[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZn1Gc8c5cKoUY5_D6f5gS7jHvfTIxMPKH_LZ4MLKl2s":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":21,"download_link":22,"security_score":23,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25,"vulnerabilities":26,"developer":27,"crawl_stats":24,"alternatives":32,"analysis":130,"fingerprints":192},"well-known-uris","\u002Fwell-known-uris\u002F","1.0.3","mrose17","https:\u002F\u002Fprofiles.wordpress.org\u002Fmrose17\u002F","\u003Cp>This plugin enables “Well-Known URIs” support for WordPress (RFC 5785: http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc5785).\u003C\u002Fp>\n\u003Cp>From the RFC:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>It is increasingly common for Web-based protocols to require the\u003Cbr \u002F>\n  discovery of policy or other information about a host (“site-wide\u003Cbr \u002F>\n  metadata”) before making a request.  For example, the Robots\u003Cbr \u002F>\n  Exclusion Protocol \u003Ca href=\"http:\u002F\u002Fwww.robotstxt.org\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.robotstxt.org\u002F\u003C\u002Fa> specifies a way for\u003Cbr \u002F>\n  automated processes to obtain permission to access resources;\u003Cbr \u002F>\n  likewise, the Platform for Privacy Preferences\u003Cbr \u002F>\n  tells user-agents how to discover privacy policy beforehand.\u003C\u002Fp>\n\u003Cp>While there are several ways to access per-resource metadata (e.g.,\u003Cbr \u002F>\n  HTTP headers, WebDAV’s PROPFIND [RFC4918]), the perceived overhead\u003Cbr \u002F>\n  (either in terms of client-perceived latency and\u002For deployment\u003Cbr \u002F>\n  difficulties) associated with them often precludes their use in these\u003Cbr \u002F>\n  scenarios.\u003C\u002Fp>\n\u003Cp>When this happens, it is common to designate a “well-known location”\u003Cbr \u002F>\n  for such data, so that it can be easily located.  However, this\u003Cbr \u002F>\n  approach has the drawback of risking collisions, both with other such\u003Cbr \u002F>\n  designated “well-known locations” and with pre-existing resources.\u003C\u002Fp>\n\u003Cp>To address this, this memo defines a path prefix in HTTP(S) URIs for\u003Cbr \u002F>\n  these “well-known locations”, “\u002F.well-known\u002F”.  Future specifications\u003Cbr \u002F>\n  that need to define a resource for such site-wide metadata can\u003Cbr \u002F>\n  register their use to avoid collisions and minimise impingement upon\u003Cbr \u002F>\n  sites’ URI space.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>You will need ‘manage_options’ capability in order to use the Settings\u003Cbr \u002F>\npage for this plugin.\u003C\u002Fp>\n","\"Well-Known URIs\" for WordPress!",70,2672,0,"2016-11-03T13:20:00.000Z","4.6.30","3.5.1","",[19,20,4],"discovery","well-known","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fwell-known-uris\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwell-known-uris.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":7,"display_name":7,"profile_url":8,"plugin_count":28,"total_installs":11,"avg_security_score":23,"avg_patch_time_days":29,"trust_score":30,"computed_at":31},1,30,84,"2026-04-04T07:09:01.892Z",[33,54,73,93,112],{"slug":34,"name":35,"version":36,"author":37,"author_profile":38,"description":39,"short_description":40,"active_installs":41,"downloaded":42,"rating":43,"num_ratings":28,"last_updated":44,"tested_up_to":45,"requires_at_least":46,"requires_php":47,"tags":48,"homepage":51,"download_link":52,"security_score":53,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"nostr-verify","Nostr Verify","1.2.0","Jeremy Herve","https:\u002F\u002Fprofiles.wordpress.org\u002Fjeherve\u002F","\u003Cp>Nostr Verify is a WordPress plugin that allows you to verify yourself with Nostr, using NIP-05, just like described in \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnostr-protocol\u002Fnips\u002Fblob\u002Fmaster\u002F05.md\" rel=\"nofollow ugc\">this documentation\u003C\u002Fa>.