[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fuAZ-INcIwBT-EfZt_6j3gyVEo7amYv8-WjPaLskUhKE":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":17,"download_link":24,"security_score":25,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":135,"fingerprints":292},"url-based-login","URL Based Login","1.1","iamudit","https:\u002F\u002Fprofiles.wordpress.org\u002Fiamudit\u002F","\u003Cp>URL Based Login allows you to directly login from an allowed URL. So if you want to allow someone to login but you do not want to share the login details just create a Login URL with URL Based Login and provide them the Login URL.\u003C\u002Fp>\n\u003Cp>Features in URL Based Login 1.3.0  include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Create multiple Login URLs\u003C\u002Fli>\n\u003Cli>Choose the username accessible when accessed by the allowed URL\u003C\u002Fli>\n\u003Cli>Delete Login URLs\u003C\u002Fli>\n\u003Cli>Safe & Secure\u003C\u002Fli>\n\u003Cli>No passwords saved\u003C\u002Fli>\n\u003Cli>Completely FREE\u003C\u002Fli>\n\u003Cli>Licensed under GNU GPL version 3\u003C\u002Fli>\n\u003C\u002Ful>\n","URL Based Login allows you to directly login from an allowed Login URL.",10,2192,0,"2015-03-23T22:08:00.000Z","4.1.42","3.0","",[19,20,21,22,23],"authentication","auto","based","login","url","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Furl-based-login.1.1.zip",85,null,"2026-03-15T14:54:45.397Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},1,30,84,"2026-04-04T20:20:10.631Z",[35,58,80,99,113],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":16,"requires_php":49,"tags":50,"homepage":52,"download_link":53,"security_score":54,"vuln_count":55,"unpatched_count":13,"last_vuln_date":56,"fetched_at":57},"ip-based-login","IP Based Login","2.4.4","brijeshk89","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrijeshk89\u002F","\u003Cp>IP Based Login allows you to directly login from an authorized IP without password. So if you want to allow someone to login but you do not want to share the login details just add their IP \u002F IP Range using IP Based Login and when they access your site they will be logged in without having to enter the login credentials.\u003C\u002Fp>\n\u003Cp>Features in IP Based Login include:\u003C\u002Fp>\n\u003Cp>[PRO Features]\u003Cbr \u002F>\n– IPv6 Support\u003Cbr \u002F>\n– EZProxy Support\u003Cbr \u002F>\n– Analytics – Check sessions usage and find which university\u002Finstitution is actively accessing your content\u003Cbr \u002F>\n– Central Management for IP ranges – Add your IP ranges on our central server and get the IP ranges synced across all your websites automatically.\u003C\u002Fp>\n\u003Cp>[Free Features]\u003Cbr \u002F>\n– Create IP ranges\u003Cbr \u002F>\n– IPv4 Support\u003Cbr \u002F>\n– Cloudflare support\u003Cbr \u002F>\n– Choose the username accessible when accessed by the IP existing in provided range\u003Cbr \u002F>\n– Bulk Export\u002FImport IP ranges\u003Cbr \u002F>\n– Delete IP ranges\u003Cbr \u002F>\n– Enable\u002FDisable IP ranges\u003Cbr \u002F>\n– Terminate Session if IP changed\u003Cbr \u002F>\n– Licensed under GNU GPL version 3\u003Cbr \u002F>\n– Does not affect when accessed from any other IPs not existing in any ranges\u003Cbr \u002F>\n– Safe & Secure\u003Cbr \u002F>\n– No passwords saved\u003C\u002Fp>\n\u003Cp>[For Publishers]\u003Cbr \u002F>\nJust add University IP Address to the plugin and when the students access your website from the University campus or EZ Proxy server they will be automatically authenticated to your WordPress website with the subscriber account you choose while adding the IP address.