[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fG3r7u-K00n8PtK2XzFFI9eLp-kA6U591r4fKSxX3LPI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":160,"crawl_stats":38,"alternatives":168,"analysis":275,"fingerprints":792},"system-dashboard","System Dashboard","2.8.21","Bowo","https:\u002F\u002Fprofiles.wordpress.org\u002Fqriouslad\u002F","\u003Cp>This plugin provides a central dashboard to monitor various WordPress components, processes and data, including server hardware, software and resource usage. Pairs well with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fquery-monitor\u002F\" rel=\"ugc\">Query Monitor\u003C\u002Fa> to help you do some solid dev work.\u003C\u002Fp>\n\u003Cp>\u003Cem>“\u003Cstrong>A must-have for serious WordPress developers\u003C\u002Fstrong>.”\u003C\u002Fem> ~\u003Ca href=\"https:\u002F\u002Fdigwp.com\u002F2023\u002F06\u002Fplugins-troubleshoot-debug-wordpress\u002F\" rel=\"nofollow ugc\">Jeff Starr\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>“\u003Cstrong>A power tool\u003C\u002Fstrong> for WordPress site builders and plugin\u002Ftheme developers that \u003Cstrong>will save a ton of time\u003C\u002Fstrong>.”\u003C\u002Fem> ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-swiss-army-knife-with-on-board-nuclear-reactor\u002F\" rel=\"ugc\">Ivan Arnaudov\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cem>“Hands down \u003Cstrong>one of the best plugins for developers\u003C\u002Fstrong>. Keep up the good work!”\u003C\u002Fem> ~\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fsimple-yet-effective-71\u002F\" rel=\"ugc\">Abracadabra DGTL\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Despite having 20 WordPress modules and 4 server modules, the single-page dashboard loads fast as queries are optimized and most modules employ fast AJAX loading of data. It does not weight down wp-admin, and nothing is loaded on the front-end. Install, activate and let it sit there ready to summon the info\u002Fdata you need.\u003C\u002Fp>\n\u003Cp>To preview the module screenshots more easily, please scroll down the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fqriouslad\u002Fsystem-dashboard\" rel=\"nofollow ugc\">github repo\u003C\u002Fa>. Here’s a rundown of the available modules…\u003C\u002Fp>\n\u003Ch3>WordPress Modules (20)\u003C\u002Fh3>\n\u003Ch4>1. Overview:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Site health status\u003C\u002Fli>\n\u003Cli>Quick stats of active theme and plugins\u003C\u002Fli>\n\u003Cli>Permalink structure\u003C\u002Fli>\n\u003Cli>Search engine visibility\u003C\u002Fli>\n\u003Cli>Timezone and current time\u003C\u002Fli>\n\u003Cli>Your IP address\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2. Database:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Software info\u003C\u002Fli>\n\u003Cli>Uptime\u003C\u002Fli>\n\u003Cli>Data size\u003C\u002Fli>\n\u003Cli>Index size\u003C\u002Fli>\n\u003Cli>List of WP core tables with data\u002Findex size and number of rows\u002Frecords of each table\u003C\u002Fli>\n\u003Cli>List of tables created\u002Fused by themes and plugins with the origin theme\u002Fplugin, data\u002Findex size and number of rows\u002Frecords of each table\u003C\u002Fli>\n\u003Cli>Key database info, e.g. innodb_buffer_pool_size\u003C\u002Fli>\n\u003Cli>Detailed specifications\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3. Post Types & Taxonomies:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of post types and posts count for each\u003C\u002Fli>\n\u003Cli>List of taxonomies and terms count for each\u003C\u002Fli>\n\u003Cli>Comment count\u003C\u002Fli>\n\u003Cli>List of old slugs and the corresponding posts\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4. Media:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of media types and files count for each\u003C\u002Fli>\n\u003Cli>List of allowed mime types and the corresponding file extensions\u003C\u002Fli>\n\u003Cli>List of registered image sizes\u003C\u002Fli>\n\u003Cli>Media handling info, e.g. max file upload size\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>5. Directories:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Root path\u003C\u002Fli>\n\u003Cli>Directory size and total number of files in WP installation, wp-admin, wp-includes, wp-content directory, uploads directory, plugins directory, themes directories\u003C\u002Fli>\n\u003Cli>Filesystem permissions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>6. Custom Fields:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of public custom fields\u003C\u002Fli>\n\u003Cli>List of private custom fields, i.e. keys that start with an undersocre _\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>7. Users:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of user roles and users count for each\u003C\u002Fli>\n\u003Cli>List of roles and capabilities. Including custom roles and custom capabilities.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>8. Options:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Total number of options\u003C\u002Fli>\n\u003Cli>Total number and size of autoloaded options\u003C\u002Fli>\n\u003Cli>Filterable list of options from WordPress core with ID, autoload, size and type info\u003C\u002Fli>\n\u003Cli>Filterable list of options from plugins and theme with ID, autoload, size and type info\u003C\u002Fli>\n\u003Cli>List of 10 autoloaded options with the largest size\u003C\u002Fli>\n\u003Cli>AJAX loading of option value with interactive tree viewer for array and object value types \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>9. Transients:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Total number of transients\u003C\u002Fli>\n\u003Cli>Total number and size of autoloaded transients\u003C\u002Fli>\n\u003Cli>List of transients with expiration, including time left to expiry\u003C\u002Fli>\n\u003Cli>List of expired transients\u003C\u002Fli>\n\u003Cli>List of transients that do not expire\u003C\u002Fli>\n\u003Cli>AJAX loading of transient value with interactive tree viewer for array and object value types \u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>10. Object Cache:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Status of persistent object cache backend\u003C\u002Fli>\n\u003Cli>Stats of cache hit ratio\u003C\u002Fli>\n\u003Cli>List of global groups\u003C\u002Fli>\n\u003Cli>List of non-persistent groups\u003C\u002Fli>\n\u003Cli>List and viewer (AJAX) of cached items in the global $wp_object_cache variable\u003C\u002Fli>\n\u003Cli>List and viewer (AJAX) of cached items in memory. Currently supporting Redis and Memcached backends.\u003C\u002Fli>\n\u003Cli>Diagnostics info (if available)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>11. Cron:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of cron event hooks and recurrences, categorized by core vs non-core\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>12. Rewrite Rules:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of rewrite rules\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>13. Shortcodes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of shortcodes and renderers (callback functions)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>14. Hooks:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Filterable list of action and filter hooks from WordPress core with description, originating file path and link to WordPress Code Reference for each hook\u003C\u002Fli>\n\u003Cli>List of action and filter hooks from the active theme, with description, originating file path and link to file preview in the theme file editor\u003C\u002Fli>\n\u003Cli>List of action and filter hooks from active plugins, with description, originating file path and link to file preview in the plugin file editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>15. Classes:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of classes from WordPress core with methods, originating file path, and link to WordPress Code Reference for each class\u003C\u002Fli>\n\u003Cli>List of classes from the active theme with methods, originating file path, and link to preview the file in the theme file editor\u003C\u002Fli>\n\u003Cli>List of classes from active plugins with methods, originating file path, and link to preview the file in the plugin file editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>16. Functions:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Filterable list of functions from WordPress core with the originating file path and link to WordPress Code Reference for each function\u003C\u002Fli>\n\u003Cli>List of functions from the active theme with the originating file path and link to preview the file in the theme file editor\u003C\u002Fli>\n\u003Cli>List of functions from active plugins with the originating file path and link to preview the file in the plugin file editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>17. Globals:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Categorized list of global variables defined by WordPress\u003C\u002Fli>\n\u003Cli>List of PHP super globals\u003C\u002Fli>\n\u003Cli>List of global variables defined by themes and plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>18. Constants:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>List of defined constants by WordPress core (categorized), as well as by theme and plugins\u003C\u002Fli>\n\u003Cli>Documentation of each constant from WordPress core\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>19. Viewer:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>wp-config.php viewer, including path and writeability info.\u003C\u002Fli>\n\u003Cli>.htaccess viewer\u003C\u002Fli>\n\u003Cli>REST API viewer\u003C\u002Fli>\n\u003Cli>robots.txt viewer\u003C\u002Fli>\n\u003Cli>Link to sitemap\u003C\u002Fli>\n\u003Cli>Viewer for URLs, paths and fragments from various WP core functions and CONSTANTS like get_template_directory_uri() and ABSPATH, as well as those generated by PHP $_SERVER superglobal such as $_SERVER[’REQUEST_URI’]\u003C\u002Fli>\n\u003Cli>Link to recent posts RSS feed\u003C\u002Fli>\n\u003Cli>Link to recent comments RSS feed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>20. Logs:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Page Access log. A simple logger of which pages are being accessed by site visitors. Disabled by default.