[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fnJfDvSdmRaTisDkDRBPA42DlBMrMEl_Ky4zjrfHN0Hw":3,"$fRUOkYg1BIS7W5Jo6NXLa2tdjaUQw0LODKi1eN0ouDzc":231,"$flcAlrQkeBu4RmJsKNRjTO7IKeim7HKkK3FIQm8GdU8k":236},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":15,"tags":16,"homepage":22,"download_link":23,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26,"discovery_status":27,"vulnerabilities":28,"developer":29,"crawl_stats":25,"alternatives":36,"analysis":144,"fingerprints":217},"simple-toolkit","Simple Toolkit","1.0.0","Codeless","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodelessthemes\u002F","\u003Cp>Simple Toolkit is a plugin that provides simple and useful tools for WordPress websites. With this plugin, you can easily disable comments, duplicate pages or posts, add Google Analytics tracking code, use classic widgets and editor, manage redirections, regenerate thumbnails, enable maintenance mode and disable XML-RPC.\u003C\u002Fp>\n\u003Ch3>Author\u003C\u002Fh3>\n\u003Cp>Simple Toolkit is developed by Codeless. Visit our website at https:\u002F\u002Fcodeless.co\u002F.\u003C\u002Fp>\n","Simple Toolkit is a plugin that provides simple and useful tools for WordPress websites. With this plugin, you can easily disable comments, duplicate  …",0,689,"2023-02-22T11:39:00.000Z","6.1.10","",[17,18,19,20,21],"block","cache","comments","duplication","google-analytics","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-toolkit\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-toolkit.zip",85,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":33,"computed_at":35},"codelessthemes",8,2110,80,30,"2026-05-19T17:28:04.804Z",[37,61,82,102,122],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":58,"download_link":59,"security_score":60,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"blacklist-updater","Block List Updater","1.0.2","pluginkollektiv","https:\u002F\u002Fprofiles.wordpress.org\u002Fpluginkollektiv\u002F","\u003Cp>Few users are familiar with the comment block list built into WordPress. Located in the WordPress admin area under “Settings”—“Discussion”, that block list for incoming comments accepts values (words) to identify spam by.\u003C\u002Fp>\n\u003Cp>Additionally to plugins like \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fantispam-bee\u002F\" rel=\"ugc\">Antispam Bee\u003C\u002Fa> in order to fight spam successfully a curated comment block list is recommendable. You can either update the list manually, or utilize a very detailed global \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsplorp\u002Fwordpress-comment-blacklist\" rel=\"nofollow ugc\">comment block list\u003C\u002Fa> that gets updated on a regular basis.\u003C\u002Fp>\n\u003Cp>Block List Updater has been developed to keep your comment block list in your WordPress installation up to speed with the curated global list on GitHub.\u003C\u002Fp>\n\u003Cp>The plugin will check the global comment block list on GitHub multiple times a day. Whenever new anti-spam values have been added to the global list, Block List Updater will read the global list and update your WordPress database accordingly. While the check-up process will run several times a day, the plugin will only update the database when it detects an actual change of the global comment block list on GitHub.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums on wordpress.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>We don’t handle support via e-mail, Twitter, GitHub issues etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fpluginkollektiv\u002Fblacklist-updater\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Pull requests for documented bugs are highly appreciated.\u003C\u002Fli>\n\u003Cli>If you think you’ve found a bug (e.g. you’re experiencing unexpected behavior), please post at the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fblacklist-updater\" rel=\"ugc\">support forums\u003C\u002Fa> first.