[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fPCj3vk1HixMBcyIWQYC9XSFq48iAZ-U_hratHUj9SMw":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":39,"analysis":138,"fingerprints":290},"text-control-2","Text Control","2.3.1","Frank Bueltge","https:\u002F\u002Fprofiles.wordpress.org\u002Fbueltge\u002F","\u003Cp>Text Control will allow you to choose from a variety of formatting syntaxes and encoding options. You can choose between Markdown, Textile 1, Textile 2, nl2br, WPautop, and “No Formatting” for formatting along with the choice of SmartyPants, WPTexturize or “No Encoding” for character encodings.\u003C\u002Fp>\n\u003Ch4>Localizations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Thanks to \u003Ca href=\"http:\u002F\u002Fbueltge.de\u002F\" title=\"Frank B&uuml;ltge\" rel=\"nofollow ugc\">Frank B&uuml;ltge\u003C\u002Fa> for german language file\u003C\u002Fli>\n\u003Cli>Thanks to \u003Ca href=\"http:\u002F\u002Fwww.inmotionhosting.com\u002F\" rel=\"nofollow ugc\">Brian Flores\u003C\u002Fa> for spanish translation\u003C\u002Fli>\n\u003Cli>Lithuanian translation files by \u003Ca href=\"http:\u002F\u002Fwww.host1plus.com\" rel=\"nofollow ugc\">Vincent G\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Not really a bug so much, but an issue: Textile 2 is freaking huge (145k > 4000 lines of code) so it can be quite a burden on your server. If you can get away with \u003Cem>not\u003C\u002Fem> using it, I highly reccomend you do so.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Additionally, in Textile 2 there is a feature that would grab an image via PHP and get it’s height and width for placing in the IMG tags. This has been disabled It literally took a post from 1 second to display straight to 6 seconds — completely unacceptable.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Acknowledgements\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Romanian language files, thanks to \u003Ca href=\"http:\u002F\u002Fwebhostinggeeks.com\u002F\" rel=\"nofollow ugc\">Alexander Ovsov\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Native Serbo-Croatian language files, thanks to \u003Ca href=\"http:\u002F\u002Fwww.webhostinghub.com\u002F\" rel=\"nofollow ugc\">Borisa Djuraskovic\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Licence\u003C\u002Fh4>\n\u003Cp>Good news, this plugin is free for everyone! Since it’s released under the GPL, you can use it free of charge on your personal or commercial blog. But if you enjoy this plugin, you can thank me and leave a \u003Ca href=\"http:\u002F\u002Fbueltge.de\u002Fwunschliste\u002F\" title=\"Wishliste and Donate\" rel=\"nofollow ugc\">small donation\u003C\u002Fa> for the time I’ve spent writing and supporting this plugin. And I really don’t want to know how many hours of my life this plugin has already eaten 😉\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cp>The plugin comes with various translations, please refer to the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FInstalling_WordPress_in_Your_Language\" title=\"Installing WordPress in Your Language\" rel=\"nofollow ugc\">WordPress Codex\u003C\u002Fa> for more information about activating the translation. If you want to help to translate the plugin to your language, please have a look at the .pot file which contains all defintions and may be used with a \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fsoftware\u002Fgettext\u002F\" rel=\"nofollow ugc\">gettext\u003C\u002Fa> editor like \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002F\" rel=\"nofollow ugc\">Poedit\u003C\u002Fa> (Windows) or plugin for WordPress \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fcodestyling-localization\u002F\" rel=\"ugc\">Localization\u003C\u002Fa>.\u003C\u002Fp>\n","Text Control will allow you to choose from a variety of formatting syntaxes and encoding options. You can choose between Markdown, Textile 1, Textile  &hellip;",100,14546,94,3,"2013-10-31T17:56:00.000Z","3.7.41","1.5","",[20,21,22,23],"encoding","format","formatting","post","http:\u002F\u002Fdev.wp-plugins.org\u002Fwiki\u002FTextControl","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftext-control-2.2.3.1.