\u003C\u002Fli>\n\u003Cli>PHP Errors log using native WP_DEBUG constants and a custom name and location for the debug log file for better security. Disabled by default.\u003C\u002Fli>\n\u003Cli>Email Delivery log: will log emails that the WordPress app has sent \u002F tried sending and provide a way to quickly view and search through them. Disabled by default.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Server Modules (3)\u003C\u002Fh3>\n\u003Ch4>1. Overview:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Server operating system\u003C\u002Fli>\n\u003Cli>Web server software\u003C\u002Fli>\n\u003Cli>Server IP address\u003C\u002Fli>\n\u003Cli>Server hostname\u003C\u002Fli>\n\u003Cli>Server location\u003C\u002Fli>\n\u003Cli>Server timezone and current date time\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>2. Monitor:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Server uptime\u003C\u002Fli>\n\u003Cli>Server CPU load average: last 15 minutes, last 5 minutes, last 1 minute\u003C\u002Fli>\n\u003Cli>RAM usage\u003C\u002Fli>\n\u003Cli>Disk usage\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>3. Hardware:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>CPU type\u003C\u002Fli>\n\u003Cli>CPU count and cores count\u003C\u002Fli>\n\u003Cli>Total RAM\u003C\u002Fli>\n\u003Cli>Total disk space\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>4. PHP:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>PHP version\u003C\u002Fli>\n\u003Cli>PHP user\u003C\u002Fli>\n\u003Cli>Key info: max execution time, max input time, max input vars, memory limit, post max size, upload max size, cURL version, allow_url_fopen, fsockopen, SoapClient, DOMDocument, GZip, SUHOSIN, Imagick\u003C\u002Fli>\n\u003Cli>Extensions loaded\u003C\u002Fli>\n\u003Cli>Disabled functions\u003C\u002Fli>\n\u003Cli>Detailed PHP specification from phpinfo()\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>For All WordPress and Server Modules:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>List of relevant tools (plugins) and references (articles) for each module\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Technical Notes\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Requires shell_exec and exec functions enabled for some modules to work properly. e.g. the Hooks > Active Plugins tool.\u003C\u002Fli>\n\u003Cli>There’s an MU (must-use) plugin that unloads all other plugins for admin-ajax calls initiated from the dashboard, so these calls stay fast no matter how complex and big your site is.\u003C\u002Fli>\n\u003Cli>The longest first load is probably the Hooks > Active Plugins tool, which scans action and filter hooks from all active plugins on the site. The more plugins are active, the longer it takes. If your server\u002Fhosting has a low execution time limit, you may need to load the module two or three times for the scan to complete. Once complete, subsequent loads of the module should be much much faster.\u003C\u002Fli>\n\u003Cli>This plugin has been tested to work with servers powered by NGINX, Apache and Litespeed, and also sites using PHP 7+ and 8+.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Give Back\u003C\u002Fh3>\n\u003Cp>About 260 dev hours have been spent towards v2.6.2 so far.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Freview-sd\" rel=\"nofollow ugc\">A nice review\u003C\u002Fa> would be great!\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Ffeedback-sd\" rel=\"nofollow ugc\">Give feedback\u003C\u002Fa> and help improve future versions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Fgithub-sd\" rel=\"nofollow ugc\">Github repo\u003C\u002Fa> to contribute code.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbowo.io\u002Fdotorg-sponsor-sd\" rel=\"nofollow ugc\">Sponsor\u003C\u002Fa> my work.\u003C\u002Fli>\n\u003Cli>Tell your colleagues about System Dashboard.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Check These Out Too\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadmin-site-enhancements\u002F\" rel=\"ugc\">Admin and Site Enhancements\u003C\u002Fa> helps you to easily enhance various admin workflows and site aspects while replacing multiple plugins doing it.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdebug-log-manager\u002F\" rel=\"ugc\">Debug Log Manager\u003C\u002Fa>: Log PHP, database and JavaScript errors via WP_DEBUG with one click. Conveniently create, view, filter and clear the debug.log file.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fvariable-inspector\u002F\" rel=\"ugc\">Variable Inspector\u003C\u002Fa>: Inspect PHP variables on a central dashboard in wp-admin for convenient debugging.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflexible-scroll-top\u002F\" rel=\"ugc\">Flexible Scroll Top\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffloating-share-button\u002F\" rel=\"ugc\">Floating Share Buttons\u003C\u002Fa> is a lightweight combo with minimalist UI.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.wpnewsboard.com\u002F\" rel=\"nofollow ugc\">WordPress Newsboard\u003C\u002Fa>: The latest news, articles, podcasts and videos from 100+ WordPress-focused sources.\u003C\u002Fli>\n\u003C\u002Ful>\n","Central dashboard to monitor various WordPress components, processes and data, including the server.",1000,20609,98,16,"2025-09-19T04:06:00.000Z","6.8.5","4.8","5.6",[20,21,22,23,24],"action-filter-hooks","developer","server-info","system-monitor","wordpress-components","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsystem-dashboard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsystem-dashboard.2.8.21.zip",94,11,0,"2025-09-25 14:44:12","2026-03-15T15:16:48.613Z",[33,48,62,77,92,103,115,128,137,144,153],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":6,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-10377","system-dashboard-cross-site-request-forgery","System Dashboard \u003C= 2.8.20 - Cross-Site Request Forgery","The System Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.20. This is due to missing nonce validation on the sd_toggle_logs() function. This makes it possible for unauthenticated attackers to toggle critical logging settings including Page Access Logs, Error Logs, and Email Delivery Logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=2.8.20","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-09-26 03:25:35",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fea38e16f-4012-4d22-9a47-76f91251e1d7?source=api-prod",1,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":38,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":41,"cvss_vector":55,"vuln_type":56,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-26911","system-dashboard-authenticated-subscriber-sensitive-information-exposure","System Dashboard \u003C= 2.8.18 - Authenticated (Subscriber+) Sensitive Information Exposure","The System Dashboard plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.","\u003C=2.8.18","2.8.19","CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N","Exposure of Sensitive Information to an Unauthorized Actor","2025-02-23 00:00:00","2025-03-03 20:43:26",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F05cf8f25-d8ee-4208-aef9-0c4d995b7901?source=api-prod",9,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":38,"affected_versions":67,"patched_in_version":68,"severity":40,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":72,"updated_date":73,"references":74,"days_to_patch":76},"CVE-2024-12299","system-dashboard-reflected-cross-site-scripting-via-filename-parameter","System Dashboard \u003C= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter","The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the Filename parameter in all versions up to, and including, 2.8.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.","\u003C=2.8.17","2.8.18",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2025-01-30 00:41:49","2025-02-11 20:56:11",[75],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F993670b7-a3ea-497d-ad46-881bd47b9346?source=api-prod",13,{"id":78,"url_slug":79,"title":80,"description":81,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":84,"cvss_score":85,"cvss_vector":86,"vuln_type":71,"published_date":87,"updated_date":88,"references":89,"days_to_patch":91},"CVE-2024-11107","system-dashboard-unauthenticated-stored-cross-site-scripting","System Dashboard \u003C= 2.8.14 - Unauthenticated Stored Cross-Site Scripting","The System Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.8.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=2.8.14","2.8.15","high",7.2,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2024-11-19 00:00:00","2024-12-12 18:20:07",[90],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1ed6c1c2-8fbd-4bcb-854a-492d1060364b?source=api-prod",24,{"id":93,"url_slug":94,"title":95,"description":96,"plugin_slug":4,"theme_slug":38,"affected_versions":82,"patched_in_version":83,"severity":40,"cvss_score":97,"cvss_vector":98,"vuln_type":99,"published_date":87,"updated_date":100,"references":101,"days_to_patch":91},"CVE-2024-10708","system-dashboard-authenticated-admin-arbitrary-file-read","System Dashboard \u003C= 2.8.14 - Authenticated (Admin+) Arbitrary File Read","The System Dashboard plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.8.14 via the 'sd_viewer' action. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.",4.9,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2024-12-12 18:22:07",[102],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F69aa2287-3d26-43e2-a2d0-4985ed17d096?source=api-prod",{"id":104,"url_slug":105,"title":106,"description":107,"plugin_slug":4,"theme_slug":38,"affected_versions":108,"patched_in_version":109,"severity":40,"cvss_score":69,"cvss_vector":70,"vuln_type":71,"published_date":110,"updated_date":111,"references":112,"days_to_patch":114},"CVE-2023-7246","system-dashboard-reflected-cross-site-scripting-via-x-forwarded-for","System Dashboard  \u003C= 2.8.9 - Reflected Cross-Site Scripting via X-Forwarded-For","The System Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'X-Forwarded-For' header in all versions up to, and including, 2.8.