\u003C\u002Fli>\n\u003Cli>If you want to help us translate this plugin you can do so \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fblacklist-updater\" rel=\"nofollow ugc\">on WordPress Translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Fsergejmueller.github.io\u002F\" rel=\"nofollow ugc\">Sergej Müller\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Maintainers: \u003Ca href=\"https:\u002F\u002Fpluginkollektiv.org\u002F\" rel=\"nofollow ugc\">pluginkollektiv\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Automatic updating of the comment block list in WordPress with antispam keys from GitHub.",4000,31510,86,4,"2026-03-14T09:16:00.000Z","6.9.4","3.8","5.2",[54,55,56,19,57],"antispam","blacklist","blocklist","spam","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fblacklist-updater\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblacklist-updater.1.0.2.zip",100,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":60,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":80,"download_link":81,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"wps-html-blocks","WPS HTML Blocks","0.1.2","VicToMeyeZR","https:\u002F\u002Fprofiles.wordpress.org\u002Fvictomeyezr\u002F","\u003Cp>WPS HTML Blocks, adds custom html blocks to WordPress. The custom blocks have shortcode to give you the ability to add these HTML blocks to anywhere on the wordpress site. It has been tested against most themes. Elementor and WP Bakery both are compatible.\u003C\u002Fp>\n","This plugin adds a custom HTML post type, with shortcode to place anywhere on your site.",1000,7231,3,"2022-10-12T22:46:00.000Z","5.8.13","5.0","5.2.4",[19,77,78,79],"custom-blocks","custom-shortcode","html-blocks","http:\u002F\u002Fwpsuites.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-html-blocks.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":60,"num_ratings":92,"last_updated":93,"tested_up_to":94,"requires_at_least":95,"requires_php":15,"tags":96,"homepage":100,"download_link":101,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"cache-external-scripts","Cache External Scripts","0.4","Voorsie","https:\u002F\u002Fprofiles.wordpress.org\u002Fvoorsie\u002F","\u003Cp>Often when trying to optimize the Google Pagespeed score, there is one script which still causing the ‘Leverage browser caching’ rule popping up: Google’s own gtag.js and\u002For analytics.js file…\u003C\u002Fp>\n\u003Cp>With this plugin you will be able to cache this file on your local server and enable browser caching for longer than 2 hours. The plugin will check every day if there is a newer version of the file to keep the cache up to date.\u003C\u002Fp>\n","Save the Google Analytics file (gtag.js \u002F analytics.js) locally to be able to cache it for longer than 2 hours for a better PageSpeed score!",900,31718,25,"2019-05-11T19:04:00.000Z","5.2.24","3.0.1",[18,97,21,98,99],"caching","javascripts","scripts","http:\u002F\u002Fwww.forcemedia.nl\u002Fwordpress-plugins\u002Fcache-external-scripts\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcache-external-scripts.0.4.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":60,"num_ratings":48,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":120,"download_link":121,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"block-comment-spam-bots","Block Comment Spam Bots","2.62","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Professional spammers use programs to automate their spamming. The ‘Block Comment Spam Bots’ (BCSB) plugin efficiently blocks their process. No more comment spam!\u003C\u002Fp>\n\u003Cp>As no legitimate user will use the professional spammer’s automated process which relies on cURL and WGET commands, real users will never notice the BCSB plugin at work. There are no CAPTCHAS for your visitors to interact with. No silly questions. Just the comment form as designed in any theme.\u003C\u002Fp>\n\u003Cp>On the admin side, there are no blacklists, special keys (like Askimet), overloaded spam queues, or overworked databases that store spam comments until you manually delete them.\u003C\u002Fp>\n\u003Cp>Install the plugin and that’s it. Invisible, to you and your visitors. The only change you will notice is in your admin area. The list of comments now has a green check next to them. That way you know that comment was made on your website by a real person and was not bypassed by hacking spammers connecting directly to your server.\u003C\u002Fp>\n\u003Cp>All that remains is comments made by real people, and while real people can spam, it takes them time and effort. The amount of spam from real people is a lot more manageable than the tsunami from automated spammers, saving you time to concentrate on the important things in life, like your readers, and making connections.