[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fzISokzqKPouMx2v1JZGUEoDgDWI-82JTLX5BtTptVPw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":48,"crawl_stats":38,"alternatives":51,"analysis":140,"fingerprints":443},"simple-table-manager","Simple Table Manager","1.6.1","ryo0inoue","https:\u002F\u002Fprofiles.wordpress.org\u002Fryo0inoue\u002F","\u003Cp>Simple Table Manager enables editing table records and exporting them to CSV files through a minimal database interface from your dashboard.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simply CRUD table contents on your wp-admin screen\u003C\u002Fli>\n\u003Cli>Search and sort table records\u003C\u002Fli>\n\u003Cli>No knowledge of MySQL or PHP required\u003C\u002Fli>\n\u003Cli>Export table records to a CSV file\u003C\u002Fli>\n\u003Cli>Does not allow users to create tables or change the structure of the table\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Simple Table Manager is a tool suited for the initial development phase of a website. It is ideal when you want to ask someone else with no database expertise to keep track of table records on your website. This was the motivation for developing this plugin.\u003C\u002Fp>\n\u003Cp>Note that to comply with wordpress.org plugin security guidelines, edited and added record fields are filtered through wp_kses_post() to prevent sql injection attacks. In some cases, wanted tags may be filtered out leading to field corruption.\u003C\u002Fp>\n","Enables viewing and editing table records and exporting them to CSV files through a minimal database interface from your dashboard.",400,24407,96,4,"2025-01-19T23:50:00.000Z","6.7.5","6.2","7.3",[20,21,22,23,24],"crud","database","export","mysql","table","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-table-manager.1.6.1.zip",92,1,0,"2023-10-16 00:00:00","2026-03-15T15:16:48.613Z",[33],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2023-4858","simple-table-manager-authenticatedadministrator-stored-cross-site-scripting","Simple Table Manager \u003C= 1.5.6 - Authenticated(Administrator+) Stored Cross-Site Scripting","The Simple Table Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.",null,"\u003C=1.5.6","medium",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-30 14:48:24",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F53760acf-e8b2-4e35-8c01-768472fc0996?source=api-prod",473,{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":47,"trust_score":49,"computed_at":50},73,"2026-04-04T05:02:29.092Z",[52,69,90,107,123],{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":60,"downloaded":61,"rating":29,"num_ratings":29,"last_updated":62,"tested_up_to":63,"requires_at_least":64,"requires_php":25,"tags":65,"homepage":25,"download_link":67,"security_score":68,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"ob-db-excel-converter","OB DB Excel Converter","2.1","Oudaryamay Burai","https:\u002F\u002Fprofiles.wordpress.org\u002Foudaryamayburai\u002F","\u003Cp>This plugin provide you the functionality to export MySql database table to excel file. The plugin is very easy to use. It also allow you to show all database table’s value with “Convert To Excel” option in admin panel.\u003C\u002Fp>\n\u003Cp>We are currently working on a new functionality which will provide you the functionality to export database table with selected field name.\u003C\u002Fp>\n\u003Ch4>Plugin Functionalities:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Easy to see all database table in Admin Panel\u003C\u002Fli>\n\u003Cli>Export any table to Excel file\u003C\u002Fli>\n\u003Cli>Easy to see results in Admin Panel by writing custom MySQL query\u003C\u002Fli>\n\u003Cli>Copy\u002FCSV\u002FExcel\u002FPDF\u002FPrint the output custom MySQL query result\u003C\u002Fli>\n\u003Cli>We are adding additional more functionality to this plugin soon…\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin provide you the functionality to export MySql database table to excel file. The plugin is very easy to use.",80,2398,"2020-10-27T14:03:00.000Z","5.5.18","2.9.0",[21,66,22,23,24],"excel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fob-db-excel-converter.2.1.zip",85,{"slug":70,"name":71,"version":72,"author":73,"author_profile":74,"description":75,"short_description":76,"active_installs":77,"downloaded":78,"rating":79,"num_ratings":80,"last_updated":81,"tested_up_to":16,"requires_at_least":82,"requires_php":18,"tags":83,"homepage":88,"download_link":89,"security_score":27,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"crudiator","Crudiator","2.0.2","takafu","https:\u002F\u002Fprofiles.wordpress.org\u002Ftakafu\u002F","\u003Cp>\u003Cem>Once you create a custom table in WordPress, don’t you need a screen to manipulate that data within the WordPress admin panel?