[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8TckgdEuIFXMylS2oY09FV16ZUcbzaB5qyiuBQkNGwk":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":36,"fingerprints":214},"toolkit-for-learndash-lms","Toolkit for Learndash LMS","1.1.0","Fahad Mahmood","https:\u002F\u002Fprofiles.wordpress.org\u002Ffahadmahmood\u002F","\u003Cul>\n\u003Cli>\n\u003Cp>Author: \u003Ca href=\"https:\u002F\u002Fwww.androidbubbles.com\u002Fcontact\" rel=\"nofollow ugc\">Fahad Mahmood\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Project URI: \u003Ca href=\"http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Ftoolkit-for-learndash\" rel=\"nofollow ugc\">http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Ftoolkit-for-learndash\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Demo URI: \u003Ca href=\"https:\u002F\u002Farcadigital.co\u002Fpassport\u002Fbook\u002Flevel-a1-a\u002Flesson\u002Flesson-1c-where-are-you-from\u002Ftopic\u002Fpassport-to-practice-2\u002Fexercise\u002Fpassport-to-practice-2\" rel=\"nofollow ugc\">https:\u002F\u002Farcadigital.co\u002Fpassport\u002Fbook\u002Flevel-a1-a\u002Flesson\u002Flesson-1c-where-are-you-from\u002Ftopic\u002Fpassport-to-practice-2\u002Fexercise\u002Fpassport-to-practice-2\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Demo URI: \u003Ca href=\"http:\u002F\u002Fdemo.androidbubble.com\u002Ftoolkit-for-learndash\" rel=\"nofollow ugc\">http:\u002F\u002Fdemo.androidbubble.com\u002Ftoolkit-for-learndash\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>License: GPL 3. See License below for copyright jots and titles.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Toolkit for Learndash LMS is addon for Learndash LMS plugin. You can manage apply different themes to your quiz, questions and lessons. Nicely managed layouts with all possible options to deal with routine needs.\u003C\u002Fp>\n\u003Ch4>Uninstalling Toolkit for Learndash LMS\u003C\u002Fh4>\n\u003Cp>This plugin is just an addon for Learndash, so you will not lose anything by uninstalling it. Only themes, styling and\u002For some filter hooks will stop working which has no effects on actual plugin functionality.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This WordPress Plugin is free software: you can redistribute it and\u002For modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version. This free software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this software. If not, see http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html.\u003C\u002Fp>\n","An essential toolkit for Learndash LMS plugin with multitier content management options.",60,3833,100,2,"2024-11-04T09:28:00.000Z","6.6.5","3.5","7.0",[4],"http:\u002F\u002Fandroidbubble.com\u002Fblog\u002Fwordpress\u002Fplugins\u002Ftoolkit-for-learndash","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftoolkit-for-learndash-lms.1.1.0.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"fahadmahmood",40,32660,96,237,76,"2026-04-04T02:44:47.717Z",[],{"attackSurface":37,"codeSignals":73,"taintFlows":166,"riskAssessment":204,"analyzedAt":213},{"hooks":38,"ajaxHandlers":63,"restRoutes":69,"shortcodes":70,"cronEvents":71,"entryPointCount":72,"unprotectedCount":23},[39,45,49,53,57],{"type":40,"name":41,"callback":42,"file":43,"line":44},"action","admin_enqueue_scripts","tkflld_admin_enqueue_script","inc\\functions.php",83,{"type":40,"name":46,"callback":47,"file":43,"line":48},"wp_enqueue_scripts","tkflld_wp_enqueue_script",85,{"type":40,"name":50,"callback":51,"file":43,"line":52},"admin_menu","tkflld_menu",156,{"type":40,"name":54,"callback":55,"file":43,"line":56},"wp_head","closure",284,{"type":58,"name":59,"callback":60,"priority":61,"file":43,"line":62},"filter","learndash_quiz_content","tkflld_learndash_quiz_content",11,473,[64],{"action":65,"nopriv":66,"callback":65,"hasNonce":67,"hasCapCheck":66,"file":43,"line":68},"tkflld_update_option",false,true,207,[],[],[],1,{"dangerousFunctions":74,"sqlUsage":75,"outputEscaping":77,"fileOperations":23,"externalRequests":23,"nonceChecks":72,"capabilityChecks":23,"bundledLibraries":165},[],{"prepared":72,"raw":23,"locations":76},[],{"escaped":78,"rawEcho":79,"locations":80},22,50,[81,84,86,87,88,89,91,93,94,96,97,100,102,104,105,107,109,110,112,113,115,117,119,121,123,125,127,129,131,133,135,136,137,139,140,142,144,145,147,148,150,151,153,155,156,158,159,161,162,164],{"file":43,"line":82,"context":83},248,"raw