[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faxnS2uRQw21oE0lXZqvdToVME6NsvfrDLDlkygqEmjA":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":15,"tags":18,"homepage":21,"download_link":22,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":35,"analysis":142,"fingerprints":251},"units","Units","1.0.2","Kyle Phillips","https:\u002F\u002Fprofiles.wordpress.org\u002Fkylephillips\u002F","\u003Cp>\u003Cstrong>Why Units?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Units provides your users with an intuitive way to choose and display their preferred unit of measurement. The user’s preferred unit of measurement is saved via session, cookie, or none – configurable under the plugin settings.\u003C\u002Fp>\n\u003Cp>Any number of primary\u002Falternate units can be added, along with their conversion formulas.\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Funitswitcher.com\" rel=\"nofollow ugc\">unitswitcher.com\u003C\u002Fa> for more detailed information.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Using Units\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Add primary units under Settings > Units. Alternate units may be added by providing their name and conversion formula. Multiple alternate units may be added for each primary unit.\u003C\u002Fp>\n\u003Cp>Use the function \u003Ccode>unit_switcher($value, $primaryunit, $round)\u003C\u002Fcode> in your template to display the switcher. Pass the stored value as the first parameter and primary unit of measurement as the second value.\u003C\u002Fp>\n\u003Cp>To display a single switcher, the shortcode [unit_switcher] is available for use. The shortcode requires two parameters: \u003Ccode>unit\u003C\u002Fcode> (the primary unit being converted) and \u003Ccode>value\u003C\u002Fcode> (the stored value).\u003C\u002Fp>\n\u003Cp>For more information visit \u003Ca href=\"http:\u002F\u002Funitswitcher.com\" rel=\"nofollow ugc\">unitswitcher.com\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Important: Unit Switcher requires WordPress version 3.8 or higher, and PHP version 5.3.2 or higher.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>More Information\u003C\u002Fh3>\n\u003Ch4>Using the Template Function\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>unit_switcher($variable, $primaryunit, $round);\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Parameters:\u003Cbr \u002F>\n* $variable – The stored value (integer or float)\u003Cbr \u002F>\n* $primaryunit – The primary unit (the stored value should be stored in this unit)\u003Cbr \u002F>\n* $round – Number of digits to round to (default is 2)\u003C\u002Fp>\n\u003Cp>Visit \u003Ca href=\"http:\u002F\u002Funitswitcher.com\" rel=\"nofollow ugc\">unitswitcher.com\u003C\u002Fa> for more detailed information.\u003C\u002Fp>\n","Add front-end dropdowns for toggling measurement units.",10,2045,100,1,"","4.3.34","3.8",[19,20,4],"localization","measurements","http:\u002F\u002Funitswitcher.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Funits.1.0.2.zip",0,null,"2026-03-15T10:48:56.248Z",[],{"slug":28,"display_name":7,"profile_url":8,"plugin_count":29,"total_installs":30,"avg_security_score":31,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"kylephillips",3,100010,86,399,69,"2026-04-04T21:44:16.785Z",[36,53,79,100,120],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":11,"downloaded":44,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":15,"download_link":52,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":25},"additional-measurements-units-for-woocommerce","additional measurements units for WooCommerce","1.0","Ibrahim","https:\u002F\u002Fprofiles.wordpress.org\u002Fkardi420\u002F","\u003Cp>It is a simple woocommerce addon or extension.If Enable the plugin, then you will get extra or additional all necessary measurements units for products\u003Cbr \u002F>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FefMACqlGuIo?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>After enabling this plugin,  you will get extra or additional all necessary measurements units for products.