[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fY-ql6HuTTTMPlMyRRkaO8C7YWNfLRAmU8PB591_duDM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":38,"analysis":138,"fingerprints":568},"todo-lists-for-membership-sites","To Do List Member","1.5","Trent Jessee","https:\u002F\u002Fprofiles.wordpress.org\u002Ftjessee\u002F","\u003Cp>To Do List Member adds todo lists and tasks using custom taxonomy and post type to your blog.\u003C\u002Fp>\n\u003Cp>The site admin creates the todo lists and each user can track their own progress.\u003C\u002Fp>\n\u003Cp>Todo lists and progress bars are inserted into any post or page using shortcodes.\u003C\u002Fp>\n\u003Cp>The plugin adds two buttons to the visual editor, one to insert a todo list and one to insert a progress bar.\u003C\u002Fp>\n\u003Cp>Screenshots and a more detailed description can be found here: http:\u002F\u002Fwww.watchmanadvisors.com\u002Fto-do-list-member-wordpress-plugin\u002F\u003C\u002Fp>\n","To Do List Member adds todolists and tasks using custom taxonomy and post type to your blog.",10,8519,64,9,"2018-11-28T08:43:00.000Z","4.9.29","3.0.1","",[20,21,22,23,24],"checklist","checklists","tasks","to-do","todo-list","http:\u002F\u002Fwww.watchmanadvisors.com\u002Fto-do-list-member-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftodo-lists-for-membership-sites.1.6.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":11,"avg_security_score":27,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"tjessee",1,30,84,"2026-04-04T06:11:03.507Z",[39,62,86,103,119],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":18,"download_link":58,"security_score":59,"vuln_count":60,"unpatched_count":28,"last_vuln_date":61,"fetched_at":30},"dashboard-to-do-list","Dashboard To-Do List","1.3.2","Andrew","https:\u002F\u002Fprofiles.wordpress.org\u002Farapps92\u002F","\u003Cp>Are you a web designer or developer? Or are you creating a plugin or a theme? Are you finding hard to keep track of your tasks or your notepad is just untidy?\u003C\u002Fp>\n\u003Cp>Add this useful tool to your WordPress website, create a to-do list from within the main Admin Dashboard and display it on your website.\u003C\u002Fp>\n\u003Cp>Keep your list in one place and specific to your website\u002Fproject.\u003C\u002Fp>\n\u003Ch3>Plugin Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easily edit your To-Do list from the Admin Dashboard.\u003C\u002Fli>\n\u003Cli>Allow Editors to view and edit the dashboard To-Do list widget as well as Administrators.\u003C\u002Fli>\n\u003Cli>Display the To-Do list as a floating widget on the frontend of your website.\u003C\u002Fli>\n\u003Cli>Choose the position of the floating widget.\u003C\u002Fli>\n\u003Cli>Restrict the visibility of the floating widget to logged in Administrators and\u002For Editors only.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Simply install and activate the plugin, open your Admin Dashboard and write your list.\u003C\u002Fp>\n","A dashboard to-do list widget with the option to show the to-do list on the website. This is a great tool for web developers building a new website.",1000,21915,100,8,"2025-12-08T11:23:00.000Z","6.9.4","4.0","5.6",[56,22,23,57,24],"dashboard-widget","todo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-to-do-list.1.3.2.zip",99,2,"2024-06-06 00:00:00",{"slug":63,"name":64,"version":65,"author":66,"author_profile":67,"description":68,"short_description":69,"active_installs":49,"downloaded":70,"rating":71,"num_ratings":72,"last_updated":73,"tested_up_to":74,"requires_at_least":75,"requires_php":76,"tags":77,"homepage":81,"download_link":82,"security_score":83,"vuln_count":84,"unpatched_count":28,"last_vuln_date":85,"fetched_at":30},"wp-todo","WP To Do","2.1.7","Md Delower Hossain","https:\u002F\u002Fprofiles.wordpress.org\u002Fdelower186\u002F","\u003Cp>\u003Cstrong>WP To Do\u003C\u002Fstrong> is a full-featured \u003Cstrong>to-do list\u003C\u002Fstrong> and \u003Cstrong>task management\u003C\u002Fstrong> plugin for WordPress that helps you stay organized, manage priorities, and boost productivity — all from your WordPress dashboard.