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":35,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"bueltge",5,101270,89,30,86,"2026-04-04T08:46:25.268Z",[40,58,78,100,121],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":11,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":56,"download_link":57,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"markdown-for-wordpress-and-bbpress","Markdown for WordPress and bbPress","1.0","mitcho (Michael Yoshitaka Erlewine)","https:\u002F\u002Fprofiles.wordpress.org\u002Fmitchoyoshitaka\u002F","\u003Cp>\u003Ca href=\"http:\u002F\u002Fdaringfireball.net\u002Fprojects\u002Fmarkdown\u002Fsyntax\" rel=\"nofollow ugc\">Markdown syntax\u003C\u002Fa> allows you to write using an easy-to-read, easy-to-write plain text format.\u003C\u002Fp>\n\u003Cp>Markdown for WordPress and bbPress (Markdown-WPBB) is based on the famed PHP Markdown Extra by \u003Ca href=\"http:\u002F\u002Fwww.michelf.com\u002Fprojects\u002Fphp-markdown\u002F\" rel=\"nofollow ugc\">Michel Fortin\u003C\u002Fa>, in turn based on the original Perl version by \u003Ca href=\"http:\u002F\u002Fwww.daringfireball.net\u002F\" rel=\"nofollow ugc\">John Gruber\u003C\u002Fa>. All I did was make the same package work with bbPress too. ^^\u003C\u002Fp>\n","A text-to-HTML conversion tool for web writers",60,13477,1,"2008-05-21T08:47:00.000Z","2.5.1","1.2",[20,21,22,23,55],"text","http:\u002F\u002Fmitcho.com\u002Fcode\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fmarkdown-for-wordpress-and-bbpress.1.0.zip",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":66,"downloaded":67,"rating":37,"num_ratings":68,"last_updated":69,"tested_up_to":70,"requires_at_least":71,"requires_php":18,"tags":72,"homepage":76,"download_link":77,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"advanced-excerpt","Advanced Excerpt","4.4.1","WPKube","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkube\u002F","\u003Cp>This plugin adds several improvements to WordPress’ default way of creating excerpts.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Keeps HTML markup in the excerpt (and you get to choose which tags are included)\u003C\u002Fli>\n\u003Cli>Trims the excerpt to a given length using either character count or word count\u003C\u002Fli>\n\u003Cli>Only the ‘real’ text is counted (HTML is ignored but kept)\u003C\u002Fli>\n\u003Cli>Customizes the excerpt length and the ellipsis character that are used\u003C\u002Fli>\n\u003Cli>Completes the last word or sentence in an excerpt (no weird cuts)\u003C\u002Fli>\n\u003Cli>Adds a \u003Cem>read-more\u003C\u002Fem> link to the text\u003C\u002Fli>\n\u003Cli>Ignores custom excerpts and use the generated one instead\u003C\u002Fli>\n\u003Cli>Theme developers can use \u003Ccode>the_advanced_excerpt()\u003C\u002Fcode> for even more control (see the FAQ)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Most of the above features are optional and\u002For can be customized by the user or theme developer.\u003C\u002Fp>\n\u003Cp>Banner image credit – \u003Ca href=\"https:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fchillihead\u002F\" rel=\"nofollow ugc\">chillihead\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Original plugin author – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fbasvd\" rel=\"nofollow ugc\">basvd\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Useful Resources\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwhat-is-wordpress\u002F\" rel=\"friend nofollow ugc\">What is WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-themes\" rel=\"friend nofollow ugc\">Fee Themes\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-plugins\u002F\" rel=\"friend nofollow ugc\">plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Control the appearance of WordPress post excerpts",80000,1542295,101,"2024-01-19T20:32:00.000Z","6.4.8","3.2",[73,74,22,23,75],"content","excerpt","post-excerpt","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-excerpt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-excerpt.4.4.1.