\u003C\u002Fli>\n\u003C\u002Ful>\n","It is a simple woocommerce addon or extension.If Enable the plugin, then you will get extra or additional all necessary measurements units for product &hellip;",3034,"5.8.13","4.8","5.6",[49,50,20,4,51],"additional","extra","woocommerce","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadditional-measurements-units-for-woocommerce.zip",{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":74,"download_link":75,"security_score":76,"vuln_count":29,"unpatched_count":23,"last_vuln_date":77,"fetched_at":78},"polylang","Polylang","3.7.8","Chouby","https:\u002F\u002Fprofiles.wordpress.org\u002Fchouby\u002F","\u003Cp>With Polylang fully integrated to WordPress and using only its built-in core features (taxonomies), keep steady performances on your site and create a multilingual site featuring from just one extra language to 10 or more depending on your needs. There is no limit in the number of languages added and WordPress’ language packs are automatically downloaded when ready.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cp>Depending on the type of site you have built or are planning to build, a combination of plugins from the list below might be of interest.\u003Cbr \u002F>\nAll plugins include a wizard allowing to setup them in just a few clicks.\u003C\u002Fp>\n\u003Ch3>Polylang\u003C\u002Fh3>\n\u003Cp>Polylang and \u003Ca href=\"https:\u002F\u002Fpolylang.pro\" rel=\"nofollow ugc\">Polylang Pro\u003C\u002Fa> share the same core providing features such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Translating posts, pages, media, categories, post tags, custom post types and taxonomies, RSS feeds; RTL scripts are supported.\u003C\u002Fli>\n\u003Cli>The language is either set by the language code in URL, or you can use a different sub-domain or domain per language.\u003C\u002Fli>\n\u003Cli>Automatic copy of categories, post tags and other metas when creating a new post or page translation.\u003C\u002Fli>\n\u003Cli>Translating classic menus and classic widgets. Also accessible with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffse-classic\u002F\" rel=\"ugc\">Site Editor Classic Features\u003C\u002Fa> in block themes.\u003C\u002Fli>\n\u003Cli>Customizable language switcher available as a classic widget or a classic navigation menu item.\u003C\u002Fli>\n\u003Cli>Compatibility with Yoast SEO.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Polylang Pro\u003C\u002Fh3>\n\u003Cp>Helps optimizing the time spent translating your site with some very useful extra features such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Better integration in the new Block Editor.\u003C\u002Fli>\n\u003Cli>Language switcher available as a block.\u003C\u002Fli>\n\u003Cli>Language options available in the widget block editor.\u003C\u002Fli>\n\u003Cli>Template parts translatable in the site editor (FSE).\u003C\u002Fli>\n\u003Cli>Duplicate and\u002For synchronize content across post translations.\u003C\u002Fli>\n\u003Cli>Improved compatibility with other plugins such as \u003Ca href=\"https:\u002F\u002Fpolylang.pro\u002Fdoc\u002Fworking-with-acf-pro\u002F\" rel=\"nofollow ugc\">ACF Pro\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Share the same URL slug for posts or terms across languages.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fpolylang.pro\u002Fdoc\u002Ftranslating-urls-slugs\u002F\" rel=\"nofollow ugc\">Translate URL slugs\u003C\u002Fa> for categories, author bases, custom post types and more…\u003C\u002Fli>\n\u003Cli>Machine translation with DeepL.\u003C\u002Fli>\n\u003Cli>Export and import of content in XLIFF format for outsourced professional translation.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access to a Premium Support for personalized assistance.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Polylang for WooCommerce\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fpolylang.pro\u002Fdownloads\u002Fpolylang-for-woocommerce\u002F\" rel=\"nofollow ugc\">Add-on\u003C\u002Fa> for the compatibility with WooCommerce which provides features such as:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Translating WooCommerce pages (shop, check-out, cart, my account), product categories and global attribute terms directly in the WooCommerce interface.