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=2.8.9","2.8.10","2024-02-28 00:00:00","2024-08-16 19:08:38",[113],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc5b9e53e-d2d3-40a0-adba-f489343c6ee6?source=api-prod",171,{"id":116,"url_slug":117,"title":118,"description":119,"plugin_slug":4,"theme_slug":38,"affected_versions":120,"patched_in_version":121,"severity":40,"cvss_score":41,"cvss_vector":55,"vuln_type":122,"published_date":123,"updated_date":124,"references":125,"days_to_patch":127},"CVE-2023-5711","system-dashboard-missing-authorization-to-information-disclosure-sdphpinfo","System Dashboard \u003C= 2.8.8 - Missing Authorization to Information Disclosure (sd_php_info)","The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info.","\u003C=2.8.7","2.8.8","Missing Authorization","2023-12-06 00:00:00","2024-02-19 15:28:42",[126],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F17bc3a9f-2bf9-44e3-81ef-bfa932085da9?source=api-prod",76,{"id":129,"url_slug":130,"title":131,"description":132,"plugin_slug":4,"theme_slug":38,"affected_versions":120,"patched_in_version":121,"severity":40,"cvss_score":41,"cvss_vector":55,"vuln_type":122,"published_date":123,"updated_date":133,"references":134,"days_to_patch":136},"CVE-2023-5714","system-dashboard-missing-authorization-to-information-disclosure-sddbspecs","System Dashboard \u003C= 2.8.7 - Missing Authorization to Information Disclosure (sd_db_specs)","The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs.","2024-01-22 19:56:02",[135],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F53b3ac83-847d-4bd0-a79b-531af266e1b4?source=api-prod",48,{"id":138,"url_slug":139,"title":140,"description":141,"plugin_slug":4,"theme_slug":38,"affected_versions":120,"patched_in_version":121,"severity":40,"cvss_score":41,"cvss_vector":55,"vuln_type":122,"published_date":123,"updated_date":133,"references":142,"days_to_patch":136},"CVE-2023-5712","system-dashboard-missing-authorization-to-information-disclosure-sdglobalvalue","System Dashboard \u003C= 2.8.7 - Missing Authorization to Information Disclosure (sd_global_value)","The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information.",[143],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F70f14d9d-6ed6-4bcb-944d-f9c5aa6a17a6?source=api-prod",{"id":145,"url_slug":146,"title":147,"description":148,"plugin_slug":4,"theme_slug":38,"affected_versions":120,"patched_in_version":121,"severity":40,"cvss_score":41,"cvss_vector":55,"vuln_type":122,"published_date":123,"updated_date":149,"references":150,"days_to_patch":152},"CVE-2023-5713","system-dashboard-missing-authorization-to-information-disclosure-sdoptionvalue","System Dashboard \u003C= 2.8.7 - Missing Authorization to Information Disclosure (sd_option_value)","The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values.","2024-01-31 14:27:23",[151],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe9d1a33b-2518-48f7-90b6-a94a34473d1e?source=api-prod",57,{"id":154,"url_slug":155,"title":156,"description":157,"plugin_slug":4,"theme_slug":38,"affected_versions":120,"patched_in_version":121,"severity":40,"cvss_score":41,"cvss_vector":55,"vuln_type":122,"published_date":123,"updated_date":133,"references":158,"days_to_patch":136},"CVE-2023-5710","system-dashboard-missing-authorization-to-information-disclosure-sdconstants","System Dashboard \u003C= 2.8.7 - Missing Authorization to Information Disclosure (sd_constants)","The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials.",[159],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff170379e-e833-42e0-96fd-1e1722a8331c?source=api-prod",{"slug":161,"display_name":7,"profile_url":8,"plugin_count":162,"total_installs":163,"avg_security_score":164,"avg_patch_time_days":165,"trust_score":166,"computed_at":167},"qriouslad",7,211220,89,35,80,"2026-04-03T23:03:17.218Z",[169,192,212,235,257],{"slug":170,"name":171,"version":172,"author":173,"author_profile":174,"description":175,"short_description":176,"active_installs":177,"downloaded":178,"rating":179,"num_ratings":180,"last_updated":181,"tested_up_to":182,"requires_at_least":183,"requires_php":184,"tags":185,"homepage":190,"download_link":191,"security_score":179,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"version-info","Version Info – Server Health Monitor, PHP & MySQL Version Display, Environment Indicators","2.0.0","Brandon Ernst","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrandonfire\u002F","\u003Ch4>🛡️ THE ESSENTIAL TECHNICAL HUD FOR EVERY WORDPRESS PROFESSIONAL\u003C\u002Fh4>\n\u003Cp>Stop digging through hidden menus or leaving insecure \u003Ccode>phpinfo()\u003C\u002Fcode> files on your server. \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002F\" title=\"Visit the Version Info website\" rel=\"nofollow ugc\">Version Info\u003C\u002Fa>\u003C\u002Fstrong> is the essential technical dashboard that brings your site’s most vital environment data directly into your daily workflow — the admin footer, the admin bar, or a dedicated dashboard widget.\u003C\u002Fp>\n\u003Cp>Whether you’re a freelancer managing dozens of client sites, a developer debugging a complex plugin conflict, or an agency maintaining a portfolio of high-value properties, having instant access to your \u003Cstrong>PHP version\u003C\u002Fstrong>, \u003Cstrong>MySQL version\u003C\u002Fstrong>, \u003Cstrong>WordPress version\u003C\u002Fstrong>, and \u003Cstrong>web server type\u003C\u002Fstrong> is a mission-critical utility.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Version Info\u003C\u002Fstrong> has been trusted by WordPress professionals since 2015 and is now supercharged with a complete PRO + Agency suite for serious site monitoring. Learn more at \u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002F\" title=\"Version Info official website\" rel=\"nofollow ugc\">versioninfoplugin.com\u003C\u002Fa>\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>✨ What Makes Version Info Different?\u003C\u002Fh4>\n\u003Cp>Most server info plugins show you a wall of data you don’t need. Version Info is designed around \u003Cstrong>the data you actually use every day\u003C\u002Fstrong>, placed exactly where you need it — no extra pages, no bloat, no performance impact.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero Configuration\u003C\u002Fstrong> — Install, activate, done. Versions appear in your footer immediately.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Surgical Precision\u003C\u002Fstrong> — Only shows WP, PHP, MySQL, and Server versions. No fluff.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Performance First\u003C\u002Fstrong> — Uses native WordPress APIs. Literally zero impact on page load.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Developer Hooks\u003C\u002Fstrong> — Every data point is filterable for custom integrations. See the \u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fadvanced-configuration-hooks-and-filters\" title=\"Version Info developer documentation\" rel=\"nofollow ugc\">developer docs\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🚀 Core Features (100% Free, Forever)\u003C\u002Fh4>\n\u003Cp>These features will always be free. No bait-and-switch.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>🛠️ \u003Cstrong>Admin Footer Display\u003C\u002Fstrong> — See WordPress, PHP, MySQL, and Web Server versions at the bottom of every admin page. Includes a one-click update link when a new WP version is available.\u003C\u002Fli>\n\u003Cli>🚦 \u003Cstrong>WP-Admin Bar Nodes\u003C\u002Fstrong> — Pin your version stack to the admin bar for instant visibility while navigating between pages, posts, and settings.\u003C\u002Fli>\n\u003Cli>📊 \u003Cstrong>Dashboard Widget\u003C\u002Fstrong> — A dedicated “At a Glance” style widget showing your complete technical stack. Enable it via Screen Options.\u003C\u002Fli>\n\u003Cli>🔄 \u003Cstrong>Core Update Alerts\u003C\u002Fstrong> — Automatically compares your WP version with the latest available and shows an update link right in the footer.\u003C\u002Fli>\n\u003Cli>💻 \u003Cstrong>Server Detection\u003C\u002Fstrong> — Instantly identify Apache, Nginx, LiteSpeed, or any other server software without leaving WordPress.\u003C\u002Fli>\n\u003Cli>🌐 \u003Cstrong>Translation Ready\u003C\u002Fstrong> — Fully localized with translations in 13+ languages including Spanish, German, French, Japanese, Chinese, and more. \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fversion-info\u002F\" title=\"Translate Version Info on WordPress.org\" rel=\"nofollow ugc\">Help translate\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🔥 PRO Plan — Advanced Site Intelligence\u003C\u002Fh4>\n\u003Cp>Unlock real-time performance monitoring, environment safety, and proactive health checks. Built for developers who take their stack seriously.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002Fpricing\" title=\"Version Info PRO pricing\" rel=\"nofollow ugc\">Upgrade to PRO \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fstrong> Starting at $19\u002Fyear.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>📈 \u003Cstrong>Real-Time CPU & RAM Monitoring\u003C\u002Fstrong> — See your server’s pulse, live. Visual percentage bars that auto-refresh every 60 seconds via the WordPress Heartbeat API. Cross-platform: uses \u003Ccode>sys_getloadavg()\u003C\u002Fcode> on Linux, COM objects on Windows, and \u003Ccode>\u002Fproc\u002Fmeminfo\u003C\u002Fcode> for system memory. Fully cached with Transients to prevent server strain.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>💾 \u003Cstrong>Database Size Tracking\u003C\u002Fstrong> — Know exactly how bloated your database is before it becomes a problem. Breaks down \u003Ccode>data_length\u003C\u002Fcode> vs. \u003Ccode>index_length\u003C\u002Fcode> for all tables matching your \u003Ccode>$wpdb->prefix\u003C\u002Fcode>. Results cached for 12 hours with a \u003Cstrong>“Scan Now” AJAX button\u003C\u002Fstrong> for on-demand fresh data. Perfect for monitoring WooCommerce database growth during peak sales.