[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBJy0EbZ63QQJRiCmE5AC-8mWycOaoTVTDWhN7BxMGds":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":47,"crawl_stats":37,"alternatives":55,"analysis":153,"fingerprints":268},"theme-test-drive","Theme Test Drive","2.9.1","Vladimir Prelovac","https:\u002F\u002Fprofiles.wordpress.org\u002Ffreediver\u002F","\u003Cp>Theme Test Drive WordPress plugin allows you to safely test drive any theme on your blog as administrator, while visitors still use the default one.\u003C\u002Fp>\n\u003Cp>It happens completely transparent and they will not even notice you run a different theme for yourself.\u003C\u002Fp>\n\u003Cp>Best part is you can even set the testing theme options (if it has them) in the Admin panel while you are testing the theme.\u003C\u002Fp>\n\u003Cp>You can also preview any theme by adding “?theme=xxx” to your blog URL. For example http:\u002F\u002Fwww.myblog.com\u002F?theme=Default\u003C\u002Fp>\n\u003Cp>Plugin by Vladimir Prelovac. Managing more than one WordPress sites? Check out \u003Ca href=\"https:\u002F\u002Fmanagewp.com\" rel=\"nofollow ugc\">ManageWP\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Some of the functions of Theme Test Drive plugin came from other plugins. So I can at least thank these people:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fboren.nu\u002F\" title=\"Ryan Boren\" rel=\"nofollow ugc\">Ryan Boren\u003C\u002Fa> for his \u003Ca href=\"http:\u002F\u002Fdev.wp-plugins.org\u002Fwiki\u002FThemeSwitcher\" title=\"Theme Switcher\" rel=\"nofollow ugc\">Theme Switcher\u003C\u002Fa> plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fandufo.com\" title=\"Andres Santos\" rel=\"nofollow ugc\">Andres Santos\u003C\u002Fa> for his \u003Ca href=\"http:\u002F\u002Fandufo.com\u002Fproyectos\u002Fplugins\u002Fwp-websnapr\"\" title=\"wp-websnapr\" rel=\"nofollow ugc\">wp-websnapr\u003C\u002Fa> plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.deliciousdays.com\u002F\" title=\"Oliver\" rel=\"nofollow ugc\">Oliver\u003C\u002Fa> for his \u003Ca href=\"http:\u002F\u002Fwww.deliciousdays.com\u002Fcforms-plugin\" title=\"cforms II\" rel=\"nofollow ugc\">cforms II\u003C\u002Fa> plugin\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.plaintxt.org\u002F\" title=\"Scott\" rel=\"nofollow ugc\">Scott\u003C\u002Fa> for his excellent readme.txt file\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.websnapr.com\" title=\"WebSnapr\" rel=\"nofollow ugc\">WebSnapr\u003C\u002Fa> folks for their service\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Thanks.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This file is part of Theme Test Drive.\u003C\u002Fp>\n\u003Cp>Theme Test Drive is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>Theme Test Drive is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License along with Theme Test Drive. If not, see \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002F\u003C\u002Fa>.\u003C\u002Fp>\n","Safely test drive any theme as an administrator, while visitors use the default one.",8000,520333,78,50,"2017-11-28T08:48:00.000Z","4.3.34","2.3","",[20,21,22,23],"admin","test","theme","themes","http:\u002F\u002Fwww.prelovac.com\u002Fvladimir\u002Fwordpress-plugins\u002Ftheme-test-drive","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-test-drive.zip",85,1,0,"2015-11-23 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":6,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":46},"WF-f9de946c-941a-41d7-b1c4-440b4fcec9b0-theme-test-drive","theme-test-drive-reflected-cross-site-scripting","Theme Test Drive \u003C= 2.9 -  Reflected Cross-Site Scripting","The Theme Test Drive plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘install_theme’ parameter in versions up to, and including, 2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=2.9","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff9de946c-941a-41d7-b1c4-440b4fcec9b0?source=api-prod",2983,{"slug":48,"display_name":7,"profile_url":8,"plugin_count":49,"total_installs":50,"avg_security_score":51,"avg_patch_time_days":52,"trust_score":53,"computed_at":54},"freediver",20,1029680,87,2577,70,"2026-04-04T06:04:58.200Z",[56,77,96,114,133],{"slug":57,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":27,"last_updated":67,"tested_up_to":68,"requires_at_least":69,"requires_php":18,"tags":70,"homepage":75,"download_link":76,"security_score":26,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"theme-preview","Theme