output",{"file":43,"line":85,"context":83},425,{"file":43,"line":85,"context":83},{"file":43,"line":85,"context":83},{"file":43,"line":85,"context":83},{"file":43,"line":90,"context":83},435,{"file":43,"line":92,"context":83},442,{"file":43,"line":92,"context":83},{"file":43,"line":95,"context":83},443,{"file":43,"line":95,"context":83},{"file":98,"line":99,"context":83},"inc\\tkflld_settings.php",30,{"file":98,"line":101,"context":83},32,{"file":98,"line":103,"context":83},37,{"file":98,"line":103,"context":83},{"file":98,"line":106,"context":83},41,{"file":98,"line":108,"context":83},43,{"file":98,"line":108,"context":83},{"file":98,"line":111,"context":83},89,{"file":98,"line":31,"context":83},{"file":98,"line":114,"context":83},103,{"file":98,"line":116,"context":83},111,{"file":98,"line":118,"context":83},119,{"file":98,"line":120,"context":83},126,{"file":98,"line":122,"context":83},134,{"file":98,"line":124,"context":83},143,{"file":98,"line":126,"context":83},151,{"file":98,"line":128,"context":83},159,{"file":98,"line":130,"context":83},167,{"file":98,"line":132,"context":83},176,{"file":98,"line":134,"context":83},203,{"file":98,"line":68,"context":83},{"file":98,"line":68,"context":83},{"file":98,"line":138,"context":83},209,{"file":98,"line":138,"context":83},{"file":98,"line":141,"context":83},219,{"file":98,"line":143,"context":83},223,{"file":98,"line":143,"context":83},{"file":98,"line":146,"context":83},224,{"file":98,"line":146,"context":83},{"file":98,"line":149,"context":83},226,{"file":98,"line":149,"context":83},{"file":98,"line":152,"context":83},232,{"file":98,"line":154,"context":83},234,{"file":98,"line":154,"context":83},{"file":98,"line":157,"context":83},236,{"file":98,"line":157,"context":83},{"file":98,"line":160,"context":83},287,{"file":98,"line":160,"context":83},{"file":98,"line":163,"context":83},295,{"file":98,"line":163,"context":83},[],[167,185,193],{"entryPoint":168,"graph":169,"unsanitizedCount":23,"severity":184},"tkflld_update_option (inc\\functions.php:210)",{"nodes":170,"edges":182},[171,176],{"id":172,"type":173,"label":174,"file":43,"line":175},"n0","source","$_POST",230,{"id":177,"type":178,"label":179,"file":43,"line":180,"wp_function":181},"n1","sink","update_option() [Settings Manipulation]",241,"update_option",[183],{"from":172,"to":177,"sanitized":67},"low",{"entryPoint":186,"graph":187,"unsanitizedCount":23,"severity":184},"\u003Cfunctions> (inc\\functions.php:0)",{"nodes":188,"edges":191},[189,190],{"id":172,"type":173,"label":174,"file":43,"line":175},{"id":177,"type":178,"label":179,"file":43,"line":180,"wp_function":181},[192],{"from":172,"to":177,"sanitized":67},{"entryPoint":194,"graph":195,"unsanitizedCount":23,"severity":184},"\u003Ctkflld_settings> (inc\\tkflld_settings.php:0)",{"nodes":196,"edges":202},[197,199],{"id":172,"type":173,"label":198,"file":98,"line":11},"$_SERVER['REQUEST_URI'] (x5)",{"id":177,"type":178,"label":200,"file":98,"line":11,"wp_function":201},"echo() [XSS]","echo",[203],{"from":172,"to":177,"sanitized":67},{"summary":205,"deductions":206},"The \"toolkit-for-learndash-lms\" plugin v1.1.0 demonstrates a generally strong security posture with no known CVEs and a proactive approach to critical security practices.  