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🚨 \u003Cstrong>Smart Environment Indicators\u003C\u002Fstrong> — Never accidentally run a destructive query on production again. High-visibility color-coded badges in the admin bar: \u003Cstrong>Red\u003C\u002Fstrong> for Production, \u003Cstrong>Orange\u003C\u002Fstrong> for Staging, \u003Cstrong>Green\u003C\u002Fstrong> for Development\u002FLocal. Auto-detects \u003Ccode>WP_ENVIRONMENT_TYPE\u003C\u002Fcode>, Bedrock (\u003Ccode>WP_ENV\u003C\u002Fcode>), Kinsta, WP Engine, Pantheon, Flywheel, and more. Optional: highlight the entire admin bar border to match the environment color.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📜 \u003Cstrong>Audit Log of Version History\u003C\u002Fstrong> — A persistent timeline tracking every shift in your WordPress core, PHP, MySQL, plugin, and theme versions. Hooks into \u003Ccode>upgrader_process_complete\u003C\u002Fcode> for real-time logging of WordPress updates. Know exactly \u003Cem>when\u003C\u002Fem> and \u003Cem>what\u003C\u002Fem> changed for historical troubleshooting. Limited to the last 50 entries to prevent bloat.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🛡️ \u003Cstrong>Health Advisor Notifications\u003C\u002Fstrong> — Proactive alerts that predict problems before they happen. Checks your PHP and MySQL versions against known \u003Cstrong>End-of-Life (EOL) dates\u003C\u002Fstrong> and flags critical security risks. Integrates directly with the native \u003Cstrong>WordPress Site Health\u003C\u002Fstrong> screen via \u003Ccode>site_status_tests\u003C\u002Fcode>. Flags PHP \u003C 8.1 as a critical security risk.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📤 \u003Cstrong>JSON System Info Export\u003C\u002Fstrong> — One-click download of your entire technical stack as a structured JSON file. Includes WordPress config, PHP version + all extensions, database details, active theme, all active plugins with versions, server info, and more. Ideal for attaching to support tickets, sharing with hosting providers, or archiving before migrations.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fpro-features\" title=\"Version Info PRO documentation\" rel=\"nofollow ugc\">See the full PRO feature documentation \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>🏛️ Agency Plan — The Command Center for Client Portfolios\u003C\u002Fh4>\n\u003Cp>Everything in PRO, plus enterprise-grade tools for agencies, freelancers, and hosting companies managing multiple sites.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002Fpricing\" title=\"Version Info Agency pricing\" rel=\"nofollow ugc\">Upgrade to Agency \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fstrong> Starting at $49\u002Fyear.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>🏷️ \u003Cstrong>Full Agency White-Labeling\u003C\u002Fstrong> — Make it \u003Cem>your\u003C\u002Fem> plugin. Replace “Version Info” and “Gaucho Plugins” with your agency’s name everywhere: the plugin list, dashboard widgets, admin bar, footer, and settings page. Hide Freemius-generated Account, Contact, and Support submenus. Uses the \u003Ccode>all_plugins\u003C\u002Fcode> filter for seamless Plugins list rebranding.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>👥 \u003Cstrong>Role-Based Admin Visibility\u003C\u002Fstrong> — Keep it simple for clients. A checkbox matrix lets you control exactly which WordPress user roles can see version information in the admin bar, footer, and dashboard widget. Show everything to administrators, hide everything from editors and shop managers. Default: administrator only.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🌐 \u003Cstrong>Multi-Site Network Dashboard\u003C\u002Fstrong> — A centralized command center for WordPress Multisite. A dedicated page under \u003Cstrong>Network Admin > Settings\u003C\u002Fstrong> shows a table of every site on the network with columns for site name, URL, WP version, PHP version, MySQL version, and database size. Uses \u003Ccode>switch_to_blog()\u003C\u002Fcode> safely with network transient caching. Capped at 100 sites for performance.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>📧 \u003Cstrong>System Change Email Alerts\u003C\u002Fstrong> — Get notified the \u003Cem>instant\u003C\u002Fem> something changes. Proactive \u003Ccode>wp_mail()\u003C\u002Fcode> notifications the moment a hosting provider changes a PHP version, a WordPress core update completes, or any plugin\u002Ftheme version shifts. Configurable recipient list (comma-separated), per-component toggles, and defaults to the site admin email.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>🔍 \u003Cstrong>PHP Error Log Dashboard\u003C\u002Fstrong> — Debug without FTP or SSH. View the last 100 lines of your \u003Ccode>debug.log\u003C\u002Fcode> (or custom \u003Ccode>error_log\u003C\u002Fcode> path) directly inside WordPress. Uses efficient \u003Ccode>fseek()\u003C\u002Fcode> tail reading — never loads the full log into memory. Sensitive file paths are automatically masked with \u003Ccode>[ABSPATH]\u003C\u002Fcode>. Download the full log as a ZIP file for offline analysis.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fagency-features\" title=\"Version Info Agency documentation\" rel=\"nofollow ugc\">See the full Agency feature documentation \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>🎯 Real-World Use Cases\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>“The Support Hero”\u003C\u002Fstrong>\u003Cbr \u002F>\nA client reports a bug. Instead of asking for their login credentials, you ask them to screenshot their admin footer. You instantly know their PHP version, MySQL version, WordPress version, and web server — without ever logging into their site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The WooCommerce Specialist”\u003C\u002Fstrong>\u003Cbr \u002F>\nBlack Friday is coming. You use \u003Cstrong>Database Tracking\u003C\u002Fstrong> to monitor table size growth during the high-traffic event. When \u003Ccode>wp_options\u003C\u002Fcode> grows 300% overnight, you catch the autoloaded transient bloat before it takes down the store.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Agency Owner”\u003C\u002Fstrong>\u003Cbr \u002F>\nYou hand over a beautifully built site to a high-ticket client. With \u003Cstrong>White-Labeling\u003C\u002Fstrong>, the client never sees “Gaucho Plugins” — they see \u003Cem>your\u003C\u002Fem> agency name everywhere. With \u003Cstrong>Role-Based Visibility\u003C\u002Fstrong>, the client’s editors see a clean dashboard without confusing server information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Safety-First Developer”\u003C\u002Fstrong>\u003Cbr \u002F>\nYou manage staging and production environments for the same client. The bright \u003Cstrong>red “Production” badge\u003C\u002Fstrong> in your admin bar prevents you from ever accidentally running a migration script on the live site. The \u003Cstrong>admin bar highlight\u003C\u002Fstrong> makes the environment unmistakable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Managed Hosting Reseller”\u003C\u002Fstrong>\u003Cbr \u002F>\nYou run 40 sites on a Multisite installation. The \u003Cstrong>Network Dashboard\u003C\u002Fstrong> gives you a single page showing WP, PHP, and MySQL versions across every site — perfect for planning bulk upgrades. When a host updates PHP overnight, the \u003Cstrong>Email Alert\u003C\u002Fstrong> hits your inbox before the first support ticket arrives.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>“The Remote Debugger”\u003C\u002Fstrong>\u003Cbr \u002F>\nA client’s site throws a white screen. You open the \u003Cstrong>Error Log Dashboard\u003C\u002Fstrong> directly in wp-admin — no FTP client, no SSH terminal. The last 100 lines show a fatal error from a plugin update. The \u003Cstrong>Version History\u003C\u002Fstrong> tab confirms the plugin updated 10 minutes ago. Root cause found in under 60 seconds.\u003C\u002Fp>\n\u003Ch4>⚡ Performance & Architecture\u003C\u002Fh4>\n\u003Cp>Version Info is built with performance as the #1 priority:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Transients API\u003C\u002Fstrong> — All resource-heavy metrics (CPU, RAM, DB size) are cached. CPU\u002FRAM uses 60-second TTL; database size uses 12-hour TTL.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Heartbeat API\u003C\u002Fstrong> — Live resource updates use the native WordPress Heartbeat, ensuring data refreshes only when the admin page is active.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Provider Pattern\u003C\u002Fstrong> — A \u003Ccode>ProviderInterface\u003C\u002Fcode> abstracts all detection logic, making it trivial to add custom providers for AWS, Kinsta, or any host-specific API.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Hook-First Architecture\u003C\u002Fstrong> — Every data point fires a WordPress filter (\u003Ccode>version_info_wp_version\u003C\u002Fcode>, \u003Ccode>version_info_php_version\u003C\u002Fcode>, etc.) and every render point fires an action. Extend anything without editing core files. See the \u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fadvanced-configuration-hooks-and-filters\" title=\"Version Info hooks reference\" rel=\"nofollow ugc\">hooks reference\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strict Typing\u003C\u002Fstrong> — Every file uses \u003Ccode>declare(strict_types=1)\u003C\u002Fcode> and PHP 8.1+ typed properties for maximum reliability.