[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuFVkOQDL4ie_iM4WfhzVvicN9AtL2GT7nOcLWjHj0xc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":7,"tags":17,"homepage":7,"download_link":20,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23,"vulnerabilities":24,"developer":25,"crawl_stats":22,"alternatives":31,"analysis":133,"fingerprints":213},"title-style","Title Style","0.1.1","","https:\u002F\u002Fprofiles.wordpress.org\u002Fkaripatila-1\u002F","\u003Cp>You can use this plugin to wrap lowercase words or words like “the”, “of” or “a” in em, span or div elements with custom class names. Helpful if you want to automatically style parts of your headlines.\u003C\u002Fp>\n\u003Ch3>TODO\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Proximity detection so words that are next to each other will be wrapped inside the same HTML element.\u003C\u002Fli>\n\u003C\u002Fol>\n","This plugin adds emphasis around certain words in post titles.",10,2559,0,"2009-08-13T18:30:00.000Z","2.8.4","2.0.0",[18,19],"formatting","titles","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftitle-style.0.1.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":26,"display_name":26,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":21,"avg_patch_time_days":28,"trust_score":29,"computed_at":30},"karipatila-1",1,30,84,"2026-04-05T12:30:15.552Z",[32,52,67,91,113],{"slug":33,"name":34,"version":35,"author":36,"author_profile":37,"description":38,"short_description":39,"active_installs":28,"downloaded":40,"rating":41,"num_ratings":42,"last_updated":43,"tested_up_to":44,"requires_at_least":45,"requires_php":7,"tags":46,"homepage":50,"download_link":51,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"protected-post-personalizer","Protected Post Personalizer","0.6","Orin","https:\u002F\u002Fprofiles.wordpress.org\u002Forin\u002F","\u003Cp>This plugin is a simple one, but good at what it does. It changes three elements of protected posts to make them more friendly to visitors.\u003C\u002Fp>\n\u003Ch3>Prefixes:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>customize prefix for password-protected posts from default “Protected: “\u003C\u002Fli>\n\u003Cli>customize prefix for private posts from “Private: “\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Custom Previews:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>ability to use the post’s excerpt (if one is saved) when no password is given\u003C\u002Fli>\n\u003Cli>ability to show custom text for all password-protected posts\u003C\u002Fli>\n\u003Cli>if no saved excerpt, show the default OR use custom site-wide text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Password Form:\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>change text before the password input box\u003C\u002Fli>\n\u003Cli>change text of submit button\u003C\u002Fli>\n\u003Cli>add custom CSS; set class or ID for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Change Log\u003C\u002Fh4>\n\u003Cp>0.6 – corrected for WordPress 2.7, which handles protected and private posts differently.\u003Cbr \u002F>\n0.5 – initial public release\u003C\u002Fp>\n","This plugin is a simple one, but good at what it does. It changes three elements of protected posts to make them more friendly to visitors.",5781,100,2,"2009-01-24T20:49:00.000Z","2.7","2.3",[18,47,48,49,19],"password","posts","title","http:\u002F\u002Fglot.homepie.org\u002Fplugins\u002Fprotected-post-personalizer\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotected-post-personalizer.0.6.zip",{"slug":53,"name":54,"version":55,"author":56,"author_profile":57,"description":58,"short_description":59,"active_installs":11,"downloaded":60,"rating":13,"num_ratings":13,"last_updated":61,"tested_up_to":62,"requires_at_least":7,"requires_php":7,"tags":63,"homepage":7,"download_link":66,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"uppercase-titles","Uppercase Titles","1.0","Patricia","https:\u002F\u002Fprofiles.wordpress.org\u002Fpatriciaheimfarth\u002F","\u003Cp>This plugin applies an uppercase formatting on all page titles and post titles after activation. After deactivation all is formatted in the original form.