[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$flwpE2XaIHmqgtqxH0aY-H6Sbc9e3TL7Ip6f5I9fWQQc":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":37,"analysis":133,"fingerprints":694},"todo-by-aavoya","Todo by Aavoya","22.7","Pijush Gupta","https:\u002F\u002Fprofiles.wordpress.org\u002Fpijush_gupta\u002F","\u003Cp>A Simple plugin to manage small projects or can be used as todo list.\u003Cbr \u002F>\nWith This Plugin anyone can create a Todo lists.\u003Cbr \u002F>\nTodo items can have multiple tasks and tasks can have multiple sub-task.\u003Cbr \u002F>\nSub-tasks can be dragged and dropped between tasks.\u003Cbr \u002F>\nTodo item(projects) can be shared with other members(Todoer) on the Server\u003C\u002Fp>\n\u003Cp>You can Download the App for Linux, Windows and Mac from this link :\u003Cbr \u002F>\nhttps:\u002F\u002Faavoya.co\u002Fwp-todo\u002F\u003C\u002Fp>\n\u003Ch3>Frequently Asked Question\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Plugin Installation:\u003C\u002Fstrong>\u003Cbr \u002F>\nDownload the WordPress plugin by clicking this link.\u003Cbr \u002F>\nGoto WordPress Dashboard then Click on Plugins. Next, click on “Add new” button at top.\u003Cbr \u002F>\nThen on “Add Plugins” page, click on “Upload Plugin” button.\u003Cbr \u002F>\nNow, click on “Choose File” button and upload the Downloaded .zip file.\u003Cbr \u002F>\nNow, click on “Install Now” button and then click on “Activate Plugin”.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adding Shortcode:\u003C\u002Fstrong>\u003Cbr \u002F>\nCopy \u003Ccode>[wptba]\u003C\u002Fcode> shortcode and paste it on a page\u002Fpost.\u003Cbr \u002F>\nClick on save\u002Fupdate.\u003Cbr \u002F>\nOpen the same page\u002Fpost in incognito\u002Fprivate mode.\u003C\u002Fp>\n","A Simple plugin to manage small projects or can be used as todo list.",0,1171,"2022-07-20T10:22:00.000Z","6.0.11","4.7","7.4.1",[18,19,20,21,22],"task-management","to-do-list","to-do","todo","todo-list","https:\u002F\u002Fwww.aavoya.co\u002Fwp-todo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftodo-by-aavoya.22.7.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":32,"avg_security_score":33,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"pijush_gupta",3,400,90,30,87,"2026-04-04T18:16:51.898Z",[38,59,74,91,110],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":33,"num_ratings":48,"last_updated":49,"tested_up_to":50,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":56,"download_link":57,"security_score":58,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"sortable-dashboard-to-do-list","Sortable Dashboard To-Do List","2.4.1","JFG Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fjfgmedia\u002F","\u003Cp>The plugin adds a sortable to-do list to your WP dashboard. This can be useful for developers, or even for content writers. With the possibility to assign tasks to other users, it’s like having your own mini Trello directly on your dashboard!\u003C\u002Fp>\n\u003Ch3>Task Assignment\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\nTo-do list items can be assigned to other users\n\u003C\u002Fli>\n\u003Cli>\nUsers with assigned tasks can easily see by whom they were assigned, and easily flag them as completed\n\u003C\u002Fli>\n\u003Cli>\nUsers who assign tasks can easily see which users have completed them, and which still haven’t\n\u003C\u002Fli>\n\u003Cli>\nUsers who assign tasks can decide if they want assigned users to be able to edit the task description\n\u003C\u002Fli>\n\u003Cli>\nAssignment ability depends on the current user role\n\u003C\u002Fli>\n\u003Cli>\nBy default:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\nAdministrators can assign tasks to all users with the “edit_posts” capability\n\u003C\u002Fli>\n\u003Cli>\nEditors can assign tasks to editors, contributors, and authors\n\u003C\u002Fli>\n\u003Cli>\nOther user roles can only assign tasks to other users with the same role\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\nThis feature is currently not activated for multisite setups\n\u003C\u002Fli>\n\u003Cli>\n4 WP filters to provide further control on assignment rights\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Item Creation\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\nTo-do list item creation, edition and deletion via ajax. No page reload.\n\u003C\u002Fli>\n\u003Cli>\nTo-do items are timestamped. You’ll never forget when they were created, or when you last edited them.\n\u003C\u002Fli>\n\u003Cli>\nThe list is individual. Each user has their own list.\n\u003C\u002Fli>\n\u003Cli>\nFor multisite, it’s one list per user and per site.\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Front-end Display\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\nOption to display the to-do list on the website (for the current logged-in user only).\n\u003C\u002Fli>\n\u003Cli>\nWebsite list can be collapsed and expanded. But website items can currently NOT be edited or sorted.\n\u003C\u002Fli>\n\u003Cli>\nWebsite list remembers its last display state (showed or collapsed)\n\u003C\u002Fli>\n\u003Cli>\nWebsite list remembers the size, position and state of opened to-do items\n\u003C\u002Fli>\n\u003Cli>\nWebsite list can be displayed on the left or right side of the window\n\u003C\u002Fli>\n\u003Cli>\nPossibility to decide to not show some to-do items on the website.