Preview","1.4","Dougal Campbell","https:\u002F\u002Fprofiles.wordpress.org\u002Fdougal\u002F","\u003Cp>By default, the only way to see how a new theme looks on your site is to\u003Cbr \u002F>\nactivate it, making it visible to everyone who visits. With this plugin, it\u003Cbr \u002F>\nis possible to view how a new theme looks without activating it.\u003C\u002Fp>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Cp>Possible future enhancements:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add an options screen.\u003C\u002Fli>\n\u003Cli>Allow choice of theme to preview from a known list of installed themes.\u003C\u002Fli>\n\u003Cli>Provide persistent previews by setting a cookie.\u003C\u002Fli>\n\u003Cli>Restrict preview ability by user Roles\u002FCapabilities.\u003C\u002Fli>\n\u003Cli>Child-theme friendliness.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Notes\u003C\u002Fh3>\n\u003Cp>May not work properly with child themes. This is because it will not be able\u003Cbr \u002F>\nto inherit from the parent theme as it normally would.\u003C\u002Fp>\n","Allows you test how a theme looks on your site without activating it.",300,41450,100,"2016-02-17T16:20:00.000Z","4.4.34","2.6.0",[71,72,73,74,23],"css","presentation","preview","testing","http:\u002F\u002Fdougal.gunters.org\u002Fplugins\u002Ftheme-preview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftheme-preview.1.4.zip",{"slug":78,"name":79,"version":80,"author":81,"author_profile":82,"description":83,"short_description":84,"active_installs":85,"downloaded":86,"rating":87,"num_ratings":88,"last_updated":89,"tested_up_to":90,"requires_at_least":91,"requires_php":18,"tags":92,"homepage":94,"download_link":95,"security_score":26,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"development-theme","Development Theme","0.2","_rg_","https:\u002F\u002Fprofiles.wordpress.org\u002Farriba\u002F","\u003Cp>Let use diferent themes installed for each user role actived.\u003C\u002Fp>\n\u003Cp>You can set which theme will be use visible for “administrator” role while logged, or for “editor”, or any other role created. Also, you can set which theme will be visible for rest of visitors, that´s rest of people that are not wp users, just visitors.\u003C\u002Fp>\n\u003Cp>It´s very easy, just install it, go to Development Themes Options page, choose your roles\u002Fthemes and save.\u003C\u002Fp>\n\u003Cp>You can use this plugin for things like:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Put your site under maintenance using some other alternative theme for your site, but let the administrator or any other user role be able to see and work a new theme, let´s say an update.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can test some new theme while rest of visitors still see the current one.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>In fact, you can show a theme for any user role that is actived, default ones, or any other role created by some other plugin. Let´s say one of those role managers available. I´ve tested, and works.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You can also turn Off the plugin, in order to use the actived theme for all users and visitors.\u003C\u002Fp>\n","Let use diferent themes installed for each user role actived.",40,5322,64,5,"2014-03-08T23:18:00.000Z","3.7.41","3.0",[20,23,93],"users","rgdesing.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdevelopment-theme.0.2.zip",{"slug":97,"name":98,"version":99,"author":100,"author_profile":101,"description":102,"short_description":103,"active_installs":104,"downloaded":105,"rating":28,"num_ratings":28,"last_updated":106,"tested_up_to":107,"requires_at_least":108,"requires_php":109,"tags":110,"homepage":18,"download_link":113,"security_score":26,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"back-to-the-theme","Back To The Theme","1.2.0","Mikael Korpela","https:\u002F\u002Fprofiles.wordpress.org\u002Fsimison\u002F","\u003Cp>A tool to observe how a page loads in different themes simultaneously.