[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fWGFXM9yvroxRboUp_y0dIoBZdjVlCvDazsrV1nmewVE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":37,"analysis":132,"fingerprints":351},"system-information","System information","1.0.1","philippe","https:\u002F\u002Fprofiles.wordpress.org\u002Fppaquet\u002F","\u003Cp>Adds a system information page that include all the details on your WordPress configuration. That include server details, php configuration, WordPress configuration, current theme details, plugins details and hooks details. That allows for an easy copy\u002Fpaste of the information you usually need to communicate to plugin authors for support.\u003C\u002Fp>\n","Adds a system information page that include all the details on your WordPress configuration.",10,3844,0,"2014-02-09T08:22:00.000Z","3.7.41","2.5","",[19,20,21,22,23],"admin","configuration","debug","debugging","dump","http:\u002F\u002Fwww.joeswebtools.com\u002Fwordpress-plugins\u002Fsystem-information\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsystem-information.1.0.1.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":26,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"ppaquet",9,1190,30,84,"2026-04-04T16:24:30.211Z",[38,59,78,98,116],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":17,"tags":53,"homepage":56,"download_link":57,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":58},"phpinfo","Phpinfo","1.1","Roland Rust","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpdprx\u002F","\u003Cp>Prints out your webservers php settings as well as other information about your WordPress installation.\u003Cbr \u002F>\nImportant for posting at various WordPress support forums.\u003C\u002Fp>\n","Prints out your webservers php settings as well as other information about your WordPress installation.",100,16305,70,2,"2007-09-14T07:38:00.000Z","2.2.2","1.5",[20,22,39,54,55],"server","troubleshooting","http:\u002F\u002Fwordpress.designpraxis.at","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fphpinfo.zip","2026-03-15T15:16:48.613Z",{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":67,"downloaded":68,"rating":13,"num_ratings":13,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":72,"tags":73,"homepage":76,"download_link":77,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":58},"dev-info-bar","Dev Info Bar","1.0.2","istvankrucsanyica","https:\u002F\u002Fprofiles.wordpress.org\u002Fistvankrucsanyica\u002F","\u003Cp>A simple WordPress extension which adds itself to the admin bar, providing system information such as PHP, MySQL version and  details of the WordPress being used.\u003C\u002Fp>\n","A simple WordPress extension which adds itself to the admin bar, providing system information such as PHP, MySQL version and  details of the WordPress &hellip;",80,2303,"2019-01-21T19:14:00.000Z","5.0.25","4.5","5.6",[19,74,22,75,54],"admin-bar","environment","http:\u002F\u002Fistvankrucsanyica.com\u002Fdevinfobar\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdev-info-bar.1.0.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":13,"num_ratings":13,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":17,"tags":91,"homepage":96,"download_link":97,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":58},"admin-bar-queries","Admin Bar Queries","0.5.21","carmelosantana","https:\u002F\u002Fprofiles.wordpress.org\u002Fcarmelosantana\u002F","\u003Cp>Adds MySQL queries, rendering time (in seconds), and CPU load to your admin bar. If installed on a multi-site installation, output is restricted to super admins.\u003C\u002Fp>\n","MySQL queries and load details added to your admin bar.",20,3586,"2016-12-09T02:21:00.000Z","4.7.32","3.1",[92,22,93,94,95],"adminbar","mysql","mysql-queries","script-timer","http:\u002F\u002Fcarmelosantana.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadmin-bar-queries.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":11,"downloaded":106,"rating":46,"num_ratings":107,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":17,"tags":111,"homepage":114,"download_link":115,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":58},"apermo-xdebug","Apermo Xdebug","1.2.2","Christoph Daum","https:\u002F\u002Fprofiles.wordpress.org\u002Fapermo\u002F","\u003Cp>This plugin helps you to read Xdebug messages inside the WordPress backend, without the need to adjust them everytime.\u003Cbr \u002F>\nIt simply indents the Xdebug messages, so that these are no longer partly hidden underneath the admin menu.\u003Cbr \u002F>\nAnd it will also give you links to directly search for the error message on Google or Stackoverflow.\u003C\u002Fp>\n\u003Cp>If you have issues or want to help \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fapermo\u002Fapermo-xdebug\" rel=\"nofollow ugc\">head over to GitHub\u003C\u002Fa>!