\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>When you prepare other database tables (henceforth, custom tables) in WordPress, you usually need a screen to operate CRUD for that table data in the WordPress admin panel. (CRUD is an acronym for Create, Read, Update, Delete.)\u003C\u002Fp>\n\u003Cp>Moreover, it would be great if the screen conforms to the familiar WordPress UI, preferably so that WordPress users can use it intuitively.\u003C\u002Fp>\n\u003Cp>However, it requires a certain amount of program development to prepare it in the WordPress admin panel, and this is quite a hassle.\u003C\u002Fp>\n\u003Cp>This “Crudiator” makes it possible in just a few steps!\u003C\u002Fp>\n\u003Cp>With Crudiator, you can instantly create a screen in the WordPress admin panel that allows CRUD manipulation of custom tables.\u003C\u002Fp>\n\u003Cp>If you need to create a screen for CRUD operations on custom tables in WordPress, you will save a whole lot of development man-hours\u003C\u002Fp>\n","Crudiator is a plugin that makes it easy to achieve CRUD operations on custom tables in the WordPress admin panel.",200,3477,94,6,"2025-02-08T08:01:00.000Z","5.0",[20,84,85,86,87],"custom-table","database-table","insert","update","https:\u002F\u002Fcrudiator.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcrudiator.2.0.2.zip",{"slug":91,"name":92,"version":93,"author":94,"author_profile":95,"description":96,"short_description":59,"active_installs":97,"downloaded":98,"rating":97,"num_ratings":99,"last_updated":100,"tested_up_to":101,"requires_at_least":64,"requires_php":25,"tags":102,"homepage":103,"download_link":104,"security_score":105,"vuln_count":28,"unpatched_count":28,"last_vuln_date":106,"fetched_at":31},"database-to-excel","Database to Excel","1.0","Subhash Kumar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmistersubhash\u002F","\u003Cp>This plugin provide you the functionality to export MySql database table to excel file. The plugin is very easy to use. It also allow you to show all database table’s value with “export to excel” option in admin panel.\u003C\u002Fp>\n\u003Cp>We are currently working on a new functionality which will provide you the functionality to export database table with selected field name.\u003C\u002Fp>\n\u003Ch4>Plugin Functionalities:\u003C\u002Fh4>\n\u003Col>\n\u003Cli>Easy to see all database table in Admin Panel\u003C\u002Fli>\n\u003Cli>Export any table to Excel file\u003C\u002Fli>\n\u003Cli>We are adding additional functionality to this plugin soon…\u003C\u002Fli>\n\u003C\u002Fol>\n",100,8472,2,"2015-09-18T07:30:00.000Z","4.2.39",[21,66,22,24],"http:\u002F\u002Fwww.csitworld.com\u002Fwordpress\u002Fplugins\u002FDatabaseToExcel","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdatabase-to-excel.zip",63,"2025-09-05 00:00:00",{"slug":108,"name":109,"version":110,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":97,"downloaded":115,"rating":97,"num_ratings":99,"last_updated":116,"tested_up_to":117,"requires_at_least":82,"requires_php":25,"tags":118,"homepage":25,"download_link":122,"security_score":97,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"db-views-data-table","DB-Views: Dashboards, Data Tables and Webforms","1.7.0","Dave","https:\u002F\u002Fprofiles.wordpress.org\u002Fcomponentsoftware\u002F","\u003Cp>\u003Ca href=\"https:\u002F\u002Fdeby.ai\u002F\" rel=\"nofollow ugc\">Deby.AI Home\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdeby.ai\u002Fproduct\u002Fwordpress-data-table\" rel=\"nofollow ugc\">Data Table Features\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdeby.ai\u002Flive-demos\u002F\" rel=\"nofollow ugc\">Live Database Demos\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fapp.deby.ai.com?signup=1&campaign=wp-data-table\" rel=\"nofollow ugc\">Create a FREE Deby.AI Account\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add full database functionality to your website.