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":37,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":97,"download_link":98,"security_score":99,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"raw-html","Raw HTML","1.6.4","Janis Elsts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwhiteshadow\u002F","\u003Cp>Lets you disable automatic formatting like smart quotes and automatic paragraph creation, and use raw HTML\u002FJS\u002FCSS code in your posts without WordPress messing it up.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With this plugin, you can wrap any part of your post in [raw]…[\u002Fraw] tags to prevent WordPress from converting newlines to HTML paragraphs, replacing apostrophes with typographic quotes and so on. This is very useful if you need to add a CSS block or JavaScript to your post.\u003C\u002Fp>\n\u003Cp>RawHTML will also add new checkboxes to the “Edit Post” screen that let you disable certain WP filters on a per-post basis. This way you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Disable wptexturize (the function that creates smart quotes and other typographic characters).\u003C\u002Fli>\n\u003Cli>Disable automatic paragraph creation.\u003C\u002Fli>\n\u003Cli>Disable image smilies. \u003C\u002Fli>\n\u003Cli>Disable convert_chars (the function that converts ampersands to HTML entities and “fixes” some Unicode characters).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The free version only supports editing posts in the Text tab (called “HTML” in older WordPress versions). \u003Ca href=\"http:\u002F\u002Frawhtmlpro.com\u002F?utm_source=wordpress.org&utm_medium=readme_link&utm_campaign=RawHTML%20free\" rel=\"nofollow ugc\">Get the Pro version\u003C\u002Fa> if you want to be able to switch between Text and the Visual editor without WordPress messing up your content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatibility\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin doesn’t fully support the Gutenberg editor. As of WordPress 5.0, some Raw HTML features will only work if you use the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor\u003C\u002Fa> plugin.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Usage\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To prevent a part of your post or page from being filtered by WordPress, switch to the Text\u002FHTML editor and wrap it in \u003Ccode>[raw]...[\u002Fraw]\u003C\u002Fcode> or \u003Ccode>\u003C!--raw-->...\u003C!--\u002Fraw-->\u003C\u002Fcode> tags. These two versions work exactly the same, except that the latter won’t be visible to your visitors even if you deactivate Raw HTML.\u003C\u002Fp>\n\u003Cp>\u003Cem>Example :\u003C\u002Fem>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[raw]\nThis \n\nis \n\na \"test\"!\n[\u002Fraw]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In this case, the tags will prevent WordPress from inserting paragraph breaks between “This”, “is” and “a “test””, as well as ensure that the double quotes arround “test” are not converted to typographic (curly) quotes.\u003C\u002Fp>\n\u003Cp>To avoid problems, only edit posts that contain your custom code in Text\u002FHTML mode. If you’d like to be able to also use the Visual editor, \u003Ca href=\"http:\u002F\u002Frawhtmlpro.com\u002F?utm_source=wordpress.org&utm_medium=readme_link&utm_campaign=RawHTML%20free\" rel=\"nofollow ugc\">get the Pro version\u003C\u002Fa>. It will make the code betwen [raw] tags appear as a read-only placeholder when viewed in Visual mode, ensuring WordPress doesn’t change it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Combining shortcodes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, shortcodes that are inside [raw] tags will not work. They will just show up as plain text. To enable shortcodes, add the \u003Ccode>shortcodes=1\u003C\u002Fcode> attribute to the tag:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>[raw shortcodes=1]This [shortcode] will be run.[\u002Fraw]\n\n[raw]This [shortcode] won't work.[\u002Fraw]\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cstrong>Preserving \u003Ccode>[raw]\u003C\u002Fcode> code in excerpts\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, the plugin will automatically remove any code that’s inside \u003Ccode>[raw]...