\u003C\u002Fp>\n\u003Cp>Perfect for individuals, teams, and businesses, WP To Do lets you easily create, organize, and track your \u003Cstrong>tasks\u003C\u002Fstrong>, \u003Cstrong>checklists\u003C\u002Fstrong>, and \u003Cstrong>office memos\u003C\u002Fstrong> in one place. Whether you’re planning daily work, managing projects, or tracking milestones, WP To Do brings simple yet powerful \u003Cstrong>to do management\u003C\u002Fstrong> directly into your site.\u003C\u002Fp>\n\u003Cp>Stay productive, meet deadlines, and manage your workflow seamlessly — without leaving WordPress.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cp>✅ \u003Cstrong>Powerful Task Management\u003C\u002Fstrong>\u003Cbr \u002F>\n– Create and manage unlimited \u003Cstrong>to-do lists\u003C\u002Fstrong> and \u003Cstrong>tasks\u003C\u002Fstrong>\u003Cbr \u002F>\n– Assign priorities (Critical, High, Normal, Low)\u003Cbr \u002F>\n– Define statuses (Not Started, In Progress, In Review, Completed)\u003Cbr \u002F>\n– Add deadlines to ensure on-time completion\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Visual Workflow Tools\u003C\u002Fstrong>\u003Cbr \u002F>\n– Interactive \u003Cstrong>Kanban Board\u003C\u002Fstrong> for drag-and-drop task organization\u003Cbr \u002F>\n– \u003Cstrong>FullCalendar\u003C\u002Fstrong> integration for scheduling and timeline view\u003Cbr \u002F>\n– Track milestones and progress visually\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Collaboration & Productivity\u003C\u002Fstrong>\u003Cbr \u002F>\n– Add comments for better team communication\u003Cbr \u002F>\n– Use color-coded tasks for quick identification\u003Cbr \u002F>\n– Manage \u003Cstrong>checklists\u003C\u002Fstrong> and \u003Cstrong>office memos\u003C\u002Fstrong> in one unified dashboard\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>User-Friendly Interface\u003C\u002Fstrong>\u003Cbr \u002F>\n– Clean, responsive design integrated into the WordPress admin\u003Cbr \u002F>\n– Lightweight, fast, and easy to use\u003C\u002Fp>\n\u003Ch3>Why Choose WP To do?\u003C\u002Fh3>\n\u003Cp>Whether you’re managing personal tasks, planning your team’s projects, or keeping track of important office notes, \u003Cstrong>WP-Todo\u003C\u002Fstrong> makes \u003Cstrong>to-do management\u003C\u002Fstrong> simple, efficient, and visually intuitive. Turn your WordPress dashboard into a productivity hub and never miss a deadline again.\u003C\u002Fp>\n\u003Ch3>Detailed Walkthrough\u003C\u002Fh3>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fd6pcudlgMP4?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch3>Contribute\u003C\u002Fh3>\n\u003Cp>This may have bugs and lack of many features. If you want to contribute on this project, you are more than welcome. Please fork the repository from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdelower186\u002Fwp-todo\" rel=\"nofollow ugc\">Github\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Custom Development & Feature Requests\u003C\u002Fh3>\n\u003Cp>Need a custom feature or want to enhance Project Manager to fit your workflow?\u003Cbr \u002F>\nI provide custom WordPress plugin development, feature requests, and tailored solutions to make your project management seamless.\u003C\u002Fp>\n\u003Ch4>Contact for Custom Development\u003C\u002Fh4>\n\u003Cp>🌐 Website: \u003Ca href=\"https:\u002F\u002Fsandalia.com.bd\u002Fapps\" rel=\"nofollow ugc\">https:\u002F\u002Fsandalia.com.bd\u002Fapps\u003C\u002Fa>\u003Cbr \u002F>\n💼 Upwork (Delower): \u003Ca href=\"https:\u002F\u002Fwww.upwork.com\u002Ffreelancers\u002Fdelower\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.upwork.com\u002Ffreelancers\u002Fdelower\u003C\u002Fa>\u003Cbr \u002F>\n💼 Linkedin (Delower): \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fdelower186\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fdelower186\u002F\u003C\u002Fa>\u003Cbr \u002F>\n💼 Linkedin (Sandalia): \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fsandalia-apps\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fsandalia-apps\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Do You need any Data Scraping Services? Try\u003C\u002Fh4>\n\u003Cp>🌐 Marketplace: \u003Ca href=\"https:\u002F\u002Fapify.com\u002Fsandaliaapps\" rel=\"nofollow ugc\">https:\u002F\u002Fapify.com\u002Fsandaliaapps\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Try My Other Plugins\u003C\u002Fh3>\n\u003Ch4>Project Manager Pro\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fproject-manager-pro\u002F\" rel=\"ugc\">Project Manager Pro\u003C\u002Fa> is a lightweight and easy-to-use plugin that allows you to create, manage, and track projects and tasks directly within WordPress.\u003C\u002Fp>\n\u003Ch4>LLMs.txt Sitemap Manager\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fllms-txt-sitemap-manager\u002F\" rel=\"ugc\">LLMs.txt Sitemap Manager\u003C\u002Fa> automatically generates an \u003Cstrong>LLMs.txt file\u003C\u002Fstrong> — a structured, lightweight list of important public URLs from your site — specifically designed for \u003Cstrong>Large Language Models (LLMs)\u003C\u002Fstrong> like ChatGPT, Perplexity, Claude, and other AI systems.\u003C\u002Fp>\n","WP-Todo: Smart To-Do List & Task Management Plugin for WordPress",13874,74,6,"2025-10-31T17:20:00.000Z","6.8.5","6.4","7.2.24",[20,78,22,79,80],"projects","to-do-list","to-do-management","https:\u002F\u002Fsandalia.com.bd\u002Fapps\u002Fview_project.php?slug=wp-todo","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-todo.2.1.7.zip",97,7,"2024-08-28 00:00:00",{"slug":87,"name":88,"version":89,"author":90,"author_profile":91,"description":92,"short_description":93,"active_installs":28,"downloaded":94,"rating":28,"num_ratings":28,"last_updated":95,"tested_up_to":52,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":101,"download_link":102,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"otterfixer-task-board","OtterFixer Task Board","1.3.5","OtterFixer","https:\u002F\u002Fprofiles.wordpress.org\u002Fotterfixer195725\u002F","\u003Cp>OtterFixer Task Board adds a clean task manager inside your WordPress admin, so you can stay organised without leaving the dashboard.\u003C\u002Fp>\n\u003Cp>It is ideal for website maintenance, SEO checklists, client tasks, and anyone managing recurring admin work.\u003C\u002Fp>\n\u003Cp>Features:\u003Cbr \u002F>\n* Board view with categories, priority, due dates, notes, and optional user assignment\u003Cbr \u002F>\n* Mark tasks complete, recurring tasks create the next occurrence automatically\u003Cbr \u002F>\n* Drag and drop ordering\u003Cbr \u002F>\n* Bulk actions including complete, uncomplete, delete, and save as a template\u003Cbr \u002F>\n* Templates tab with built in templates plus your own saved templates\u003Cbr \u002F>\n* CSV template export and import for templates\u003Cbr \u002F>\n* Activity Log tab with CSV export\u003Cbr \u002F>\n* Quick Tasks dashboard widget\u003Cbr \u002F>\n* Settings for shared or per user mode, overdue notices, widget limit, and category colours\u003C\u002Fp>\n","Task board for the WordPress admin area.",188,"2026-02-17T15:07:00.000Z","5.8","7.4",[99,20,100,22,23],"admin","productivity","https:\u002F\u002Fotterfixer.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fotterfixer-task-board.1.3.5.zip",{"slug":104,"name":105,"version":106,"author":107,"author_profile":108,"description":109,"short_description":110,"active_installs":28,"downloaded":111,"rating":28,"num_ratings":28,"last_updated":112,"tested_up_to":113,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":18,"download_link":117,"security_score":118,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"ze-to-do-list","ZE To Do List","0.1.0","wanzhenen","https:\u002F\u002Fprofiles.wordpress.org\u002Fwanzhenen\u002F","\u003Cp>Allow logged in users to create to do list.