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WordPress Coding Standards\u003C\u002Fstrong> — Follows WPCS, uses proper escaping, nonce verification, capability checks, and prepared SQL queries throughout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>🌍 Works With Your Stack\u003C\u002Fh4>\n\u003Cp>Version Info auto-detects and works seamlessly with:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Hosts:\u003C\u002Fstrong> Kinsta, WP Engine, Pantheon, Flywheel, Cloudways, SiteGround, and any standard LAMP\u002FLEMP host\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Environments:\u003C\u002Fstrong> Bedrock, Trellis, Local by Flywheel, MAMP, WAMP, Docker, DevKinsta\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Servers:\u003C\u002Fstrong> Apache, Nginx, LiteSpeed, OpenLiteSpeed, IIS\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multisite:\u003C\u002Fstrong> Full network-level support with dedicated Network Admin page (Agency)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translations:\u003C\u002Fstrong> 13+ languages with full RTL support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>📣 What WordPress Professionals Are Saying\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>“I install this on every client site. It saves me at least 5 minutes per support ticket.” — ★★★★★\u003C\u002Fp>\n\u003Cp>“The environment badges alone are worth the upgrade. I’ll never accidentally nuke production again.” — ★★★★★\u003C\u002Fp>\n\u003Cp>“Finally, a server info plugin that isn’t bloated with stuff I don’t need.” — ★★★★★\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fversion-info\u002Freviews\u002F?filter=5\" title=\"Version Info 5-star reviews\" rel=\"ugc\">Read more reviews \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>🔗 Resources & Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002F\" title=\"Visit the Version Info website\" rel=\"nofollow ugc\">Version Info Website\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002F\" title=\"Version Info documentation\" rel=\"nofollow ugc\">Documentation & Guides\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fversioninfoplugin.com\u002Fpricing\" title=\"Version Info pricing\" rel=\"nofollow ugc\">PRO & Agency Pricing\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fdocs.versioninfoplugin.com\u002Fadvanced-configuration-hooks-and-filters\" title=\"Version Info hooks reference\" rel=\"nofollow ugc\">Developer Hooks Reference\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fversion-info\u002F\" title=\"Version Info support\" rel=\"ugc\">Support Forum\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fversion-info\u002F\" title=\"Translate on WordPress.org\" rel=\"nofollow ugc\">Translate Version Info\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fgauchoplugins.com\" title=\"Gaucho Plugins\" rel=\"nofollow ugc\">Gaucho Plugins Portfolio\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n","The #1 technical dashboard for WordPress professionals. Display PHP, MySQL, WP & server versions anywhere in admin. Monitor CPU, RAM, DB size &amp …",10000,120467,100,14,"2026-02-22T07:10:00.000Z","6.9.4","5.5","8.1",[186,187,188,22,189],"developer-tools","mysql-version","php-version","site-health","https:\u002F\u002Fversioninfoplugin.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fversion-info.2.0.0.zip",{"slug":193,"name":194,"version":195,"author":196,"author_profile":197,"description":198,"short_description":199,"active_installs":179,"downloaded":200,"rating":29,"num_ratings":29,"last_updated":201,"tested_up_to":202,"requires_at_least":203,"requires_php":204,"tags":205,"homepage":209,"download_link":210,"security_score":211,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"servermonitor","ServerMonitor","0.3.6","Francis Smith","https:\u002F\u002Fprofiles.wordpress.org\u002Ffs1995\u002F","\u003Cp>View your PHP error log, CPU and RAM usage, and view disk space all in one location. This is a new plugin under development. Currently it does not do terribly much, but we are constantly working on adding new and useful features.\u003C\u002Fp>\n\u003Cp>Why use this plugin instead of the many others? ServerMonitor does not use PHP’s shell_exec, which is disabled by many web hosts for security concerns. Currently this plugin only supports Linux servers. Windows Server support is planned, but is a low priority.\u003C\u002Fp>\n\u003Cp>For any bug reports or suggestions, let me know in the plugins support forum.\u003C\u002Fp>\n","A simple plugin to view server resource usage (ram, cpu, disk), check your PHP error log, and more.",2419,"2018-04-07T08:22:00.000Z","4.9.29","3.4","5.1.3",[206,207,208,22,23],"disk-space","disk-usage","memory","https:\u002F\u002Fgithub.com\u002Ffs1995\u002Fservermonitor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fservermonitor.zip",85,{"slug":213,"name":214,"version":215,"author":216,"author_profile":217,"description":218,"short_description":219,"active_installs":220,"downloaded":221,"rating":179,"num_ratings":222,"last_updated":223,"tested_up_to":16,"requires_at_least":224,"requires_php":225,"tags":226,"homepage":232,"download_link":233,"security_score":179,"vuln_count":47,"unpatched_count":29,"last_vuln_date":234,"fetched_at":31},"temporary-login-without-password","Temporary Login Without Password","1.9.7","storeapps","https:\u002F\u002Fprofiles.wordpress.org\u002Fstoreapps\u002F","\u003Cp>Create secure, self-expiring ⏱️, automatic login links 🔗 for WordPress. Give them to developers when they ask for admin access to your site. Or an editor for a quick review of work done. Login works just by opening the link, no password needed.\u003C\u002Fp>\n\u003Cp>Using the “Temporary Login Without Password” plugin you can create a self-expiring account for someone and give them a special link with which they can login to your WordPress without needing a username and password.\u003C\u002Fp>\n\u003Cp>You can choose when the login expires, as well as the role of the temporary account.\u003C\u002Fp>\n\u003Cp>Really useful when you need to give admin access to a developer for support or for performing routine tasks.\u003C\u002Fp>\n\u003Cp>Read \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F\" rel=\"nofollow ugc\">this article\u003C\u002Fa> to know more about what’s the Current Problem – Creating a Separate Admin Login for Outsiders (Devs\u002F Guest bloggers) and how to avoid this pain, Top Benefits of using this plugin & Why and Who need Temporary Login links.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Benefits of Temporary Logins\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cblockquote>\n\u003Cp>➡️  Create unlimited temporary logins\u003Cbr \u002F>\n  ➡️  Create temporary logins with any role\u003Cbr \u002F>\n  ➡️  No username & password required. Login with just a simple link\u003Cbr \u002F>\n  ➡️  Set account expiry. So, a temporary user can’t login after the expiry time\u003Cbr \u002F>\n  ➡️  Various expiration options like one day, one week, one month, and many more. Also, set a custom date\u003Cbr \u002F>\n  ➡️  Redirect user to a specific page after login\u003Cbr \u002F>\n  ➡️  Set a language for a temporary user\u003Cbr \u002F>\n  ➡️  See the last logged in time of a temporary user\u003Cbr \u002F>\n  ➡️  Also see, how many times a temporary user accessed your setup\u003Cbr \u002F>\n  ➡️  Track user activity with detailed logs to know what each temporary user did\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>\u003Cstrong>For Developers\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>If you need an admin access to your client’s WordPress setup to resolve any issues, use following template to ask your client to give you a temporary access to their WordPress setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Hi {%customer_name%},\u003C\u002Fp>\n\u003Cp>To allow me to investigate on your site, install & activate the free WordPress plugin – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"ugc\">Temporary Login Without Password\u003C\u002Fa>, and give me admin access to your site via the temporary link generated. Once I’ll get the admin access, I’ll check your site & will try to resolve the issue.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>:\u003Cbr \u002F>\n  Keep the expiry of a temporary login link for one month. Send the created login link as a reply to this email.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Temporary Login Without Password Pro Features\u003C\u002Fh3>\n\u003Cp>➡️ Limit Link Usage: Set a maximum number of times a temporary login link can be used, ensuring controlled, secure access.\u003C\u002Fp>\n\u003Cp>➡️ Instant Admin Alerts: Receive notifications each time a temporary login is accessed, keeping you informed of all activity.\u003C\u002Fp>\n\u003Cp>➡️ Activity Log: View detailed activity of each temporary user to monitor what actions they performed while logged in.\u003C\u002Fp>\n\u003Cp>Ready to take your security and convenience to the next level?\u003Cbr \u002F>\n\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fwww.icegram.com\u002F?buy-now=445245&qty=1&coupon=tlwp-pro-20&with-cart=1\" rel=\"nofollow ugc\">Upgrade to TLWP Pro\u003C\u002Fa>\u003C\u002Fstrong> today to unlock our advanced features. Experience the full power of secure, temporary, passwordless access for your WordPress \u002F WooCommerce site.\u003C\u002Fp>\n\u003Ch4>What users have to say about Temporary Login Without Password?\u003C\u002Fh4>\n\u003Cp>👉 \u003Cstrong>It works with WordPress.com business plan!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I love this plugin! I got the impression that Temporary Login Without Password plugin would only work with WordPress.org sites. When I had a problem with another plugin, I reached out to their tech support. They recommended Temporary Login. I crossed my fingers, installed it, and it worked like a charm. No more worrying about possibly compromising my sites. When tech support was done, I went into the settings and revoked access. This is a game changer!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fit-works-with-wordpress-com-business-plan\u002F\" rel=\"ugc\">Suzanne Loeb\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Convenient. No rabbit holes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>I can’t say I’ve used a whole bunch of these plugins, but I can say I’ve used 2 or 3. This one was the most straight forward and rushing through it I still didn’t run into any issues. The login was shot to the company I needed to let in and I was able to get back to marking things off of my checklist. Highly recommend to anyone that is needing to make a temporary user account for the first time. There’s literally nowhere to get confused from my personal experience\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fconvenient-no-rabbit-holes\u002F\" rel=\"ugc\">Peter Higgins\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Clear and efficient.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Clear and efficient. Nothing to add !\u003Cbr \u002F>\n  Continue like that !\u003Cbr \u002F>\n  Make the world of the web even more fun for all pro and amateur users!