\u003C\u002Fli>\n\u003Cli>Deby.AI Generative AI copilot turns your data into powerful database apps.\u003C\u002Fli>\n\u003Cli>Display advanced dashboards, data tables and multistep webforms in any webpage.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Build fast\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>A generative AI copilot turns your ideas and data into powerful apps — no coding skills needed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Describe it freely, in your native language. Debi.AI brings it to life in no time!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Display and edit table data in a frame embedded in any webpage.\u003C\u002Fli>\n\u003Cli>Fully customize your tables. Enjoy complete language localization.\u003C\u002Fli>\n\u003Cli>Create multistep web forms to edit data or add new rows.\u003C\u002Fli>\n\u003Cli>Responsive Material 3 implementation makes tables look great on any device.\u003C\u002Fli>\n\u003Cli>Enjoy fast drag & drop development. With our low-code solution, JavaScript coding skills are only required for advanced scenarios.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Handle Multi-Source Data\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Build your apps by uploading your current data to Deby.AI. Supported formats: SQL dumps, JSON, XML, CSV, OpenOffice, LibreOffice, Excel, Google Sheets, and OneDrive spreadsheets.\u003C\u002Fli>\n\u003Cli>You can also link your existing database servers: Azure\u002FMicrosoft SQL Server, MySQL, PostgreSQL, Oracle Database, Amazon Athena, Google BigQuery, Snowflake, MariaDB, MongoDB, GraphQL, and more \u003Ca href=\"https:\u002F\u002Fdeby.ai\u002Fproduct\u002Fdata-sources\" rel=\"nofollow ugc\">(full database & data sources list)\u003C\u002Fa>. A live copy of the data will be displayed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Enjoy a FREE Starter License\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Access the full power of Deby.AI at no cost — no credit card needed.\u003C\u002Fli>\n\u003Cli>Built apps can be used indefinitely for medium-scale production.\u003C\u002Fli>\n\u003C\u002Ful>\n","Add full database functionality to your website. Generative AI copilot turns your data into powerful database apps. Display advanced dashboards, data  &hellip;",7514,"2025-10-30T14:31:00.000Z","6.8.5",[119,120,21,23,121],"ai","data-table","webform","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdb-views-data-table.zip",{"slug":124,"name":125,"version":126,"author":127,"author_profile":128,"description":129,"short_description":130,"active_installs":97,"downloaded":131,"rating":13,"num_ratings":80,"last_updated":132,"tested_up_to":133,"requires_at_least":134,"requires_php":25,"tags":135,"homepage":138,"download_link":139,"security_score":68,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"rename-db-table-prefix","Rename DB Table Prefix","0.1.0","JRGould","https:\u002F\u002Fprofiles.wordpress.org\u002Fjrgould\u002F","\u003Cp>Need to change your table prefix from \u003Ccode>wp_\u003C\u002Fcode> to something else on a site that’s already running? Not running a multisite install? Rename DB Table Prefix can probably help.\u003C\u002Fp>\n\u003Cp>RDTP’s primary functionality is based on the great WP-CLI package, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiandunn\u002Fwp-cli-rename-db-prefix\" rel=\"nofollow ugc\">wp-cli-rename-db-prefix\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Use at your own risk and make backups before running this plugin – it is entirely possible that this could break your site and you will need to be able to restore your database and \u003Ccode>wp-config.php\u003C\u002Fcode> files from good backups if this happens.