[\u002Fraw]\u003C\u002Fcode> tags from post excerpts. You can prevent that by adding the following line to \u003Ccode>wp-config.php\u003C\u002Fcode>:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define('RAW_HTML_KEEP_RAW_IN_EXCERPTS', true);\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This will ensure that the plugin doesn’t strip \u003Ccode>[raw]\u003C\u002Fcode> blocks from automatically generated excerpts.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Some features of Raw HTML will only work for users who have the “unfiltered_html” capability. In a normal WordPress install that includes the Editor and Administrator roles. In a Multisite install, only the Super Admin has this capability by default.\u003C\u002Fp>\n","Lets you use raw HTML or any other code in your posts. You can also disable smart quotes and other automatic formatting on a per-post basis.",10000,586247,33,"2024-11-11T15:00:00.000Z","6.7.5","2.8",[93,22,94,95,96],"css","html","javascript","posts","http:\u002F\u002Fw-shadow.com\u002Fblog\u002F2007\u002F12\u002F13\u002Fraw-html-in-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fraw-html.1.6.4.zip",92,{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":86,"downloaded":108,"rating":109,"num_ratings":110,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":119,"download_link":120,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"toggle-wpautop","Toggle wpautop","1.3.0","Jonathan Desrosiers","https:\u002F\u002Fprofiles.wordpress.org\u002Fdesrosj\u002F","\u003Cp>\u003Cstrong>Note: This plugin does not support the block editor but should continue to work without issue when using it with custom post types and the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor Plugin\u003C\u002Fa>.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Before WordPress displays a post’s content, the content gets passed through multiple filters to ensure that it safely appears how you enter it within the editor.\u003C\u002Fp>\n\u003Cp>One of these filters is \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa>, which replaces double line breaks with \u003Ccode>\u003Cp>\u003C\u002Fcode> tags, and single line breaks with \u003Ccode>\u003Cbr \u002F>\u003C\u002Fcode> tags. However, this filter sometimes causes issues when you are inputting a lot of HTML markup in the post editor.\u003C\u002Fp>\n\u003Cp>This plugin displays a checkbox in the publish meta box of the post edit screen that disables the \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FFunction_Reference\u002Fwpautop\" title=\"wpautop\" rel=\"nofollow ugc\">wpautop\u003C\u002Fa> filter for that post.\u003C\u002Fp>\n\u003Cp>Also adds a ‘wpautop’, or ‘no-wpautop’ class to the post_class filter to help with CSS styling.\u003C\u002Fp>\n","Easily disable the default wpautop filter on a post by post basis.",108022,98,32,"2021-04-07T13:35:00.000Z","5.7.15","3.0","5.6",[116,74,22,117,118],"editor","post-content","wpautop","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftoggle-wpautop","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoggle-wpautop.1.3.0.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":129,"downloaded":130,"rating":11,"num_ratings":14,"last_updated":131,"tested_up_to":132,"requires_at_least":133,"requires_php":18,"tags":134,"homepage":136,"download_link":137,"security_score":26,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-russian-typograph","WP Typograph Lite","2.3.5","marapper","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarapper\u002F","\u003Cp>Рекомендуется для большинства блогов на русском языке.\u003C\u002Fp>\n\u003Cp>Плагин \u003Ca href=\"http:\u002F\u002Fiskariot.ru\u002Fwordpress\u002Ftypo\u002F#typo-light\" rel=\"nofollow ugc\">WP Typograph Lite\u003C\u002Fa> предназначен для автоматического форматирования текста в соответствии с правилами русской типографики. Обрабатывает все основные блоки – заголовки, тексты постов и страниц, комментарии. Форматирование происходит при отображении страницы, без изменения исходного текста постов.\u003C\u002Fp>\n\u003Cp>\u003Cem>Желательно использовать плагин с включенным кешированием WordPress\u003C\u002Fem>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Основная функциональность\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Правильные кавычки («елочки и вложенные „лапки“»).\u003C\u002Fli>\n\u003Cli>Длинное тире между словами — не отрывая от предыдущего слова.