\u003C\u002Fp>\n\u003Cp>[Developers Section]\u003Cbr \u002F>\n– \u003Cstrong>is_logged_in_using_ipbl()\u003C\u002Fstrong> function to determine if a user is logged in with IP Based login plugin or with username\u002Fpassword\u003Cbr \u002F>\n– Add additional layer of check before the user is auto logged using the \u003Cstrong>ipbl_can_auto_login\u003C\u002Fstrong> hook\u003Cbr \u002F>\n– Execute custom PHP code after the user is auto logged in using the \u003Cstrong>ipbl_auto_logged_in\u003C\u002Fstrong> hook\u003C\u002Fp>\n","IP Based Login allows you to directly login from an authorized IP without password.",400,44022,98,23,"2025-09-11T17:59:00.000Z","6.8.5","5.6",[19,20,21,51,22],"ip","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fip-based-login\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fip-based-login.2.4.4.zip",96,4,"2025-09-22 00:00:00","2026-03-15T15:16:48.613Z",{"slug":59,"name":60,"version":61,"author":62,"author_profile":63,"description":64,"short_description":65,"active_installs":11,"downloaded":66,"rating":67,"num_ratings":55,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":17,"download_link":78,"security_score":79,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":57},"wp-direct-login-link","WP Direct Login Link","2.0","amitsmartweb","https:\u002F\u002Fprofiles.wordpress.org\u002Famitsmartweb\u002F","\u003Cp>Secure your website with WP Direct Login Link. Users rarely are using strong passwords and your website is vulnerable to attacks. With our plugin, you can allow them to login without a password.\u003C\u002Fp>\n\u003Cp>After submitting the email address. User’s receive a secure login link via email with expiration time (between 1 to 60 minutes). When the user accesses the link, it will automatically login without asking a password. You can also enhance the security by restricting users to login from the same IP address that requested the link.\u003C\u002Fp>\n\u003Ch4>What does the plugin do?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>User can add Direct login Form or replace the default wordpress login form from wordpress login page;\u003C\u002Fli>\n\u003Cli>Send secure login on user email.\u003C\u002Fli>\n\u003Cli>Settings for, how many times user login with link.\u003C\u002Fli>\n\u003Cli>Settings for, how many times user login with link.\u003C\u002Fli>\n\u003Cli>Show all login user’s report that login with Direct login form.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Further Reading\u003C\u002Fh4>\n","Create a secure way to login by Link.",2157,100,"2024-08-14T19:16:00.000Z","6.6.5","3.4.4","5.5",[73,74,75,76,77],"loginbylink","loginbyurl","passwordless-authentication","without-password","wp-login","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-direct-login-link.2.0.zip",92,{"slug":81,"name":82,"version":83,"author":84,"author_profile":85,"description":86,"short_description":87,"active_installs":13,"downloaded":88,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":89,"requires_at_least":90,"requires_php":49,"tags":91,"homepage":17,"download_link":97,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":98},"dh-rename-login-url","DH Rename Login URL and Two Factor Authentication","1.0","Ohidul Islam","https:\u002F\u002Fprofiles.wordpress.org\u002Fohidul\u002F","\u003Cp>DH Rename Login URL and Two Factor Authentication enhances your website security by changing the default login address of WordPress admin. It protects from spammers and hackers from easily finding the default admin login address. This plugin also provides options to enable Two Factor Authentication using the popular Google Authenticator app in a most efficient way.\u003C\u002Fp>\n\u003Ch4>Privacy Notices\u003C\u002Fh4>\n\u003Cp>With the default configuration, this plugin, in itself, does not:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>track users by stealth;\u003C\u002Fli>\n\u003Cli>write any user personal data to the database;\u003C\u002Fli>\n\u003Cli>send any data to external servers;\u003C\u002Fli>\n\u003Cli>use cookies.\u003C\u002Fli>\n\u003C\u002Ful>\n","DH Rename Login URL helps you to rename or modify the default WordPress login area \u002Fwp-login.php and gives you Google Two Factor Authentication featur &hellip;",972,"5.4.19","4.6",[92,93,94,95,96],"login-url","rename-login-url","security","tfa","two-factor-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdh-rename-login-url.zip","2026-03-15T10:48:56.248Z",{"slug":100,"name":101,"version":102,"author":103,"author_profile":104,"description":105,"short_description":106,"active_installs":13,"downloaded":107,"rating":13,"num_ratings":13,"last_updated":17,"tested_up_to":108,"requires_at_least":16,"requires_php":17,"tags":109,"homepage":17,"download_link":112,"security_score":67,"vuln_count":13,"unpatched_count":13,"last_vuln_date":26,"fetched_at":98},"login-by-ip-authentication","Login By IP Authentication","0.1","DotsquaresLtd","https:\u002F\u002Fprofiles.wordpress.org\u002Fdswpsupport\u002F","\u003Cp>The plugin will allow users to login with their allowed IPs only. If you want user should be allowed to login with multiple IPs, then admin can associate multiple IPs separated with comma(,) character.