[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLEZAz7RocezPPvhWEjBpx36eElefw-U02BEBgRp_qvY":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":21,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":24,"vulnerabilities":25,"developer":26,"crawl_stats":23,"alternatives":33,"analysis":138,"fingerprints":293},"theme-bakery","Theme Bakery","0.2","shazdeh","https:\u002F\u002Fprofiles.wordpress.org\u002Fshazdeh\u002F","\u003Cp>This plugin enables you to generate a new theme, based on the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FAutomattic\u002F_s\" rel=\"nofollow ugc\">_S\u003C\u002Fa> theme.\u003C\u002Fp>\n","A simple tool that allows you to generate a new blank theme (uses _S theme).",10,2120,0,"2012-08-16T21:11:00.000Z","3.3.2","3.0","",[19,20],"theme","utility","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-bakery.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":28,"avg_security_score":29,"avg_patch_time_days":30,"trust_score":31,"computed_at":32},24,4480,86,30,84,"2026-04-04T15:06:48.582Z",[34,55,77,92,113],{"slug":35,"name":36,"version":37,"author":38,"author_profile":39,"description":40,"short_description":41,"active_installs":42,"downloaded":43,"rating":44,"num_ratings":45,"last_updated":46,"tested_up_to":47,"requires_at_least":16,"requires_php":17,"tags":48,"homepage":52,"download_link":53,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":54},"theme-inspector","Theme Inspector","4.0.1","Melissa Cabral","https:\u002F\u002Fprofiles.wordpress.org\u002Fmelissa-cabral\u002F","\u003Cp>A simple, lightweight plugin that displays useful technical information on pages and posts to aid in developing WordPress Classic themes. Provides quick access to things that are sometimes hidden, like post\u002Fpage ID, slug, taxonomy terms, and post type slug. Theme Inspector tells you exactly what conditional tags are true on each view, and what template file loaded on each page view.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Use In Conjunction with the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fdrawings\u002Fd\u002F1hJ0MpHO3HKBT5KsTpGtc_gDYZ5pi-HyxNcRtmPBBULE\" rel=\"nofollow ugc\">WP Template Hierarchy Document\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Theme Inspector is only visible to logged in Administrators.\u003C\u002Fli>\n\u003Cli>Appears on the right-side of the Toolbar (admin bar).\u003C\u002Fli>\n\u003C\u002Ful>\n","A developer's inspector to illuminate the WordPress Template Hierarchy and help with building WordPress Classic themes.",400,14730,94,11,"2023-02-13T19:10:00.000Z","6.1.10",[49,50,51,19,20],"developer","inspector","template","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftheme-inspector","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-inspector.zip","2026-03-15T15:16:48.613Z",{"slug":56,"name":57,"version":58,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":63,"downloaded":64,"rating":13,"num_ratings":13,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":74,"download_link":75,"security_score":76,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":54},"wowholic-core","Wowholic CORE","1.1.3","Wowholic","https:\u002F\u002Fprofiles.wordpress.org\u002Fwowholic\u002F","\u003Ch3>CORE: WordPress utilities\u003C\u002Fh3>\n\u003Cp>CORE is a utility-based, unintrusive WordPress plugin. It offers a simple UI to tweak many sensible default settings to quickstart your new fresh WordPress project. It’s recommended for developers building custom themes with ACF.\u003C\u002Fp>\n\u003Cp>CORE builds on top of Wowholic’s +5 years of experience developing fully custom WordPress sites, for all sorts of customers and industries. We made this plugin to be more efficient and productive in our own work, and we hope it helps you too!\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Clean up unnecessary WordPress’ defaults:\n\u003Cul>\n\u003Cli>Remove comments widget styles\u003C\u002Fli>\n\u003Cli>Remove WP version from RSS feed\u003C\u002Fli>\n\u003Cli>Remove Gutenberg block library CSS (only if Classic Editor plugin is active)\u003C\u002Fli>\n\u003Cli>Remove RSD link\u003C\u002Fli>\n\u003Cli>Remove post, category and comment feed links\u003C\u002Fli>\n\u003Cli>Remove Windows Live Writer link\u003C\u002Fli>\n\u003Cli>Remove canonical link\u003C\u002Fli>\n\u003Cli>Remove shortlink\u003C\u002Fli>\n\u003Cli>Remove relational adjacent links\u003C\u002Fli>\n\u003Cli>Remove emoji detection script and styles\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Disable Theme & Plugin Editors, Widgets Admin Page, Default Post Type and Comments\u003C\u002Fli>\n\u003Cli>Set up some default redirections (archives, attachment pages…)\u003C\u002Fli>\n\u003Cli>Set up a visual grid on different breakpoints for debugging layout styles\u003C\u002Fli>\n\u003Cli>Enable layout spacing utility for debugging distances between elements (using \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fstevenlei\u002Fspacingjs\" rel=\"nofollow ugc\">spacingjs\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>Add custom format options to TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow removing unnecessary buttons from TinyMCE \u003Cem>(only if Classic Editor is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable Theme Options \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Add label next to Flexible Content Layout name \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Allow shortcodes in excerpts, textareas and text fields \u003Cem>(only if ACF is active)\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Enable pretty Search URL\u003C\u002Fli>\n\u003Cli>Enable \u003Ccode>[email]\u003C\u002Fcode> shortcode for antispam\u003C\u002Fli>\n\u003Cli>Change WordPress’ upload size limit\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these features are contextual, which means that they won’t show or work unless some condition is met (usually, if a given plugin is active or not).\u003C\u002Fp>\n\u003Ch3>Community Feedback\u003C\u002Fh3>\n\u003Cp>Although already providing many features, this plugin is still in its early stages of development. Please reach out to us for any constructive feedback you might have!\u003C\u002Fp>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>If you want to read contributing guidelines, you can find them at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>\u003C\u002Fp>\n","CORE makes you faster and more efficient when developing custom WordPress sites.",40,2316,"2025-12-04T09:20:00.000Z","6.9.4","5.6","7.0",[70,71,72,73,20],"custom-themes","development","efficiency","productivity","https:\u002F\u002Fgithub.com\u002FWowholic\u002FCORE","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwowholic-core.1.1.3.zip",100,{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":11,"downloaded":85,"rating":13,"num_ratings":13,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":17,"tags":89,"homepage":90,"download_link":91,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":54},"chunks","Chunks","1.1","Konstantin Kovshenin","https:\u002F\u002Fprofiles.wordpress.org\u002Fkovshenin\u002F","\u003Cp>Chunks is for theme developers that have their themes filled with footer notes, copyright notices, block titles and descriptions, slogans, etc, which are sometimes hard-coded into the theme, sometimes localized (can be changed in po and mo files) and sometimes taken out to the theme options.\u003C\u002Fp>\n\u003Cp>Chunks will do the job for you. A “chunk” is a piece of HTML code that could be inserted anywhere in your theme and edited from the Theme Chunks page under Appearance in your admin panel. Use register_chunks() in your functions.php to register chunks for your theme and use the chunk() to get the chunk value anywhere in your template files.\u003C\u002Fp>\n\u003Cp>It’ll take you 5 minutes to implement Chunks in your theme: \u003Ca href=\"http:\u002F\u002Fkovshenin.com\u002Fwordpress\u002Fplugins\u002Fchunks\u002F\" title=\"Getting Started with Chunks\" rel=\"nofollow ugc\">Getting Started with Chunks\u003C\u002Fa>\u003C\u002Fp>\n","Chunks is about managing tiny bits of content on your WordPress site.",3654,"2011-06-17T19:26:00.000Z","3.1.4","2.8",[78,19,20],"http:\u002F\u002Fkovshenin.com\u002Fwordpress\u002Fplugins\u002Fchunks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fchunks.1.1.zip",{"slug":93,"name":94,"version":95,"author":96,"author_profile":97,"description":98,"short_description":99,"active_installs":13,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":68,"tags":106,"homepage":111,"download_link":112,"security_score":22,"vuln_count":13,"unpatched_count":13,"last_vuln_date":23,"fetched_at":54},"arya-switch-theme","Arya Switch Theme","1.0.0","Arya Themes","https:\u002F\u002Fprofiles.wordpress.org\u002Faryathemes\u002F","\u003Cp>Allows users to choose and preview all WordPress themes installed without\u003Cbr \u002F>\nactivation or deactivation for demonstration purposes.\u003C\u002Fp>\n\u003Ch4>Usage\u003C\u002Fh4>\n\u003Cpre>\u003Ccode>https:\u002F\u002Fexample.com\u002F?theme=slug-theme\nhttps:\u002F\u002Fexample.com\u002F?theme=slug-theme&child=slug-child-theme\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Allows users to choose and preview all WordPress themes installed without",1231,60,2,"2019-05-22T19:03:00.000Z","5.2.24","5.0",[107,108,109,110,20],"demo","preview","switch-theme","theme-switcher","https:\u002F\u002Fgithub.com\u002Faryathemes\u002Farya-switch-theme","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Farya-switch-theme.