\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>WP Filters\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Manage assignment rights:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>“sdtdl_users_not_allowed_to_assign” to prevent some users to be able to assign items, by returning an array of user IDs: \u003Ccode>add_filter('sdtdl_users_not_allowed_to_assign',function(){return ['3','6','8'];})\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>“sdtdl_[user_role]_can_assign_to” to allow a specific user role to assign items to other roles, by returning an array of roles: \u003Ccode>add_filter('sdtdl_editor_can_assign_to',function(){return ['administrator','editor'];})\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>“sdtdl_[user_role]_cannot_assign_to_users” to prevent specific roles from assigning tasks to specific users, by returning an array of user IDs: \u003Ccode>add_filter('sdtdl_[user_role]_cannot_assign_to_users',function($current_user_id){return ['2','4'];})\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>“sdtdl_never_assign_task_to_users” to prevent specific users from ever being assigned any tasks, by returning an array of user IDs: \u003Ccode>add_filter('sdtdl_never_assign_task_to_users',function(){return ['1'];})\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>Administrators can assign tasks to all user roles with the “edit_posts” capability, but this can also be altered with the previous 3 filters.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage list creation rights:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, users with the “edit_posts” capability can create a to-do-list\u003C\u002Fp>\n\u003Cp>“sdtdl_min_user_capability” to override this minimum capability: \u003Ccode>add_filter('sdtdl_min_user_capability',function(){return 'publish_posts';})\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manage day count for task highlighting:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By default, tasks will be considered as “aging” 7 days after their creation, and as “old” 14 days after their creation\u003C\u002Fp>\n\u003Cp>“sdtdl_aging_tasks_min_days” to override the amount of days for aging tasks, by returning an integer: \u003Ccode>add_filter('sdtdl_aging_tasks_min_days',function($current_user_id){return 10;})\u003C\u002Fcode>\u003C\u002Fp>\n\u003Cp>“sdtdl_old_tasks_min_days” to override the amount of days for old tasks, by returning an integer: \u003Ccode>add_filter('sdtdl_old_tasks_min_days',function($current_user_id){return 20;})\u003C\u002Fcode>\u003C\u002Fp>\n","Adds a sortable to-do list widget to your WP dashboard. Useful for developers, content writers, and team tasks. Easily assign tasks to other users.",80,3563,4,"2025-11-30T07:20:00.000Z","6.9.4","5.0","7.4.0",[54,55,18,20,22],"dashboard-widget","task","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsortable-dashboard-to-do-list.2.4.1.zip",100,{"slug":60,"name":61,"version":62,"author":63,"author_profile":64,"description":65,"short_description":66,"active_installs":11,"downloaded":67,"rating":11,"num_ratings":11,"last_updated":68,"tested_up_to":69,"requires_at_least":51,"requires_php":70,"tags":71,"homepage":56,"download_link":73,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"a-task-manager","A Task Manager","1.0.0","olegio","https:\u002F\u002Fprofiles.wordpress.org\u002Folegio\u002F","\u003Cp>Simple check list for wordpress to always remember your plans and see the progress.\u003Cbr \u002F>\nEach user with access to wordpress back-end have access to todo list.\u003Cbr \u002F>\nAll tasks are private and not shared between users.\u003C\u002Fp>\n","Task manager for wordpress. Allows users to create todo lists in the wordpress back-end.",1248,"2020-03-18T23:35:00.000Z","5.3.21","5.4",[72,19,22],"task-manager","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fa-task-manager.zip",{"slug":75,"name":76,"version":77,"author":78,"author_profile":79,"description":80,"short_description":81,"active_installs":11,"downloaded":82,"rating":11,"num_ratings":11,"last_updated":83,"tested_up_to":84,"requires_at_least":85,"requires_php":86,"tags":87,"homepage":56,"download_link":89,"security_score":90,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"ze-to-do-list","ZE To Do List","0.1.0","wanzhenen","https:\u002F\u002Fprofiles.wordpress.org\u002Fwanzhenen\u002F","\u003Cp>Allow logged in users to create to do list.\u003C\u002Fp>\n","ZE To Do List.",562,"2024-11-19T01:56:00.000Z","6.7.5","6.6","7.2",[88,19,20,21,22],"tasks","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fze-to-do-list.0.1.0.zip",92,{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":58,"num_ratings":101,"last_updated":102,"tested_up_to":50,"requires_at_least":103,"requires_php":104,"tags":105,"homepage":56,"download_link":106,"security_score":107,"vuln_count":108,"unpatched_count":11,"last_vuln_date":109,"fetched_at":27},"dashboard-to-do-list","Dashboard To-Do List","1.3.2","Andrew","https:\u002F\u002Fprofiles.wordpress.org\u002Farapps92\u002F","\u003Cp>Are you a web designer or developer? Or are you creating a plugin or a theme? Are you finding hard to keep track of your tasks or your notepad is just untidy?\u003C\u002Fp>\n\u003Cp>Add this useful tool to your WordPress website, create a to-do list from within the main Admin Dashboard and display it on your website.\u003C\u002Fp>\n\u003Cp>Keep your list in one place and specific to your website\u002Fproject.