\u003C\u002Fp>\n\u003Ch4>General Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>IP Restricted login.\u003C\u002Fli>\n\u003Cli>You can set multiple IPs for a user to allow login from multiple IPs.\u003C\u002Fli>\n\u003Cli>Lightweight.\u003C\u002Fli>\n\u003C\u002Ful>\n","The plugin will allow users to login with their allowed IPs only. If you want user should be allowed to login with multiple IPs, then admin can associ &hellip;",1031,"4.9.29",[110,36,111],"ip-authentication","login-with-ip-authentication","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogin-by-ip-authentication.zip",{"slug":114,"name":115,"version":116,"author":117,"author_profile":118,"description":119,"short_description":120,"active_installs":121,"downloaded":122,"rating":54,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":17,"download_link":132,"security_score":133,"vuln_count":11,"unpatched_count":13,"last_vuln_date":134,"fetched_at":57},"wps-hide-login","WPS Hide Login","1.9.18","Remy Perona","https:\u002F\u002Fprofiles.wordpress.org\u002Ftabrisrp\u002F","\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.\u003C\u002Fp>\n\u003Cp>This plugin is kindly proposed by \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> the specialized WordPress web host.\u003C\u002Fp>\n\u003Cp>Discover also our other free extensions:\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"ugc\">WPS Limit Login\u003C\u002Fa> to block brute force attacks.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"ugc\">WPS Bidouille\u003C\u002Fa> to optimize your WordPress and get more info.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"ugc\">WPS Cleaner\u003C\u002Fa> to clean your WordPress site.\u003C\u002Fp>\n\u003Cp>This plugin is only maintained, which means we do not guarantee free support. Consider reporting a problem and be patient.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>\u003Cem>WPS Hide Login\u003C\u002Fem> est un plugin très léger qui vous permet de changer facilement et en toute sécurité l’url de la page de formulaire de connexion. Il ne renomme pas littéralement ou ne modifie pas les fichiers dans le noyau, ni n’ajoute des règles de réécriture. Il intercepte simplement les demandes de pages et fonctionne sur n’importe quel site WordPress. Le répertoire wp-admin et la page wp-login.php deviennent inaccessibles, vous devez donc ajouter un signet ou vous souvenir de l’URL. Désactiver ce plugin ramène votre site exactement à l’état dans lequel il était auparavant.\u003C\u002Fp>\n\u003Cp>Ce plugin vous est gentiment proposé par \u003Ca href=\"https:\u002F\u002Fwww.wpserveur.net\u002F?refwps=14&campaign=wpshidelogin\" rel=\"nofollow ugc\">WPServeur\u003C\u002Fa> l’hébergeur spécialisé WordPress.\u003C\u002Fp>\n\u003Cp>Plus d’infos sur son utilisation : \u003Ca href=\"https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwpformation.com\u002Fwps-hide-login-url-connexion-wordpress\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Découvrez également nos autres extensions gratuites :\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-limit-login\u002F\" rel=\"nofollow ugc\">WPS Limit Login\u003C\u002Fa> pour bloquer les attaques par force brute.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-bidouille\u002F\" rel=\"nofollow ugc\">WPS Bidouille\u003C\u002Fa> pour optimiser votre WordPress et faire le plein d’infos.\u003Cbr \u002F>\n– \u003Ca href=\"https:\u002F\u002Ffr.wordpress.org\u002Fplugins\u002Fwps-cleaner\u002F\" rel=\"nofollow ugc\">WPS Cleaner\u003C\u002Fa> pour nettoyer votre site WordPress.\u003C\u002Fp>\n\u003Cp>Ce plugin est seulement maintenu, ce qui signifie que nous ne garantissons pas un support gratuit. Envisagez de signaler un problème et soyez patient.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Ch4>English\u003C\u002Fh4>\n\u003Cp>Requires WordPress 4.1 or higher. All login related things such as the registration form, lost password form, login widget and expired sessions just keep working.