[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fI6pXkKqkh3IzhsWFyGAPvsUIvQxBWFVm5p9r68HYImw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":20,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":31,"analysis":32,"fingerprints":285},"snillrik-settings","Snillrik Settings","1.5.0","mattiaspkallio","https:\u002F\u002Fprofiles.wordpress.org\u002Fmattiaspkallio\u002F","\u003Cp>To easily turn on and off some settings that often is done with hooks, hacks or filters in WordPress.\u003C\u002Fp>\n\u003Ch3>Turn off Gutenberg\u003C\u002Fh3>\n\u003Cp>To turn off the default editor and use classic instead.\u003C\u002Fp>\n\u003Ch3>Turn off new Widgets\u003C\u002Fh3>\n\u003Cp>To use classic widgets instead of the new.\u003C\u002Fp>\n\u003Ch3>Turn off comments\u003C\u002Fh3>\n\u003Cp>For turning off the comments, both the fronten and in admin. Does not delete old comments.\u003C\u002Fp>\n\u003Ch3>Redirect login\u003C\u002Fh3>\n\u003Cp>Select a page to redirect to after logging in. Admins will still redirect to wp-admin.\u003C\u002Fp>\n\u003Ch3>Redirect logout\u003C\u002Fh3>\n\u003Cp>Select a page to redirect to after logging out.\u003C\u002Fp>\n\u003Ch3>Redirect profile\u003C\u002Fh3>\n\u003Cp>Select a page to redirect the profile link to, (the one in the admin bar etc.)\u003C\u002Fp>\n\u003Ch3>login logo\u003C\u002Fh3>\n\u003Cp>Use the logo set in the customizer as login logo. If no logo is set, it will use the default logo.\u003C\u002Fp>\n\u003Ch3>Titles on pages\u003C\u002Fh3>\n\u003Cp>Filter the_title -function to not show a title if there is a H1 in content. The Idea is that if you have a large image or other stuff that you want above the title, you just add a H1 where you want it and the automatic one will not be shown.\u003C\u002Fp>\n\u003Ch3>Admin toolbar in frontend\u003C\u002Fh3>\n\u003Cp>Does not show the toolbar in fronted. You can select witch roles that should still see it.\u003C\u002Fp>\n\u003Ch3>E-mails\u003C\u002Fh3>\n\u003Cp>Redirect all emails to admin to ensure that customers or users get no emails.\u003Cbr \u002F>\nProbably mostly used for development and testing.\u003C\u002Fp>\n\u003Ch3>Default email\u003C\u002Fh3>\n\u003Cp>Set the default name and email address for all emails sent from the site. ie the wordpress@mydomain.org mail.\u003C\u002Fp>\n\u003Ch3>XMLRPC\u003C\u002Fh3>\n\u003Cp>Turn off xmlrpc.php xmlrpc is used to communicate with WP and is mostly not used, but it is a way for haxxor type people to attack your site.\u003C\u002Fp>\n\u003Ch3>Speculative loading\u003C\u002Fh3>\n\u003Cp>This turns off, or sets the mode and eagerness, of the Speculative loading of the page. This is a new feature in WP 6.8 that loads the page before you click on it.\u003Cbr \u002F>\nWhile it’s mostly a good feature, but i might need some tweaking or turning off.\u003C\u002Fp>\n\u003Ch3>WooCommerce\u003C\u002Fh3>\n\u003Cp>If WooCommerce is active on the site, you can choose to redirect to Checkout after “add to cart”, so skipping the cart-part.\u003C\u002Fp>\n\u003Cp>A very simple honeypot-function for the register form.\u003C\u002Fp>\n\u003Ch3>Get the WordPress customizer back\u003C\u002Fh3>\n\u003Cp>In themes like the Twentytwentytwo it’s really hard to find the link to the customizer. This adds it under Appearance, …where he belongs!\u003C\u002Fp>\n\u003Ch3>Colors for Categories.\u003C\u002Fh3>\n\u003Cp>Add a color field to the category to be able to add a color to the category. you get it by using something like this:\u003Cbr \u002F>\nget_term_meta( $post_term_id, ‘category_color’, true )\u003C\u002Fp>\n\u003Cp>It has a filter for what taxonomies to use, so it can be used for other taxonomies than categories.