[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWYVw4NiMzhhs33PzXXAxkKgIUKg2JwjoXarOmkPw74s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":147,"fingerprints":306},"small-wp-security","Small WP Security – SP SWS","1.2","Alex Kuimov","https:\u002F\u002Fprofiles.wordpress.org\u002Fspoot1986\u002F","\u003Cp>Small WP Security is a WordPress plugin which provides the basic security of your site.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cp>Meta tags and Link:\u003Cbr \u002F>\n– Remove RSD Link (EditURI Link),\u003Cbr \u002F>\n– Remove WLW Manifest Link,\u003Cbr \u002F>\n– Remove Shortlink,\u003Cbr \u002F>\n– Remove Prev\u002FNext Links,\u003Cbr \u002F>\n– Remove Canonical Link,\u003Cbr \u002F>\n– Remove DNS Prefetch Link,\u003Cbr \u002F>\n– Remove WP API Links and Scripts.\u003C\u002Fp>\n\u003Cp>Hide WP Version:\u003Cbr \u002F>\n– Remove WordPress generator version,\u003Cbr \u002F>\n– Remove WordPress version parameter from JS and CSS files.\u003C\u002Fp>\n\u003Cp>Remove RSS:\u003Cbr \u002F>\n– Clean up site head from the feed links and redirect them to the home page.\u003C\u002Fp>\n\u003Cp>Security Headers:\u003Cbr \u002F>\n– Remove Shortlink from HTTP Headers,\u003Cbr \u002F>\n– Remove X-Pingback from HTTP Headers,\u003Cbr \u002F>\n– Remove X-Powered-By from HTTP Headers,\u003Cbr \u002F>\n– Add X-Frame-Options,\u003Cbr \u002F>\n– Add X-XSS-Protection,\u003Cbr \u002F>\n– Add X-Content-Type-Options.\u003C\u002Fp>\n\u003Cp>Remove Emoji:\u003Cbr \u002F>\n– Remove Emoji Styles and Scripts.\u003C\u002Fp>\n\u003Cp>Comments links:\u003Cbr \u002F>\n– Remove Author′s Link,\u003Cbr \u002F>\n– Disable Auto Link.\u003C\u002Fp>\n","Small WP Security is a WordPress plugin which provides the basic security of your site.",50,1796,100,1,"2018-08-21T06:36:00.000Z","4.9.29","4.5.3","",[20,21,22,23,24],"hide-wp-version","remove-emoji","remove-rsd-link","remove-rss","security-headers","https:\u002F\u002Fcms3.ru\u002Fsp-wp-security\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsmall-wp-security.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":27,"computed_at":38},"spoot1986",9,2490,87,30,"2026-04-03T23:29:08.824Z",[40,65,86,108,129],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":60,"download_link":61,"security_score":62,"vuln_count":63,"unpatched_count":28,"last_vuln_date":64,"fetched_at":30},"http-headers","HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,715994,86,70,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[57,58,59,41,24],"cors-headers","csp-header","custom-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",91,4,"2023-07-13 00:00:00",{"slug":66,"name":67,"version":68,"author":69,"author_profile":70,"description":71,"short_description":72,"active_installs":73,"downloaded":74,"rating":50,"num_ratings":75,"last_updated":76,"tested_up_to":77,"requires_at_least":78,"requires_php":79,"tags":80,"homepage":18,"download_link":85,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"csp-manager","Content Security Policy Manager","1.2.1","Patrick Sletvold","https:\u002F\u002Fprofiles.wordpress.org\u002F16patsle\u002F","\u003Cp>\u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong> is a WordPress plugin that allows you to easily configure \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FCSP\" rel=\"nofollow ugc\">Content Security Policy headers\u003C\u002Fa> for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.\u003C\u002Fp>\n\u003Cp>Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.