\u003C\u002Fli>\n\u003Cli>Translating WooCommerce e-mails and sending them to customers in their language.\u003C\u002Fli>\n\u003Cli>Products metadata synchronization.\u003C\u002Fli>\n\u003Cli>Compatibility with the native WooCommerce CSV import & export tool.\u003C\u002Fli>\n\u003Cli>Compatibility with popular plugins such as WooCommerce Subscriptions, Product Bundles, WooCommerce Bookings, Shipment Tracking and more.\u003C\u002Fli>\n\u003Cli>Ability to use the WooCommerce REST API (available with Polylang Pro).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Access to a Premium Support for personalized assistance.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Our other free plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwpml-to-polylang\u002F\" rel=\"ugc\">WPML to Polylang\u003C\u002Fa> allows migrating from WPML to Polylang.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Ffse-classic\u002F\" rel=\"ugc\">Site Editor Classic Features\u003C\u002Fa> allows to use classic widgets (including the Polylang language switcher) and menus in the site editor (FSE).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cp>Thanks a lot to all translators who \u003Ca href=\"https:\u002F\u002Ftranslate.wordpress.org\u002Fprojects\u002Fwp-plugins\u002Fpolylang\" rel=\"nofollow ugc\">help translating Polylang\u003C\u002Fa>.\u003Cbr \u002F>\nThanks a lot to \u003Ca href=\"http:\u002F\u002Fwww.alexlopez.rocks\u002F\" rel=\"nofollow ugc\">Alex Lopez\u003C\u002Fa> for the design of the logo.\u003Cbr \u002F>\nMost of the flags included with Polylang are coming from \u003Ca href=\"http:\u002F\u002Ffamfamfam.com\u002F\" rel=\"nofollow ugc\">famfamfam\u003C\u002Fa> and are public domain.\u003Cbr \u002F>\nWherever third party code has been used, credit has been given in the code’s comments.\u003C\u002Fp>\n","Go multilingual in a simple and efficient way. Keep writing posts and taxonomy terms as usual while defining their languages all at once.",800000,25784629,94,2921,"2026-02-23T09:13:00.000Z","6.9.4","6.2","7.2",[70,19,71,72,73],"language","multilingual","translate","translation","https:\u002F\u002Fpolylang.pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpolylang.3.7.8.zip",93,"2025-10-28 00:00:00","2026-03-15T15:16:48.613Z",{"slug":80,"name":81,"version":82,"author":83,"author_profile":84,"description":85,"short_description":86,"active_installs":87,"downloaded":88,"rating":89,"num_ratings":90,"last_updated":91,"tested_up_to":66,"requires_at_least":92,"requires_php":93,"tags":94,"homepage":98,"download_link":99,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":78},"performant-translations","Performant Translations","1.2.0","Pascal Birchler","https:\u002F\u002Fprofiles.wordpress.org\u002Fswissspidy\u002F","\u003Cp>Making internationalization\u002Flocalization in WordPress faster than ever before.\u003C\u002Fp>\n\u003Ch3>Disclaimer about WordPress 6.5\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Attention:\u003C\u002Fstrong> most functionality of this plugin has been merged into WordPress 6.5! You might not need it anymore.\u003C\u002Fp>\n\u003Cp>\u003Cem>However\u003C\u002Fem>, this plugin is still relevant for cases where language packs are not downloaded from WordPress.org but somewhere else, for example if you are developing your own plugins or using commercial plugins.\u003C\u002Fp>\n\u003Cp>The Performant Translations plugin converts the translation files of those plugins to the new file format introduced in WordPress 6.5, to really optimize them for speed.\u003C\u002Fp>\n\u003Ch3>What this plugin does\u003C\u002Fh3>\n\u003Cp>This project uses a new approach to handle translation files in WordPress, making localization blazing fast.