\u003C\u002Fp>\n","ZE To Do List.",562,"2024-11-19T01:56:00.000Z","6.7.5","6.6","7.2",[22,79,23,57,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fze-to-do-list.0.1.0.zip",92,{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":129,"num_ratings":130,"last_updated":131,"tested_up_to":113,"requires_at_least":132,"requires_php":133,"tags":134,"homepage":18,"download_link":137,"security_score":49,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"todo-block","Todo Block","1.2.0","David Towoju","https:\u002F\u002Fprofiles.wordpress.org\u002Fdavexpression\u002F","\u003Cp>Gutenberg is a great block editor but it does not come with a todo block.\u003C\u002Fp>\n\u003Cp>You can now create to-do lists in WordPress Gutenberg editor.\u003Cbr \u002F>\nYour todo checkboxes will appear both on the \u003Cstrong>frontend\u003C\u002Fstrong> and \u003Cstrong>backend\u003C\u002Fstrong>. It will even keep the current state of the checkbox when shown on the frontend.\u003C\u002Fp>\n\u003Cp>Logged-in users can save their checkbox selections (if enabled per checklist).\u003C\u002Fp>\n\u003Cp>You can use this block to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Add tasks to your posts and pages\u003C\u002Fli>\n\u003Cli>Create a checklist of items\u003C\u002Fli>\n\u003Cli>Let logged-in users save their selections\u003C\u002Fli>\n\u003Cli>Set goals and track progress\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FxbmKzLUItqU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n","Adds ToDo list block that shows checkboxes on frontend and backend of your site.",200,6566,66,3,"2026-03-14T06:33:00.000Z","6.3","7.0",[135,136,20,22,57],"block","checkbox","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftodo-block.1.2.0.zip",{"attackSurface":139,"codeSignals":248,"taintFlows":477,"riskAssessment":551,"analyzedAt":567},{"hooks":140,"ajaxHandlers":212,"restRoutes":239,"shortcodes":240,"cronEvents":247,"entryPointCount":11,"unprotectedCount":50},[141,146,150,154,158,163,166,170,174,177,181,184,188,192,196,200,204,208],{"type":142,"name":143,"callback":144,"file":145,"line":72},"action","init","add_todolists_button","code\\shortcodes.php",{"type":147,"name":148,"callback":149,"file":145,"line":84},"filter","tiny_mce_version","todolists_refresh_mce",{"type":147,"name":151,"callback":152,"file":145,"line":153},"mce_external_plugins","add_todolists_tinymce_plugin",18,{"type":147,"name":155,"callback":156,"file":145,"line":157},"mce_buttons","register_todolists_button",19,{"type":142,"name":159,"callback":160,"priority":11,"file":161,"line":162},"wpmu_new_blog","new_blog","todolists.php",20,{"type":142,"name":143,"callback":164,"file":161,"line":165},"todolists_init",21,{"type":142,"name":167,"callback":168,"file":161,"line":169},"admin_enqueue_scripts","todolists_admin_enqueue_scripts",22,{"type":142,"name":171,"callback":172,"file":161,"line":173},"admin_head","todolists_admin_head",23,{"type":142,"name":175,"callback":172,"file":161,"line":176},"wp_head",24,{"type":142,"name":178,"callback":179,"file":161,"line":180},"wp_enqueue_scripts","todolists_wp_enqueue_scripts",27,{"type":147,"name":182,"callback":183,"priority":34,"file":161,"line":35},"wp_terms_checklist_args","checked_not_ontop",{"type":142,"name":185,"callback":186,"file":161,"line":187},"wp_footer","todolists_footer",31,{"type":142,"name":189,"callback":190,"file":161,"line":191},"admin_menu","todolists_register_submenu",33,{"type":147,"name":193,"callback":194,"file":161,"line":195},"views_edit-task","tdl_button",34,{"type":142,"name":197,"callback":198,"file":161,"line":199},"admin_head-edit.php","tdl_button_moved",35,{"type":142,"name":201,"callback":202,"file":161,"line":203},"admin_init","tdl_download_xml",36,{"type":142,"name":205,"callback":206,"file":161,"line":207},"widgets_init","tdl_register_widget",40,{"type":142,"name":209,"callback":210,"file":161,"line":211},"draft_to_publish","completetask_reopen",43,[213,218,221,225,227,231,233,237],{"action":214,"nopriv":215,"callback":216,"hasNonce":215,"hasCapCheck":215,"file":161,"line":217},"updatetask",false,"todolists_wp_ajax_nopriv_updatetask",25,{"action":214,"nopriv":219,"callback":216,"hasNonce":215,"hasCapCheck":215,"file":161,"line":220},true,26,{"action":222,"nopriv":215,"callback":223,"hasNonce":215