\u003Cbr \u002F>\nIt is discussed if uppercase titles are helping with SEO. For a blog or website with a lot of posts it is much easier to activate a plugin instead of changing everything manually.\u003C\u002Fp>\n","This plugin applies an uppercase formatting on all page titles and post titles after activation.",873,"2021-01-08T08:00:00.000Z","5.6.17",[64,18,19,65,53],"format-title","uppercase","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuppercase-titles.zip",{"slug":68,"name":69,"version":70,"author":71,"author_profile":72,"description":73,"short_description":74,"active_installs":75,"downloaded":76,"rating":77,"num_ratings":78,"last_updated":79,"tested_up_to":80,"requires_at_least":81,"requires_php":82,"tags":83,"homepage":88,"download_link":89,"security_score":41,"vuln_count":27,"unpatched_count":13,"last_vuln_date":90,"fetched_at":23},"tinymce-advanced","Advanced Editor Tools","5.9.2","Andrew Ozz","https:\u002F\u002Fprofiles.wordpress.org\u002Fazaozz\u002F","\u003Cp>Advanced Editor Tools (previously TinyMCE Advanced) introduces a “Classic Paragraph” block for the block editor (Gutenberg).\u003Cbr \u002F>\nIf you are not quite ready to switch to the block editor, or have plugins that cannot be used there (yet), using the Classic Paragraph block is your best option. It lets you to continue to use the familiar TinyMCE editor for most tasks, and at the same time gives you full access to all blocks and new features in the block editor.\u003C\u002Fp>\n\u003Cp>Version 5.5 continues to improve and enhance the new features introduced in version 5.0 of the plugin. It includes an improved “Clear Formatting” button, several advanced settings for tables, and importing and exporting of the settings to a file.\u003C\u002Fp>\n\u003Cp>If you want to continue to use the previous (“classic”) editor in WordPress 5.0 and newer, this plugin has an option to replace the new editor with the previous one. If you prefer to have access to both editors side by side or to allow your users to switch editors, it would be better to install the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fclassic-editor\u002F\" rel=\"ugc\">Classic Editor plugin\u003C\u002Fa>. Advanced Editor Tools is fully compatible with the classic editor plugin and similar plugins that restore use of the previous WordPress editor.\u003C\u002Fp>\n\u003Cp>As always this plugin will let you add, remove and arrange the buttons that are shown on the Visual Editor toolbar in the Classic Paragraph and Classic blocks in the block editor, and in the classic editor (when enabled by a plugin). There you can configure up to four rows of buttons including Font Sizes, Font Family, text and background colors, tables, etc.\u003C\u002Fp>\n\u003Cp>It includes 15 plugins for \u003Ca href=\"https:\u002F\u002Fwww.tiny.cloud\u002F\" rel=\"nofollow ugc\">TinyMCE\u003C\u002Fa> that are automatically enabled or disabled depending on the buttons you have chosen.\u003Cbr \u002F>\nIn addition this plugin adds options for keeping the paragraph tags in text mode and importing the CSS classes from the theme’s editor-style.css.\u003C\u002Fp>\n\u003Ch4>Some of the features added by this plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>“Classic Paragraph” block that can be used instead of or together with the standard Paragraph block.\u003C\u002Fli>\n\u003Cli>An option to set the Classic Paragraph or Classic block as the default block in the block editor.\u003C\u002Fli>\n\u003Cli>Supports converting of most default blocks to classic paragraphs, and from classic paragraphs back to the default blocks.\u003C\u002Fli>\n\u003Cli>Support for creating and editing tables in the Classic blocks and the classic editor.\u003C\u002Fli>\n\u003Cli>More options when inserting lists in the Classic blocks and the classic editor.\u003C\u002Fli>\n\u003Cli>Search and Replace in the Classic blocks and the classic editor.\u003C\u002Fli>\n\u003Cli>Ability to set Font Family and Font Sizes in the Classic blocks and the classic editor.\u003C\u002Fli>\n\u003Cli>And many others.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>Advanced Editor Tools does not collect or store any user related data. It does not set cookies, and it does not connect to any third-party websites. It only uses functionality that is available in \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" rel=\"ugc\">WordPress\u003C\u002Fa>, and in the \u003Ca href=\"https:\u002F\u002Ftinymce.com\u002F\" rel=\"nofollow ugc\">TinyMCE editor\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In that terms Advanced Editor Tools does not affect your website’s user privacy in any way.\u003C\u002Fp>\n","Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).",2000000,35126516,90,351,"2025-12-08T15:02:00.000Z","6.9.4","5.9","5.6",[84,85,86,18,87],"block-editor","classic-editor","editor","gutenberg","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ftinymce-advanced\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftinymce-advanced.5.9.2.zip","2014-09-08 00:00:00",{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":102,"last_updated":103,"tested_up_to":104,"requires_at_least":105,"requires_php":7,"tags":106,"homepage":111,"download_link":112,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"advanced-excerpt","Advanced Excerpt","4.4.1","WPKube","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpkube\u002F","\u003Cp>This plugin adds several improvements to WordPress’ default way of creating excerpts.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Keeps HTML markup in the excerpt (and you get to choose which tags are included)\u003C\u002Fli>\n\u003Cli>Trims the excerpt to a given length using either character count or word count\u003C\u002Fli>\n\u003Cli>Only the ‘real’ text is counted (HTML is ignored but kept)\u003C\u002Fli>\n\u003Cli>Customizes the excerpt length and the ellipsis character that are used\u003C\u002Fli>\n\u003Cli>Completes the last word or sentence in an excerpt (no weird cuts)\u003C\u002Fli>\n\u003Cli>Adds a \u003Cem>read-more\u003C\u002Fem> link to the text\u003C\u002Fli>\n\u003Cli>Ignores custom excerpts and use the generated one instead\u003C\u002Fli>\n\u003Cli>Theme developers can use \u003Ccode>the_advanced_excerpt()\u003C\u002Fcode> for even more control (see the FAQ)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Most of the above features are optional and\u002For can be customized by the user or theme developer.\u003C\u002Fp>\n\u003Cp>Banner image credit – \u003Ca href=\"https:\u002F\u002Fwww.flickr.com\u002Fphotos\u002Fchillihead\u002F\" rel=\"nofollow ugc\">chillihead\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Original plugin author – \u003Ca href=\"https:\u002F\u002Fprofiles.wordpress.org\u002Fbasvd\" rel=\"nofollow ugc\">basvd\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Useful Resources\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwhat-is-wordpress\u002F\" rel=\"friend nofollow ugc\">What is WordPress\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-themes\" rel=\"friend nofollow ugc\">Fee Themes\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Ffancythemes.com\u002Fwordpress-plugins\u002F\" rel=\"friend nofollow ugc\">plugins\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Control the appearance of WordPress post excerpts",80000,1542295,86,101,"2024-01-19T20:32:00.000Z","6.4.8","3.2",[107,108,18,109,110],"content","excerpt","post","post-excerpt","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fadvanced-excerpt\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-excerpt.4.4.1.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":123,"num_ratings":124,"last_updated":125,"tested_up_to":126,"requires_at_least":127,"requires_php":7,"tags":128,"homepage":7,"download_link":132,"security_score":21,"vuln_count":13,"unpatched_count":13,"last_vuln_date":22,"fetched_at":23},"advanced-image-styles","Advanced Image Styles","0.4.1","Gregory Cornelius","https:\u002F\u002Fprofiles.wordpress.org\u002Fgcorne\u002F","\u003Cp>Adjust an image’s margins and border with ease in the Visual editor.