\u003C\u002Fli>\n\u003Cli>— Черта, — в диалогах.\u003C\u002Fli>\n\u003Cli>Интервальные тире в датах и периодах (13 ноября—25 декабря).\u003C\u002Fli>\n\u003Cli>Минус между цифрами 0–9.\u003C\u002Fli>\n\u003Cli>Многоточие — тремя точками…\u003C\u002Fli>\n\u003Cli>Убирает точку в конце заголовка поста.\u003C\u002Fli>\n\u003Cli>В тегах \u003Ccode>, \u003Cpre> и \u003Cscript> (и некоторых других) текст не изменяет.\u003C\u002Fli>\n\u003Cli>В теге \u003Ccode> автоматически заменяет \u003C на \u003C, исправляет кавычки на машинописные для корректного копирования-вставки.\u003C\u002Fli>\n\u003Cli>Заменяет функцию фильтрации HTML (wpautop), исправляет ошибки визуального редактора со вставкой тегов.\u003C\u002Fli>\n\u003Cli>Форматирует некоторые спецсимволы, такие как ½, ©, ™ и др.\u003C\u002Fli>\n\u003Cli>Делает ссылки в комментариях кликабельными (с http и www), автоматически сокращая якорь в длинных ссылках.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-typograph-full\u002F\" rel=\"ugc\">Полная версия\u003C\u002Fa> позволяет управлять неразрывными конструкциями и автоматическими исправлениями, обладает гибкими настройками.\u003C\u002Fp>\n","Russian typography for Wordpress. Lite version.",2000,43001,"2017-11-28T18:11:00.000Z","2.7.1","2.0.2",[22,23,96,55,135],"typograph","http:\u002F\u002Fiskariot.ru\u002Fwordpress\u002Ftypo\u002F#typo-light","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-russian-typograph.2.3.5.zip",{"attackSurface":139,"codeSignals":186,"taintFlows":218,"riskAssessment":277,"analyzedAt":289},{"hooks":140,"ajaxHandlers":182,"restRoutes":183,"shortcodes":184,"cronEvents":185,"entryPointCount":27,"unprotectedCount":27},[141,148,152,157,161,164,168,171,175,178],{"type":142,"name":143,"callback":144,"priority":145,"file":146,"line":147},"filter","plugin_action_links","tc_filter_plugin_actions",10,"text-control.php",69,{"type":142,"name":149,"callback":150,"file":146,"line":151},"dbx_post_advanced","tc_post_admin_footer",336,{"type":153,"name":154,"callback":155,"file":146,"line":156},"action","init","tc_textdomain",472,{"type":153,"name":158,"callback":159,"file":146,"line":160},"admin_menu","tc_add_settings_page",473,{"type":153,"name":158,"callback":162,"file":146,"line":163},"tc_add_custom_box",474,{"type":142,"name":165,"callback":166,"file":146,"line":167},"edit_post","tc_post_edit_post",475,{"type":142,"name":169,"callback":166,"file":146,"line":170},"publish_post",476,{"type":142,"name":172,"callback":173,"file":146,"line":174},"the_content","tc_post",480,{"type":142,"name":176,"callback":173,"file":146,"line":177},"the_excerpt",484,{"type":142,"name":179,"callback":180,"file":146,"line":181},"comment_text","tc_comment",488,[],[],[],[],{"dangerousFunctions":187,"sqlUsage":200,"outputEscaping":202,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":50,"bundledLibraries":217},[188,193,197],{"fn":189,"file":190,"line":191,"context":192},"preg_replace(\u002Fe)","text-control\\textile2.php",1492,"preg_replace('\u002F\\&\\#(\\d+);\u002Fe'",{"fn":194,"file":190,"line":195,"context":196},"create_function",2628,"$text = (($f = create_function('$text, $param', $filters[$filter])) ? $f($text, $param) : $text);",{"fn":194,"file":190,"line":198,"context":199},3247,"return create_function('$m', '$me =& Textile::_current(); return ' . $function . ';');",{"prepared":27,"raw":27,"locations":201},[],{"escaped":203,"rawEcho":33,"locations":204},6,[205,209,211,213,215],{"file":206,"line":207,"context":208},"text-control\\textile1.php",263,"raw output",{"file":146,"line":210,"context":208},159,{"file":146,"line":212,"context":208},167,{"file":146,"line":214,"context":208},295,{"file":146,"line":216,"context":208},297,[],[219,259],{"entryPoint":220,"graph":221,"unsanitizedCount":257,"severity":258},"tc_post_option_page (text-control.php:149)",{"nodes":222,"edges":251},[223,228,233,237,239,243,245,249],{"id":224,"type":225,"label":226,"file":146,"line":227},"n0","source","$_POST['tc_post_format']",156,{"id":229,"type":230,"label":231,"file":146,"line":227,"wp_function":232},"n1","sink","update_option() [Settings