\u003C\u002Fp>\n\u003Cp>We’ve tested it on multiple websites and it wipes out automated spam completely. If it doesn’t on your site, please let us know.\u003C\u002Fp>\n\u003Cp>** Geeky Stuff **\u003Cbr \u002F>\n…in case you are interested in how it works…\u003C\u002Fp>\n\u003Cp>tl;dr – \u003Cstrong>This provides a total and easy solution to comment spam from spam bots.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Comments are processed by the WordPress wp-post-comments.php file. Automated spammers (‘spam bots’) can provide (‘post’) data directly to that page, bypassing any comment processing, by using CURL\u002FWGET commands.\u003C\u002Fp>\n\u003Cp>Bypassing the comment form by posting directly (via CURL or WGET commands), is quite easy. Just send the post ID number, and the bot’s fake name and email, and the spammy content. Boom! Comment spam is on your site!\u003C\u002Fp>\n\u003Cp>The result is comment spam – and that is not always caught by other comment spam checkers. Even if it is caught by programs such as Akismet, processing that spam takes some server resources, including writing to the database.\u003C\u002Fp>\n\u003Cp>This plugin uses several techniques to ‘sense’ a spambot. There are hidden fields that are changed after a delay. There is a delay in displaying the submit button. And it blocks direct access to the WordPress post\u002Fprocessing functions.\u003C\u002Fp>\n\u003Cp>The techniques, also used in our standalone “FormSpemmerTrap” (FST) program, and our other anti-spam plugins (like FormSpammerTrap for Comments), are very effective. They use a bit of JavaScript to block spambots – since automated processes via CURL\u002FWGET\u002Fetc cannot process JS code.\u003C\u002Fp>\n\u003Cp>It’s simple: you install this plugin, activate it, and bot comments will stop. Immediately.\u003C\u002Fp>\n\u003Cp>And it doesn’t add any visual impediments to your comments. No reCaptcha things (which many see as a pain). No silly questions (‘what is 2+8’) on the form. Your comment form does not change. Regular users will not notice a difference. But you will. No more spam comments for you!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This is the best solution to block comment spam.\u003C\u002Fstrong> We’ve tested it on a site that had 20-40 spam comments a day. With this plugin enabled, the spam comment stopped. Immediately. And there have been none since installing this plugin. ** Not one. Zero.**\u003C\u002Fp>\n\u003Cp>The Admin, Comments list page is modified to show a column with a green checkmark icon if the comment was entered by a real person and not a bot. This is an assurance that the comment was not entered via an automated CURL\u002FWGET to the wp-comments-post.php file. A comment that is on the list that does not show the checkmark was done by a bot. But you won’t see those blocked comments with this plugin enabled. They never get into your database. You can hover over the checkmark icon to see the GUID value indicating a person entered the comment.\u003C\u002Fp>\n\u003Cp>The plugins ‘Settings’ screen has no settings. You don’t even need to look at the Settings screen. If you do, you’ll see information about the plugin. And there is a CURL command you can use to test the effectiveness of blocking (or not blocking) direct access to the wp-comments-post.php file.\u003C\u002Fp>\n\u003Cp>The plugin also adds the hidden GUID field to the comment form after a delay to help block bots that are using the comment form to submit. If the hidden field is not submitted then a bot tried to bypass the comment form. And a short delay happens before the comment submit button is displayed – another bot protection.