[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fXWJg9OiSOpir4gggHMob4ZbYGfiYqtBVRUHD8PH6fAk":3,"$fqxM6Lt1W9QuxgTuuSxf28HPaukdf4S8McXkXGKWSL1o":240,"$fzrxjcs_LJXohviZch2AUnPzA5XTreQNXlgMFIlNLx8M":245},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":18,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":38,"analysis":124,"fingerprints":225},"user-profile-fields","User Profile Fields","0.1","John Luetke","https:\u002F\u002Fprofiles.wordpress.org\u002Fjohnl1479\u002F","\u003Cp>Allows you to remove the “AIM”, “YIM”, “Jabber”, “Website”, and “Biography” fields from the Profile admin screen\u003C\u002Fp>\n","Allows site owners to remove fields from the \"User Profile\" admin screen",10,2589,100,2,"2014-02-05T18:51:00.000Z","3.7.41","3.7.0","",[20,21,22],"admin","remove-fields","user-profile","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fuser-profile-fields.0.1.zip",85,0,null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"johnl1479",3,120,78,30,79,"2026-05-20T06:02:20.119Z",[39,60,78,97,110],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":18,"tags":54,"homepage":58,"download_link":59,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"tismy-user-profile-upload","Tismy User Profile Upload","1.0.2","Elliott Richmond","https:\u002F\u002Fprofiles.wordpress.org\u002Ferichmond\u002F","\u003Cp>Sometimes handing your site over to clients or when you run a site with multiple users if can be a pain to explain how your\u003Cbr \u002F>\nusers can create their own profile picture for comments or any other custom functionality that uses the get_avatar() function.\u003C\u002Fp>\n\u003Cp>Before they would have to create a global Gravatar account which is fine if that’s what you want however, with this plugin there\u003Cbr \u002F>\nis no need to rely on your users having a Gravatar account.\u003C\u002Fp>\n\u003Cp>This plugin will allow the users on your WordPress site to upload their own Profile Picture through the Media Library either by Uploading a new file or choosing one from the Media Library.\u003C\u002Fp>\n","Upload your own user profile picture rather than falling back to the default or having your users create a Gravatar account.",40,4375,96,5,"2016-04-18T21:03:00.000Z","4.5.33","3.0.1",[20,55,56,22,57],"upload","user","users","http:\u002F\u002Fwww.squareonemd.co.uk\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftismy-user-profile-upload.1.0.2.zip",{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":11,"downloaded":68,"rating":13,"num_ratings":69,"last_updated":70,"tested_up_to":71,"requires_at_least":72,"requires_php":18,"tags":73,"homepage":76,"download_link":77,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"buddypress-profile-view-from-admin","Plugin Name: Buddypress profile view from admin","1.0","rameshwor.maharjan","https:\u002F\u002Fprofiles.wordpress.org\u002Frameshwormaharjan\u002F","\u003Cp>This buddypress plugin allows admin  user to view a member profile page from admin user list page.\u003C\u002Fp>\n","This plugin allows admin user to view buddypress profile from admin amd will not work without buddypress.",3010,1,"2013-09-12T04:44:00.000Z","3.6.1","2.9.1",[20,74,75],"buddypress","user-profile-view","http:\u002F\u002Fwebavenue.com.au","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbuddypress-profile-view-from-admin.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":11,"downloaded":86,"rating":13,"num_ratings":69,"last_updated":87,"tested_up_to":88,"requires_at_least":89,"requires_php":18,"tags":90,"homepage":95,"download_link":96,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"dashboard-user-profile-detais-dupd","Dashboard User profile Detais-(DUPD)","2.0","Mahamodul Hasan Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fhk-hasan-khan\u002F","\u003Cp>This plugin add a Butiful Widget for you site Dashboard.\u003C\u002Fp>\n\u003Cp>Show in site deshboard = User Avatar , Username , E-mail , Register Date & Much More\u003Cbr \u002F>\nif you make blog site u can use this plugin\u003Cbr \u002F>\nmust active gravatar\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>its auto generate widget.\u003C\u002Fli>\n\u003Cli>full profile show.