\u003C\u002Fp>\n\u003Cp>It’s also compatible with any plugin that hooks in the login form, including:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Obviously it doesn’t work with plugins or themes that \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Works with multisite, with subdomains and subfolders. Activating it for a network allows you to set a networkwide default. Individual sites can still rename their login page to something else.\u003C\u002Fp>\n\u003Cp>If you’re using a \u003Cstrong>page caching plugin\u003C\u002Fstrong> other than WP Rocket, you should add the slug of the new login url to the list of pages not to cache. WP Rocket is already fully compatible with the plugin.\u003C\u002Fp>\n\u003Ch4>Français\u003C\u002Fh4>\n\u003Cp>Nécessite WordPress 4.1 ou supérieur. Toutes les choses liées à la connexion telles que le formulaire d’inscription, le formulaire de mot de passe perdu, le widget de connexion et les sessions expirées continuent de fonctionner.\u003C\u002Fp>\n\u003Cp>Il est également compatible avec tout plugin qui se connecte au formulaire de connexion, notamment:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>BuddyPress,\u003C\u002Fli>\n\u003Cli>bbPress,\u003C\u002Fli>\n\u003Cli>Jetpack,\u003C\u002Fli>\n\u003Cli>WPS Limit Login,\u003C\u002Fli>\n\u003Cli>and User Switching.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Évidemment, cela ne fonctionne pas avec les plugins ou les thèmes \u003Cem>hardcoded\u003C\u002Fem> wp-login.php.\u003C\u002Fp>\n\u003Cp>Fonctionne en multisite, avec sous-domaines ou sous dossiers. L’activer pour un réseau vous permet de définir une valeur par défaut pour l’ensemble du réseau. Les sites individuels peuvent toujours renommer leur page de connexion pour autre chose.\u003C\u002Fp>\n\u003Cp>Si vous utilisez un \u003Cstrong>plugin de mise en cache de pages\u003C\u002Fstrong> autre que WP Rocket, vous devez ajouter le slug de la nouvelle URL de connexion à la liste des pages à ne pas mettre en cache. WP Rocket est déjà entièrement compatible avec le plugin.\u003C\u002Fp>\n","Change wp-login.php to anything you want.",2000000,30498017,2101,"2026-01-12T08:47:00.000Z","6.9.4","4.1","7.0",[129,22,130,77,131],"custom-login-url","rename","wp-login-php","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwps-hide-login.1.9.18.zip",95,"2024-06-24 00:00:00",{"attackSurface":136,"codeSignals":160,"taintFlows":210,"riskAssessment":282,"analyzedAt":291},{"hooks":137,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":13,"unprotectedCount":13},[138,144,148,152],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","plugins_loaded","url_based_login_update_check","url-based-login.php",77,{"type":139,"name":145,"callback":146,"file":142,"line":147},"wp_before_admin_bar_render","ubl_admin_bar",120,{"type":139,"name":149,"callback":150,"file":142,"line":151},"init","ubl_triger_login",124,{"type":139,"name":153,"callback":154,"file":142,"line":155},"admin_menu","url_based_login_admin_menu",125,[],[],[],[],{"dangerousFunctions":161,"sqlUsage":162,"outputEscaping":173,"fileOperations":13,"externalRequests":13,"nonceChecks":30,"capabilityChecks":30,"bundledLibraries":209},[],{"prepared":55,"raw":163,"locations":164},3,[165,168,170],{"file":142,"line":166,"context":167},244,"$wpdb->query() with variable interpolation",{"file":142,"line":169,"context":167},256,{"file":142,"line":171,"context":172},305,"$wpdb->get_results() with variable interpolation",{"escaped":13,"rawEcho":174,"locations":175},16,[176,179,181,183,185,187,189,191,193,195,197,199,201,203,205,207],{"file":142,"line":177,"context":178},206,"raw output",{"file":142,"line":180,"context":178},245,{"file":142,"line":182,"context":178},257,{"file":142,"line":184,"context":178},290,{"file":142,"line":186,"context":178},295,{"file":142,"line":188,"context":178},312,{"file":142,"line":190,"context":178},317,{"file":142,"line":192,"context":178},323,{"file":142,"line":194,"context":178},327,{"file":142,"line":196,"context":178},331,{"file":142,"line":198,"context":178},333,{"file":142,"line":200,"context":178},337,{"file":142,"line":202,"context":178},347,{"file":142,"line":204,"context":178},348,{"file":142,"line":206,"context":178},349,{"file":142,"line":208,"context":178},357,[],[211,238,256],{"entryPoint":212,"graph":213,"unsanitizedCount":13,"severity":237},"url_based_login_option_page (url-based-login.php:225)",{"nodes":214,"edges":233},[215,220,225,229],{"id":216,"type":217,"label":218,"file":142,"line":219},"n0","source","$_GET (x2)",242,{"id":221,"type":222,"label":223,"file":142,"line":166,"wp_function":224},"n1","sink","query() [SQLi]","query",{"id":226,"type":217,"label":227,"file":142,"line":228},"n2","$_GET",253,{"id":230,"type":222,"label":231,"file":142,"line":182,"wp_function":232},"n3","echo() [XSS]","echo",[234,236],{"from":216,"to":221,"sanitized":235},true,{"from":226,"to":230,"sanitized":235},"low",{"entryPoint":239,"graph":240,"unsanitizedCount":30,"severity":255},"ubl_triger_login (url-based-login.php:96)",{"nodes":241,"edges":251},[242,244,247],{"id":216,"type":217,"label":227,"file":142,"line":243},103,{"id":221,"type":245,"label":246,"file":142,"line":243},"transform","→ ubl_selectquery()",{"id":226,"type":222,"label":248,"file":142,"line":249,"wp_function":250},"get_results() [SQLi]",140,"get_results",[252,254],{"from":216,"to":221,"sanitized":253},false,{"from":221,"to":226,"sanitized":253},"high",{"entryPoint":257,"graph":258,"unsanitizedCount":281,"severity":255},"\u003Curl-based-login> (url-based-login.php:0)",{"nodes":259,"edges":275},[260,262,263,264,265,267,269,271,273],{"id":216,"type":217,"label":227,"file":142,"line":261},101,{"id":221,"type":222,"label":248,"file":142,"line":249,"wp_function":250},{"id":226,"type":217,"label":218,"file":142,"line":219},{"id":230,"type":222,"label":223,"file":142,"line":166,"wp_function":224},{"id":266,"type":217,"label":218,"file":142,"line":228},"n4",{"id":268,"type":222,"label":231,"file":142,"line":182,"wp_function":232},"n5",{"id":270,"type":217,"label":218,"file":142,"line":243},"n6",{"id":272,"type":245,"label":246,"file":142,"line":243},"n7",{"id":274,"type":222,"label":248,"file":142,"line":249,"wp_function":250},"n8",[276,277,278,279,280],{"from":216,"to":221,"sanitized":235},{"from":226,"to":230,"sanitized":235},{"from":266,"to":268,"sanitized":235},{"from":270,"to":272,"sanitized":253},{"from":272,"to":274,"sanitized":253},2,{"summary":283,"deductions":284},"The \"url-based-login\" v1.1 plugin exhibits a mixed security posture. On the positive side, it boasts a seemingly small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events exposed without authentication. The presence of a nonce check and a capability check are also good indicators of some security awareness in its development. However, significant concerns arise from the static analysis of its code. Notably, a concerning 100% of its output is not properly escaped, posing a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis reveals two flows with unsanitized paths, classified as high severity, which could potentially lead to injection-type attacks or other sensitive data manipulation if exploited.\n\nThe plugin's vulnerability history is clean, with no known CVEs. This lack of past vulnerabilities is a positive sign, suggesting a potentially stable codebase. However, it's crucial to balance this with the current findings. The absence of vulnerabilities might be due to a lack of targeted testing or exploitation rather than inherent security. The critical weakness lies in the unescaped output and the identified high-severity taint flows, which are significant risks that need immediate attention. While the plugin doesn't have a history of exploits, the current static analysis indicates a present danger that could be exploited if an attacker discovers these weaknesses. Therefore, despite a clean CVE record, the plugin's overall security is compromised by the identified code-level risks.",[285,288],{"reason":286,"points":287},"100% of outputs are not properly escaped",8,{"reason":289,"points":290},"2 high severity taint flows with unsanitized paths",12,"2026-03-16T23:39:45.668Z",{"wat":293,"direct":298},{"assetPaths":294,"generatorPatterns":295,"scriptPaths":296,"versionParams":297},[],[],[],[],{"cssClasses":299,"htmlComments":300,"htmlAttributes":301,"restEndpoints":302,"jsGlobals":303,"shortcodeOutput":304},[],[],[],[],[],[]]