\u003C\u002Fp>\n","This plugin helps developers that use Xdebug.",2111,1,"2018-06-21T12:49:00.000Z","4.9.29","4.6.0",[19,21,22,112,113],"developer","development","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fapermo-xdebug\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fapermo-xdebug.1.2.2.zip",{"slug":117,"name":118,"version":119,"author":120,"author_profile":121,"description":122,"short_description":123,"active_installs":11,"downloaded":124,"rating":46,"num_ratings":107,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":17,"tags":128,"homepage":130,"download_link":131,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":58},"pretty-debug","Pretty Debug","1.0","wycks","https:\u002F\u002Fprofiles.wordpress.org\u002Fwycks\u002F","\u003Cp>Make var_dump’s and print_r’s more readable\u003C\u002Fp>\n\u003Cp>Function output references with \u003Ca href=\"http:\u002F\u002Fqueryposts.com\" rel=\"nofollow ugc\">http:\u002F\u002Fqueryposts.com\u003C\u002Fa> API when possible.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use \u003Ccode>r\u003C\u002Fcode> instead of \u003Ccode>var_dump\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>Use \u003Ccode>rt\u003C\u002Fcode> for text mode.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For example:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>r($GLOBALS['wp_query']->get_posts());\nrt($GLOBALS['wp_query']->get_posts());\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Notes :\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Probably doesn’t work in ie\u003C\u002Fli>\n\u003Cli>Don’t use this on a production site but you probably already know that\u003C\u002Fli>\n\u003Cli>More usage \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdigitalnature\u002Fphp-ref\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fdigitalnature\u002Fphp-ref\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All the work was done by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdigitalnature\" rel=\"nofollow ugc\">digitalnature\u003C\u002Fa> I just wrapped it into a WordPress plugin and changed the look for inline debugging.\u003C\u002Fp>\n\u003Cp>Please report issues to:  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwycks\u002FWP-Pretty-Debug\" rel=\"nofollow ugc\">https:\u002F\u002Fgithub.com\u002Fwycks\u002FWP-Pretty-Debug\u003C\u002Fa>\u003C\u002Fp>\n","A WordPress plugin that makes var_dump and print_r pretty!",1815,"2013-07-12T00:38:00.000Z","3.5.2","3.5",[21,22,129],"var_dump","https:\u002F\u002Fgithub.com\u002Fwycks\u002FWP-Pretty-Debug","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpretty-debug.1.0.zip",{"attackSurface":133,"codeSignals":145,"taintFlows":281,"riskAssessment":336,"analyzedAt":350},{"hooks":134,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":13,"unprotectedCount":13},[135],{"type":136,"name":137,"callback":138,"file":139,"line":140},"action","admin_menu","add_system_information_menu","system-information.php",257,[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":280},[],{"prepared":13,"raw":13,"locations":148},[],{"escaped":13,"rawEcho":150,"locations":151},64,[152,155,157,159,161,163,165,167,169,171,173,175,177,178,180,182,184,186,188,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,226,228,230,232,234,236,238,240,242,244,246,248,250,252,254,256,258,260,262,264,266,268,270,272,274,276,278],{"file":139,"line":153,"context":154},74,"raw output",{"file":139,"line":156,"context":154},75,{"file":139,"line":158,"context":154},76,{"file":139,"line":160,"context":154},77,{"file":139,"line":162,"context":154},81,{"file":139,"line":164,"context":154},87,{"file":139,"line":166,"context":154},88,{"file":139,"line":168,"context":154},94,{"file":139,"line":170,"context":154},96,{"file":139,"line":172,"context":154},97,{"file":139,"line":174,"context":154},98,{"file":139,"line":176,"context":154},99,{"file":139,"line":46,"context":154},{"file":139,"line":179,"context":154},101,{"file":139,"line":181,"context":154},102,{"file":139,"line":183,"context":154},103,{"file":139,"line":185,"context":154},104,{"file":139,"line":187,"context":154},105,{"file":139,"line":189,"context":154},106,{"file":139,"line":191,"context":154},107,{"file":139,"line":193,"context":154},108,{"file":139,"line":195,"context":154},109,{"file":139,"line":197,"context":154},110,{"file":139,"line":199,"context":154},111,{"file":139,"line":201,"context":154},112,{"file":139,"line":203,"context":154},113,{"file":139,"line":205,"context":154},114,{"file":139,"line":207,"context":154},115,{"file":139,"line":209,"context":154},116,{"file":139,"line":211,"context":154},117,{"file":139,"line":213,"context":154},118,{"file":139,"line":215,"context":154},119,{"file":139,"line":217,"context":154},120,{"file":139,"line":219,"context":154},121,{"file":139,"line":221,"context":154},122,{"file":139,"line":223,"context":154},123,{"file":139,"line":225,"context":154},124,{"file":139,"line":227,"context":154},125,{"file":139,"line":229,"context":154},126,{"file":139,"line":231,"context":154},127,{"file":139,"line":233,"context":154},128,{"file":139,"line":235,"context":154},129,{"file":139,"line":237,"context":154},130,{"file":139,"line":239,"context":154