\u003C\u002Fp>\n","Verify yourself with Nostr, using NIP-05",60,2694,100,"2024-11-12T07:12:00.000Z","6.7.5","6.2","7.2",[19,49,50,20],"jrd","nostr","https:\u002F\u002Fjeremy.hu\u002Fnostr-verify-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnostr-verify.1.2.0.zip",92,{"slug":55,"name":56,"version":57,"author":56,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":13,"num_ratings":13,"last_updated":63,"tested_up_to":64,"requires_at_least":65,"requires_php":17,"tags":66,"homepage":70,"download_link":71,"security_score":43,"vuln_count":28,"unpatched_count":13,"last_vuln_date":72,"fetched_at":25},"taboola","Taboola","3.0.2","https:\u002F\u002Fprofiles.wordpress.org\u002Ftaboolawordpress\u002F","\u003Cp>This plugin provides an easy way to integrate Taboola content into your WordPress pages.\u003Cbr \u002F>\nUsing Taboola’s mix of sponsored and editorial content, you can generate revenue and drive engagement.\u003Cbr \u002F>\n(Requires an account with Taboola. For more detail, see the \u003Ca href=\"https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin\u002F\" rel=\"nofollow ugc\">Taboola Dev Center\u003C\u002Fa>.)\u003C\u002Fp>\n","Use the Taboola plugin to generate revenue from native ads and drive engagement with editorial content.",3000,51300,"2025-10-29T11:42:00.000Z","6.8.0","5.2",[67,68,69,19,55],"ad-networks","ads","content-recommendations","https:\u002F\u002Fdevelopers.taboola.com\u002Fweb-integrations\u002Fdocs\u002Fwordpress-plugin","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ftaboola.zip","2023-07-24 00:00:00",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":83,"num_ratings":84,"last_updated":85,"tested_up_to":86,"requires_at_least":87,"requires_php":17,"tags":88,"homepage":91,"download_link":92,"security_score":43,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"webfinger","WebFinger","4.0.1","Matthias Pfefferle","https:\u002F\u002Fprofiles.wordpress.org\u002Fpfefferle\u002F","\u003Cp>WebFinger allows you to be discovered on the web using an identifier like \u003Ccode>you@yourdomain.com\u003C\u002Fcode> — similar to how email works, but for your online identity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Why is this useful?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Fediverse & Mastodon:\u003C\u002Fstrong> WebFinger is essential for federation. It allows Mastodon and other ActivityPub-powered platforms to find and follow your WordPress site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Decentralized Identity:\u003C\u002Fstrong> People can look you up using your WordPress domain, making your site the canonical source for your online identity.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works with other plugins:\u003C\u002Fstrong> This plugin provides the foundation that other plugins (like the ActivityPub plugin) build upon.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How it works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When someone searches for \u003Ccode>@you@yourdomain.com\u003C\u002Fcode> on Mastodon or another federated service, their server asks your WordPress site: “Who is this person?” WebFinger answers that question by providing information about you and links to your profiles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Technical details:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>WebFinger is an open standard (\u003Ca href=\"http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7033\" rel=\"nofollow ugc\">RFC 7033\u003C\u002Fa>) that enables discovery of information about people and resources on the internet. It works by responding to requests at \u003Ccode>\u002F.well-known\u002Fwebfinger\u003C\u002Fcode> on your domain.\u003C\u002Fp>\n","WebFinger for WordPress",1000,21454,74,3,"2025-12-16T11:02:00.000Z","6.9.4","4.2",[89,19,49,90,74],"activitypub","ostatus","https:\u002F\u002Fgithub.com\u002Fpfefferle\u002Fwordpress-webfinger","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebfinger.4.0.1.zip",{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":43,"downloaded":101,"rating":13,"num_ratings":13,"last_updated":102,"tested_up_to":86,"requires_at_least":103,"requires_php":47,"tags":104,"homepage":110,"download_link":111,"security_score":43,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"jumpsuitai-llms-txt","JumpsuitAI – llms.txt + Markdown