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easily edit your To-Do list from the Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Allow Editors to view and edit the dashboard To-Do list widget as well as Administrators.\u003C\u002Fli>\n\u003Cli>Display the To-Do list as a floating widget on the frontend of your website.\u003C\u002Fli>\n\u003Cli>Choose the position of the floating widget.\u003C\u002Fli>\n\u003Cli>Restrict the visibility of the floating widget to logged in Administrators and\u002For Editors only.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Simply install and activate the plugin, open your Admin Dashboard and write your list.\u003C\u002Fp>\n","A dashboard to-do list widget with the option to show the to-do list on the website. This is a great tool for web developers building a new website.",1000,21915,8,"2025-12-08T11:23:00.000Z","4.0","5.6",[54,88,20,21,22],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-to-do-list.1.3.2.zip",99,2,"2024-06-06 00:00:00",{"slug":111,"name":112,"version":113,"author":114,"author_profile":115,"description":116,"short_description":117,"active_installs":58,"downloaded":118,"rating":119,"num_ratings":120,"last_updated":121,"tested_up_to":122,"requires_at_least":123,"requires_php":124,"tags":125,"homepage":129,"download_link":130,"security_score":58,"vuln_count":131,"unpatched_count":11,"last_vuln_date":132,"fetched_at":27},"bp-user-to-do-list","Todo for BuddyPress & BuddyBoss","3.5.1","wbcomdesigns","https:\u002F\u002Fprofiles.wordpress.org\u002Fwbcomdesigns\u002F","\u003Cp>\u003Cstrong>Todo for BuddyPress & BuddyBoss\u003C\u002Fstrong> is a complete task management solution designed specifically for BuddyPress and BuddyBoss communities. Whether you’re running an online course platform, membership site, corporate intranet, or social network, this plugin empowers your members to stay organized and productive.\u003C\u002Fp>\n\u003Ch4>Why Choose This Plugin?\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>For Community Managers:\u003C\u002Fstrong>\u003Cbr \u002F>\nKeep your members engaged and accountable with structured task management. Track group progress, monitor completion rates, and ensure everyone stays on track with their commitments.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Members:\u003C\u002Fstrong>\u003Cbr \u002F>\nNever miss a deadline again. Create personal todos, receive timely reminders, and manage group assignments all from your profile. Export tasks to CSV for offline tracking.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For Developers:\u003C\u002Fstrong>\u003Cbr \u002F>\nExtend functionality with comprehensive hooks and filters. Full documentation included for easy customization and integration with other plugins.\u003C\u002Fp>\n\u003Ch4>Core Features\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>Personal Task Management\u003C\u002Fstrong>\u003Cbr \u002F>\n* Create unlimited personal todos with rich text descriptions\u003Cbr \u002F>\n* Set due dates with automatic reminders via email and BuddyPress notifications\u003Cbr \u002F>\n* Organize tasks by custom categories\u003Cbr \u002F>\n* Mark tasks complete with timestamp tracking\u003Cbr \u002F>\n* Export todo lists to CSV format for reporting\u003Cbr \u002F>\n* Visual priority indicators (Critical, High, Normal)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Group Collaboration\u003C\u002Fstrong>\u003Cbr \u002F>\n* Group admins and moderators can assign tasks to members\u003Cbr \u002F>\n* Assign to all members or select specific individuals\u003Cbr \u002F>\n* Each member gets their own copy to manage independently\u003Cbr \u002F>\n* Track who completed tasks and when\u003Cbr \u002F>\n* Seamless integration with BuddyPress group navigation\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Advanced Group Reporting\u003C\u002Fstrong>\u003Cbr \u002F>\n* Real-time completion statistics and progress tracking\u003Cbr \u002F>\n* Visual member progress grid with avatars and status badges\u003Cbr \u002F>\n* Filter by completion status (All, Completed, Pending)\u003Cbr \u002F>\n* Task-specific view to see who completed individual assignments\u003Cbr \u002F>\n* Overall group progress with percentage indicators\u003Cbr \u002F>\n* Pagination for large groups with hundreds of members\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Site Admin Features\u003C\u002Fstrong>\u003Cbr \u002F>\n* Read-only access to all group tasks for oversight\u003Cbr \u002F>\n* View tasks in groups you’re not a member of\u003Cbr \u002F>\n* Comprehensive settings panel with granular controls\u003Cbr \u002F>\n* Customizable labels and menu slugs\u003Cbr \u002F>\n* User permission management\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automated Data Retention\u003C\u002Fstrong>\u003Cbr \u002F>\n* Keep your database clean with automatic cleanup of old completed tasks\u003Cbr \u002F>\n* Configurable retention periods from 30 days to never\u003Cbr \u002F>\n* Separate settings for group and personal todos\u003Cbr \u002F>\n* Choose between trash or permanent deletion\u003Cbr \u002F>\n* Manual cleanup option with email notifications to admins\u003Cbr \u002F>\n* Daily automated cleanup via WP-Cron\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smart Notifications\u003C\u002Fstrong>\u003Cbr \u002F>\n* BuddyPress native email system integration\u003Cbr \u002F>\n* Customizable email templates from WordPress admin\u003Cbr \u002F>\n* Members control their own notification preferences\u003Cbr \u002F>\n* Automatic