\u003Cbr \u002F>\nUseful for debugging plugins or Gutenberg blocks.\u003C\u002Fp>\n\u003Cp>How to Use:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Install several themes you’d like to check out.\u003C\u002Fli>\n\u003Cli>Create a new page.\u003C\u002Fli>\n\u003Cli>Navigate to \u003Cem>Tools\u003C\u002Fem> \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> \u003Cem>Back To The Theme\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>Choose if you want to demo editor- or view side.\u003C\u002Fli>\n\u003Cli>Select the themes you’d like to check out.\u003C\u002Fli>\n\u003Cli>Choose the page you just created. This page will be previewed with all the themes you’ve selected.\u003C\u002Fli>\n\u003Cli>Click \u003Cem>Do it!\u003C\u002Fem>.\u003C\u002Fli>\n\u003Cli>Scroll to see the page rendered with all the themes you selected.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>You’ll see your page load with different themes in a bunch of iframes for handy preview and debugging.\u003C\u002Fp>\n\u003Cp>A nice list of popular themes to test:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>`\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>wp theme install \\\u003Cbr \u002F>\n  astra \\\u003Cbr \u002F>\n  colormag \\\u003Cbr \u002F>\n  customizr \\\u003Cbr \u002F>\n  generatepress \\\u003Cbr \u002F>\n  hestia \\\u003Cbr \u002F>\n  hueman \\\u003Cbr \u002F>\n  oceanwp \\\u003Cbr \u002F>\n  shapely \\\u003Cbr \u002F>\n  storefront \\\u003Cbr \u002F>\n  sydney \\\u003Cbr \u002F>\n  twentyeleven \\\u003Cbr \u002F>\n  twentyfifteen \\\u003Cbr \u002F>\n  twentyfourteen \\\u003Cbr \u002F>\n  twentynineteen \\\u003Cbr \u002F>\n  twentyseventeen \\\u003Cbr \u002F>\n  twentysixteen \\\u003Cbr \u002F>\n  twentyten \\\u003Cbr \u002F>\n  twentythirteen \\\u003Cbr \u002F>\n  twentytwelve \\\u003Cbr \u002F>\n  vantage\u003Cbr \u002F>\n    `\u003C\u002Fp>\n\u003Cp>See docs for \u003Ca href=\"https:\u002F\u002Fdeveloper.wordpress.org\u002Fcli\u002Fcommands\u002Ftheme\u002Finstall\u002F\" rel=\"nofollow ugc\">wp theme install\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fsimison\u002Fback-to-the-theme\" rel=\"nofollow ugc\">Plugin’s source code on GitHub\u003C\u002Fa>.\u003C\u002Fp>\n","See a page with different themes all at once, just like that!",10,1687,"2019-03-01T22:26:00.000Z","5.1.22","4.6","5.6.0",[111,112,74,23],"debug","development","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fback-to-the-theme.zip",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":104,"downloaded":122,"rating":28,"num_ratings":28,"last_updated":123,"tested_up_to":124,"requires_at_least":125,"requires_php":18,"tags":126,"homepage":131,"download_link":132,"security_score":26,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bns-theme-add-ins","BNS Theme Add-Ins","0.7","Edward Caissie","https:\u002F\u002Fprofiles.wordpress.org\u002Fcais\u002F","\u003Cp>A collection of functions and code that can be used to extend the capabilities of WordPress Parent-Themes and Child-Themes.\u003Cbr \u002F>\n* Copyright 2011-2014  Edward Caissie  (email : edward.caissie@gmail.com)\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify\u003Cbr \u002F>\n  it under the terms of the GNU General Public License version 2,\u003Cbr \u002F>\n  as published by the Free Software Foundation.\u003C\u002Fp>\n\u003Cp>You may NOT assume that you can use any other version of the GPL.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\n  but WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\n  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\u003Cbr \u002F>\n  GNU General Public License for more details.\u003C\u002Fp>\n\u003Cp>You should have received a copy of the GNU General Public License\u003Cbr \u002F>\n  along with this program; if not, write to the Free Software\u003Cbr \u002F>\n  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA\u003C\u002Fp>\n\u003Cp>The license for this software can also likely be found here:\u003Cbr \u002F>\n  http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\n\u003Cp>Please note, support may be available on the WordPress Support forums; but, it may be faster to visit http:\u002F\u002Fbuynowshop.com\u002Fplugins\u002Fbns-theme-add-ins\u002F and leave a comment with the issue you are experiencing.