\u003C\u002Fp>\n","Rename DB Table Prefix does what it says on the tin.",3121,"2017-09-29T16:30:00.000Z","4.8.28","3.0.1",[21,23,136,137],"prefix","table_prefix","http:\u002F\u002Fjrgould.com\u002Frdtp\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frename-db-table-prefix.zip",{"attackSurface":141,"codeSignals":165,"taintFlows":180,"riskAssessment":431,"analyzedAt":442},{"hooks":142,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":29,"unprotectedCount":29},[143,149,153,157],{"type":144,"name":145,"callback":146,"file":147,"line":148},"action","plugins_loaded","tstm_custom_load_textdomain","simple-table-manager.php",40,{"type":144,"name":150,"callback":151,"file":147,"line":152},"wp_loaded","tstm_register_assets",47,{"type":144,"name":154,"callback":155,"file":147,"line":156},"admin_enqueue_scripts","tstm_admin_enqueue_assets",54,{"type":144,"name":158,"callback":159,"file":147,"line":160},"admin_menu","tstm_add_menu_item",70,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":172,"outputEscaping":175,"fileOperations":28,"externalRequests":29,"nonceChecks":178,"capabilityChecks":28,"bundledLibraries":179},[167],{"fn":168,"file":169,"line":170,"context":171},"unserialize","includes\\edit.php",143,"$result = @unserialize( $field_value, $classes ); \u002F\u002F suppress any E_NOTICE",{"prepared":173,"raw":29,"locations":174},31,[],{"escaped":176,"rawEcho":29,"locations":177},46,[],8,[],[181,214,244,286,320,339,368,380,388,413],{"entryPoint":182,"graph":183,"unsanitizedCount":99,"severity":40},"tstm_edit (includes\\edit.php:6)",{"nodes":184,"edges":208},[185,190,194,198,202],{"id":186,"type":187,"label":188,"file":169,"line":189},"n0","source","$_POST",48,{"id":191,"type":192,"label":193,"file":169,"line":170,"wp_function":168},"n1","sink","unserialize() [Object Injection]",{"id":195,"type":187,"label":196,"file":169,"line":197},"n2","$_POST (x2)",115,{"id":199,"type":200,"label":201,"file":169,"line":197},"n3","transform","→ tstm_print()",{"id":203,"type":192,"label":204,"file":205,"line":206,"wp_function":207},"n4","echo() [XSS]","includes\\functions.php",430,"echo",[209,211,213],{"from":186,"to":191,"sanitized":210},true,{"from":195,"to":199,"sanitized":212},false,{"from":199,"to":203,"sanitized":212},{"entryPoint":215,"graph":216,"unsanitizedCount":243,"severity":40},"\u003Cedit> (includes\\edit.php:0)",{"nodes":217,"edges":237},[218,219,223,224,227,228,230,233,235],{"id":186,"type":187,"label":188,"file":169,"line":189},{"id":191,"type":192,"label":220,"file":169,"line":221,"wp_function":222},"query() [SQLi]",69,"query",{"id":195,"type":187,"label":188,"file":169,"line":189},{"id":199,"type":192,"label":225,"file":169,"line":13,"wp_function":226},"get_row() [SQLi]","get_row",{"id":203,"type":187,"label":188,"file":169,"line":189},{"id":229,"type":192,"label":193,"file":169,"line":170,"wp_function":168},"n5",{"id":231,"type":187,"label":232,"file":169,"line":197},"n6","$_POST (x3)",{"id":234,"type":200,"label":201,"file":169,"line":197},"n7",{"id":236,"type":192,"label":204,"file":205,"line":206,"wp_function":207},"n8",[238,239,240,241,242],{"from":186,"to":191,"sanitized":210},{"from":195,"to":199,"sanitized":210},{"from":203,"to":229,"sanitized":210},{"from":231,"to":234,"sanitized":212},{"from":234,"to":236,"sanitized":212},3,{"entryPoint":245,"graph":246,"unsanitizedCount":285,"severity":40},"tstm_export (includes\\export-csv.php:10)",{"nodes":247,"edges":276},[248,251,253,257,259,261,263,265,267,269,272,274],{"id":186,"type":187,"label":188,"file":249,"line":250},"includes\\export-csv.php",42,{"id":191,"type":200,"label":252,"file":249,"line":250},"→ tstm_validate_csv_filename()",{"id":195,"type":192,"label":254,"file":205,"line":255,"wp_function":256},"update_option() [Settings Manipulation]",310,"update_option",{"id":199,"type":187,"label":188,"file":249,"line":258},45,{"id":203,"type":200,"label":260,"file":249,"line":258},"→ tstm_validate_csv_encoding()",{"id":229,"type":192,"label":254,"file":205,"line":262,"wp_function":256},318,{"id":231,"type":187,"label":188,"file":249,"line":264},49,{"id":234,"type":200,"label":266,"file":249,"line":264},"→ tstm_validate_csv_fields()",{"id":236,"type":192,"label":254,"file":205,"line":268,"wp_function":256},326,{"id":270,"type":187,"label":196,"file":249,"line":271},"n9",75,{"id":273,"type":200,"label":201,"file":249,"line":271},"n10",{"id":275,"type":192,"label":204,"file":205,"line":206,"wp_function":207},"n11",[277,278,279,280,281,282,283,284],{"from":186,"to":191,"sanitized":212},{"from":191,"to":195,"sanitized":212},{"from":199,"to":203,"sanitized":212},{"from":203,"to":229,"sanitized":212},{"from":231,"to":234,"sanitized":212},{"from":234,"to":236,"sanitized":212},{"from":270,"to":273,"sanitized":212},{"from":273,"to":275,"sanitized":212},5,{"entryPoint":287,"graph":288,"unsanitizedCount":285,"severity":40},"\u003Cexport-csv> (includes\\export-csv.php:0)",{"nodes":289,"edges":310},[290,292,296,297,298,299,300,301,302,303,304,305,306,308],{"id":186,"type":187,"label":188,"file":249,"line":291},41,{"id":191,"type":192,"label":293,"file":249,"line":294,"wp_function":295},"header() [Header Injection]",141,"header",{"id":195,"type":187,"label":188,"file":249,"line":250},{"id":199,"type":200,"label":252,"file":249,"line":250},{"id":203,"type":192,"label":254,"file":205,"line":255,"wp_function":256},{"id":229,"type":187,"label":188,"file":249,"line":258},{"id":231,"type":200,"label":260,"file":249,"line":258},{"id":234,"type":192,"label":254,"file":205,"line":262,"wp_function":256},{"id":236,"type":187,"label":188,"file":249,"line":264},{"id":270,"type":200,"label":266,"file":249,"line":264},{"id":273,"type":192,"label":254,"file":205,"line":268,"wp_function":256},{"id":275,"type":187,"label":196,"file":249,"line":271},{"id":307,"type":200,"label":201,"file":249,"line":271},"n12",{"id":309,"type":192,"label":204,"file":205,"line":206,"wp_function":207},"n13",[311,312,313,314,315,316,317,318,319],{"from":186,"to":191,"sanitized":210},{"from":195,"to":199,"sanitized":212},{"from":199,"to":203,"sanitized":212},{"from":229,"to":231,"sanitized":212},{"from":231,"to":234,"sanitized":212},{"from":236,"to":270,"sanitized":212},{"from":270,"to":273,"sanitized":212},{"from":275,"to":307,"sanitized":212},{"from":307,"to":309,"sanitized":212},{"entryPoint":321,"graph":322,"unsanitizedCount":178,"severity":40},"tstm_table (includes\\table.php:6)",{"nodes":323,"edges":335},[324,328,330,333,334],{"id":186,"type":187,"label":325,"file":326,"line":327},"$_GET (x2)","includes\\table.php",32,{"id":191,"type":192,"label":254,"file":326,"line":329,"wp_function":256},34,{"id":195,"type":187,"label":331,"file":326,"line":332},"$_GET (x8)",121,{"id":199,"type":200,"label":201,"file":326,"line":332},{"id":203,"type":192,"label":204,"file":205,"line":206,"wp_function":207},[336,337,338],{"from":186,"to":191,"sanitized":210},{"from":195,"to":199,"sanitized":212},{"from":199,"to":203,"sanitized":212},{"entryPoint":340,"graph":341,"unsanitizedCount":367,"severity":40},"\u003Ctable> (includes\\table.php:0)",{"nodes":342,"edges":361},[343,344,345,348,352,354,357,359,360],{"id":186,"type":187,"label":325,"file":326,"line":327},{"id":191,"type":192,"label":254,"file":326,"line":329,"wp_function":256},{"id":195,"type":187,"label":346,"file":326,"line":347},"$_GET (x4)",36,{"id":199,"type":192,"label":349,"file":326,"line":350,"wp_function":351},"get_results() [SQLi]",64,"get_results",{"id":203,"type":187,"label":353,"file":326,"line":347},"$_GET",{"id":229,"type":192,"label":355,"file":326,"line":49,"wp_function":356},"get_var() [SQLi]","get_var",{"id":231,"type":187,"label":358,"file":326,"line":332},"$_GET (x9)",{"id":234,"type":200,"label":201,"file":326,"line":332},{"id":236,"type":192,"label":204,"file":205,"line":206,"wp_function":207},[362,363,364,365,366],{"from":186,"to":191,"sanitized":210},{"from":195,"to":199,"sanitized":210},{"from":203,"to":229,"sanitized":210},{"from":231,"to":234,"sanitized":212},{"from":234,"to":236,"sanitized":212},9,{"entryPoint":369,"graph":370,"unsanitizedCount":29,"severity":379},"tstm_main (includes\\main.php:7)",{"nodes":371,"edges":377},[372,375],{"id":186,"type":187,"label":188,"file":373,"line":374},"includes\\main.php",21,{"id":191,"type":192,"label":254,"file":373,"line":376,"wp_function":256},22,[378],{"from":186,"to":191,"sanitized":210},"low",{"entryPoint":381,"graph":382,"unsanitizedCount":29,"severity":379},"\u003Cmain> (includes\\main.php:0)",{"nodes":383,"edges":386},[384,385],{"id":186,"type":187,"label":188,"file":373,"line":374},{"id":191,"type":192,"label":254,"file":373,"line":376,"wp_function":256},[387],{"from":186,"to":191,"sanitized":210},{"entryPoint":389,"graph":390,"unsanitizedCount":99,"severity":412},"tstm_settings (includes\\settings.php:5)",{"nodes":391,"edges":406},[392,394,396,397,399,401,403,405],{"id":186,"type":187,"label":196,"file":393,"line":376},"includes\\settings.php",{"id":191,"type":192,"label":254,"file":393,"line":395,"wp_function":256},23,{"id":195,"type":187,"label":188,"file":393,"line":173},{"id":199,"type":200,"label":398,"file":393,"line":173},"→ tstm_validate_rows_per_page()",{"id":203,"type":192,"label":254,"file":205,"line":400,"wp_function":256},302,{"id":229,"type":187,"label":188,"file":393,"line":402},39,{"id":231,"type":200,"label":404,"file":393,"line":402},"→ tstm_get_table_info()",{"id":234,"type":192,"label":349,"file":205,"line":170,"wp_function":351},[407,408,409,410,411],{"from":186,"to":191,"sanitized":210},{"from":195,"to":199,"sanitized":212},{"from":199,"to":203,"sanitized":212},{"from":229,"to":231,"sanitized":212},{"from":231,"to":234,"sanitized":212},"high",{"entryPoint":414,"graph":415,"unsanitizedCount":99,"severity":412},"\u003Csettings> (includes\\settings.php:0)",{"nodes":416,"edges":425},[417,418,419,420,421,422,423,424],{"id":186,"type":187,"label":196,"file":393,"line":376},{"id":191,"type":192,"label":254,"file":393,"line":395,"wp_function":256},{"id":195,"type":187,"label":188,"file":393,"line":173},{"id":199,"type":200,"label":398,"file":393,"line":173},{"id":203,"type":192,"label":254,"file":205,"line":400,"wp_function":256},{"id":229,"type":187,"label":188,"file":393,"line":402},{"id":231,"type":200,"label":404,"file":393,"line":402},{"id":234,"type":192,"label":349,"file":205,"line":170,"wp_function":351},[426,427,428,429,430],{"from":186,"to":191,"sanitized":210},{"from":195,"to":199,"sanitized":212},{"from":199,"to":203,"sanitized":212},{"from":229,"to":231,"sanitized":212},{"from":231,"to":234,"sanitized":212},{"summary":432,"deductions":433},"The 'simple-table-manager' v1.6.1 plugin exhibits a generally good security posture with some notable areas of concern.  The static analysis reveals a very small attack surface with no direct entry points identified as unprotected.  Furthermore, the plugin demonstrates excellent practices in SQL query handling (100% prepared statements) and output escaping (100% properly escaped), which are crucial for preventing common web vulnerabilities. The presence of 8 nonce checks and 1 capability check also indicates an effort to secure potentially sensitive operations.\n\nHowever, the identified use of the `unserialize` function is a significant risk, as unserializing untrusted user input can lead to Remote Code Execution (RCE) vulnerabilities. This is corroborated by the taint analysis, which shows 2 high-severity flows, suggesting potential for malicious data manipulation. The plugin's vulnerability history, including a past medium-severity Cross-Site Scripting (XSS) vulnerability, reinforces the need for vigilance with input handling. While there are no currently unpatched CVEs, the past incident and the identified taint flows highlight a pattern of potential weaknesses in sanitizing or properly handling user-supplied data.\n\nIn conclusion, while the plugin excels in areas like SQL and output sanitation, the `unserialize` function and the high-severity taint flows present critical risks that demand attention. The historical XSS vulnerability further suggests that input validation and sanitization are areas that require ongoing scrutiny. Addressing these specific risks is paramount to improving the overall security of this plugin.",[434,437,440],{"reason":435,"points":436},"Use of unserialize function",15,{"reason":438,"points":439},"High severity taint flows found",12,{"reason":441,"points":178},"Past medium severity XSS vulnerability","2026-03-16T19:45:10.594Z",{"wat":444,"direct":451},{"assetPaths":445,"generatorPatterns":447,"scriptPaths":448,"versionParams":449},[446],"\u002Fwp-content\u002Fplugins\u002Fsimple-table-manager\u002Fcss\u002Fadmin.css",[],[],[450],"simple-table-manager\u002Fcss\u002Fadmin.css?ver=",{"cssClasses":452,"htmlComments":453,"htmlAttributes":454,"restEndpoints":455,"jsGlobals":456,"shortcodeOutput":457},[],[],[],[],[],[]]