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fclear-and-efficient-2\u002F\" rel=\"ugc\">muten7\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>Excellent Plugin\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Having problems with another plugin the developer recommended TPWP. It does exactly as it states. The developer was able to identify the bug, done without comprising security. The fact it records the access you have granted is a another advantage.\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fexcellent-plugin-3772\u002F\" rel=\"ugc\">mickpamg\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>👉 \u003Cstrong>A huge help and easy!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This plugin was just what I needed to make it easy for support people to come in and get their assessments done then I don’t have to worry about revoking permission…this takes care of that for me! Love it!!!\u003Cbr \u002F>\n  – \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Ftopic\u002Fa-huge-help-and-easy\u002F\" rel=\"ugc\">bfauscette\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F\" rel=\"ugc\">Temporary Login Without Password plugin review section\u003C\u002Fa> and read our recent reviews.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Spread The Love ❤️\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like Temporary Login Without Password, please leave a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Ftemporary-login-without-password\u002Freviews\u002F#new-post\" rel=\"ugc\">five stars ⭐⭐⭐⭐⭐\u003C\u002Fa> and also spread the word about it via \u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fsharer.php?u=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Facebook\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fintent\u002Ftweet?url=https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftemporary-login-without-password\u002F\" rel=\"nofollow ugc\">Twitter\u003C\u002Fa>. That helps fellow website owners assess Temporary Login Without Password easily and benefit from it!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What’s Next\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you like this plugin then consider checking out our other solutions:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Femail-subscribers\u002F\" rel=\"ugc\">Icegram Express\u003C\u002Fa> – A complete newsletter plugin which lets you collect leads, send automated new blog post notification emails, create & send broadcasts, and also manage them all in one single place.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-mailer\u002F\" rel=\"ugc\">Icegram Mailer\u003C\u002Fa> – Reliable built‑in email delivery for WordPress & WooCommerce with real‑time logs, analytics, and a free 200‑email plan.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram\u002F\" rel=\"ugc\">Icegram Engage\u003C\u002Fa> – Popups, Welcome Bar, Opt-ins & Lead Generation plugin\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-rainmaker\u002F\" rel=\"ugc\">Icegram Collect\u003C\u002Fa> – Best form plugin on WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsmart-manager-for-wp-e-commerce\u002F\" rel=\"ugc\">Smart Manager\u003C\u002Fa> – Manage & Bulk edit Products, Orders & more..\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Foffermative-discount-pricing-related-products-upsell-funnels-for-woocommerce\u002F\" rel=\"ugc\">Offermative\u003C\u002Fa> – Dynamic discount pricing, related product recommendations, upsells and funnels for WooCommerce.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fduplicate-post-page-copy-clone-wp\u002F\" rel=\"ugc\">Post \u002F Page Duplicate\u003C\u002Fa> – Ultimate one‑click content duplicator for WordPress, letting you clone posts, pages & custom post types effortlessly\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ficegram-cookie-manager\u002F\" rel=\"ugc\">Icegram Cookie Manager\u003C\u002Fa> – Customizable cookie consent banner with privacy policy links and styling options for WordPress\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fswitch-user-login-by-icegram\u002F\" rel=\"ugc\">Switch User Login\u003C\u002Fa> – Instantly switch between WordPress user accounts from the admin bar for seamless testing, debugging, and multisite\u002FWooCommerce management\u003C\u002Fp>\n\u003Cp>Also, check our other \u003Ca href=\"https:\u002F\u002Fwww.storeapps.org\u002Fshop\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=sa_products_upsell&utm_content=readme\" rel=\"nofollow ugc\">Premium WooCommerce plugins.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Do you use WooCommerce? Our analytics tool \u003Ca href=\"https:\u002F\u002Fwww.putler.com\u002F?utm_source=wprepo&utm_medium=tlwp&utm_campaign=putler_outreach&utm_content=readme\" rel=\"nofollow ugc\">Putler\u003C\u002Fa> will help you enriches your store data. Using Putler, you’ll understand your business better and make profitable decisions quickly.\u003C\u002Fp>\n","Create self-expiring, temporary admin accounts. Easily share direct login links (no need for username\u002Fpassword) with your developers or editors.",100000,1865629,1499,"2025-12-22T11:48:00.000Z","3.0.1","5.3",[227,228,229,230,231],"developer-access","magic-pin","passwordless-login","secure-login","temporary-access","http:\u002F\u002Fwww.storeapps.org\u002Fcreate-secure-login-without-password-for-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftemporary-login-without-password.1.9.7.zip","2021-11-15 00:00:00",{"slug":236,"name":237,"version":238,"author":239,"author_profile":240,"description":241,"short_description":242,"active_installs":243,"downloaded":244,"rating":179,"num_ratings":245,"last_updated":246,"tested_up_to":247,"requires_at_least":248,"requires_php":18,"tags":249,"homepage":254,"download_link":255,"security_score":256,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"elementor-beta","Elementor Beta (Developer Edition)","1.1.4","Elementor","https:\u002F\u002Fprofiles.wordpress.org\u002Felemntor\u002F","\u003Cp>Be part of our future releases\u003C\u002Fp>\n\u003Cp>By installing the Developer Edition plugin, \u003Ca href=\"https:\u002F\u002Felementor.com\u002F?utm_source=wp-repo&utm_medium=link&utm_campaign=dev-edition-readme\" rel=\"nofollow ugc\">Elementor\u003C\u002Fa> users can now get a sneak peek of future features before they roll out. We invite you to participate and test features on our Developer Edition. This way, you’ll help us extend our ability to perfect our product and produce experimental and groundbreaking features.\u003C\u002Fp>\n\u003Cp>The Elementor Developer Edition gives you first access to Elementor’s newest features and improvements. Each Developer Edition release will contain experimental functionalities that developers will be able to use to get familiar with the next releases before they are published.  We will use this plugin to validate new features and gain feedback before they are released.\u003Cbr \u002F>\nThis is why we don’t recommend using it on live sites.\u003Cbr \u002F>\nWe recommend using it on staging environments only, and backing up your entire website before updating.\u003C\u002Fp>\n","Elementor Beta (Developer Edition) gives you direct access into Elementor's development process, and lets you take an active part in perfecting o …",40000,1226149,3,"2025-03-04T11:21:00.000Z","6.7.5","5.8",[250,251,21,252,253],"beta","bleeding-edge","elementor","website-builder","https:\u002F\u002Felementor.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Felementor-beta.1.1.4.zip",92,{"slug":258,"name":259,"version":260,"author":261,"author_profile":262,"description":263,"short_description":264,"active_installs":265,"downloaded":266,"rating":13,"num_ratings":267,"last_updated":268,"tested_up_to":182,"requires_at_least":224,"requires_php":269,"tags":270,"homepage":273,"download_link":274,"security_score":179,"vuln_count":29,"unpatched_count":29,"last_vuln_date":38,"fetched_at":31},"server-ip-memory-usage","Server IP & Memory Usage Display","2.2.0","apasionados","https:\u002F\u002Fprofiles.wordpress.org\u002Fapasionados\u002F","\u003Cp>This plugin displays the memory limit, current memory usage, WordPress Memory Limit, IP address and PHP version in the admin footer.\u003C\u002Fp>\n\u003Cp>There are four features we love:\u003C\u002Fp>\n\u003Cp>1) You can easily see in the admin footer the IP where this WordPress installation is running. Very useful if you have many WordPress installations across several servers and IP addresses.\u003C\u002Fp>\n\u003Cp>2) The memory usage and total available memory to the WordPress installation is shown in the admin footer. If memory usage is over 75% the percentage is shown in a light red and if the memory usage is over 90% the percentage is shown in red. So you can allways control with one look if there is enough memory available or if action has to be taken. It also displays the WordPress memory limit to give you more information.\u003C\u002Fp>\n\u003Cp>3) Besides the IP address and the memory you can also see the PHP version and the type of Operating System where it’s running.\u003C\u002Fp>\n\u003Cp>4) You can translate the plugin into your own language. So far English and Spanish translations are included. Just translate the .po file in the \u002Flang\u002F folder.\u003C\u002Fp>\n\u003Ch4>What can I do with this plugin?\u003C\u002Fh4>\n\u003Cp>This plugin displays the total memory, used memory, percentage of used memory, WP memory limit, the IP address and the PHP version in the admin footer.\u003C\u002Fp>\n\u003Ch4>What ideas is this plugin based on?\u003C\u002Fh4>\n\u003Cp>We had been using the WordPress plugin \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-memory-usage\u002F\" title=\"WP-Memory-Usage\" rel=\"ugc\">WP-Memory-Usage\u003C\u002Fa> but didn’t want the dashboard widget and needed the IP address displayed. We also didn’t like that the plugin could not be translated.\u003C\u002Fp>\n\u003Cp>This is why we decided to create a new plugin that solves these two explained needs: IP address display and ability to translate.\u003C\u002Fp>\n\u003Ch4>System requirements\u003C\u002Fh4>\n\u003Cp>PHP version 5.3 or greater.\u003C\u002Fp>\n\u003Ch4>Server IP & Memory Usage Display Plugin in your Language!