,"hasCapCheck":215,"file":161,"line":224},"todolists","todolists_wp_ajax_nopriv_todolists",28,{"action":222,"nopriv":219,"callback":223,"hasNonce":215,"hasCapCheck":215,"file":161,"line":226},29,{"action":228,"nopriv":215,"callback":229,"hasNonce":215,"hasCapCheck":215,"file":161,"line":230},"todolists_import","todolists_import_wp_ajax_nopriv_todolists",37,{"action":228,"nopriv":219,"callback":229,"hasNonce":215,"hasCapCheck":215,"file":161,"line":232},38,{"action":234,"nopriv":215,"callback":235,"hasNonce":215,"hasCapCheck":215,"file":161,"line":236},"completetask","completetask_callback",41,{"action":234,"nopriv":219,"callback":235,"hasNonce":215,"hasCapCheck":215,"file":161,"line":238},42,[],[241,244],{"tag":242,"callback":243,"file":145,"line":50},"todolists_tasklist","todolists_tasklist_shortcode",{"tag":245,"callback":246,"file":145,"line":14},"todolists_progressbar","todolists_progressbar_shortcode",[],{"dangerousFunctions":249,"sqlUsage":257,"outputEscaping":277,"fileOperations":472,"externalRequests":28,"nonceChecks":28,"capabilityChecks":60,"bundledLibraries":473},[250,255],{"fn":251,"file":252,"line":253,"context":254},"exec","res\\UploadHandler.php",922,"exec($cmd, $output, $error);",{"fn":251,"file":252,"line":256,"context":254},948,{"prepared":176,"raw":50,"locations":258},[259,262,264,266,268,270,273,275],{"file":161,"line":260,"context":261},65,"$wpdb->get_results() with variable interpolation",{"file":161,"line":263,"context":261},75,{"file":161,"line":265,"context":261},117,{"file":161,"line":267,"context":261},121,{"file":161,"line":127,"context":269},"$wpdb->get_row() with variable interpolation",{"file":161,"line":271,"context":272},899,"$wpdb->query() with variable interpolation",{"file":161,"line":274,"context":261},1109,{"file":161,"line":276,"context":261},1119,{"escaped":162,"rawEcho":278,"locations":279},104,[280,284,286,288,290,291,293,295,297,299,300,302,304,306,308,310,312,314,316,318,320,322,323,325,327,328,329,330,332,333,335,337,339,341,343,345,347,349,351,353,355,357,358,360,362,364,366,368,370,372,374,376,378,380,382,384,386,388,390,392,394,396,398,400,402,403,405,406,408,409,411,413,415,417,419,420,422,424,426,427,429,431,432,434,435,437,439,441,442,444,446,448,450,452,454,456,458,460,462,464,466,467,469,471],{"file":281,"line":282,"context":283},"code\\form_todolist_user.php",282,"raw output",{"file":281,"line":285,"context":283},312,{"file":281,"line":287,"context":283},320,{"file":281,"line":289,"context":283},324,{"file":281,"line":289,"context":283},{"file":281,"line":292,"context":283},376,{"file":281,"line":294,"context":283},398,{"file":281,"line":296,"context":283},404,{"file":281,"line":298,"context":283},408,{"file":281,"line":298,"context":283},{"file":281,"line":301,"context":283},454,{"file":281,"line":303,"context":283},458,{"file":281,"line":305,"context":283},464,{"file":281,"line":307,"context":283},486,{"file":281,"line":309,"context":283},494,{"file":281,"line":311,"context":283},496,{"file":281,"line":313,"context":283},506,{"file":281,"line":315,"context":283},544,{"file":281,"line":317,"context":283},576,{"file":281,"line":319,"context":283},578,{"file":281,"line":321,"context":283},944,{"file":281,"line":256,"context":283},{"file":281,"line":324,"context":283},960,{"file":281,"line":326,"context":283},986,{"file":281,"line":326,"context":283},{"file":281,"line":47,"context":283},{"file":281,"line":47,"context":283},{"file":281,"line":331,"context":283},1008,{"file":281,"line":331,"context":283},{"file":281,"line":334,"context":283},1030,{"file":281,"line":336,"context":283},1034,{"file":281,"line":338,"context":283},1040,{"file":281,"line":340,"context":283},1082,{"file":281,"line":342,"context":283},1092,{"file":281,"line":344,"context":283},1098,{"file":281,"line":346,"context":283},1106,{"file":281,"line":348,"context":283},1112,{"file":281,"line":350,"context":283},1116,{"file":281,"line":352,"context":283},1118,{"file":281,"line":354,"context":283},1126,{"file":281,"line":356,"context":283},1134,{"file":252,"line":340,"context":