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":29,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":134,"download_link":135,"security_score":136,"vuln_count":102,"unpatched_count":13,"last_vuln_date":137,"fetched_at":54},"one-click-demo-import","One Click Demo Import","3.4.0","Syed Balkhi","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmub\u002F","\u003Cp>The best feature of this plugin is, that theme authors can define import files in their themes and so all you (the user of the theme) have to do is click on the “Import Demo Data” button.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you a theme author?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Setup One Click Demo Imports for your theme and your users will thank you for it!\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fquick-integration-guide\u002F\" rel=\"nofollow ugc\">Follow this easy guide on how to setup this plugin for your themes!\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Are you a theme user?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Contact the author of your theme and \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F\" rel=\"nofollow ugc\">let them know about this plugin\u003C\u002Fa>. Theme authors can make any theme compatible with this plugin in 15 minutes and make it much more user-friendly.\u003C\u002Fp>\n\u003Cp>“\u003Ca href=\"https:\u002F\u002Focdi.com\u002Fask-your-theme-author\u002F#how-can-you-contact-your-theme-author\" rel=\"nofollow ugc\">Where can I find the theme author contact?\u003C\u002Fa>“\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Please take a look at our \u003Ca href=\"https:\u002F\u002Focdi.com\u002Fuser-guide\u002F\" rel=\"nofollow ugc\">plugin documentation\u003C\u002Fa> for more information on how to import your demo content.\u003C\u002Fp>\n\u003Cp>This plugin is using the modified version of the improved WP import 2.0 that is still in development and can be found here: https:\u002F\u002Fgithub.com\u002Fhumanmade\u002FWordPress-Importer.\u003C\u002Fp>\n\u003Cp>NOTE: There is no setting to “connect” authors from the demo import file to the existing users in your WP site (like there is in the original WP Importer plugin). All demo content will be imported under the current user.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Do you want to contribute?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please refer to our official \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fawesomemotive\u002Fone-click-demo-import\" rel=\"nofollow ugc\">GitHub repository\u003C\u002Fa>.\u003C\u002Fp>\n","Import your demo content, widgets and theme settings with one click. Theme authors! Enable simple theme demo import for your users.",1000000,19902961,79,"2025-09-11T09:36:00.000Z","6.8.5","5.5","7.4",[129,130,131,132,133],"content","import","settings","theme-options","widgets","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fone-click-demo-import\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fone-click-demo-import.3.4.0.zip",97,"2024-05-07 00:00:00",{"attackSurface":139,"codeSignals":200,"taintFlows":246,"riskAssessment":281,"analyzedAt":292},{"hooks":140,"ajaxHandlers":196,"restRoutes":197,"shortcodes":198,"cronEvents":199,"entryPointCount":13,"unprotectedCount":13},[141,147,152,155,159,163,168,171,175,180,183,188,192],{"type":142,"name":143,"callback":144,"file":145,"line":146},"action","admin_menu","admin_init","init.php",36,{"type":142,"name":148,"callback":149,"file":150,"line":151},"after_setup_theme","_s_setup","_s\\functions.php",80,{"type":142,"name":153,"callback":154,"file":150,"line":136},"widgets_init","_s_widgets_init",{"type":142,"name":156,"callback":157,"file":150,"line":158},"wp_enqueue_scripts","_s_scripts",115,{"type":142,"name":148,"callback":160,"file":161,"line":162},"_s_custom_header_setup","_s\\inc\\custom-header.php",59,{"type":142,"name":164,"callback":165,"file":166,"line":167},"edit_category","_s_category_transient_flusher","_s\\inc\\template-tags.php",161,{"type":142,"name":169,"callback":165,"file":166,"line":170},"save_post",162,{"type":142,"name":144,"callback":172,"file":173,"line":174},"_s_theme_options_init","_s\\inc\\theme-options\\theme-options.php",49,{"type":176,"name":177,"callback":178,"file":173,"line":179},"filter","option_page_capability__s_options","_s_option_page_capability",63,{"type":142,"name":143,"callback":181,"file":173,"line":182},"_s_theme_options_add_page",81,{"type":176,"name":184,"callback":185,"file":186,"line":187},"wp_page_menu_args","_s_page_menu_args","_s\\inc\\tweaks.php",20,{"type":176,"name":189,"callback":190,"file":186,"line":191},"body_class","_s_body_classes",35,{"type":176,"name":193,"callback":194,"priority":11,"file":186,"line":195},"attachment_link","_s_enhanced_image_navigation",52,[],[],[],[],{"dangerousFunctions":201,"sqlUsage":202,"outputEscaping":204,"fileOperations":243,"externalRequests":13,"nonceChecks":13,"capabilityChecks":244,"bundledLibraries":245},[],{"prepared":13,"raw":13,"locations":203},[],{"escaped":205,"rawEcho":206,"locations":207},34,17,[208,211,213,216,218,220,222,225,227,229,231,233,235,236,238,239,241],{"file":209,"line":162,"context":210},"_s\\archive.php","raw