\u003C\u002Fh4>\n\u003Cp>This first release is avaliable in English and Spanish. In the “lang” folder we have included the necessarry files to translate this plugin.\u003C\u002Fp>\n\u003Cp>If you would like the plugin in your language and you’re good at translating, please drop us a line at \u003Ca href=\"http:\u002F\u002Fapasionados.es\u002Fcontacto\u002Findex.php?desde=wordpress-org-ip-address-memory-usage-home\" rel=\"nofollow ugc\">Contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n\u003Cp>You can access the description of the plugin in Spanish at: \u003Ca href=\"http:\u002F\u002Fapasionados.es\u002Fblog\u002Fserver-ip-memory-usage-display-wordpress-plugin-1781\u002F\" rel=\"nofollow ugc\">Server IP & Memory Usage Display en español\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Contact\u003C\u002Fh3>\n\u003Cp>For further information please send us an \u003Ca href=\"http:\u002F\u002Fapasionados.es\u002Fcontacto\u002Findex.php?desde=wordpress-org-ipaddressmemoryusage-contact\" rel=\"nofollow ugc\">email\u003C\u002Fa>.\u003C\u002Fp>\n","Show the memory limit, current memory usage and IP address in the admin footer.",30000,308172,40,"2026-01-22T11:41:00.000Z","5.4",[271,208,272,188,22],"ip","memory-limit","http:\u002F\u002Fapasionados.es\u002F#utm_source=wpadmin&utm_medium=plugin&utm_campaign=server-ip-memory-usage-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fserver-ip-memory-usage.2.2.0.zip",{"attackSurface":276,"codeSignals":415,"taintFlows":577,"riskAssessment":771,"analyzedAt":791},{"hooks":277,"ajaxHandlers":313,"restRoutes":411,"shortcodes":412,"cronEvents":413,"entryPointCount":414,"unprotectedCount":414},[278,284,287,290,292,295,298,300,303,306,309],{"type":279,"name":280,"callback":281,"file":282,"line":283},"action","plugins_loaded","anonymous","includes\\class-system-dashboard.php",151,{"type":279,"name":285,"callback":281,"file":282,"line":286},"admin_menu",188,{"type":279,"name":288,"callback":281,"file":282,"line":289},"admin_enqueue_scripts",192,{"type":279,"name":288,"callback":281,"file":282,"line":291},193,{"type":279,"name":293,"callback":281,"file":282,"line":294},"csf_loaded",201,{"type":279,"name":296,"callback":281,"file":282,"line":297},"update_footer",204,{"type":279,"name":285,"callback":281,"file":282,"line":299},208,{"type":279,"name":301,"callback":281,"file":282,"line":302},"admin_notices",215,{"type":279,"name":304,"callback":281,"file":282,"line":305},"admin_footer",218,{"type":279,"name":307,"callback":281,"file":282,"line":308},"init",259,{"type":310,"name":311,"callback":281,"file":282,"line":312},"filter","wp_mail",266,[314,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,390,393,396,399,402,405,408],{"action":315,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":317},"sd_db_tables",false,219,{"action":319,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":320},"sd_db_specs",220,{"action":322,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":323},"sd_db_details",221,{"action":325,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":326},"sd_post_types",222,{"action":328,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":329},"sd_taxonomies",223,{"action":331,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":332},"sd_old_slugs",224,{"action":334,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":335},"sd_media_count",225,{"action":337,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":338},"sd_image_sizes",226,{"action":340,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":341},"sd_mime_types",227,{"action":343,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":344},"sd_media_handling",228,{"action":346,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":347},"sd_directory_sizes",229,{"action":349,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":350},"sd_filesystem_permissions",230,{"action":352,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":353},"sd_custom_fields",231,{"action":355,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":356},"sd_user_count",232,{"action":358,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":359},"sd_roles_capabilities",233,{"action":361,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":362},"sd_rewrite_rules",234,{"action":364,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":365},"sd_shortcodes",235,{"action":367,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":368},"sd_option_value",236,{"action":370,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":371},"sd_cache_value",237,{"action":373,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":374},"sd_global_value",238,{"action":376,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":377},"sd_wpcore_hooks",239,{"action":379,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":380},"sd_hooks",240,{"action":382,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":383},"sd_classes",241,{"action":385,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":386},"sd_functions",242,{"action":388,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":389},"sd_constants",243,{"action":391,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":392},"sd_viewer",244,{"action":394,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":395},"sd_viewer_url",245,{"action":397,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":398},"sd_php_info",246,{"action":400,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":401},"sd_toggle_logs",248,{"action":403,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":404},"sd_page_access_log",249,{"action":406,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":407},"sd_errors_log",250,{"action":409,"nopriv":316,"callback":281,"hasNonce":316,"hasCapCheck":316,"file":282,"line":410},"sd_email_delivery_log",251,[],[],[],32,{"dangerousFunctions":416,"sqlUsage":474,"outputEscaping":483,"fileOperations":91,"externalRequests":61,"nonceChecks":414,"capabilityChecks":572,"bundledLibraries":573},[417,422,426,429,432,435,438,442,445,448,451,454,457,460,463,466,469,472],{"fn":418,"file":419,"line":420,"context":421},"exec","admin\\class-system-dashboard-admin.php",934,"$gs = exec( 'gs --version' );",{"fn":423,"file":419,"line":424,"context":425},"shell_exec",1301,"$returnVal = shell_exec('pwd');",{"fn":418,"file":419,"line":427,"context":428},1329,"$returnVal = exec('pwd');",{"fn":423,"file":419,"line":430,"context":431},1404,"$raw_uptime = shell_exec(\"cut -d. -f1 \u002Fproc\u002Fuptime\");",{"fn":423,"file":419,"line":433,"context":434},1407,"$uptime = trim(shell_exec(\"cut -d. -f1 \u002Fproc\u002Fuptime\"));",{"fn":423,"file":419,"line":436,"context":437},1439,"$os = shell_exec( 'lsb_release -a' );",{"fn":439,"file":419,"line":440,"context":441},"unserialize",1490,"$location_data = unserialize( file_get_contents('http:\u002F\u002Fwww.geoplugin.net\u002Fphp.gp?ip=' . $server_ip )",{"fn":423,"file":419,"line":443,"context":444},1531,"$sd_cpu_type = shell_exec( 'grep \"model name\" \u002Fproc\u002Fcpuinfo | uniq' );",{"fn":423,"file":419,"line":446,"context":447},1569,"$cpu_count = shell_exec('cat \u002Fproc\u002Fcpuinfo |grep \"physical id\" | sort | uniq | wc -l');",{"fn":423,"file":419,"line":449,"context":450},1598,"$cpu_core_count = shell_exec(\"echo \\\"$((`cat \u002Fproc\u002Fcpuinfo | grep cores | grep -o -E '[0-9]+' | uniq",{"fn":423,"file":419,"line":452,"context":453},1650,"$cpu_load_average = shell_exec(\"uptime\");",{"fn":423,"file":419,"line":455,"context":456},1740,"$total_ram = shell_exec(\"grep -w 'MemTotal' \u002Fproc\u002Fmeminfo | grep -o -E '[0-9]+'\");",{"fn":423,"file":419,"line":458,"context":459},1774,"$ram_cache = shell_exec(\"grep -w 'Cached' \u002Fproc\u002Fmeminfo | grep -o -E '[0-9]+'\");",{"fn":423,"file":419,"line":461,"context":462},1804,"$ram_buffer = shell_exec(\"grep -w 'Buffers' \u002Fproc\u002Fmeminfo | grep -o -E '[0-9]+'\");",{"fn":423,"file":419,"line":464,"context":465},1834,"$free_ram = shell_exec(\"grep -w 'MemFree' \u002Fproc\u002Fmeminfo | grep -o -E '[0-9]+'\");",{"fn":418,"file":419,"line":467,"context":468},2147,"exec('du -h --max-depth=1 ' . $path, $result);",{"fn":423,"file":419,"line":470,"context":471},7859,"$shell_output = shell_exec( $shell_command );",{"fn":423,"file":419,"line":473,"context":471},7990,{"prepared":475,"raw":476,"locations":477},22,2,[478,481],{"file":419,"line":479,"context":480},547,"$wpdb->get_results() with variable interpolation",{"file":419,"line":482,"context":480},3535,{"escaped":484,"rawEcho":485,"locations":486},157,42,[487,490,492,494,496,498,500,502,504,506,508,510,512,514,516,518,520,522,524,526,528,530,532,534,536,538,540,542,544,546,548,550,552,554,556,558,560,562,564,566,568,570],{"file":419,"line":488,"context":489},573,"raw output",{"file":419,"line":491,"context":489},622,{"file":419,"line":493,"context":489},666,{"file":419,"line":495,"context":489},709,{"file":419,"line":497,"context":489},797,{"file":419,"line":499,"context":489},834,{"file":419,"line":501,"context":489},951,{"file":419,"line":503,"context":489},1139,{"file":419,"line":505,"context":489},1175,{"file":419,"line":507,"context":489},1257,{"file":419,"line":509,"context":489},1269,{"file":419,"line":511,"context":489},2061,{"file":419,"line":513,"context":489},2211,{"file":419,"line":515,"context":489},2285,{"file":419,"line":517,"context":489},2374,{"file":419,"line":519,"context":489},2956,{"file":419,"line":521,"context":489},3164,{"file":419,"line":523,"context":489},3206,{"file":419,"line":525,"context":489},3379,{"file":419,"line":527,"context":489},3476,{"file":419,"line":529,"context":489},4601,{"file":419,"line":531,"context":489},4605,{"file":419,"line":533,"context":489},4609,{"file":419,"line":535,"context":489},6531,{"file":419,"line":537,"context":489},6535,{"file":419,"line":539,"context":489},6541,{"file":419,"line":541,"context":489},6632,{"file":419,"line":543,"context":489},6896,{"file":419,"line":545,"context":489},6981,{"file":419,"line":547,"context":489},7035,{"file":419,"line":549,"context":489},7066,{"file":419,"line":551,"context":489},7575,{"file":419,"line":553,"context":489},7587,{"file":419,"line":555,"context":489},7591,{"file":419,"line":557,"context":489},7951,{"file":419,"line":559,"context":489},8082,{"file":419,"line":561,"context":489},8090,{"file":419,"line":563,"context":489},9166,{"file":419,"line":565,"context":489},9343,{"file":419,"line":567,"context":489},9406,{"file":419,"line":569,"context":489},10010,{"file":419,"line":571,"context":489},10127,33,[574],{"name":575,"version":38,"knownCves":576},"DataTables",[],[578,666,677,685,701,714,723,731,740,750,760],{"entryPoint":579,"graph":580,"unsanitizedCount":245,"severity":40},"\u003Cclass-system-dashboard-admin> (admin\\class-system-dashboard-admin.php:0)",{"nodes":581,"edges":654},[582,587,592,596,599,602,606,610,612,616,621,624,627,629,634,638,643,647,651],{"id":583,"type":584,"label":585,"file":419,"line":586},"n0","source","$_SERVER (x28)",437,{"id":588,"type":589,"label":590,"file":419,"line":488,"wp_function":591},"n1","sink","echo() [XSS]","echo",{"id":593,"type":584,"label":594,"file":419,"line":595},"n2","$_SERVER",1482,{"id":597,"type":589,"label":598,"file":419,"line":440,"wp_function":439},"n3","unserialize() [Object Injection]",{"id":600,"type":584,"label":601,"file":419,"line":595},"n4","$_SERVER (x2)",{"id":603,"type":589,"label":604,"file":419,"line":440,"wp_function":605},"n5","file_get_contents() [SSRF\u002FLFI]","file_get_contents",{"id":607,"type":584,"label":608,"file":419,"line":609},"n6","$_REQUEST (x8)",1245,{"id":611,"type":589,"label":590,"file":419,"line":513,"wp_function":591},"n7",{"id":613,"type":584,"label":614,"file":419,"line":615},"n8","$_REQUEST (x2)",2316,{"id":617,"type":589,"label":618,"file":419,"line":619,"wp_function":620},"n9","wp_remote_get() [SSRF]",2330,"wp_remote_get",{"id":622,"type":584,"label":623,"file":419,"line":615},"n10","$_REQUEST",{"id":625,"type":589,"label":604,"file":419,"line":626,"wp_function":605},"n11",2344,{"id":628,"type":584,"label":614,"file":419,"line":615},"n12",{"id":630,"type":589,"label":631,"file":419,"line":632,"wp_function":633},"n13","file_put_contents() [File Write]",4692,"file_put_contents",{"id":635,"type":584,"label":636,"file":419,"line":637},"n14","$_REQUEST (x9)",6518,{"id":639,"type":589,"label":640,"file":419,"line":641,"wp_function":642},"n15","update_option() [Settings Manipulation]",9196,"update_option",{"id":644,"type":584,"label":645,"file":419,"line":646},"n16","$_REQUEST (x3)",9716,{"id":648,"type":649,"label":650,"file":419,"line":646},"n17","transform","→ sd_wpconfig_save()",{"id":652,"type":589,"label":631,"file":419,"line":653,"wp_function":633},"n18",9866,[655,657,658,659,660,661,662,663,664,665],{"from":583,"to":588,"sanitized":656},true,{"from":593,"to":597,"sanitized":656},{"from":600,"to":603,"sanitized":656},{"from":607,"to":611,"sanitized":656},{"from":613,"to":617,"sanitized":656},{"from":622,"to":625,"sanitized":656},{"from":628,"to":630,"sanitized":656},{"from":635,"to":639,"sanitized":656},{"from":644,"to":648,"sanitized":316},{"from":648,"to":652,"sanitized":316},{"entryPoint":667,"graph":668,"unsanitizedCount":47,"severity":40},"activate (includes\\class-system-dashboard-activator.php:34)",{"nodes":669,"edges":675},[670,673],{"id":583,"type":584,"label":594,"file":671,"line":672},"includes\\class-system-dashboard-activator.php",191,{"id":588,"type":589,"label":631,"file":671,"line":674,"wp_function":633},210,[676],{"from":583,"to":588,"sanitized":316},{"entryPoint":678,"graph":679,"unsanitizedCount":47,"severity":40},"\u003Cclass-system-dashboard-activator> (includes\\class-system-dashboard-activator.php:0)",{"nodes":680,"edges":683},[681,682],{"id":583,"type":584,"label":594,"file":671,"line":672},{"id":588,"type":589,"label":631,"file":671,"line":674,"wp_function":633},[684],{"from":583,"to":588,"sanitized":316},{"entryPoint":686,"graph":687,"unsanitizedCount":29,"severity":700},"sd_viewer (admin\\class-system-dashboard-admin.php:2312)",{"nodes":688,"edges":696},[689,690,691,692,693,694],{"id":583,"type":584,"label":623,"file":419,"line":615},{"id":588,"type":589,"label":618,"file":419,"line":619,"wp_function":620},{"id":593,"type":584,"label":623,"file":419,"line":615},{"id":597,"type":589,"label":604,"file":419,"line":626,"wp_function":605},{"id":600,"type":584,"label":623,"file":419,"line":615},{"id":603,"type":589,"label":590,"file":419,"line":695,"wp_function":591},2358,[697,698,699],{"from":583,"to":588,"sanitized":656},{"from":593,"to":597,"sanitized":656},{"from":600,"to":603,"sanitized":656},"low",{"entryPoint":702,"graph":703,"unsanitizedCount":29,"severity":700},"sd_viewer_url (admin\\class-system-dashboard-admin.php:2366)",{"nodes":704,"edges":711},[705,707,709,710],{"id":583,"type":584,"label":623,"file":419,"line":706},2370,{"id":588,"type":589,"label":618,"file":419,"line":708,"wp_function":620},2372,{"id":593,"type":584,"label":623,"file":419,"line":706},{"id":597,"type":589,"label":590,"file":419,"line":517,"wp_function":591},[712,713],{"from":583,"to":588,"sanitized":656},{"from":593,"to":597,"sanitized":656},{"entryPoint":715,"graph":716,"unsanitizedCount":29,"severity":700},"sd_cache_value (admin\\class-system-dashboard-admin.php:4585)",{"nodes":717,"edges":721},[718,720],{"id":583,"type":584,"label":614,"file":419,"line":719},4589,{"id":588,"type":589,"label":590,"file":419,"line":529,"wp_function":591},[722],{"from":583,"to":588,"sanitized":656},{"entryPoint":724,"graph":725,"unsanitizedCount":29,"severity":700},"sd_option_value (admin\\class-system-dashboard-admin.php:6514)",{"nodes":726,"edges":729},[727,728],{"id":583,"type":584,"label":614,"file":419,"line":637},{"id":588,"type":589,"label":590,"file":419,"line":535,"wp_function":591},[730],{"from":583,"to":588,"sanitized":656},{"entryPoint":732,"graph":733,"unsanitizedCount":29,"severity":700},"sd_classes (admin\\class-system-dashboard-admin.php:6708)",{"nodes":734,"edges":738},[735,737],{"id":583,"type":584,"label":594,"file":419,"line":736},6817,{"id":588,"type":589,"label":590,"file":419,"line":543,"wp_function":591},[739],{"from":583,"to":588,"sanitized":656},{"entryPoint":741,"graph":742,"unsanitizedCount":29,"severity":700},"sd_functions (admin\\class-system-dashboard-admin.php:6908)",{"nodes":743,"edges":748},[744,747],{"id":583,"type":584,"label":745,"file":419,"line":746},"$_SERVER (x3)",6966,{"id":588,"type":589,"label":590,"file":419,"line":545,"wp_function":591},[749],{"from":583,"to":588,"sanitized":656},{"entryPoint":751,"graph":752,"unsanitizedCount":29,"severity":700},"sd_errors_log (admin\\class-system-dashboard-admin.php:9880)",{"nodes":753,"edges":758},[754,756],{"id":583,"type":584,"label":594,"file":419,"line":755},9895,{"id":588,"type":589,"label":604,"file":419,"line":757,"wp_function":605},9905,[759],{"from":583,"to":588,"sanitized":656},{"entryPoint":761,"graph":762,"unsanitizedCount":476,"severity":84},"sd_server_location (admin\\class-system-dashboard-admin.php:1472)",{"nodes":763,"edges":768},[764,765,766,767],{"id":583,"type":584,"label":594,"file":419,"line":595},{"id":588,"type":589,"label":598,"file":419,"line":440,"wp_function":439},{"id":593,"type":584,"label":594,"file":419,"line":595},{"id":597,"type":589,"label":604,"file":419,"line":440,"wp_function":605},[769,770],{"from":583,"to":588,"sanitized":316},{"from":593,"to":597,"sanitized":316},{"summary":772,"deductions":773},"The 'system-dashboard' plugin, version 2.8.21, presents a significant security risk primarily due to its extensive attack surface lacking proper authorization checks.  With 32 AJAX handlers, all identified as unprotected, an attacker could potentially trigger unauthorized actions.  While the code signals indicate a good general practice of using prepared statements for SQL queries and a decent rate of output escaping, the presence of dangerous functions like 'exec', 'shell_exec', and 'unserialize' alongside unsanitized paths in taint analysis is concerning. The high number of known CVEs (11), although none are currently unpatched, with a history of critical types like Missing Authorization and Path Traversal, suggests a recurring pattern of security weaknesses.  The plugin's past vulnerabilities, particularly those involving authorization and path manipulation, combined with the current lack of authentication on a large portion of its entry points, creates a favorable environment for attackers. Despite strengths in SQL and output handling, the fundamental flaws in authorization and the historical vulnerability profile demand immediate attention.",[774,777,780,782,784,786,789],{"reason":775,"points":776},"32 unprotected AJAX handlers",10,{"reason":778,"points":779},"Dangerous functions found (exec, shell_exec, unserialize)",15,{"reason":781,"points":779},"Flows with unsanitized paths (1 critical, 1 high)",{"reason":783,"points":776},"11 known CVEs with historical authorization\u002Fpath issues",{"reason":785,"points":776},"Missing nonce checks on 32 AJAX handlers",{"reason":787,"points":788},"Low rate of output escaping (79%)",5,{"reason":790,"points":245},"Bundled DataTables library (potential for outdated versions)","2026-03-16T19:10:19.679Z",{"wat":793,"direct":814},{"assetPaths":794,"generatorPatterns":803,"scriptPaths":804,"versionParams":805},[795,796,797,798,799,800,801,802],"\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fcss\u002Fsystem-dashboard-admin.css","\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fcss\u002Fjquery.json-viewer.css","\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fcss\u002Fdatatables.min.css","\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fcss\u002Ffomantic-ui\u002Faccordion.css","\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fjs\u002Fsystem-dashboard-admin.js","\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fjs\u002Fjquery.json-viewer.js","\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fjs\u002Fdatatables.min.js","\u002Fwp-content\u002Fplugins\u002Fsystem-dashboard\u002Fjs\u002Ffomantic-ui\u002Faccordion.js",[],[799,800,801,802],[806,807,808,809,810,811,812,813],"system-dashboard?ver=","system-dashboard-json-viewer?ver=","system-dashboard-datatables?ver=","system-dashboard-fomantic-ui-accordion?ver=","system-dashboard-admin.js?ver=","jquery.json-viewer.js?ver=","datatables.min.js?ver=","accordion.js?ver=",{"cssClasses":815,"htmlComments":822,"htmlAttributes":823,"restEndpoints":825,"jsGlobals":826,"shortcodeOutput":829},[816,817,818,819,820,821],"mc-collapsible","search-filter","field-parts","first-part","full-width","search-filter-additional-info",[],[824],"data-controls",[],[827,828],"System_Dashboard","jQuery",[]]