283},{"file":252,"line":359,"context":283},1093,{"file":161,"line":361,"context":283},140,{"file":161,"line":363,"context":283},154,{"file":161,"line":365,"context":283},400,{"file":161,"line":367,"context":283},470,{"file":161,"line":369,"context":283},653,{"file":161,"line":371,"context":283},735,{"file":161,"line":373,"context":283},740,{"file":161,"line":375,"context":283},745,{"file":161,"line":377,"context":283},801,{"file":161,"line":379,"context":283},836,{"file":161,"line":381,"context":283},1032,{"file":161,"line":383,"context":283},1066,{"file":161,"line":385,"context":283},1155,{"file":161,"line":387,"context":283},1170,{"file":161,"line":389,"context":283},1183,{"file":391,"line":157,"context":283},"widget\\widget-todolist.php",{"file":391,"line":393,"context":283},137,{"file":391,"line":395,"context":283},344,{"file":391,"line":397,"context":283},346,{"file":391,"line":399,"context":283},352,{"file":391,"line":401,"context":283},366,{"file":391,"line":401,"context":283},{"file":391,"line":404,"context":283},373,{"file":391,"line":404,"context":283},{"file":391,"line":407,"context":283},379,{"file":391,"line":407,"context":283},{"file":391,"line":410,"context":283},392,{"file":391,"line":412,"context":283},394,{"file":391,"line":414,"context":283},416,{"file":391,"line":416,"context":283},422,{"file":391,"line":418,"context":283},426,{"file":391,"line":418,"context":283},{"file":391,"line":421,"context":283},439,{"file":391,"line":423,"context":283},445,{"file":391,"line":425,"context":283},449,{"file":391,"line":425,"context":283},{"file":391,"line":428,"context":283},465,{"file":391,"line":430,"context":283},480,{"file":391,"line":307,"context":283},{"file":391,"line":433,"context":283},490,{"file":391,"line":433,"context":283},{"file":391,"line":436,"context":283},504,{"file":391,"line":438,"context":283},510,{"file":391,"line":440,"context":283},514,{"file":391,"line":440,"context":283},{"file":391,"line":443,"context":283},530,{"file":391,"line":445,"context":283},552,{"file":391,"line":447,"context":283},592,{"file":391,"line":449,"context":283},595,{"file":391,"line":451,"context":283},599,{"file":391,"line":453,"context":283},602,{"file":391,"line":455,"context":283},604,{"file":391,"line":457,"context":283},605,{"file":391,"line":459,"context":283},609,{"file":391,"line":461,"context":283},613,{"file":391,"line":463,"context":283},625,{"file":391,"line":465,"context":283},651,{"file":391,"line":465,"context":283},{"file":391,"line":468,"context":283},665,{"file":391,"line":470,"context":283},672,{"file":391,"line":470,"context":283},17,[474],{"name":475,"version":29,"knownCves":476},"TinyMCE",[],[478,496,510,527],{"entryPoint":479,"graph":480,"unsanitizedCount":34,"severity":495},"todolists_import_wp_ajax_nopriv_todolists (todolists.php:210)",{"nodes":481,"edges":493},[482,487],{"id":483,"type":484,"label":485,"file":161,"line":486},"n0","source","$_POST",250,{"id":488,"type":489,"label":490,"file":161,"line":491,"wp_function":492},"n1","sink","file_get_contents() [SSRF\u002FLFI]",251,"file_get_contents",[494],{"from":483,"to":488,"sanitized":215},"medium",{"entryPoint":497,"graph":498,"unsanitizedCount":508,"severity":509},"completetask_callback (todolists.php:47)",{"nodes":499,"edges":506},[500,503],{"id":483,"type":484,"label":501,"file":161,"line":502},"$_POST (x4)",53,{"id":488,"type":489,"label":504,"file":161,"line":260,"wp_function":505},"get_results() [SQLi]","get_results",[507],{"from":483,"to":488,"sanitized":215},4,"high",{"entryPoint":511,"graph":512,"unsanitizedCount":130,"severity":509},"todolists_wp_ajax_nopriv_updatetask (todolists.php:1082)",{"nodes":513,"edges":524},[514,517,518,520],{"id":483,"type":484,"label":515,"file":161,"line":516},"$_POST (x2)",1089,{"id":488,"type":489,"label":504,"file":161,"line":274,"wp_function":505},{"id":519,"type":484,"label":485,"file":161,"line":516},"n2",{"id":521,"type":489,"label":522,"file":161,"line":385,"wp_function":523},"n3","echo() [XSS]","echo",[525,526],{"from":483,"to":488,"sanitized":215},{"from":519,"to":521,"sanitized":215},{"entryPoint":528,"graph":529,"unsanitizedCount":50,"severity":509},"\u003Ctodolists> (todolists.php:0)",{"nodes":530,"edges":546},[531,533,534,537,538,540,542,544],{"id":483,"type":484,"label":532,"file":161,"line":502},"$_POST (x3)",{"id":488,"type":489,"label":504,"file":161,"line":260,"wp_function":505},{"id":519,"type":484,"label":535,"file":161,"line":536},"$_SERVER (x3)",15,{"id":521,"type":489,"label":504,"file":161,"line":263,"wp_function":505},{"id":539,"type":484,"label":485,"file":161,"line":486},"n4",{"id":541,"type":489,"label":490,"file":161,"line":491,"wp_function":492},"n5",{"id":543,"type":484,"label":485,"file":161,"line":516},"n6",{"id":545,"type":489,"label":522,"file":161,"line":385,"wp_function":523},"n7",[547,548,549,550],{"from":483,"to":488,"sanitized":215},{"from":519,"to":521,"sanitized":215},{"from":539,"to":541,"sanitized":215},{"from":543,"to":545,"sanitized":215},{"summary":552,"deductions":553},"The \"todo-lists-for-membership-sites\" v1.5 plugin exhibits a concerning security posture primarily due to a significant number of unprotected AJAX handlers and a lack of robust input sanitization. While the plugin has no recorded vulnerability history, which is a positive indicator, the static analysis reveals several critical weaknesses that could be exploited. The presence of 8 unprotected AJAX handlers, coupled with 4 taint flows with unsanitized paths, suggests a high likelihood of cross-site scripting (XSS) or other injection vulnerabilities if user-supplied data is not meticulously handled. The absence of nonce checks on any AJAX endpoints is a major red flag, as it allows for easy cross-site request forgery (CSRF) attacks.  Furthermore, the low percentage of properly escaped output (16%) amplifies the risk of XSS. The use of the dangerous `exec` function, although potentially not directly exploitable in this version without further context, represents a potential for remote code execution if improperly secured.\n\nDespite the lack of historical CVEs, the current code analysis points to substantial inherent risks. The plugin's strengths lie in its moderate use of prepared statements for SQL queries and the absence of external HTTP requests, which limits some attack vectors. However, the sheer number of unprotected entry points and the critical findings in taint analysis significantly outweigh these strengths. The plugin needs immediate attention to address the missing authentication and authorization checks on its AJAX endpoints and to implement proper input sanitization and output escaping to mitigate the identified risks. A proactive approach to security patching and code review is crucial, especially given the potential for these weaknesses to be exploited.",[554,556,558,560,562,565],{"reason":555,"points":11},"Unprotected AJAX handlers",{"reason":557,"points":536},"Taint flows with unsanitized paths (High severity)",{"reason":559,"points":11},"No nonce checks on AJAX",{"reason":561,"points":50},"Low output escaping percentage",{"reason":563,"points":564},"Dangerous function usage (exec)",5,{"reason":566,"points":564},"Low capability checks","2026-03-16T23:52:41.421Z",{"wat":569,"direct":580},{"assetPaths":570,"generatorPatterns":574,"scriptPaths":575,"versionParams":576},[571,572,573],"\u002Fwp-content\u002Fplugins\u002Ftodo-lists-for-membership-sites\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Ftodo-lists-for-membership-sites\u002Fassets\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Ftodo-lists-for-membership-sites\u002Fassets\u002Fjs\u002Fscript.js",[],[573,572],[577,578,579],"todo-lists-for-membership-sites\u002Fassets\u002Fcss\u002Fbootstrap.min.css?ver=","todo-lists-for-membership-sites\u002Fassets\u002Fjs\u002Fscript.js?ver=","todo-lists-for-membership-sites\u002Fassets\u002Fjs\u002Fbootstrap.min.js?ver=",{"cssClasses":581,"htmlComments":583,"htmlAttributes":584,"restEndpoints":587,"jsGlobals":588,"shortcodeOutput":590},[582],"tdl-add-new-task",[],[585,586],"data-taskid","data-status",[],[589],"tdl_task_complete",[]]