\u003C\u002Fp>\n","Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors",2000,33739,6,"2022-08-09T17:33:00.000Z","6.1.10","4.6","7.2",[81,82,83,24,84],"content-security-policy","csp","security","xss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-manager.1.2.1.zip",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":94,"downloaded":95,"rating":96,"num_ratings":75,"last_updated":97,"tested_up_to":98,"requires_at_least":99,"requires_php":100,"tags":101,"homepage":106,"download_link":107,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"no-nonsense","No Nonsense","3.6.5","Room 34 Creative Services, LLC","https:\u002F\u002Fprofiles.wordpress.org\u002Froom34\u002F","\u003Cp>For professional developers working with WordPress, the first steps in any new build frequently involve deleting default content and turning off built-in settings. This plugin encapsulates many of those tasks on a single, clean configuration screen.\u003C\u002Fp>\n","The fastest, cleanest way to get rid of the parts of WordPress you don't need.",1000,40253,90,"2026-01-06T19:06:00.000Z","6.9.4","4.9","7.0",[102,21,103,104,105],"remove-comments","remove-howdy","remove-wordpress-logo","remove-xml-rpc","https:\u002F\u002Fnononsensewp.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-nonsense.3.6.5.zip",{"slug":109,"name":110,"version":68,"author":111,"author_profile":112,"description":113,"short_description":114,"active_installs":94,"downloaded":115,"rating":116,"num_ratings":117,"last_updated":118,"tested_up_to":119,"requires_at_least":120,"requires_php":121,"tags":122,"homepage":18,"download_link":127,"security_score":128,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"remove-rss-feed","Remove RSS Feed","Boopathi Rajan","https:\u002F\u002Fprofiles.wordpress.org\u002Fboopathi0001\u002F","\u003Cp>Remove RSS Feed is the best plugin to remove RSS feed from your website.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FvO9ZiDhLv28?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cp>Kindly let us know your feedback or comments to add more features in this plugin.\u003C\u002Fp>\n","Remove RSS Feed is the best plugin to remove RSS feed from your website.",14852,84,5,"2024-07-31T07:20:00.000Z","6.6.5","4.3","5.2.4",[123,124,125,109,126],"hide-rss-feed","manage-rss-feed","remove-feed","rss-feed","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fremove-rss-feed.1.2.1.zip",92,{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":13,"num_ratings":139,"last_updated":140,"tested_up_to":98,"requires_at_least":141,"requires_php":100,"tags":142,"homepage":18,"download_link":146,"security_score":13,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"security-header","HTTP Security Header","3.1","MOHIT GOYAL","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohitgoyal1108\u002F","\u003Cp>\u003Cstrong>HTTP Security Header\u003C\u002Fstrong> helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.\u003C\u002Fp>\n\u003Cp>This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.\u003C\u002Fp>\n\u003Ch3>🔎 Scan Your Website Security Headers\u003C\u002Fh3>\n\u003Cp>Before configuring headers, instantly check your website’s current security score using our online header scanner:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Finspiredmonks.com\u002Fhttp-security-header-scanner\u002F\" rel=\"nofollow ugc\">Scan Your Website Security Headers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✔ Enter your website URL\u003Cbr \u002F>\n✔ Get instant Security Grade (A+ to F)\u003Cbr \u002F>\n✔ See which headers are Present or Missing\u003Cbr \u002F>\n✔ Get clear, actionable recommendations\u003Cbr \u002F>\n✔ Easily fix them using this plugin\u003C\u002Fp>\n\u003Cp>Used by thousands of websites to enhance security and protect user data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual toggles for enabling\u002Fdisabling headers\u003Cbr \u002F>\n– Option to use \u003Cstrong>default or custom header values\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure fallback if a header is misconfigured\u003Cbr \u002F>\n– Integrated \u003Cstrong>header validation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Support for all major browser-supported headers\u003Cbr \u002F>\n– Nonce-based saving and admin notices\u003Cbr \u002F>\n– WP Multisite compatible\u003Cbr \u002F>\n– “Disable All” and “Reset to Important Headers” actions\u003Cbr \u002F>\n– Per-header input validation with real-time error fallback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Strict-Transport-Security (HSTS)\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Content-Security-Policy\u003Cbr \u002F>\n* Permissions-Policy\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight and performance-focused  \u003C\u002Fli>\n\u003Cli>No front-end impact  \u003C\u002Fli>\n\u003Cli>Choose default or custom header values  \u003C\u002Fli>\n\u003Cli>Secure validation and auto-fallbacks  \u003C\u002Fli>\n\u003Cli>Seamless plugin compatibility (including WP Rocket)  \u003C\u002Fli>\n\u003Cli>Fully translation-ready and i18n-compliant  \u003C\u002Fli>\n\u003Cli>Nonce-protected admin save actions  \u003C\u002Fli>\n\u003Cli>Optional reset-to-default support  \u003C\u002Fli>\n\u003Cli>Reset or disable all headers with one click\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.",800,4254,3,"2025-12-30T17:44:00.000Z","5.0",[143,81,144,24,145],"clickjacking","http-security-header","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header.3.1.zip",{"attackSurface":148,"codeSignals":212,"taintFlows":271,"riskAssessment":299,"analyzedAt":305},{"hooks":149,"ajaxHandlers":208,"restRoutes":209,"shortcodes":210,"cronEvents":211,"entryPointCount":28,"unprotectedCount":28},[150,155,159,163,169,172,176,179,182,185,188,191,193,197,200,204],{"type":151,"name":152,"callback":153,"file":154,"line":117},"action","plugins_loaded","sp_wp_security_languages","sp-wp-functions.php",{"type":151,"name":156,"callback":157,"file":158,"line":117},"admin_menu","sp_wp_security_admin_menu_setup","sp-wp-security-admin.php",{"type":151,"name":160,"callback":161,"file":162,"line":63},"init","sp_wp_security_plugin_init","sp-wp-security-core.php",{"type":164,"name":165,"callback":166,"priority":167,"file":162,"line":168},"filter","style_loader_src","sp_wp_security_remove_wp_ver_css_js",9999,60,{"type":164,"name":170,"callback":166,"priority":167,"file":162,"line":171},"script_loader_src",61,{"type":151,"name":173,"callback":174,"priority":14,"file":162,"line":175},"do_feed","sp_wp_security_remove_rss",79,{"type":151,"name":177,"callback":174,"priority":14,"file":162,"line":178},"do_feed_rdf",80,{"type":151,"name":180,"callback":174,"priority":14,"file":162,"line":181},"do_feed_rss",81,{"type":151,"name":183,"callback":174,"priority":14,"file":162,"line":184},"do_feed_rss2",82,{"type":151,"name":186,"callback":174,"priority":14,"file":162,"line":187},"do_feed_atom",83,{"type":151,"name":189,"callback":190,"priority":94,"file":162,"line":128},"wp","closure",{"type":151,"name":189,"callback":190,"priority":94,"file":162,"line":192},94,{"type":164,"name":194,"callback":195,"file":162,"line":196},"tiny_mce_plugins","sp_wp_security_disable_emojis_tinymce",131,{"type":151,"name":160,"callback":198,"file":162,"line":199},"sp_wp_security_disable_emojis",134,{"type":164,"name":201,"callback":202,"file":162,"line":203},"get_comment_author_link","sp_wp_security_remove_comment_author_url",146,{"type":151,"name":205,"callback":206,"file":207,"line":63},"admin_enqueue_scripts","sp_wp_security_style_admin","sp-wp-security-style.php",[],[],[],[],{"dangerousFunctions":213,"sqlUsage":214,"outputEscaping":216,"fileOperations":28,"externalRequests":28,"nonceChecks":269,"capabilityChecks":28,"bundledLibraries":270},[],{"prepared":28,"raw":28,"locations":215},[],{"escaped":75,"rawEcho":217,"locations":218},27,[219,222,224,225,227,229,231,232,233,234,235,237,239,241,243,245,247,249,251,253,255,257,259,261,263,265,267],{"file":158,"line":220,"context":221},49,"raw