\u003Cbr \u002F>\nadd_filter(“snset_categories_for_categorycolor”, function ($taxonomies) {\u003Cbr \u002F>\n    $taxonomies[] = “dude-type”;\u003Cbr \u002F>\n    return $taxonomies;\u003Cbr \u002F>\n}, 10, 1);\u003C\u002Fp>\n\u003Ch3>Upload SVG\u003C\u002Fh3>\n\u003Cp>Allow SVG uploads to the media library. This is a security risk, so use it with caution\u003C\u002Fp>\n\u003Ch3>Remove WP Emoji\u003C\u002Fh3>\n\u003Cp>Remove the WP Emoji script and styles. This is a performance improvement, since it removes a lot of unnecessary code that is loaded on every page.\u003C\u002Fp>\n","To easily turn on and off some settings that often is done with hooks, hacks or filters in WordPress.",30,1706,0,"2026-01-06T15:04:00.000Z","6.9.4","4.5","7.4.0",[19],"common-settings","http:\u002F\u002Fwww.snillrik.se\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsnillrik-settings.1.5.0.zip",100,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":22,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},3,404,79,"2026-04-04T13:58:07.637Z",[],{"attackSurface":33,"codeSignals":218,"taintFlows":272,"riskAssessment":273,"analyzedAt":284},{"hooks":34,"ajaxHandlers":204,"restRoutes":214,"shortcodes":215,"cronEvents":216,"entryPointCount":217,"unprotectedCount":217},[35,41,45,50,53,57,60,62,67,69,72,74,76,79,82,85,87,90,92,94,97,100,103,105,109,112,115,118,122,124,126,128,131,134,136,139,142,145,147,150,152,155,158,161,163,165,167,169,171,175,179,181,184,186,189,192,195,199],{"type":36,"name":37,"callback":38,"file":39,"line":40},"action","admin_init","register","classes\\admintoolbar.php",12,{"type":36,"name":42,"callback":43,"file":39,"line":44},"init","after_init",15,{"type":46,"name":47,"callback":48,"file":39,"line":49},"filter","show_admin_bar","__return_false",32,{"type":36,"name":37,"callback":38,"file":51,"line":52},"classes\\blockeditor.php",14,{"type":46,"name":54,"callback":48,"priority":55,"file":51,"line":56},"use_block_editor_for_post",10,17,{"type":46,"name":58,"callback":48,"priority":55,"file":51,"line":59},"use_block_editor_for_post_type",18,{"type":36,"name":37,"callback":38,"file":61,"line":40},"classes\\blockemails.php",{"type":46,"name":63,"callback":64,"priority":65,"file":61,"line":66},"wp_mail","redirect_mail",9999,16,{"type":36,"name":37,"callback":38,"file":68,"line":40},"classes\\categorycolor.php",{"type":36,"name":70,"callback":71,"file":68,"line":66},"edit_term","save_color_field",{"type":36,"name":73,"callback":71,"file":68,"line":56},"create_term",{"type":36,"name":37,"callback":38,"file":75,"line":40},"classes\\change_email.php",{"type":46,"name":77,"callback":78,"file":75,"line":66},"wp_mail_from","from_email",{"type":46,"name":80,"callback":81,"file":75,"line":56},"wp_mail_from_name","from_name",{"type":36,"name":37,"callback":38,"file":83,"line":84},"classes\\classic_widgets.php",13,{"type":46,"name":86,"callback":48,"file":83,"line":59},"gutenberg_use_widgets_block_editor",{"type":46,"name":88,"callback":48,"file":83,"line":89},"use_widgets_block_editor",20,{"type":36,"name":37,"callback":38,"file":91,"line":84},"classes\\comments.php",{"type":36,"name":37,"callback":93,"file":91,"line":56},"disable_comments_post_types_support",{"type":46,"name":95,"callback":96,"priority":89,"file":91,"line":59},"comments_open","disable_comments_status",{"type":46,"name":98,"callback":96,"priority":89,"file":91,"line":99},"pings_open",19,{"type":46,"name":101,"callback":102,"priority":55,"file":91,"line":89},"comments_array","disable_comments_hide_existing_comments",{"type":46,"name":101,"callback":102,"priority":55,"file":91,"line":104},21,{"type":36,"name":106,"callback":107,"file":91,"line":108},"admin_menu","disable_comments_admin_menu",22,{"type":36,"name":37,"callback":110,"file":91,"line":111},"disable_comments_admin_menu_redirect",23,{"type":36,"name":37,"callback":113,"file":91,"line":114},"disable_comments_dashboard",24,{"type":36,"name