\u003C\u002Fp>\n\u003Cp>An \u003Ca href=\"https:\u002F\u002Fmake.wordpress.org\u002Fcore\u002F2023\u002F07\u002F24\u002Fi18n-performance-analysis\u002F\" rel=\"nofollow ugc\">in-depth i18n performance analysis\u003C\u002Fa> showed that localized WordPress sites load significantly slower than a site without translations.\u003C\u002Fp>\n\u003Cp>With this plugin’s new approach to localization, this overhead is massively reduced, making your site fast again. It does so by converting \u003Ccode>.mo\u003C\u002Fcode> translation files to \u003Ccode>.php\u003C\u002Fcode> files.\u003C\u002Fp>\n\u003Cp>If your site is using a language other than English (US), you should see immediate speed improvements simply by activating this plugin.\u003C\u002Fp>\n","Making internationalization\u002Flocalization in WordPress faster than ever before.",40000,192704,98,16,"2025-12-05T10:38:00.000Z","6.5","7.0",[95,96,19,97,73],"i18n","internationalization","performance","https:\u002F\u002Fgithub.com\u002Fswissspidy\u002Fperformant-translations","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fperformant-translations.1.2.0.zip",{"slug":101,"name":102,"version":103,"author":104,"author_profile":105,"description":106,"short_description":107,"active_installs":108,"downloaded":109,"rating":110,"num_ratings":111,"last_updated":112,"tested_up_to":66,"requires_at_least":113,"requires_php":114,"tags":115,"homepage":118,"download_link":119,"security_score":13,"vuln_count":23,"unpatched_count":23,"last_vuln_date":24,"fetched_at":78},"bogo","Bogo","3.9.1","Rock Lobster Inc.","https:\u002F\u002Fprofiles.wordpress.org\u002Frocklobsterinc\u002F","\u003Cp>Bogo is a straight-forward multilingual plugin for WordPress.\u003C\u002Fp>\n\u003Cp>The core of WordPress itself has the built-in localization capability so you can use the dashboard and theme in one language other than English. Bogo expands this capability to let you easily build a multilingual blog on a single WordPress install.\u003C\u002Fp>\n\u003Cp>Here are some technical details for those interested. Bogo plugin assigns \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Farticle\u002Fmultilingual-wordpress\u002F#different-types-of-multilingual-plugins\" rel=\"ugc\">one language per post\u003C\u002Fa>. It plays nice with WordPress – Bogo does not create any additional custom table on your database, unlike some other plugins in this category. This design makes Bogo a solid, reliable and conflict-free multilingual plugin.\u003C\u002Fp>\n\u003Ch4>Getting started with Bogo\u003C\u002Fh4>\n\u003Col>\n\u003Cli>\n\u003Cp>Install language packs\u003C\u002Fp>\n\u003Cp>First, install language packs for languages you use on the site. You can view and install language packs in the \u003Cstrong>Language Packs\u003C\u002Fstrong> screen (\u003Cstrong>Languages > Language Packs\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Select your language for admin screen\u003C\u002Fp>\n\u003Cp>Bogo lets each logged-in user select a language for their admin screen UI. Select a language from the menu on the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Farticle\u002Fadministration-screens\u002F#toolbar-keeping-it-all-together\" rel=\"ugc\">\u003Cstrong>Toolbar\u003C\u002Fstrong>\u003C\u002Fa>, or from the menu in the \u003Cstrong>Profile\u003C\u002Fstrong> screen (\u003Cstrong>Users > Your Profile\u003C\u002Fstrong>) if the \u003Cstrong>Toolbar\u003C\u002Fstrong> is invisible.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Translate your posts and pages\u003C\u002Fp>\n\u003Cp>To create a translation post, go to the editor screen for the original post and find the \u003Cstrong>Language\u003C\u002Fstrong> box. Bogo does only make a copy of the post; translating the copied post is your task.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Add language switcher widgets\u003C\u002Fp>\n\u003Cp>It would be useful for site visitors if you have a language switcher on your site. Bogo provides the \u003Cstrong>Language Switcher\u003C\u002Fstrong> widget in the \u003Cstrong>Widgets\u003C\u002Fstrong> screen (\u003Cstrong>Appearance > Widgets\u003C\u002Fstrong>).