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>This plugin utilizes three text files if included with the active theme, although these files are not required for the plugin to work correctly they will enhance its functionality if they exist:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>readme.txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>changelog.txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Ccode>support.txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Extend the capabilities of WordPress Parent-Themes and Child-Themes",3442,"2016-04-10T18:02:00.000Z","4.5.33","3.5",[20,127,128,129,130],"changelog","child-themes","login","readme","http:\u002F\u002Fbuynowshop.com\u002Fplugins\u002Fbns-theme-add-ins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbns-theme-add-ins.0.7.zip",{"slug":134,"name":135,"version":136,"author":137,"author_profile":138,"description":139,"short_description":140,"active_installs":104,"downloaded":141,"rating":66,"num_ratings":142,"last_updated":143,"tested_up_to":144,"requires_at_least":145,"requires_php":18,"tags":146,"homepage":150,"download_link":151,"security_score":26,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":152},"live-theme-preview","Live Theme Preview","1.0.2","Mike Martel","https:\u002F\u002Fprofiles.wordpress.org\u002Fmike_cowobo\u002F","\u003Cp>With Live Theme Preview, you can select a theme in an interface based on the Theme Customizer in WordPress. A sidebar shows all installed themes (or, with multisite – allowed themes), to preview, edit or activate.\u003C\u002Fp>\n\u003Cp>See the screenshot, or install and try it for yourself.\u003C\u002Fp>\n\u003Cp>\u003Cem>If you want to help develop this plugin, visit the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmgmartel\u002FWP-Live-Theme-Preview\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>.\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Seamless integration with Theme Customizer\u003C\u002Fli>\n\u003Cli>Supports child themes\u003C\u002Fli>\n\u003Cli>Multisite compatible\u003C\u002Fli>\n\u003Cli>Relocates WP ‘Themes’ interface to “Manage Themes” under Appearance\u003C\u002Fli>\n\u003Cli>Customize before activate, back button redirects to Live Theme Preview\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Live Theme Preview is part of \u003Ca href=\"http:\u002F\u002Ftrenvo.com\" rel=\"nofollow ugc\">Live Admin\u003C\u002Fa> and works great with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Flive-dashboard\u002F\" rel=\"ugc\">Live Dashboard\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwp-getting-started\u002F\" rel=\"ugc\">WP Getting Started\u003C\u002Fa> and  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmgmartel\u002FWP-Live-Editor\" rel=\"nofollow ugc\">Live Editor\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Live Theme Preview allows users to preview themes on their own website before customizing or activating them.",5807,2,"2013-02-20T08:27:00.000Z","3.5.2","3.4",[147,148,149,73,23],"customizer","live","live-admin","https:\u002F\u002Fgithub.com\u002Fmgmartel\u002FWP-Live-Theme-Preview","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flive-theme-preview.1.0.2.zip","2026-03-15T14:54:45.397Z",{"attackSurface":154,"codeSignals":179,"taintFlows":220,"riskAssessment":259,"analyzedAt":267},{"hooks":155,"ajaxHandlers":175,"restRoutes":176,"shortcodes":177,"cronEvents":178,"entryPointCount":28,"unprotectedCount":28},[156,162,167,171],{"type":157,"name":158,"callback":159,"file":160,"line":161},"action","plugins_loaded","TTD_filters","themedrive.php",301,{"type":163,"name":164,"callback":165,"file":160,"line":166},"filter","template","themedrive_get_template",305,{"type":163,"name":168,"callback":169,"file":160,"line":170},"stylesheet","themedrive_get_stylesheet",306,{"type":157,"name":172,"callback":173,"file":160,"line":174},"admin_menu","themedrive_add_pages",464,[],[],[],[],{"dangerousFunctions":180,"sqlUsage":181,"outputEscaping":183,"fileOperations":218,"externalRequests":28,"nonceChecks":218,"capabilityChecks":142,"bundledLibraries":219},[],{"prepared":28,"raw":28,"locations":182},[],{"escaped":88,"rawEcho":184,"locations":185},16,[186,189,191,193,194,196,198,200,202,204,206,208,210,212,214,216],{"file":160,"line":187,"context":188},52,"raw