":42,"callback":116,"file":91,"line":117},"disable_comments_admin_bar",25,{"type":46,"name":119,"callback":120,"priority":55,"file":91,"line":121},"comments_template","filter_comments_template",26,{"type":36,"name":37,"callback":38,"file":123,"line":84},"classes\\customizer.php",{"type":36,"name":37,"callback":125,"file":123,"line":66},"snillrik_customizer_link",{"type":36,"name":37,"callback":38,"file":127,"line":84},"classes\\loginpage.php",{"type":36,"name":129,"callback":130,"file":127,"line":66},"login_head","custom_login_logo",{"type":36,"name":132,"callback":133,"file":127,"line":56},"login_headerurl","custom_login_url",{"type":36,"name":37,"callback":38,"file":135,"line":84},"classes\\redirects.php",{"type":46,"name":137,"callback":138,"priority":55,"file":135,"line":99},"login_redirect","redirect_to_page",{"type":46,"name":140,"callback":141,"priority":55,"file":135,"line":108},"wp_logout","redirect_logout",{"type":46,"name":143,"callback":144,"file":135,"line":117},"edit_profile_url","redirect_profile",{"type":36,"name":37,"callback":38,"file":146,"line":40},"classes\\turnoffspeculation.php",{"type":46,"name":148,"callback":149,"file":146,"line":66},"wp_speculation_rules_configuration","closure",{"type":36,"name":37,"callback":38,"file":151,"line":84},"classes\\turnofftitle.php",{"type":46,"name":153,"callback":154,"priority":55,"file":151,"line":56},"the_title","title_update",{"type":46,"name":156,"callback":157,"priority":55,"file":151,"line":59},"pre_wp_nav_menu","remove_title_filter_nav_menu",{"type":46,"name":159,"callback":160,"priority":55,"file":151,"line":99},"wp_nav_menu_items","add_title_filter_non_menu",{"type":46,"name":153,"callback":154,"priority":55,"file":151,"line":162},72,{"type":36,"name":37,"callback":38,"file":164,"line":84},"classes\\turnoffxmlrpc.php",{"type":46,"name":166,"callback":48,"file":164,"line":56},"xmlrpc_enabled",{"type":36,"name":37,"callback":38,"file":168,"line":44},"classes\\turoffwpemoji.php",{"type":36,"name":42,"callback":170,"file":168,"line":59},"disable_emojis",{"type":46,"name":172,"callback":173,"file":168,"line":174},"tiny_mce_plugins","disable_emojis_tinymce",55,{"type":46,"name":176,"callback":177,"priority":55,"file":168,"line":178},"wp_resource_hints","disable_emojis_remove_dns_prefetch",56,{"type":36,"name":37,"callback":38,"file":180,"line":44},"classes\\uploads.php",{"type":46,"name":182,"callback":183,"priority":55,"file":180,"line":59},"upload_mimes","snillrik_upload_mimes",{"type":36,"name":37,"callback":38,"file":185,"line":84},"classes\\woocommerce.php",{"type":46,"name":187,"callback":188,"file":185,"line":66},"woocommerce_add_to_cart_redirect","redirect_checkout_add_cart",{"type":36,"name":190,"callback":191,"priority":65,"file":185,"line":104},"woocommerce_register_form","register_form_honeypot",{"type":46,"name":193,"callback":194,"priority":65,"file":185,"line":108},"woocommerce_registration_errors","register_form_honeypot_check",{"type":36,"name":106,"callback":196,"file":197,"line":198},"snillrik_settings_create_menu","settings.php",9,{"type":36,"name":200,"callback":201,"file":202,"line":203},"admin_enqueue_scripts","snillrik_settings_addCSScripts","snillrik-settings.php",51,[205,210],{"action":206,"nopriv":207,"callback":208,"hasNonce":207,"hasCapCheck":207,"file":209,"line":40},"snillrik_delete_transients",false,"delete_transients","classes\\ajax_deletetransients.php",{"action":211,"nopriv":207,"callback":212,"hasNonce":207,"hasCapCheck":207,"file":213,"line":40},"snillrik_force_plugins","force_plugins","classes\\ajax_forceplugins.php",[],[],[],2,{"dangerousFunctions":219,"sqlUsage":220,"outputEscaping":222,"fileOperations":13,"externalRequests":13,"nonceChecks":270,"capabilityChecks":13,"bundledLibraries":271},[],{"prepared":217,"raw":13,"locations":221},[],{"escaped":223,"rawEcho":111,"locations":224},43,[225,228,230,232,234,236,238,239,241,242,244,246,248,250,252,254,256,258,260,262,264,266,268],{"file":68,"line":226,"context":227},52,"raw