\u003C\u002Fp>\n\u003Cp>You can also use the \u003Ccode>[bogo]\u003C\u002Fcode> shortcode to put a language switcher inside a post content. If you want to use this shortcode in your theme’s template files, embed the following code into the template:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u003C?php echo do_shortcode( '[bogo]' ); ?>\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Privacy notices\u003C\u002Fh4>\n\u003Cp>With the default configuration, this plugin, in itself, does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>track users by stealth;\u003C\u002Fli>\n\u003Cli>write any user personal data to the database;\u003C\u002Fli>\n\u003Cli>send any data to external servers;\u003C\u002Fli>\n\u003Cli>use cookies.\u003C\u002Fli>\n\u003C\u002Ful>\n","A straight-forward multilingual plugin. No more double-digit custom DB tables or hidden HTML comments that could cause you headaches later on.",10000,250900,90,46,"2025-11-30T08:49:00.000Z","6.7","7.4",[116,70,117,19,71],"admin","locale","https:\u002F\u002Fcontactform7.com\u002F2025\u002F09\u002F23\u002Fmulti-language-wordpress-without-vendor-lock-in-risks\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbogo.3.9.1.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":108,"downloaded":128,"rating":63,"num_ratings":129,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":15,"tags":133,"homepage":138,"download_link":139,"security_score":140,"vuln_count":14,"unpatched_count":23,"last_vuln_date":141,"fetched_at":78},"simple-admin-language-change","Simple Admin Language Change","2.0.5","Karolina Vyskocilova","https:\u002F\u002Fprofiles.wordpress.org\u002Fvyskoczilova\u002F","\u003Cp>The lightweight plugin extends the default WordPress functionality (user settings in Profile) and pulls out the language selection to the admin bar so you can easily switch between them.\u003C\u002Fp>\n\u003Cp>Do you want help with the development? Join the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fvyskoczilova\u002FSimple-Admin-Language-Change\u002F\" rel=\"nofollow ugc\">Github\u003C\u002Fa>!\u003C\u002Fp>\n","Change your dashboard language quickly and easily from the admin bar as often as you need.",84968,22,"2024-10-31T16:40:00.000Z","6.7.5","4.7",[134,135,136,137,19],"admin-language","backend","backend-language","english","http:\u002F\u002Fkybernaut.cz\u002Fpluginy\u002Fsimple-admin-language-change","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-admin-language-change.2.0.5.zip",92,"2021-05-05 00:00:00",{"attackSurface":143,"codeSignals":204,"taintFlows":239,"riskAssessment":240,"analyzedAt":250},{"hooks":144,"ajaxHandlers":174,"restRoutes":195,"shortcodes":196,"cronEvents":201,"entryPointCount":202,"unprotectedCount":203},[145,151,154,158,161,166,171],{"type":146,"name":147,"callback":148,"file":149,"line":150},"action","admin_enqueue_scripts","adminStyles","app\\Activation\\Dependencies.php",32,{"type":146,"name":147,"callback":152,"file":149,"line":153},"adminScripts",33,{"type":146,"name":155,"callback":156,"file":149,"line":157},"wp_enqueue_scripts","frontendStyles",34,{"type":146,"name":155,"callback":159,"file":149,"line":160},"frontendScripts",35,{"type":146,"name":162,"callback":163,"file":164,"line":165},"plugins_loaded","addLocalization","app\\Bootstrap.php",13,{"type":146,"name":167,"callback":168,"file":169,"line":170},"admin_init","registerSettings","app\\Config\\Settings.php",21,{"type":146,"name":172,"callback":173,"file":169,"line":129},"admin_menu","registerSettingsPage",[175,182,183,187,189,193],{"action":176,"nopriv":177,"callback":178,"hasNonce":179,"hasCapCheck":179,"file":180,"line":181},"unitswitcher",true,"saveUserPreferences",false,"app\\Forms\\Handlers.php",15,{"action":176,"nopriv":179,"callback":178,"hasNonce":179,"hasCapCheck":179,"file":180,"line":90},{"action":184,"nopriv":177,"callback":185,"hasNonce":179,"hasCapCheck":179,"file":180,"line":186},"unitswitchernonce","nonceHandler",19,{"action":184,"nopriv":179,"callback":185,"hasNonce":179,"hasCapCheck":179,"file":180,"line":188},20,{"action":190,"nopriv":177,"callback":191,"hasNonce":179,"hasCapCheck":179,"file":180,"line":192},"unitswitcher_dropdowns","loadDropdowns",23,{"action":190,"nopriv":179,"callback":191,"hasNonce":179,"hasCapCheck":179,"file":180,"line":194},24,[],[197],{"tag":198,"callback":199,"file":200,"line":165},"unit_switcher","renderView","app\\API\\SwitcherShortcode.php",[],7,6,{"dangerousFunctions":205,"sqlUsage":206,"outputEscaping":208,"fileOperations":14,"externalRequests":23,"nonceChecks":14,"capabilityChecks":23,"bundledLibraries":238},[],{"prepared":23,"raw":23,"locations":207},[],{"escaped":209,"rawEcho":210,"locations":211},12,17,[212,215,218,220,222,224,225,226,227,229,230,231,232,233,234,236,237],{"file":213,"line":186,"context":214},"app\\API\\functions.php","raw output",{"file":216,"line":217,"context":214},"app\\Views\\settings\\settings-general.php",4,{"file":216,"line":219,"context":214},48,{"file":216,"line":221,"context":214},59,{"file":223,"line":186,"context":214},"app\\Views\\settings\\settings-units.php",{"file":223,"line":186,"context":214},{"file":223,"line":188,"context":214},{"file":223,"line":188,"context":214},{"file":223,"line":228,"context":214},31,{"file":223,"line":228,"context":214},{"file":223,"line":228,"context":214},{"file":223,"line":160,"context":214},{"file":223,"line":160,"context":214},{"file":223,"line":160,"context":214},{"file":223,"line":235,"context":214},36,{"file":223,"line":235,"context":214},{"file":223,"line":235,"context":214},[],[],{"summary":241,"deductions":242},"The \"units\" plugin v1.0.2 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for all SQL queries and shows no known past vulnerabilities or CVEs. This suggests a generally responsible development approach regarding data persistence. However, significant concerns arise from the plugin's attack surface. A substantial number of AJAX handlers (6 out of 6) are exposed without any authentication checks, creating a wide entry point for potential malicious activity. Furthermore, the output escaping is notably weak, with only 41% of outputs being properly sanitized. This could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being rendered in the browser. The lack of capability checks on AJAX handlers is a critical oversight, allowing any authenticated user, regardless of their role, to potentially trigger plugin functionality.\n\nWhile the absence of known CVEs and critical taint flows is reassuring, the high proportion of unprotected AJAX endpoints and insufficient output escaping represent immediate and serious risks. The plugin's attack surface is disproportionately exposed without necessary authorization. Future development should prioritize implementing robust nonce and capability checks on all AJAX handlers and improving output sanitization to mitigate XSS risks. The current state indicates a plugin that, while not demonstrably exploited, has critical security weaknesses that require urgent attention.",[243,245,247],{"reason":244,"points":11},"AJAX handlers without auth checks",{"reason":246,"points":202},"Low output escaping percentage",{"reason":248,"points":249},"AJAX handlers without capability checks",5,"2026-03-17T05:39:12.413Z",{"wat":252,"direct":266},{"assetPaths":253,"generatorPatterns":258,"scriptPaths":259,"versionParams":263},[254,255,256,257],"\u002Fwp-content\u002Fplugins\u002Funits\u002Fassets\u002Fcss\u002Funit-switcher-admin.css","\u002Fwp-content\u002Fplugins\u002Funits\u002Fassets\u002Fjs\u002Funit-switcher-admin.min.js","\u002Fwp-content\u002Fplugins\u002Funits\u002Fassets\u002Fcss\u002Funit-switcher.css","\u002Fwp-content\u002Fplugins\u002Funits\u002Fassets\u002Fjs\u002Funit-switcher.min.js",[],[260,261,262],"\u002Fwp-content\u002Fplugins\u002Funits\u002Fvendor\u002Fautoload.php","\u002Fwp-content\u002Fplugins\u002Funits\u002Fapp\u002FUnitSwitcher.php","\u002Fwp-content\u002Fplugins\u002Funits\u002Fapp\u002FAPI\u002Ffunctions.php",[264,265],"unit-switcher-admin","unit-switcher",{"cssClasses":267,"htmlComments":268,"htmlAttributes":269,"restEndpoints":270,"jsGlobals":271,"shortcodeOutput":272},[],[],[],[],[198],[273],"[unit_switcher]"]