua-edit-container\">\n    \u003Ch3>Avatar\u003C\u002Fh3>\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Original Size\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        Thumbnail\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To strip out the div container and h3 heading, you would add the following filters to the \u003Ccode>functions.php\u003C\u002Fcode> file in your theme:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>remove_action( 'wpua_before_avatar', 'wpua_do_before_avatar' );\nremove_action( 'wpua_after_avatar', 'wpua_do_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To add your own wrapper, you could create something like this:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>function my_before_avatar() {\n    echo '\u003Cdiv id=\"my-avatar\">';\n}\nadd_action( 'wpua_before_avatar', 'my_before_avatar' );\n\nfunction my_after_avatar() {\n    echo '\u003C\u002Fdiv>';\n}\nadd_action( 'wpua_after_avatar', 'my_after_avatar' );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This would output:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003Cdiv id=\"my-avatar\">\n    \u003Cinput type=\"hidden\" name=\"wp-user-avatar\" id=\"wp-user-avatar\" value=\"{attachmentID}\" \u002F>\n    \u003Cp id=\"wpua-add-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-add\" name=\"wpua-add\">Edit Image\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-preview\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Original Size\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-thumbnail\">\n        \u003Cimg src=\"{imageURL}\" alt=\"\" \u002F>\n        \u003Cspan class=\"description\">Thumbnail\u003C\u002Fspan>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-remove-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-remove\" name=\"wpua-remove\">Default Avatar\u003C\u002Fbutton>\n    \u003C\u002Fp>\n    \u003Cp id=\"wpua-undo-button\">\n        \u003Cbutton type=\"button\" class=\"button\" id=\"wpua-undo\" name=\"wpua-undo\">Undo\u003C\u002Fbutton>\n    \u003C\u002Fp>\n\u003C\u002Fdiv>\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Use any image from your WordPress Media Library as a custom user avatar or user profile picture. Add your own Default Avatar.",100000,501920,94,41,"2026-01-12T00:58:00.000Z",[116,117,118,21,22],"avatar","bbpress","gravatar","https:\u002F\u002Fonedesigns.com\u002Fplugins\u002Fone-user-avatar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-user-avatar.2.5.4.zip",99,"2021-09-20 00:00:00",{"attackSurface":124,"codeSignals":163,"taintFlows":207,"riskAssessment":208,"analyzedAt":215},{"hooks":125,"ajaxHandlers":159,"restRoutes":160,"shortcodes":161,"cronEvents":162,"entryPointCount":13,"unprotectedCount":13},[126,132,136,140,144,147,150,154],{"type":127,"name":128,"callback":129,"file":130,"line":131},"action","admin_head","check_force_redirect","includes\u002Fcrm.class.php",13,{"type":127,"name":133,"callback":134,"file":130,"line":135},"admin_menu","menus",14,{"type":127,"name":137,"callback":138,"file":130,"line":139},"show_user_profile","profile_fields",15,{"type":127,"name":141,"callback":142,"file":130,"line":143},"personal_options_update","profile_fields_update",16,{"type":127,"name":145,"callback":138,"file":130,"line":146},"edit_user_profile",18,{"type":127,"name":148,"callback":142,"file":130,"line":149},"edit_user_profile_update",19,{"type":127,"name":151,"callback":152,"file":130,"line":153},"admin_notices","admin_notice_for_user",102,{"type":127,"name":155,"callback":156,"file":157,"line":158},"init","scrm_textdomain","simple-crm.php",22,[],[],[],[],{"dangerousFunctions":164,"sqlUsage":165,"outputEscaping":167,"fileOperations":13,"externalRequests":13,"nonceChecks":204,"capabilityChecks":205,"bundledLibraries":206},[],{"prepared":13,"raw":13,"locations":166},[],{"escaped":168,"rawEcho":146,"locations":169},8,[170,174,177,179,181,183,185,187,189,190,192,193,196,197,198,199,201,203],{"file":171,"line":172,"context":173},"includes\u002Fhelpers.php",25,"raw output",{"file":175,"line":176,"context":173},"includes\u002Ftemplates\u002Fadmin_notice.php",3,{"file":175,"line":178,"context":173},6,{"file":180,"line":176,"context":173},"includes\u002Ftemplates\u002Foptions.php",{"file":180,"line":182,"context":173},42,{"file":180,"line":184,"context":173},49,{"file":180,"line":186,"context":173},76,{"file":180,"line":188,"context":173},77,{"file":180,"line":188,"context":173},{"file":180,"line":191,"context":173},78,{"file":180,"line":191,"context":173},{"file":194,"line":195,"context":173},"includes\u002Ftemplates\u002Fprofile.php",9,{"file":194,"line":195,"context":173},{"file":194,"line":139,"context":173},{"file":194,"line":143,"context":173},{"file":194,"line":200,"context":173},17,{"file":194,"line":202,"context":173},23,{"file":194,"line":202,"context":173},5,1,[],[],{"summary":209,"deductions":210},"The static analysis of the \"simple-crm\" plugin v0.1 reveals a generally robust security posture, particularly concerning the absence of identified vulnerabilities in its history and a limited attack surface. The plugin demonstrates good practice by utilizing prepared statements for all SQL queries and performing nonce checks. The lack of file operations and external HTTP requests further reduces potential attack vectors.\n\nHowever, a significant concern lies in the output escaping. With only 31% of the 26 identified outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This means user-supplied data or data processed by the plugin could be rendered in the browser without proper sanitization, allowing attackers to inject malicious scripts. The plugin also exhibits a low number of capability checks (1), which, coupled with the identified output escaping issues, could lead to unauthorized access or modification of data if an attacker can bypass authentication.",[211,213],{"reason":212,"points":168},"Low percentage of properly escaped output (XSS risk)",{"reason":214,"points":176},"Low number of capability checks","2026-04-16T12:41:00.449Z",{"wat":217,"direct":224},{"assetPaths":218,"generatorPatterns":221,"scriptPaths":222,"versionParams":223},[219,220],"\u002Fwp-content\u002Fplugins\u002Fsimple-crm\u002Fincludes\u002Fassets\u002Fcss\u002Fcrm.css","\u002Fwp-content\u002Fplugins\u002Fsimple-crm\u002Fincludes\u002Fassets\u002Fjs\u002Fcrm.js",[],[220],[],{"cssClasses":225,"htmlComments":229,"htmlAttributes":230,"restEndpoints":233,"jsGlobals":234,"shortcodeOutput":236},[226,227,228],"scrm-field-label","scrm-field-input","scrm-field-type",[],[231,232],"data-scrm-field-name","data-scrm-field-type",[],[235],"scrm_options_page_url",[],{"error":238,"url":239,"statusCode":240,"statusMessage":241,"message":241},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsimple-crm\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":205,"versions":243},[244],{"version":6,"download_url":25,"svn_tag_url":245,"released_at":27,"has_diff":246,"diff_files_changed":247,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":248,"is_current":238},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fsimple-crm\u002Ftags\u002F0.1\u002F",false,[],[]]