The code analysis reveals no dangerous functions, SQL injection vulnerabilities through prepared statements, or external HTTP requests, which are significant strengths. File operations are also absent, reducing the potential attack surface in that area. Taint analysis shows no unsanitized paths, indicating that data flowing through the analyzed code is handled cautiously.\n\nHowever, there are areas for improvement. The plugin has a low percentage of properly escaped output (31%), which presents a risk of Cross-Site Scripting (XSS) vulnerabilities. While the static analysis indicates only one AJAX handler and it has a nonce check, the absence of capability checks on AJAX handlers is a concern, as it implies that any authenticated user, regardless of their role or permissions, could potentially trigger this AJAX action.  The plugin also lacks REST API routes and shortcodes, which can be good for minimizing the attack surface, but the existing AJAX handler needs proper authorization checks.\n\nGiven the clean vulnerability history and the positive findings in SQL and taint analysis, the overall risk appears moderate. The primary concerns stem from the insufficient output escaping and the potential for privilege escalation or unauthorized actions via the unprotected AJAX handler. Addressing these issues would significantly enhance the plugin's security.",[207,210],{"reason":208,"points":209},"Low percentage of properly escaped output",8,{"reason":211,"points":212},"AJAX handler without capability checks",7,"2026-03-16T21:47:07.608Z",{"wat":215,"direct":241},{"assetPaths":216,"generatorPatterns":226,"scriptPaths":227,"versionParams":231},[217,218,219,220,221,222,223,224,225],"\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Ffontawesome.min.css","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Fcommon-styles.css","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Fadmin-styles.css","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fadmin-scripts.js","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fjquery.blockUI.js","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fskins\u002Fcss\u002Fdefault.css","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Ffront-scripts.js",[],[228,229,230],"\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fbootstrap.min.js?t=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fadmin-scripts.js?t=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Ffront-scripts.js?t=",[232,233,234,235,236,237,238,239,240],"\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Fadmin-styles.css?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Fcommon-styles.css?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Ffontawesome.min.css?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fcss\u002Fbootstrap.min.css?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fbootstrap.min.js?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fadmin-scripts.js?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Fjquery.blockUI.js?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fjs\u002Ffront-scripts.js?ver=","\u002Fwp-content\u002Fplugins\u002Ftoolkit-for-learndash-lms\u002Fskins\u002Fcss\u002Fdefault.css?ver=",{"cssClasses":242,"htmlComments":245,"htmlAttributes":246,"restEndpoints":266,"jsGlobals":267,"shortcodeOutput":269},[243,244],"tkflld_options","tkflld_ajax_object",[],[247,248,249,250,251,252,253,254,255,256,257,258,251,259,260,261,262,263,264,265],"tkflld_delete_msg","tkflld_target_dir_msg","tkflld_move_error","tkflld_move_str","tkflld_del_confirm","tkflld_select_role_str","tkflld_rename_confirm","tkflld_reset_confirm","tkflld_empty_settings","tkflld_pro","details_view_sorting","tkflld_relevant_page","tkflld_select_file_alert","tkflld_not_belong_string","is_ajax","ld_lms_cic","ld_lms","is_ajax_url","del_from_front",[],[244,268],"tkflld",[]]