\u003C\u002Fp>\n","A simple to use plugin that stops automated spam. Install and forget, and any automated spam targeting your native WordPress comments is immediately t …",800,6956,"2024-04-10T22:16:00.000Z","6.5.8","4.9","5.4",[117,118,119,19,57],"automated-spam","blocking","bots","https:\u002F\u002Fwww.cellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-comment-spam-bots.zip",{"slug":123,"name":124,"version":125,"author":126,"author_profile":127,"description":128,"short_description":129,"active_installs":130,"downloaded":131,"rating":60,"num_ratings":132,"last_updated":133,"tested_up_to":134,"requires_at_least":135,"requires_php":136,"tags":137,"homepage":142,"download_link":143,"security_score":24,"vuln_count":11,"unpatched_count":11,"last_vuln_date":25,"fetched_at":26},"toms-recaptcha","TomS reCAPTCHA","1.2.0","TomS Caprice","https:\u002F\u002Fprofiles.wordpress.org\u002Ftomsneddon\u002F","\u003Cp>Integrated Google ReCaptcha for WordPress. Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more popular forms.\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Frecaptcha\" rel=\"nofollow ugc\">\u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003C\u002Fa> is a free service that protects your site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002Fadmin\u002Fcreate\" rel=\"nofollow ugc\">Google reCAPTCHA\u003C\u002Fa> to get the \u003Cstrong>Site key\u003C\u002Fstrong> and \u003Cstrong>Secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>reCAPTCHA Type:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>reCAPTCHA \u003Cstrong>v3\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Checkbox\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA \u003Cstrong>v2 Invisible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form List\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>WordPress default login form\u003C\u002Fli>\n\u003Cli>WordPress default register form\u003C\u002Fli>\n\u003Cli>WordPress default lostpassword form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>WordPress default comment form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">\u003Cstrong>Woocommerce\u003C\u002Fstrong>\u003C\u002Fa> checkout Billing form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add a shortcode \u003Cstrong>[toms_woo_register_form]\u003C\u002Fstrong> for \u003Cstrong>woocommerce register form\u003C\u002Fstrong> on any page you want.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> login form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> register form\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fultimate-member\u002F\" rel=\"ugc\">\u003Cstrong>Ultimate Member\u003C\u002Fstrong>\u003C\u002Fa> lostpassword form\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcontact-form-block\u002F\" rel=\"ugc\">\u003Cstrong>Contact Form Block\u003C\u002Fstrong>\u003C\u002Fa> Contact Form Block\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>more support forms comming soon…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Option settings\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Verify API : \u003Cstrong>Google.com\u003C\u002Fstrong>\u002F\u003Cstrong>Recaptcha.net\u003C\u002Fstrong> \u003Cstrong>—Notice:—\u003C\u002Fstrong> Some country can not use Google verify API, that means Google verify API will not work, even using vpn. If google.com not work try use Recaptcha.net\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Checkbox)  Theme: \u003Cstrong>Light\u003C\u002Fstrong>\u002F\u003Cstrong>Dark\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>reCAPTCHA v2 (Invisible) Badge: \u003Cstrong>Bottom Right\u003C\u002Fstrong>\u002F\u003Cstrong>Bottom Left\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Custom reCAPTCHA Language\u003C\u002Fh4>\n\u003Ch4>Translation ready\u003C\u002Fh4>\n\u003Ch3>Translations\u003C\u002Fh3>\n\u003Cp>Reliance upon any non-English translation is at your own risk; TomS reCAPTCHA can give no guarantees that translations from the original English are accurate.\u003C\u002Fp>\n\u003Cp>We recognise and thank those mentioned at https:\u002F\u002Ftoms-caprice.org\u002Ftranslations for code and\u002For libraries used and\u002For modified under the terms of their open source licences.