\u003C\u002Fli>\n\u003Cli>Setting page “Dashboard User profile Detais-(DUPD)” under “setting” menu to set the Template Text of your Widget.  \u003C\u002Fli>\n\u003Cli>Simple plugin so that you can customize it as per your need. \u003C\u002Fli>\n\u003Cli>Easy to configure\u003C\u002Fli>\n\u003C\u002Ful>\n","A smart, easy way to add Dashboard User Profile Widget to your Wordpress Site.",4860,"2019-10-01T09:22:00.000Z","5.2.24","3.8",[91,92,93,56,94],"dashboard-user-profile-detais","profile-detais","profile-widget","wp-admin-profile","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fdashboard-user-profile-detais-dupd\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-user-profile-detais-dupd.zip",{"slug":98,"name":99,"version":63,"author":82,"author_profile":83,"description":100,"short_description":85,"active_installs":11,"downloaded":101,"rating":13,"num_ratings":69,"last_updated":102,"tested_up_to":103,"requires_at_least":104,"requires_php":18,"tags":105,"homepage":108,"download_link":109,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"dashboard-user-profile-dup","Plugin","\u003Cp>This plugin add a Butiful Widget for you Wp Dashboard.\u003C\u002Fp>\n\u003Cp>User Avatar , Username , E-mail , Register Date & Much More\u003Cbr \u002F>\nif you make blog site u can use this plugin\u003Cbr \u002F>\nmust active gravatar\u003C\u002Fp>\n\u003Ch4>Features include:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>its auto generate widget.\u003C\u002Fli>\n\u003Cli>full profile show.\u003C\u002Fli>\n\u003Cli>Setting page “Dashboard User Profile (DUP)” under “setting” menu to set the Template Text of your Widget.  \u003C\u002Fli>\n\u003Cli>Simple plugin so that you can customize it as per your need. \u003C\u002Fli>\n\u003Cli>Easy to configure\u003C\u002Fli>\n\u003C\u002Ful>\n",2514,"2014-12-04T11:45:00.000Z","4.0.38","4.0",[106,93,56,107,94],"dashboard-user-profile","user-widget","http:\u002F\u002Fwww.oBlogBD.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdashboard-user-profile-dup.zip",{"slug":111,"name":112,"version":63,"author":113,"author_profile":114,"description":115,"short_description":116,"active_installs":11,"downloaded":117,"rating":118,"num_ratings":69,"last_updated":119,"tested_up_to":120,"requires_at_least":104,"requires_php":18,"tags":121,"homepage":18,"download_link":123,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"default-media-view","Default Media Library View","milleronic","https:\u002F\u002Fprofiles.wordpress.org\u002Fmilleronic\u002F","\u003Cp>It’s simple! Just a pair of radio buttons at the bottom of the user profile page in the WordPress Admin area, allowing a user to select the default media library view, ‘grid’ or ‘list’.\u003C\u002Fp>\n","Adds a media library default view selection to the user profile page.",1441,60,"2015-10-08T20:01:00.000Z","4.2.39",[20,122,22],"media-library","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdefault-media-view.zip",{"attackSurface":125,"codeSignals":150,"taintFlows":170,"riskAssessment":209,"analyzedAt":224},{"hooks":126,"ajaxHandlers":146,"restRoutes":147,"shortcodes":148,"cronEvents":149,"entryPointCount":25,"unprotectedCount":25},[127,133,137,141],{"type":128,"name":129,"callback":130,"file":131,"line":132},"action","admin_menu","registerAdminMenu","user-profile-fields.php",173,{"type":128,"name":134,"callback":135,"file":131,"line":136},"admin_head","remove_profile_fields_ob_start",174,{"type":128,"name":138,"callback":139,"file":131,"line":140},"admin_footer","remove_profile_fields_ob_end",175,{"type":142,"name":143,"callback":144,"priority":69,"file":131,"line":145},"filter","user_contactmethods","removeFields",177,[],[],[],[],{"dangerousFunctions":151,"sqlUsage":159,"outputEscaping":161,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":169},[152,156],{"fn":153,"file":131,"line":154,"context":155},"unserialize",47,"$this->options = array_merge(unserialize(USERPROFILEFIELDS_DEFAULT_OPTIONS), get_option(USERPROFILEF",{"fn":153,"file":131,"line":157,"context":158},102,"$_POST = array_merge(unserialize(USERPROFILEFIELDS_DEFAULT_OPTIONS), $_POST);",{"prepared":25,"raw":25,"locations":160},[],{"escaped":25,"rawEcho":32,"locations":162},[163,166,167],{"file":131,"line":164,"context":165},114,"raw