output",{"file":209,"line":212,"context":210},65,{"file":214,"line":215,"context":210},"_s\\header.php",29,{"file":214,"line":217,"context":210},33,{"file":214,"line":219,"context":210},39,{"file":214,"line":221,"context":210},50,{"file":223,"line":224,"context":210},"_s\\image.php",72,{"file":223,"line":226,"context":210},74,{"file":161,"line":228,"context":210},119,{"file":161,"line":230,"context":210},173,{"file":161,"line":232,"context":210},174,{"file":166,"line":234,"context":210},25,{"file":166,"line":234,"context":210},{"file":166,"line":237,"context":210},45,{"file":166,"line":226,"context":210},{"file":173,"line":240,"context":210},209,{"file":173,"line":242,"context":210},229,7,1,[],[247,271],{"entryPoint":248,"graph":249,"unsanitizedCount":102,"severity":270},"actions (init.php:64)",{"nodes":250,"edges":266},[251,256,260],{"id":252,"type":253,"label":254,"file":145,"line":255},"n0","source","$_POST (x2)",93,{"id":257,"type":258,"label":259,"file":145,"line":255},"n1","transform","→ copy()",{"id":261,"type":262,"label":263,"file":145,"line":264,"wp_function":265},"n2","sink","fopen() [File Access]",133,"fopen",[267,269],{"from":252,"to":257,"sanitized":268},false,{"from":257,"to":261,"sanitized":268},"medium",{"entryPoint":272,"graph":273,"unsanitizedCount":102,"severity":270},"\u003Cinit> (init.php:0)",{"nodes":274,"edges":278},[275,276,277],{"id":252,"type":253,"label":254,"file":145,"line":255},{"id":257,"type":258,"label":259,"file":145,"line":255},{"id":261,"type":262,"label":263,"file":145,"line":264,"wp_function":265},[279,280],{"from":252,"to":257,"sanitized":268},{"from":257,"to":261,"sanitized":268},{"summary":282,"deductions":283},"The plugin 'theme-bakery' v0.2 exhibits a generally strong security posture, with no known historical vulnerabilities or CVEs. The static analysis reveals a minimal attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events identified, which significantly reduces the potential for external exploitation. Furthermore, the absence of dangerous functions and external HTTP requests is a positive indicator.  However, there are areas of concern that temper this otherwise positive assessment.\n\nThe taint analysis indicates two flows with unsanitized paths, although they are not classified as critical or high severity. This suggests a potential for path traversal or similar issues, even if the immediate impact is low.  Additionally, while SQL queries are 100% prepared, the output escaping is only 67% properly escaped, leaving a significant portion of outputs potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is involved. The presence of file operations and a single capability check without any nonce checks raises further questions about the plugin's resilience against certain types of attacks.\n\nIn conclusion, 'theme-bakery' v0.2 demonstrates good practices in minimizing its attack surface and handling database queries securely. However, the identified unsanitized paths in the taint analysis and the suboptimal output escaping are significant weaknesses that require attention. The lack of historical vulnerabilities is encouraging, but it's important not to solely rely on this when addressing the identified code-level risks.",[284,287,289],{"reason":285,"points":286},"Unsanitized paths in taint analysis",8,{"reason":288,"points":243},"Output escaping at 67% proper",{"reason":290,"points":291},"No nonce checks on entry points",5,"2026-03-16T23:37:30.588Z",{"wat":294,"direct":300},{"assetPaths":295,"generatorPatterns":297,"scriptPaths":298,"versionParams":299},[296],"\u002Fwp-content\u002Fplugins\u002Ftheme-bakery\u002Fjs\u002Fadmin.js",[],[296],[],{"cssClasses":301,"htmlComments":302,"htmlAttributes":317,"restEndpoints":324,"jsGlobals":325,"shortcodeOutput":326},[4],[5,303,304,305,306,307,308,309,310,311,312,313,314,315,316],"Copyright (C) 2011  Hassan Derakhshandeh","http:\u002F\u002Ftween.ir\u002F","hassan.derakhshandeh@gmail.com","This program is free software; you can redistribute it and\u002For modify","it under the terms of the GNU General Public License as published by","the Free Software Foundation; either version 2 of the License, or","(at your option) any later version.","This program is distributed in the hope that it will be useful,","but WITHOUT ANY WARRANTY; without even the implied warranty of","MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the","GNU General Public License for more details.","You should have received a copy of the GNU General Public License","along with this program; if not, write to the Free Software","Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA",[318,319,320,318,321,322,323],"themeid","tweaks","customheader","themename","themeauthoruri","themeauthor",[],[],[]]