Manipulation]","update_option",{"id":234,"type":225,"label":235,"file":146,"line":236},"n2","$_POST['tc_post_encoding']",157,{"id":238,"type":230,"label":231,"file":146,"line":236,"wp_function":232},"n3",{"id":240,"type":225,"label":241,"file":146,"line":242},"n4","$_POST['tc_comment_format']",164,{"id":244,"type":230,"label":231,"file":146,"line":242,"wp_function":232},"n5",{"id":246,"type":225,"label":247,"file":146,"line":248},"n6","$_POST['tc_comment_encoding']",165,{"id":250,"type":230,"label":231,"file":146,"line":248,"wp_function":232},"n7",[252,254,255,256],{"from":224,"to":229,"sanitized":253},false,{"from":234,"to":238,"sanitized":253},{"from":240,"to":244,"sanitized":253},{"from":246,"to":250,"sanitized":253},4,"low",{"entryPoint":260,"graph":261,"unsanitizedCount":27,"severity":258},"\u003Ctext-control> (text-control.php:0)",{"nodes":262,"edges":271},[263,264,265,266,267,268,269,270],{"id":224,"type":225,"label":226,"file":146,"line":227},{"id":229,"type":230,"label":231,"file":146,"line":227,"wp_function":232},{"id":234,"type":225,"label":235,"file":146,"line":236},{"id":238,"type":230,"label":231,"file":146,"line":236,"wp_function":232},{"id":240,"type":225,"label":241,"file":146,"line":242},{"id":244,"type":230,"label":231,"file":146,"line":242,"wp_function":232},{"id":246,"type":225,"label":247,"file":146,"line":248},{"id":250,"type":230,"label":231,"file":146,"line":248,"wp_function":232},[272,274,275,276],{"from":224,"to":229,"sanitized":273},true,{"from":234,"to":238,"sanitized":273},{"from":240,"to":244,"sanitized":273},{"from":246,"to":250,"sanitized":273},{"summary":278,"deductions":279},"The \"text-control-2\" v2.3.1 plugin presents a mixed security picture. On one hand, the absence of known vulnerabilities in its history and a robust approach to SQL queries (100% prepared statements) are positive indicators. The plugin also has a very small attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events that lack authentication or permission checks.\n\nHowever, the static analysis reveals several significant concerns. The presence of dangerous functions like `preg_replace(\u002Fe)` and `create_function` warrants careful scrutiny, as these are common sources of remote code execution vulnerabilities if not handled with extreme care. While no critical or high severity taint flows were detected, one flow with an unsanitized path indicates a potential weakness where user-supplied data might not be adequately validated before being used in a sensitive operation. Furthermore, the output escaping is only 55% proper, meaning a significant portion of output could be vulnerable to cross-site scripting (XSS) attacks.\n\nThe plugin's lack of vulnerability history could be interpreted positively as a sign of good security practices, or it could simply mean that the plugin has not been thoroughly scrutinized or targeted. Despite the strengths in SQL handling and attack surface, the identified dangerous functions and the unsanitized taint flow, coupled with insufficient output escaping, suggest a moderate to high risk. Further investigation into the specific implementations of these dangerous functions and the unsanitized taint flow is strongly recommended to determine the actual exploitability.",[280,283,285,287],{"reason":281,"points":282},"Dangerous functions present (preg_replace(\u002Fe), create_function)",15,{"reason":284,"points":145},"Unsanitized taint flow detected",{"reason":286,"points":33},"Insufficient output escaping (55% proper)",{"reason":288,"points":33},"No nonce checks on entry points","2026-03-16T20:34:28.908Z",{"wat":291,"direct":300},{"assetPaths":292,"generatorPatterns":297,"scriptPaths":298,"versionParams":299},[293,294,295,296],"\u002Fwp-content\u002Fplugins\u002Ftext-control-2\u002Ftext-control\u002Ftextile1.php","\u002Fwp-content\u002Fplugins\u002Ftext-control-2\u002Ftext-control\u002Ftextile2.php","\u002Fwp-content\u002Fplugins\u002Ftext-control-2\u002Ftext-control\u002Fmarkdown.php","\u002Fwp-content\u002Fplugins\u002Ftext-control-2\u002Ftext-control\u002Fsmartypants.php",[],[],[],{"cssClasses":301,"htmlComments":302,"htmlAttributes":303,"restEndpoints":308,"jsGlobals":309,"shortcodeOutput":310},[],[],[304,305,306,307],"name=\"tc_post_format\"","name=\"tc_post_encoding\"","name=\"tc_comment_format\"","name=\"tc_comment_encoding\"",[],[],[]]