\u003C\u002Fp>\n","Adjust an image's margins and border with ease in the Visual editor.",10000,149877,92,65,"2018-02-10T15:01:00.000Z","4.7.32","3.9",[86,18,129,130,131],"image","photo","tinymce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-image-styles.0.4.1.zip",{"attackSurface":134,"codeSignals":154,"taintFlows":166,"riskAssessment":206,"analyzedAt":212},{"hooks":135,"ajaxHandlers":150,"restRoutes":151,"shortcodes":152,"cronEvents":153,"entryPointCount":13,"unprotectedCount":13},[136,142,146],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","admin_post_save_titlestyle_settings","on_save_changes","titlestyle.php",130,{"type":137,"name":143,"callback":144,"file":140,"line":145},"admin_menu","title_style_settings",131,{"type":137,"name":147,"callback":148,"file":140,"line":149},"the_title","title_style",132,[],[],[],[],{"dangerousFunctions":155,"sqlUsage":156,"outputEscaping":158,"fileOperations":13,"externalRequests":13,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":165},[],{"prepared":13,"raw":13,"locations":157},[],{"escaped":13,"rawEcho":42,"locations":159},[160,163],{"file":140,"line":161,"context":162},103,"raw output",{"file":140,"line":164,"context":162},113,[],[167,195],{"entryPoint":168,"graph":169,"unsanitizedCount":13,"severity":194},"on_save_changes (titlestyle.php:57)",{"nodes":170,"edges":190},[171,176,182,186],{"id":172,"type":173,"label":174,"file":140,"line":175},"n0","source","$_POST (x4)",62,{"id":177,"type":178,"label":179,"file":140,"line":180,"wp_function":181},"n1","sink","update_option() [Settings Manipulation]",67,"update_option",{"id":183,"type":173,"label":184,"file":140,"line":185},"n2","$_POST['_wp_http_referer']",71,{"id":187,"type":178,"label":188,"file":140,"line":185,"wp_function":189},"n3","wp_redirect() [Open Redirect]","wp_redirect",[191,193],{"from":172,"to":177,"sanitized":192},true,{"from":183,"to":187,"sanitized":192},"low",{"entryPoint":196,"graph":197,"unsanitizedCount":13,"severity":194},"\u003Ctitlestyle> (titlestyle.php:0)",{"nodes":198,"edges":203},[199,200,201,202],{"id":172,"type":173,"label":174,"file":140,"line":175},{"id":177,"type":178,"label":179,"file":140,"line":180,"wp_function":181},{"id":183,"type":173,"label":184,"file":140,"line":185},{"id":187,"type":178,"label":188,"file":140,"line":185,"wp_function":189},[204,205],{"from":172,"to":177,"sanitized":192},{"from":183,"to":187,"sanitized":192},{"summary":207,"deductions":208},"The \"title-style\" plugin v0.1.1 presents a generally good security posture based on the static analysis.  It has a notably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events.  Crucially, all SQL queries are executed using prepared statements, and there are no dangerous function calls or file operations detected.  The presence of nonce and capability checks, even with a limited attack surface, indicates an awareness of security best practices.\n\nHowever, a significant concern arises from the output escaping.  With 100% of identified outputs being unescaped, this plugin is highly susceptible to Cross-Site Scripting (XSS) vulnerabilities. Any data displayed to users, even if not directly user-controlled through the analyzed entry points, could potentially be manipulated to inject malicious scripts.  The lack of any recorded vulnerability history could be interpreted positively as the plugin being historically secure, but it also means there's no track record to assess how the developers handle security issues.  The minimal analysis depth (2 flows) might also mean potential issues were simply not uncovered.\n\nIn conclusion, while the plugin demonstrates strengths in preventing direct code execution and SQL injection, the complete absence of output escaping is a critical weakness that overshadows these positives.  This makes it vulnerable to XSS attacks. The plugin should prioritize implementing proper output sanitization for all displayed content. The very small attack surface and lack of past vulnerabilities are positive signs, but the unescaped output presents a clear and present danger.",[209],{"reason":210,"points":211},"All outputs are unescaped (XSS risk)",8,"2026-03-17T00:16:24.228Z",{"wat":214,"direct":219},{"assetPaths":215,"generatorPatterns":216,"scriptPaths":217,"versionParams":218},[],[],[],[],{"cssClasses":220,"htmlComments":222,"htmlAttributes":223,"restEndpoints":228,"jsGlobals":229,"shortcodeOutput":230},[221],"title-style-highlight",[],[224,225,226,227],"data-titlestyle-tag","data-titlestyle-classname","data-titlestyle-wordtype","data-titlestyle-wordlist",[],[],[]]