output",{"file":160,"line":190,"context":188},58,{"file":160,"line":192,"context":188},66,{"file":160,"line":53,"context":188},{"file":160,"line":195,"context":188},86,{"file":160,"line":197,"context":188},109,{"file":160,"line":199,"context":188},123,{"file":160,"line":201,"context":188},127,{"file":160,"line":203,"context":188},145,{"file":160,"line":205,"context":188},293,{"file":160,"line":207,"context":188},349,{"file":160,"line":209,"context":188},358,{"file":160,"line":211,"context":188},378,{"file":160,"line":213,"context":188},389,{"file":160,"line":215,"context":188},471,{"file":160,"line":217,"context":188},473,3,[],[221,248],{"entryPoint":222,"graph":223,"unsanitizedCount":28,"severity":247},"themedrive_options_page (themedrive.php:326)",{"nodes":224,"edges":243},[225,230,236,239],{"id":226,"type":227,"label":228,"file":160,"line":229},"n0","source","$_POST (x2)",339,{"id":231,"type":232,"label":233,"file":160,"line":234,"wp_function":235},"n1","sink","update_option() [Settings Manipulation]",340,"update_option",{"id":237,"type":227,"label":238,"file":160,"line":229},"n2","$_POST (x3)",{"id":240,"type":232,"label":241,"file":160,"line":207,"wp_function":242},"n3","echo() [XSS]","echo",[244,246],{"from":226,"to":231,"sanitized":245},true,{"from":237,"to":240,"sanitized":245},"low",{"entryPoint":249,"graph":250,"unsanitizedCount":28,"severity":247},"\u003Cthemedrive> (themedrive.php:0)",{"nodes":251,"edges":256},[252,253,254,255],{"id":226,"type":227,"label":228,"file":160,"line":229},{"id":231,"type":232,"label":233,"file":160,"line":234,"wp_function":235},{"id":237,"type":227,"label":238,"file":160,"line":229},{"id":240,"type":232,"label":241,"file":160,"line":207,"wp_function":242},[257,258],{"from":226,"to":231,"sanitized":245},{"from":237,"to":240,"sanitized":245},{"summary":260,"deductions":261},"The static analysis of theme-test-drive v2.9.1 reveals a generally positive security posture with several good practices in place. The absence of unprotected AJAX handlers, REST API routes, shortcodes, and cron events, coupled with the fact that all detected SQL queries use prepared statements, significantly reduces the plugin's attack surface.  The presence of nonce and capability checks further strengthens its defenses. However, a notable concern is the low percentage (24%) of properly escaped output. This indicates a potential risk of Cross-Site Scripting (XSS) vulnerabilities, where unescaped user-supplied data could be rendered in the browser, allowing attackers to inject malicious scripts. The historical vulnerability data, while dated (last in 2015), shows a past instance of Cross-Site Scripting, reinforcing the concern around output escaping.  The plugin's strengths lie in its limited entry points and secure data handling for SQL. The primary weakness lies in how output is managed, which could be exploited despite other strong security measures.",[262,265],{"reason":263,"points":264},"Low percentage of properly escaped output",15,{"reason":266,"points":104},"Past XSS vulnerability history","2026-03-16T17:56:41.065Z",{"wat":269,"direct":278},{"assetPaths":270,"generatorPatterns":273,"scriptPaths":274,"versionParams":275},[271,272],"\u002Fwp-content\u002Fplugins\u002Ftheme-test-drive\u002Fthemedrive.css","\u002Fwp-content\u002Fplugins\u002Ftheme-test-drive\u002Fthemedrive.js",[],[272],[276,277],"theme-test-drive\u002Fthemedrive.js?ver=","theme-test-drive\u002Fthemedrive.css?ver=",{"cssClasses":279,"htmlComments":282,"htmlAttributes":283,"restEndpoints":285,"jsGlobals":286,"shortcodeOutput":289},[280,281],"theme-switcher","theme-preview-wrapper",[],[284],"data-theme-preview-url",[],[287,288],"themedrive_ajaxurl","themedrive_admin_url",[]]