reminders before due dates\u003Cbr \u002F>\n* Group assignment notifications\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Developer-Friendly\u003C\u002Fstrong>\u003Cbr \u002F>\n* 15+ action hooks for extending functionality\u003Cbr \u002F>\n* 10+ filter hooks for customization\u003Cbr \u002F>\n* Complete template hierarchy for theme overrides\u003Cbr \u002F>\n* Comprehensive developer documentation included\u003Cbr \u002F>\n* REST API ready structure\u003Cbr \u002F>\n* Translation ready with POT file\u003C\u002Fp>\n\u003Ch4>Perfect For\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Online Learning Communities – Assign homework and track student progress\u003C\u002Fli>\n\u003Cli>Membership Sites – Keep members engaged with structured tasks\u003C\u002Fli>\n\u003Cli>Corporate Intranets – Team collaboration and project management\u003C\u002Fli>\n\u003Cli>Social Networks – Personal productivity within your community\u003C\u002Fli>\n\u003Cli>Non-Profit Organizations – Volunteer task coordination\u003C\u002Fli>\n\u003Cli>Co-Working Spaces – Shared goals and accountability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Premium Support\u003C\u002Fh4>\n\u003Cp>Our dedicated support team is ready to help you get the most out of this plugin. Whether you need help with setup, customization, or troubleshooting, we’re here to assist.\u003C\u002Fp>\n\u003Ch4>Documentation\u003C\u002Fh4>\n\u003Cp>Comprehensive guides included in the plugin directory:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>USER-GUIDE.md\u003C\u002Fstrong> – Complete walkthrough of all features, settings, and usage instructions\u003C\u002Fli>\n\u003Cli>\u003Cstrong>DEVELOPER-GUIDE.md\u003C\u002Fstrong> – Technical documentation with hooks, filters, database structure, and code examples\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Live Demo\u003C\u002Fh4>\n\u003Cp>See the plugin in action before installing. Visit our demo site to explore all features with sample data.\u003C\u002Fp>\n\u003Ch4>Translations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>English (default)\u003C\u002Fli>\n\u003Cli>French – Credits to Jean Pierre Michaud\u003C\u002Fli>\n\u003Cli>Ready for translation in your language with included POT file\u003C\u002Fli>\n\u003Cli>RTL language support included\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Links\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwbcomdesigns.com\u002Fdownloads\u002Fbuddypress-user-todo-list\u002F\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fdemos.wbcomdesigns.com\u002Fwbcomplugins\u002F\" rel=\"nofollow ugc\">Live Demo\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwbcomdesigns.com\u002Fhelpdesk\u002Farticle-categories\u002Fbp-user-todo-list\u002F\" rel=\"nofollow ugc\">Documentation & Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwbcomdesigns\u002Fbuddypress-user-todo-list\u002F\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwbcomdesigns.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">Request Features\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>BuddyPress 12.0 and higher (backwards compatible with older versions)\u003C\u002Fli>\n\u003Cli>BuddyBoss Platform (all versions)\u003C\u002Fli>\n\u003Cli>WordPress 6.5 and higher\u003C\u002Fli>\n\u003Cli>PHP 7.4 and higher (8.0+ recommended)\u003C\u002Fli>\n\u003Cli>Tested with popular themes: BuddyX, Reign, Youzify, and more\u003C\u002Fli>\n\u003Cli>Full support for both classic and block editor\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s New in 3.5.0\u003C\u002Fh4>\n\u003Cp>This major update brings enterprise-level features including group overview reporting, automated data retention, enhanced performance with caching, and full BuddyPress 12.0+ compatibility while maintaining backwards compatibility with older versions and BuddyBoss.\u003C\u002Fp>\n","Transform your BuddyPress or BuddyBoss community into a powerful task management platform. Members can create personal todos, collaborate on group tas &hellip;",20230,74,6,"2025-10-26T09:45:00.000Z","6.8.5","6.5","7.4",[126,127,128,18,22],"buddypress","group-tasks","productivity","https:\u002F\u002Fwbcomdesigns.com\u002Fcontact\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbp-user-to-do-list.3.5.1.zip",1,"2022-04-13 00:00:00",{"attackSurface":134,"codeSignals":319,"taintFlows":485,"riskAssessment":682,"analyzedAt":693},{"hooks":135,"ajaxHandlers":188,"restRoutes":316,"shortcodes":317,"cronEvents":318,"entryPointCount":313,"unprotectedCount":11},[136,142,147,151,156,159,165,169,174,177,181,184],{"type":137,"name":138,"callback":139,"file":140,"line":141},"action","plugins_loaded","closure","todo-by-aavoya.php",40,{"type":137,"name":143,"callback":144,"file":145,"line":146},"admin_menu","addMenu","wptba\\Backend\\Ui.php",20,{"type":137,"name":148,"callback":149,"file":145,"line":150},"admin_enqueue_scripts","add_css_js",21,{"type":137,"name":152,"callback":153,"file":154,"line":155},"wp_enqueue_scripts","enqueue","wptba\\Frontend\\Enqueue.php",11,{"type":137,"name":152,"callback":157,"file":154,"line":158},"removeAll",12,{"type":160,"name":161,"callback":162,"file":163,"line":164},"filter","template_include","init","wptba\\Frontend\\Shortcode.php",16,{"type":160,"name":166,"callback":167,"file":163,"line":168},"show_admin_bar","__return_false",29,{"type":137,"name":170,"callback":171,"file":172,"line":173},"admin_post_nopriv_wptba_verify_email","wptba_verify_email","wptba\\Frontend\\User.php",36,{"type":137,"name":175,"callback":171,"file":172,"line":176},"admin_post_wptba_verify_email",37,{"type":137,"name":178,"callback":179,"file":172,"line":180},"admin_post_nopriv_wptbaUpdatePassword","UpdatePassword",45,{"type":137,"name":182,"callback":179,"file":172,"line":183},"admin_post_wptbaUpdatePassword",46,{"type":137,"name":162,"callback":185,"file":186,"line":187},"createTaxonomy","wptba\\Init\\Cpt.php",13,[189,195,198,202,205,209,212,216,220,223,227,230,233,237,238,241,242,245,247,251,253,257,259,262,264,268,270,273,274,278,279,282,283,286,287,289,290,292,293,295,296,299,300,303,304,308,310,314],{"action":190,"nopriv":191,"callback":190,"hasNonce":192,"hasCapCheck":191,"file":193,"line":194},"setAauWptba",false,true,"wptba\\Backend\\AauAjax.php",14,{"action":196,"nopriv":191,"callback":196,"hasNonce":192,"hasCapCheck":191,"file":193,"line":197},"getAauWptba",15,{"action":199,"nopriv":191,"callback":200,"hasNonce":192,"hasCapCheck":191,"file":201,"line":155},"setAutoLogOutWptba","setAutoLogOut","wptba\\Backend\\AloAjax.php",{"action":203,"nopriv":191,"callback":204,"hasNonce":192,"hasCapCheck":191,"file":201,"line":158},"getAutoLogOutWptba","getAutoLogOut",{"action":206,"nopriv":191,"callback":206,"hasNonce":192,"hasCapCheck":191,"file":207,"line":208},"setKeyWptba","wptba\\Backend\\KeyAjax.php",17,{"action":210,"nopriv":191,"callback":210,"hasNonce":192,"hasCapCheck":191,"file":207,"line":211},"getKetKeyWptba",18,{"action":213,"nopriv":191,"callback":214,"hasNonce":192,"hasCapCheck":191,"file":215,"line":211},"wptbaUploadImage","uploadImage","wptba\\Backend\\Posts.php",{"action":217,"nopriv":191,"callback":218,"hasNonce":192,"hasCapCheck":191,"file":215,"line":219},"wptbaGetAttachment","getAttachment",19,{"action":221,"nopriv":191,"callback":222,"hasNonce":192,"hasCapCheck":191,"file":215,"line":146},"wptbaGetAttachmentId","getAttachmentId",{"action":224,"nopriv":191,"callback":225,"hasNonce":192,"hasCapCheck":191,"file":226,"line":158},"wptbaGetPendingUsers","getPendingUsers","wptba\\Backend\\User.php",{"action":228,"nopriv":191,"callback":229,"hasNonce":192,"hasCapCheck":191,"file":226,"line":187},"wptbaPostToUser","postToUser",{"action":231,"nopriv":191,"callback":232,"hasNonce":192,"hasCapCheck":191,"file":226,"line":194},"wptbaUserPostDelete","userPostDelete",{"action":234,"nopriv":192,"callback":235,"hasNonce":192,"hasCapCheck":191,"file":236,"line":197},"wptbaGetPosts","getPosts","wptba\\Frontend\\Posts.php",{"action":234,"nopriv":191,"callback":235,"hasNonce":192,"hasCapCheck":191,"file":236,"line":164},{"action":239,"nopriv":192,"callback":240,"hasNonce":192,"hasCapCheck":191,"file":236,"line":211},"wptbaAddPost","addPost",{"action":239,"nopriv":191,"callback":240,"hasNonce":192,"hasCapCheck":191,"file":236,"line":219},{"action":243,"nopriv":192,"callback":244,"hasNonce":192,"hasCapCheck":191,"file":236,"line":150},"wptbaGetPostMeta","getPostMeta",{"action":243,"nopriv":191,"callback":244,"hasNonce":192,"hasCapCheck":191,"file":236,"line":246},22,{"action":248,"nopriv":192,"callback":249,"hasNonce":192,"hasCapCheck":191,"file":236,"line":250},"wptbaSetPostMeta","setPostMeta",24,{"action":248,"nopriv":191,"callback":249,"hasNonce":192,"hasCapCheck":191,"file":236,"line":252},25,{"action":254,"nopriv":192,"callback":255,"hasNonce":192,"hasCapCheck":191,"file":236,"line":256},"wptbaDeletePost","deletePost",27,{"action":254,"nopriv":191,"callback":255,"hasNonce":192,"hasCapCheck":191,"file":236,"line":258},28,{"action":260,"nopriv":192,"callback":261,"hasNonce":192,"hasCapCheck":191,"file":236,"line":34},"wptbaGetTags","getTags",{"action":260,"nopriv":191,"callback":261,"hasNonce":192,"hasCapCheck":191,"file":236,"line":263},31,{"action":265,"nopriv":192,"callback":266,"hasNonce":192,"hasCapCheck":191,"file":236,"line":267},"wptbaRemoveTag","removeTag",33,{"action":265,"nopriv":191,"callback":266,"hasNonce":192,"hasCapCheck":191,"file":236,"line":269},34,{"action":271,"nopriv":192,"callback":272,"hasNonce":192,"hasCapCheck":191,"file":236,"line":173},"wptbaAddTag","addTag",{"action":271,"nopriv":191,"callback":272,"hasNonce":192,"hasCapCheck":191,"file":236,"line":176},{"action":275,"nopriv":192,"callback":276,"hasNonce":192,"hasCapCheck":191,"file":236,"line":277},"wptbaGetLogo","getLogo",39,{"action":275,"nopriv":191,"callback":276,"hasNonce":192,"hasCapCheck":191,"file":236,"line":141},{"action":280,"nopriv":192,"callback":281,"hasNonce":192,"hasCapCheck":191,"file":172,"line":211},"wptbaLogin","login",{"action":280,"nopriv":191,"callback":281,"hasNonce":192,"hasCapCheck":191,"file":172,"line":219},{"action":284,"nopriv":192,"callback":285,"hasNonce":192,"hasCapCheck":191,"file":172,"line":150},"wptbaGetUserDetails","getUserDetails",{"action":284,"nopriv":191,"callback":285,"hasNonce":192,"hasCapCheck":191,"file":172,"line":246},{"action":288,"nopriv":192,"callback":288,"hasNonce":192,"hasCapCheck":191,"file":172,"line":250},"wptbaUploadDarkMode",{"action":288,"nopriv":191,"callback":288,"hasNonce":192,"hasCapCheck":191,"file":172,"line":252},{"action":291,"nopriv":192,"callback":291,"hasNonce":192,"hasCapCheck":191,"file":172,"line":256},"wptbaDownloadDarkMode",{"action":291,"nopriv":191,"callback":291,"hasNonce":192,"hasCapCheck":191,"file":172,"line":258},{"action":294,"nopriv":192,"callback":294,"hasNonce":192,"hasCapCheck":191,"file":172,"line":34},"wptbaCheckAvailableUsername",{"action":294,"nopriv":191,"callback":294,"hasNonce":192,"hasCapCheck":191,"file":172,"line":263},{"action":297,"nopriv":192,"callback":298,"hasNonce":192,"hasCapCheck":191,"file":172,"line":267},"wptbaRegister","register",{"action":297,"nopriv":191,"callback":298,"hasNonce":192,"hasCapCheck":191,"file":172,"line":269},{"action":301,"nopriv":192,"callback":302,"hasNonce":192,"hasCapCheck":191,"file":172,"line":277},"wptbaChangePassword","changePassword",{"action":301,"nopriv":191,"callback":302,"hasNonce":192,"hasCapCheck":191,"file":172,"line":141},{"action":305,"nopriv":192,"callback":306,"hasNonce":192,"hasCapCheck":191,"file":172,"line":307},"wptbaResetPassword","resetPassword",42,{"action":305,"nopriv":191,"callback":306,"hasNonce":192,"hasCapCheck":191,"file":172,"line":309},43,{"action":311,"nopriv":192,"callback":312,"hasNonce":192,"hasCapCheck":191,"file":172,"line":313},"wptbaGetAllUsers","getAllUsers",48,{"action":311,"nopriv":191,"callback":312,"hasNonce":192,"hasCapCheck":191,"file":172,"line":315},49,[],[],[],{"dangerousFunctions":320,"sqlUsage":337,"outputEscaping":339,"fileOperations":108,"externalRequests":11,"nonceChecks":34,"capabilityChecks":131,"bundledLibraries":484},[321,324,327,330,332,334],{"fn":322,"file":193,"line":252,"context":323},"unserialize","$aau = unserialize($aau);",{"fn":322,"file":236,"line":325,"context":326},180,"$meta = unserialize($meta);",{"fn":322,"file":172,"line":328,"context":329},174,"$user_meta = unserialize($user_meta);",{"fn":322,"file":172,"line":331,"context":329},224,{"fn":322,"file":172,"line":333,"context":329},266,{"fn":322,"file":172,"line":335,"context":336},384,"$aau = unserialize(get_option('wptba_aau'));",{"prepared":11,"raw":11,"locations":338},[],{"escaped":340,"rawEcho":341,"locations":342},60,75,[343,345,346,347,348,350,351,353,355,357,359,361,363,364,366,368,370,372,374,376,378,379,381,383,385,387,389,391,393,395,397,399,401,403,405,406,408,410,412,415,416,419,420,421,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466,468,470,472,474,476,478,480,482],{"file":193,"line":258,"context":344},"raw output",{"file":193,"line":141,"context":344},{"file":201,"line":219,"context":344},{"file":201,"line":34,"context":344},{"file":207,"line":349,"context":344},32,{"file":207,"line":180,"context":344},{"file":215,"line":352,"context":344},41,{"file":215,"line":354,"context":344},54,{"file":215,"line":356,"context":344},88,{"file":215,"line":358,"context":344},122,{"file":215,"line":360,"context":344},139,{"file":215,"line":362,"context":344},165,{"file":226,"line":307,"context":344},{"file":226,"line":365,"context":344},62,{"file":226,"line":367,"context":344},184,{"file":226,"line":369,"context":344},229,{"file":226,"line":371,"context":344},238,{"file":226,"line":373,"context":344},250,{"file":236,"line":375,"context":344},57,{"file":236,"line":377,"context":344},103,{"file":236,"line":358,"context":344},{"file":236,"line":380,"context":344},162,{"file":236,"line":382,"context":344},181,{"file":236,"line":384,"context":344},216,{"file":236,"line":386,"context":344},233,{"file":236,"line":388,"context":344},241,{"file":236,"line":390,"context":344},259,{"file":236,"line":392,"context":344},268,{"file":236,"line":394,"context":344},293,{"file":236,"line":396,"context":344},311,{"file":236,"line":398,"context":344},334,{"file":236,"line":400,"context":344},338,{"file":236,"line":402,"context":344},363,{"file":236,"line":404,"context":344},392,{"file":236,"line":32,"context":344},{"file":236,"line":407,"context":344},418,{"file":236,"line":409,"context":344},425,{"file":236,"line":411,"context":344},429,{"file":413,"line":414,"context":344},"wptba\\Frontend\\Template.php",7,{"file":413,"line":101,"context":344},{"file":417,"line":418,"context":344},"wptba\\Frontend\\TemplateEmail.php",9,{"file":417,"line":164,"context":344},{"file":417,"line":246,"context":344},{"file":417,"line":263,"context":344},{"file":172,"line":423,"context":344},84,{"file":172,"line":425,"context":344},102,{"file":172,"line":427,"context":344},129,{"file":172,"line":429,"context":344},135,{"file":172,"line":431,"context":344},154,{"file":172,"line":433,"context":344},192,{"file":172,"line":435,"context":344},210,{"file":172,"line":437,"context":344},220,{"file":172,"line":439,"context":344},236,{"file":172,"line":441,"context":344},254,{"file":172,"line":443,"context":344},262,{"file":172,"line":445,"context":344},274,{"file":172,"line":447,"context":344},298,{"file":172,"line":449,"context":344},300,{"file":172,"line":451,"context":344},325,{"file":172,"line":453,"context":344},330,{"file":172,"line":455,"context":344},358,{"file":172,"line":457,"context":344},496,{"file":172,"line":459,"context":344},509,{"file":172,"line":461,"context":344},530,{"file":172,"line":463,"context":344},540,{"file":172,"line":465,"context":344},549,{"file":172,"line":467,"context":344},560,{"file":172,"line":469,"context":344},567,{"file":172,"line":471,"context":344},576,{"file":172,"line":473,"context":344},584,{"file":172,"line":475,"context":344},602,{"file":172,"line":477,"context":344},627,{"file":172,"line":479,"context":344},678,{"file":172,"line":481,"context":344},703,{"file":172,"line":483,"context":344},723,[],[486,509,520,531,542,555,563,579,592,600,609,618,630,639,648,657,669],{"entryPoint":487,"graph":488,"unsanitizedCount":11,"severity":508},"setAauWptba (wptba\\Backend\\AauAjax.php:32)",{"nodes":489,"edges":505},[490,494,499,501],{"id":491,"type":492,"label":493,"file":193,"line":176},"n0","source","$_POST",{"id":495,"type":496,"label":497,"file":193,"line":141,"wp_function":498},"n1","sink","echo() [XSS]","echo",{"id":500,"type":492,"label":493,"file":193,"line":176},"n2",{"id":502,"type":496,"label":503,"file":193,"line":141,"wp_function":504},"n3","update_option() [Settings Manipulation]","update_option",[506,507],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},"low",{"entryPoint":510,"graph":511,"unsanitizedCount":11,"severity":508},"\u003CAauAjax> (wptba\\Backend\\AauAjax.php:0)",{"nodes":512,"edges":517},[513,514,515,516],{"id":491,"type":492,"label":493,"file":193,"line":176},{"id":495,"type":496,"label":497,"file":193,"line":141,"wp_function":498},{"id":500,"type":492,"label":493,"file":193,"line":176},{"id":502,"type":496,"label":503,"file":193,"line":141,"wp_function":504},[518,519],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"entryPoint":521,"graph":522,"unsanitizedCount":11,"severity":508},"setAutoLogOut (wptba\\Backend\\AloAjax.php:15)",{"nodes":523,"edges":528},[524,525,526,527],{"id":491,"type":492,"label":493,"file":201,"line":211},{"id":495,"type":496,"label":497,"file":201,"line":219,"wp_function":498},{"id":500,"type":492,"label":493,"file":201,"line":211},{"id":502,"type":496,"label":503,"file":201,"line":219,"wp_function":504},[529,530],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"entryPoint":532,"graph":533,"unsanitizedCount":11,"severity":508},"\u003CAloAjax> (wptba\\Backend\\AloAjax.php:0)",{"nodes":534,"edges":539},[535,536,537,538],{"id":491,"type":492,"label":493,"file":201,"line":211},{"id":495,"type":496,"label":497,"file":201,"line":219,"wp_function":498},{"id":500,"type":492,"label":493,"file":201,"line":211},{"id":502,"type":496,"label":503,"file":201,"line":219,"wp_function":504},[540,541],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"entryPoint":543,"graph":544,"unsanitizedCount":11,"severity":508},"uploadImage (wptba\\Backend\\Posts.php:29)",{"nodes":545,"edges":552},[546,548,550,551],{"id":491,"type":492,"label":547,"file":215,"line":313},"$_FILES",{"id":495,"type":496,"label":503,"file":215,"line":549,"wp_function":504},83,{"id":500,"type":492,"label":547,"file":215,"line":313},{"id":502,"type":496,"label":497,"file":215,"line":356,"wp_function":498},[553,554],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"entryPoint":556,"graph":557,"unsanitizedCount":11,"severity":508},"getAttachment (wptba\\Backend\\Posts.php:114)",{"nodes":558,"edges":561},[559,560],{"id":491,"type":492,"label":493,"file":215,"line":427},{"id":495,"type":496,"label":497,"file":215,"line":360,"wp_function":498},[562],{"from":491,"to":495,"sanitized":192},{"entryPoint":564,"graph":565,"unsanitizedCount":11,"severity":508},"\u003CPosts> (wptba\\Backend\\Posts.php:0)",{"nodes":566,"edges":575},[567,568,569,570,571,573],{"id":491,"type":492,"label":547,"file":215,"line":313},{"id":495,"type":496,"label":503,"file":215,"line":549,"wp_function":504},{"id":500,"type":492,"label":547,"file":215,"line":313},{"id":502,"type":496,"label":497,"file":215,"line":356,"wp_function":498},{"id":572,"type":492,"label":493,"file":215,"line":427},"n4",{"id":574,"type":496,"label":497,"file":215,"line":360,"wp_function":498},"n5",[576,577,578],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"from":572,"to":574,"sanitized":192},{"entryPoint":580,"graph":581,"unsanitizedCount":11,"severity":508},"getPostMeta (wptba\\Frontend\\Posts.php:166)",{"nodes":582,"edges":589},[583,585,587,588],{"id":491,"type":492,"label":493,"file":236,"line":584},176,{"id":495,"type":496,"label":586,"file":236,"line":325,"wp_function":322},"unserialize() [Object Injection]",{"id":500,"type":492,"label":493,"file":236,"line":584},{"id":502,"type":496,"label":497,"file":236,"line":382,"wp_function":498},[590,591],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"entryPoint":593,"graph":594,"unsanitizedCount":11,"severity":508},"setPostMeta (wptba\\Frontend\\Posts.php:185)",{"nodes":595,"edges":598},[596,597],{"id":491,"type":492,"label":493,"file":236,"line":433},{"id":495,"type":496,"label":497,"file":236,"line":384,"wp_function":498},[599],{"from":491,"to":495,"sanitized":192},{"entryPoint":601,"graph":602,"unsanitizedCount":11,"severity":508},"deletePost (wptba\\Frontend\\Posts.php:220)",{"nodes":603,"edges":607},[604,606],{"id":491,"type":492,"label":493,"file":236,"line":605},227,{"id":495,"type":496,"label":497,"file":236,"line":388,"wp_function":498},[608],{"from":491,"to":495,"sanitized":192},{"entryPoint":610,"graph":611,"unsanitizedCount":11,"severity":508},"getTags (wptba\\Frontend\\Posts.php:250)",{"nodes":612,"edges":616},[613,615],{"id":491,"type":492,"label":493,"file":236,"line":614},263,{"id":495,"type":496,"label":497,"file":236,"line":394,"wp_function":498},[617],{"from":491,"to":495,"sanitized":192},{"entryPoint":619,"graph":620,"unsanitizedCount":11,"severity":508},"\u003CPosts> (wptba\\Frontend\\Posts.php:0)",{"nodes":621,"edges":627},[622,623,624,626],{"id":491,"type":492,"label":493,"file":236,"line":584},{"id":495,"type":496,"label":586,"file":236,"line":325,"wp_function":322},{"id":500,"type":492,"label":625,"file":236,"line":584},"$_POST (x4)",{"id":502,"type":496,"label":497,"file":236,"line":382,"wp_function":498},[628,629],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"entryPoint":631,"graph":632,"unsanitizedCount":11,"severity":508},"login (wptba\\Frontend\\User.php:57)",{"nodes":633,"edges":637},[634,636],{"id":491,"type":492,"label":493,"file":172,"line":635},67,{"id":495,"type":496,"label":497,"file":172,"line":429,"wp_function":498},[638],{"from":491,"to":495,"sanitized":192},{"entryPoint":640,"graph":641,"unsanitizedCount":11,"severity":508},"getUserDetails (wptba\\Frontend\\User.php:144)",{"nodes":642,"edges":646},[643,645],{"id":491,"type":492,"label":493,"file":172,"line":644},152,{"id":495,"type":496,"label":586,"file":172,"line":328,"wp_function":322},[647],{"from":491,"to":495,"sanitized":192},{"entryPoint":649,"graph":650,"unsanitizedCount":11,"severity":508},"wptbaUploadDarkMode (wptba\\Frontend\\User.php:201)",{"nodes":651,"edges":655},[652,654],{"id":491,"type":492,"label":493,"file":172,"line":653},208,{"id":495,"type":496,"label":586,"file":172,"line":331,"wp_function":322},[656],{"from":491,"to":495,"sanitized":192},{"entryPoint":658,"graph":659,"unsanitizedCount":11,"severity":508},"wptbaDownloadDarkMode (wptba\\Frontend\\User.php:245)",{"nodes":660,"edges":666},[661,663,664,665],{"id":491,"type":492,"label":493,"file":172,"line":662},252,{"id":495,"type":496,"label":586,"file":172,"line":333,"wp_function":322},{"id":500,"type":492,"label":493,"file":172,"line":662},{"id":502,"type":496,"label":497,"file":172,"line":445,"wp_function":498},[667,668],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"entryPoint":670,"graph":671,"unsanitizedCount":11,"severity":508},"\u003CUser> (wptba\\Frontend\\User.php:0)",{"nodes":672,"edges":679},[673,675,676,678],{"id":491,"type":492,"label":674,"file":172,"line":635},"$_POST (x2)",{"id":495,"type":496,"label":497,"file":172,"line":429,"wp_function":498},{"id":500,"type":492,"label":677,"file":172,"line":644},"$_POST (x3)",{"id":502,"type":496,"label":586,"file":172,"line":328,"wp_function":322},[680,681],{"from":491,"to":495,"sanitized":192},{"from":500,"to":502,"sanitized":192},{"summary":683,"deductions":684},"The 'todo-by-aavoya' v22.7 plugin exhibits a generally strong security posture with several good practices in place. The absence of any known CVEs and a clean vulnerability history over time are positive indicators.  The plugin also demonstrates a commitment to secure coding by using prepared statements for all SQL queries and implementing a significant number of nonce checks, contributing to the integrity of its AJAX operations.  \n\nHowever, the static analysis does reveal potential areas of concern. The presence of the `unserialize` function, especially when not coupled with robust input validation or sanitization, can be a significant security risk, potentially leading to Remote Code Execution if vulnerable data is processed.  Furthermore, a relatively low percentage (44%) of properly escaped output suggests that cross-site scripting (XSS) vulnerabilities might exist, allowing attackers to inject malicious scripts into the user interface. While the attack surface appears protected by authentication and capability checks, the limited number of capability checks (only 1) on its 48 AJAX handlers is a weakness. A more granular approach to permission checking would enhance security.\n\nIn conclusion, while the plugin has a solid foundation with its SQL practices and nonce implementation, the use of `unserialize` and the moderate output escaping rate present tangible risks. The vulnerability history is reassuring, but these code-level concerns warrant attention to prevent potential exploitation. Strengthening capability checks and addressing the identified output escaping and `unserialize` risks would significantly improve its overall security. ",[685,688,690],{"reason":686,"points":687},"Dangerous function: unserialize used",10,{"reason":689,"points":101},"Low percentage of properly escaped output",{"reason":691,"points":692},"Low number of capability checks",5,"2026-03-17T06:31:30.865Z",{"wat":695,"direct":712},{"assetPaths":696,"generatorPatterns":703,"scriptPaths":704,"versionParams":705},[697,698,699,700,701,702],"\u002Fwp-content\u002Fplugins\u002Ftodo-by-aavoya\u002Fwptba\u002FBackend\u002Fclient\u002Fdist\u002Fmain.js","\u002Fwp-content\u002Fplugins\u002Ftodo-by-aavoya\u002Fwptba\u002FBackend\u002Fclient\u002Fdist\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Ftodo-by-aavoya\u002Fwptba\u002FBackend\u002Fclient\u002Fdist\u002Ffonts.css","\u002Fwp-content\u002Fplugins\u002Ftodo-by-aavoya\u002Fwptba\u002FFrontend\u002Fclient\u002Fdist\u002Fmain.css","\u002Fwp-content\u002Fplugins\u002Ftodo-by-aavoya\u002Fwptba\u002FFrontend\u002Fclient\u002Fdist\u002Ffonts.css","\u002Fwp-content\u002Fplugins\u002Ftodo-by-aavoya\u002Fwptba\u002FFrontend\u002Fclient\u002Fdist\u002Fmain.js",[],[697,702],[706,707,708,709,710,711],"todo-by-aavoya\u002Fwptba\u002FBackend\u002Fclient\u002Fdist\u002Fmain.js?ver=","todo-by-aavoya\u002Fwptba\u002FBackend\u002Fclient\u002Fdist\u002Fmain.css?ver=","todo-by-aavoya\u002Fwptba\u002FBackend\u002Fclient\u002Fdist\u002Ffonts.css?ver=","todo-by-aavoya\u002Fwptba\u002FFrontend\u002Fclient\u002Fdist\u002Fmain.css?ver=","todo-by-aavoya\u002Fwptba\u002FFrontend\u002Fclient\u002Fdist\u002Ffonts.css?ver=","todo-by-aavoya\u002Fwptba\u002FFrontend\u002Fclient\u002Fdist\u002Fmain.js?ver=",{"cssClasses":713,"htmlComments":715,"htmlAttributes":716,"restEndpoints":718,"jsGlobals":719,"shortcodeOutput":725},[714],"wptba-admin-container",[],[717],"data-wptba-dynamic-url",[],[720,721,722,723,724],"wptba_backend_nonce","wptba_backend_url","wptba_dist_path","wp_scripts","wp_styles",[]]