},131,{"file":139,"line":241,"context":154},132,{"file":139,"line":243,"context":154},133,{"file":139,"line":245,"context":154},134,{"file":139,"line":247,"context":154},135,{"file":139,"line":249,"context":154},136,{"file":139,"line":251,"context":154},137,{"file":139,"line":253,"context":154},138,{"file":139,"line":255,"context":154},139,{"file":139,"line":257,"context":154},140,{"file":139,"line":259,"context":154},141,{"file":139,"line":261,"context":154},148,{"file":139,"line":263,"context":154},149,{"file":139,"line":265,"context":154},158,{"file":139,"line":267,"context":154},160,{"file":139,"line":269,"context":154},162,{"file":139,"line":271,"context":154},164,{"file":139,"line":273,"context":154},165,{"file":139,"line":275,"context":154},179,{"file":139,"line":277,"context":154},180,{"file":139,"line":279,"context":154},181,[],[282,318],{"entryPoint":283,"graph":284,"unsanitizedCount":316,"severity":317},"system_information_page (system-information.php:46)",{"nodes":285,"edges":310},[286,290,295,298,300,303,305,308],{"id":287,"type":288,"label":289,"file":139,"line":153},"n0","source","$_SERVER['SERVER_SOFTWARE']",{"id":291,"type":292,"label":293,"file":139,"line":153,"wp_function":294},"n1","sink","echo() [XSS]","echo",{"id":296,"type":288,"label":297,"file":139,"line":156},"n2","$_SERVER['SERVER_NAME']",{"id":299,"type":292,"label":293,"file":139,"line":156,"wp_function":294},"n3",{"id":301,"type":288,"label":302,"file":139,"line":158},"n4","$_SERVER['SERVER_ADDR']",{"id":304,"type":292,"label":293,"file":139,"line":158,"wp_function":294},"n5",{"id":306,"type":288,"label":307,"file":139,"line":160},"n6","$_SERVER['SERVER_PORT']",{"id":309,"type":292,"label":293,"file":139,"line":160,"wp_function":294},"n7",[311,313,314,315],{"from":287,"to":291,"sanitized":312},false,{"from":296,"to":299,"sanitized":312},{"from":301,"to":304,"sanitized":312},{"from":306,"to":309,"sanitized":312},4,"medium",{"entryPoint":319,"graph":320,"unsanitizedCount":316,"severity":335},"\u003Csystem-information> (system-information.php:0)",{"nodes":321,"edges":330},[322,323,324,325,326,327,328,329],{"id":287,"type":288,"label":289,"file":139,"line":153},{"id":291,"type":292,"label":293,"file":139,"line":153,"wp_function":294},{"id":296,"type":288,"label":297,"file":139,"line":156},{"id":299,"type":292,"label":293,"file":139,"line":156,"wp_function":294},{"id":301,"type":288,"label":302,"file":139,"line":158},{"id":304,"type":292,"label":293,"file":139,"line":158,"wp_function":294},{"id":306,"type":288,"label":307,"file":139,"line":160},{"id":309,"type":292,"label":293,"file":139,"line":160,"wp_function":294},[331,332,333,334],{"from":287,"to":291,"sanitized":312},{"from":296,"to":299,"sanitized":312},{"from":301,"to":304,"sanitized":312},{"from":306,"to":309,"sanitized":312},"low",{"summary":337,"deductions":338},"The \"system-information\" plugin v1.0.1 exhibits a mixed security posture.  On the positive side, it demonstrates strong adherence to secure coding practices by avoiding dangerous functions, utilizing prepared statements exclusively for SQL queries, and having no file operations or external HTTP requests.  The lack of known CVEs in its history also suggests a potentially stable codebase.\n\nHowever, significant concerns arise from the static analysis. The most critical finding is that 100% of outputs are not properly escaped. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, as any user-controlled data that is outputted by the plugin could potentially be injected with malicious scripts. Additionally, the taint analysis reveals two flows with unsanitized paths, which, while not flagged as critical or high severity in this report, warrant investigation as they could lead to unexpected behavior or potential vulnerabilities if data is not handled correctly.\n\nIn conclusion, while the plugin has a clean vulnerability history and employs good practices in areas like SQL and file handling, the complete lack of output escaping is a critical flaw. This, combined with the presence of unsanitized paths, significantly elevates the risk associated with this plugin. The absence of nonces and capability checks on any entry points (though none were identified) also means that if any were introduced in future versions without proper checks, the plugin would be vulnerable.",[339,342,345,348],{"reason":340,"points":341},"100% of outputs unescaped",15,{"reason":343,"points":344},"Unsanitized paths in taint analysis",6,{"reason":346,"points":347},"No nonce checks identified",5,{"reason":349,"points":347},"No capability checks identified","2026-03-16T23:34:58.869Z",{"wat":352,"direct":357},{"assetPaths":353,"generatorPatterns":354,"scriptPaths":355,"versionParams":356},[],[],[],[],{"cssClasses":358,"htmlComments":364,"htmlAttributes":365,"restEndpoints":371,"jsGlobals":372,"shortcodeOutput":373},[359,360,361,362,363],"wrap","poststuff","ui-sortable","postbox","opened",[],[366,367,368,359,369,370],"readonly","rows","cols","style","onfocus",[],[],[]]