output",{"file":68,"line":229,"context":227},65,{"file":68,"line":231,"context":227},94,{"file":127,"line":233,"context":227},36,{"file":185,"line":235,"context":227},31,{"file":197,"line":237,"context":227},48,{"file":197,"line":178,"context":227},{"file":197,"line":240,"context":227},64,{"file":197,"line":162,"context":227},{"file":197,"line":243,"context":227},82,{"file":197,"line":245,"context":227},90,{"file":197,"line":247,"context":227},98,{"file":197,"line":249,"context":227},106,{"file":197,"line":251,"context":227},118,{"file":197,"line":253,"context":227},126,{"file":197,"line":255,"context":227},134,{"file":197,"line":257,"context":227},146,{"file":197,"line":259,"context":227},154,{"file":197,"line":261,"context":227},162,{"file":197,"line":263,"context":227},174,{"file":197,"line":265,"context":227},182,{"file":197,"line":267,"context":227},190,{"file":197,"line":269,"context":227},198,1,[],[],{"summary":274,"deductions":275},"The \"snillrik-settings\" v1.5.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and showing a high percentage of properly escaped output.  The absence of file operations, external HTTP requests, and bundled libraries further reduces potential attack vectors.  Furthermore, the vulnerability history is clean, with no recorded CVEs, suggesting a historically stable codebase.\n\nHowever, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers, both of which lack authentication checks. This represents a substantial attack surface that could be exploited by unauthenticated users to trigger unintended actions or access sensitive data. The lack of capability checks on these entry points exacerbates this risk, as any user, regardless of their role or permissions, could potentially interact with these handlers.\n\nIn conclusion, while the plugin uses secure coding practices for database interactions and output handling, the unprotected AJAX endpoints are a critical vulnerability. The absence of any recorded vulnerabilities in its history is a positive sign, but it does not negate the immediate risks posed by the exposed AJAX functionality. Mitigation efforts should prioritize securing these entry points.",[276,278,281],{"reason":277,"points":55},"AJAX handlers without authentication checks",{"reason":279,"points":280},"AJAX handlers without capability checks",5,{"reason":282,"points":283},"Some output not properly escaped",4,"2026-03-16T22:31:05.528Z",{"wat":286,"direct":299},{"assetPaths":287,"generatorPatterns":292,"scriptPaths":293,"versionParams":294},[288,289,290,291],"\u002Fwp-content\u002Fplugins\u002Fsnillrik-settings\u002Fcss\u002Fsettings-page.css","\u002Fwp-content\u002Fplugins\u002Fsnillrik-settings\u002Fcss\u002Fsnillrik-settings.css","\u002Fwp-content\u002Fplugins\u002Fsnillrik-settings\u002Fjs\u002Fjscolor.min.js","\u002Fwp-content\u002Fplugins\u002Fsnillrik-settings\u002Fjs\u002Fsnillrik-settings.js",[],[290,291],[295,296,297,298],"snillrik-settings\u002Fcss\u002Fsettings-page.css?ver=","snillrik-settings\u002Fcss\u002Fsnillrik-settings.css?ver=","snillrik-settings\u002Fjs\u002Fjscolor.min.js?ver=","snillrik-settings\u002Fjs\u002Fsnillrik-settings.js?ver=",{"cssClasses":300,"htmlComments":302,"htmlAttributes":303,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":313},[301],"snillrik-settings-slider",[],[304,305,306,307],"id=\"snillrik_settings_turnoffemoji\"","name=\"snillrik_settings_turnoffemoji\"","id=\"snillrik_settings_categorycolor\"","name=\"snillrik_settings_categorycolor\"",[],[310,311,312],"SNILLRIK_SETTINGS_PLUGIN_URL","SNILLRIK_SETTINGS_NAME","SNILLRIK_SETTINGS_SWITCHNAME",[]]