output",{"file":158,"line":223,"context":221},56,{"file":158,"line":171,"context":221},{"file":158,"line":226,"context":221},63,{"file":158,"line":228,"context":221},69,{"file":158,"line":230,"context":221},72,{"file":158,"line":175,"context":221},{"file":158,"line":181,"context":221},{"file":158,"line":36,"context":221},{"file":158,"line":96,"context":221},{"file":158,"line":236,"context":221},97,{"file":158,"line":238,"context":221},99,{"file":158,"line":240,"context":221},105,{"file":158,"line":242,"context":221},108,{"file":158,"line":244,"context":221},115,{"file":158,"line":246,"context":221},117,{"file":158,"line":248,"context":221},123,{"file":158,"line":250,"context":221},126,{"file":158,"line":252,"context":221},133,{"file":158,"line":254,"context":221},135,{"file":158,"line":256,"context":221},141,{"file":158,"line":258,"context":221},144,{"file":158,"line":260,"context":221},151,{"file":158,"line":262,"context":221},153,{"file":158,"line":264,"context":221},159,{"file":158,"line":266,"context":221},162,{"file":158,"line":268,"context":221},166,2,[],[272,291],{"entryPoint":273,"graph":274,"unsanitizedCount":28,"severity":290},"sp_wp_security_admin_page_screen (sp-wp-security-admin.php:17)",{"nodes":275,"edges":287},[276,281],{"id":277,"type":278,"label":279,"file":158,"line":280},"n0","source","$_POST (x6)",23,{"id":282,"type":283,"label":284,"file":158,"line":285,"wp_function":286},"n1","sink","update_option() [Settings Manipulation]",41,"update_option",[288],{"from":277,"to":282,"sanitized":289},true,"low",{"entryPoint":292,"graph":293,"unsanitizedCount":28,"severity":290},"\u003Csp-wp-security-admin> (sp-wp-security-admin.php:0)",{"nodes":294,"edges":297},[295,296],{"id":277,"type":278,"label":279,"file":158,"line":280},{"id":282,"type":283,"label":284,"file":158,"line":285,"wp_function":286},[298],{"from":277,"to":282,"sanitized":289},{"summary":300,"deductions":301},"The small-wp-security plugin v1.2 exhibits a generally positive security posture based on the provided static analysis. The complete absence of attack surface points like AJAX handlers, REST API routes, and shortcodes, especially without authentication checks, significantly reduces its exploitability.  Furthermore, the plugin demonstrates good practices by not utilizing dangerous functions, performing file operations, or making external HTTP requests, and all SQL queries are protected with prepared statements. The presence of nonce checks and the lack of recorded vulnerability history are also strong indicators of a well-maintained and secure plugin.\n\nHowever, a significant concern arises from the output escaping. With 33 total outputs and only 18% properly escaped, there is a high probability of cross-site scripting (XSS) vulnerabilities. While no specific taint flows with unsanitized paths were detected, this high rate of unescaped output represents a substantial risk.  The complete lack of capability checks, while not directly an attack surface, means that even if functionalities were present, they wouldn't be restricted by user roles, which could be a secondary concern if the plugin evolves to include sensitive operations.\n\nIn conclusion, small-wp-security v1.2 scores well on preventing direct attacks due to its limited attack surface and secure data handling for SQL.  The primary weakness lies in the insufficient output escaping, which warrants immediate attention to mitigate XSS risks. The absence of past vulnerabilities is a strength, suggesting diligent development, but the current output escaping issue needs to be addressed to maintain this secure standing.",[302],{"reason":303,"points":304},"Insufficient output escaping",10,"2026-03-16T21:55:38.756Z",{"wat":307,"direct":314},{"assetPaths":308,"generatorPatterns":311,"scriptPaths":312,"versionParams":313},[309,310],"\u002Fwp-content\u002Fplugins\u002Fsmall-wp-security\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fsmall-wp-security\u002Fassets\u002Fcss\u002Ffont-awesome.css",[],[],[],{"cssClasses":315,"htmlComments":316,"htmlAttributes":317,"restEndpoints":318,"jsGlobals":319,"shortcodeOutput":320},[],[],[],[],[],[]]