\u003C\u002Fp>\n","Integrated Google ReCaptcha for WordPress.Protect the login, register, lostpassword and comment forms. Support Woocommerce, Ultimate Member and more p …",600,16788,1,"2023-03-29T08:59:00.000Z","6.2.9","5.8","7.0",[138,139,140,141,123],"block-spam-comments","captcha","nocaptcha","recaptcha","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoms-recaptcha","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoms-recaptcha.1.2.0.zip",{"attackSurface":145,"codeSignals":201,"taintFlows":209,"riskAssessment":210,"analyzedAt":216},{"hooks":146,"ajaxHandlers":197,"restRoutes":198,"shortcodes":199,"cronEvents":200,"entryPointCount":11,"unprotectedCount":11},[147,153,156,161,164,169,173,176,179,183,187,190,194],{"type":148,"name":149,"callback":150,"file":151,"line":152},"filter","comments_open","__return_false","simple-toolkit.php",17,{"type":148,"name":154,"callback":150,"file":151,"line":155},"pings_open",18,{"type":148,"name":157,"callback":158,"priority":159,"file":151,"line":160},"page_row_actions","clwpuu_duplicate_post_link",10,22,{"type":148,"name":162,"callback":158,"priority":159,"file":151,"line":163},"post_row_actions",23,{"type":165,"name":166,"callback":167,"file":151,"line":168},"action","admin_action_clwpuu_duplicate_post","clwpuu_duplicate_post_action",31,{"type":165,"name":170,"callback":171,"file":151,"line":172},"wp_footer","clwpuu_google_analytics_tracking_code",69,{"type":148,"name":174,"callback":150,"file":151,"line":175},"wp_widgets_block_editor_enabled",87,{"type":148,"name":177,"callback":150,"priority":159,"file":151,"line":178},"use_block_editor_for_post",92,{"type":165,"name":180,"callback":181,"file":151,"line":182},"admin_init","clwpuu_regenerate_thumbnails_action",97,{"type":165,"name":184,"callback":185,"file":151,"line":186},"get_header","clwpuu_maintenance_mode_action",124,{"type":148,"name":188,"callback":150,"file":151,"line":189},"xmlrpc_enabled",136,{"type":165,"name":191,"callback":192,"file":151,"line":193},"admin_menu","clwpuu_settings_menu",140,{"type":165,"name":180,"callback":195,"file":151,"line":196},"clwpuu_register_settings",162,[],[],[],[],{"dangerousFunctions":202,"sqlUsage":203,"outputEscaping":205,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":132,"bundledLibraries":208},[],{"prepared":11,"raw":11,"locations":204},[],{"escaped":206,"rawEcho":11,"locations":207},7,[],[],[],{"summary":211,"deductions":212},"The static analysis of the 'simple-toolkit' plugin v1.0.0 reveals a generally strong security posture, particularly in its handling of SQL queries and output escaping. The complete absence of dangerous functions, file operations, and external HTTP requests is a significant positive. Furthermore, the lack of any reported vulnerabilities in its history indicates a mature and well-maintained codebase. The presence of one capability check, while minimal, suggests some level of access control is being implemented.\n\nHowever, the analysis also highlights a near-complete absence of any identifiable attack surface, with zero AJAX handlers, REST API routes, shortcodes, or cron events. This could indicate that the plugin is either very simple or its functionality is exposed through other means not captured by this static analysis. The absence of nonce checks is a concern, as these are crucial for preventing CSRF attacks, especially if any form of user interaction or data modification is possible. The taint analysis showing zero flows is also notable, suggesting that either there are no data flows to analyze or the data flows are adequately sanitized. The complete lack of unpatched CVEs is highly commendable.\n\nIn conclusion, 'simple-toolkit' v1.0.0 exhibits good coding practices regarding SQL and output sanitation, and a clean vulnerability history. The primary area of potential concern, based on the provided data, is the lack of nonce checks, which could leave it susceptible to CSRF if any user-initiated actions are present. The minimal attack surface is also worth noting, suggesting a focused functionality. Overall, the plugin appears to be securely coded for its current version and historical context, with the nonce check being the most evident area for potential improvement.",[213],{"reason":214,"points":215},"Missing nonce checks",5,"2026-03-17T07:06:57.582Z",{"wat":218,"direct":223},{"assetPaths":219,"generatorPatterns":220,"scriptPaths":221,"versionParams":222},[],[],[],[],{"cssClasses":224,"htmlComments":225,"htmlAttributes":226,"restEndpoints":227,"jsGlobals":228,"shortcodeOutput":230},[],[],[],[],[229],"gtag",[],{"error":232,"url":233,"statusCode":234,"statusMessage":235,"message":235},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fsimple-toolkit\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":11,"versions":237},[]]