output",{"file":131,"line":164,"context":165},{"file":131,"line":168,"context":165},138,[],[171,197],{"entryPoint":172,"graph":173,"unsanitizedCount":14,"severity":196},"optionsPage (user-profile-fields.php:98)",{"nodes":174,"edges":192},[175,179,185,188],{"id":176,"type":177,"label":178,"file":131,"line":157},"n0","source","$_POST",{"id":180,"type":181,"label":182,"file":131,"line":183,"wp_function":184},"n1","sink","update_option() [Settings Manipulation]",104,"update_option",{"id":186,"type":177,"label":187,"file":131,"line":164},"n2","$_SERVER['PHP_SELF']",{"id":189,"type":181,"label":190,"file":131,"line":164,"wp_function":191},"n3","echo() [XSS]","echo",[193,195],{"from":176,"to":180,"sanitized":194},false,{"from":186,"to":189,"sanitized":194},"medium",{"entryPoint":198,"graph":199,"unsanitizedCount":14,"severity":208},"\u003Cuser-profile-fields> (user-profile-fields.php:0)",{"nodes":200,"edges":205},[201,202,203,204],{"id":176,"type":177,"label":178,"file":131,"line":157},{"id":180,"type":181,"label":182,"file":131,"line":183,"wp_function":184},{"id":186,"type":177,"label":187,"file":131,"line":164},{"id":189,"type":181,"label":190,"file":131,"line":164,"wp_function":191},[206,207],{"from":176,"to":180,"sanitized":194},{"from":186,"to":189,"sanitized":194},"low",{"summary":210,"deductions":211},"The \"user-profile-fields\" plugin version 0.1 exhibits a concerning security posture despite a seemingly clean vulnerability history. While the plugin boasts zero known CVEs and a limited attack surface with no AJAX handlers, REST API routes, shortcodes, or cron events, the static analysis reveals significant weaknesses. The presence of the `unserialize` function without any apparent sanitization or validation is a major red flag. Furthermore, 100% of its SQL queries are prepared, which is a positive, but the fact that none of its outputs are properly escaped presents a high risk of cross-site scripting (XSS) vulnerabilities.\n\nThe taint analysis shows flows with unsanitized paths, which, combined with the unescaped output and the dangerous `unserialize` function, strongly suggests potential for remote code execution or data manipulation if user-controlled input can reach these points. The lack of nonce and capability checks across all entry points (even though there are zero listed) means that if any were to be introduced or if the analysis missed something, they would be entirely unprotected. The vulnerability history being empty could indicate either a lack of past security scrutiny or that the plugin has simply not been targeted or found to be vulnerable yet.\n\nIn conclusion, while the plugin has a low immediate external attack surface and good SQL practices, the internal code signals and taint analysis point to critical potential vulnerabilities, particularly around the use of `unserialize` and unescaped output. The absence of a security history offers no assurance and should not be relied upon. This plugin requires immediate attention to address the identified risks before it can be considered secure.",[212,215,218,220,222],{"reason":213,"points":214},"Dangerous function: unserialize",15,{"reason":216,"points":217},"Unescaped output detected",6,{"reason":219,"points":11},"Taint flows with unsanitized paths",{"reason":221,"points":50},"No nonce checks",{"reason":223,"points":50},"No capability checks","2026-03-17T00:21:34.698Z",{"wat":226,"direct":231},{"assetPaths":227,"generatorPatterns":228,"scriptPaths":229,"versionParams":230},[],[],[],[],{"cssClasses":232,"htmlComments":234,"htmlAttributes":236,"restEndpoints":237,"jsGlobals":238,"shortcodeOutput":239},[233],"htauth-sync-options",[235],"\u003C!-- New Fields -->",[],[],[],[],{"error":241,"url":242,"statusCode":243,"statusMessage":244,"message":244},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fuser-profile-fields\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":69,"versions":246},[247],{"version":6,"download_url":23,"svn_tag_url":248,"released_at":26,"has_diff":194,"diff_files_changed":249,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":250,"is_current":241},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fuser-profile-fields\u002Ftags\u002F0.1\u002F",[],[]]