Endpoints","1.1.4","Brad Phillips","https:\u002F\u002Fprofiles.wordpress.org\u002Fbradphillips\u002F","\u003Cp>JumpsuitAI – llms.txt + Markdown Endpoints automatically publishes:\u003C\u002Fp>\n\u003Cp>Plugin website: https:\u002F\u002Fjumpsuitai.com\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>\u002Fllms.txt\u003C\u002Fstrong> — a structured list of links to your public content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>\u002Fllms-full.txt\u003C\u002Fstrong> — the entire documentation in a single file (optional, enable in settings)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>.md endpoints\u003C\u002Fstrong> — request a public URL with \u003Cstrong>.md\u003C\u002Fstrong> appended to get a lightweight Markdown representation\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>It also includes a simple \u003Cstrong>Groups & Content\u003C\u002Fstrong> screen to keep your output organized with sensible defaults (Pages and Posts), plus per-item controls like \u003Cstrong>Hide from LLMs\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>Pro (separate plugin)\u003C\u002Fh4>\n\u003Cp>JumpsuitAI – llms.txt + Markdown Endpoints Pro adds:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Custom groups and manual ordering\u003C\u002Fli>\n\u003Cli>Per-item short descriptions\u003C\u002Fli>\n\u003Cli>Optional section support\u003C\u002Fli>\n\u003Cli>Custom intro text and blockquote customization\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin uses Freemius for plugin updates and (optional) usage analytics. Any data collection is opt-in.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Service: Freemius\u003C\u002Fli>\n\u003Cli>Terms: https:\u002F\u002Ffreemius.com\u002Fterms\u002F\u003C\u002Fli>\n\u003Cli>Privacy: https:\u002F\u002Ffreemius.com\u002Fprivacy\u002F\u003C\u002Fli>\n\u003C\u002Ful>\n","Generate \u002Fllms.txt, \u002Fllms-full.txt & .md endpoints for AI\u002FLLMs in WordPress. Works with Yoast SEO, Rank Math, SEOPress & All in One SEO.",653,"2026-02-17T01:43:00.000Z","5.0",[105,106,107,108,109],"ai","content-discovery","llms-txt","markdown","seo","https:\u002F\u002Fjumpsuitai.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjumpsuitai-llms-txt.1.1.4.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":43,"downloaded":120,"rating":43,"num_ratings":121,"last_updated":122,"tested_up_to":123,"requires_at_least":124,"requires_php":125,"tags":126,"homepage":128,"download_link":129,"security_score":43,"vuln_count":13,"unpatched_count":13,"last_vuln_date":24,"fetched_at":25},"well-known-file-manager","Well-Known File Manager","1.4.10","Jono Alderson","https:\u002F\u002Fprofiles.wordpress.org\u002Fjonoaldersonwp\u002F","\u003Cp>Manage your website’s \u003Ccode>.well-known\u003C\u002Fcode> files with ease using this powerful yet simple plugin. The Well-Known File Manager provides a user-friendly interface to create, edit and manage standardized \u003Ccode>.well-known\u003C\u002Fcode> files – essential components for modern web security, app associations, and service discovery.\u003C\u002Fp>\n\u003Cp>Whether you need to implement security.txt for vulnerability reporting, configure app associations, or set up protocol handlers, this plugin handles the technical complexities while giving you complete control. It creates actual files on your server for maximum compatibility and performance, without requiring any special server configuration or technical knowledge.\u003C\u002Fp>\n\u003Cp>Perfect for developers, site owners, and administrators who want a reliable way to manage their site’s \u003Ccode>.well-known\u003C\u002Fcode> directory through a clean, intuitive WordPress interface.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Management\u003C\u002Fstrong>: Simple toggle switches to enable\u002Fdisable \u003Ccode>.well-known\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Physical File Creation\u003C\u002Fstrong>: Creates actual files in the \u003Ccode>.well-known\u003C\u002Fcode> directory for maximum compatibility\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Editing\u003C\u002Fstrong>: Built-in content editor for each file type with syntax highlighting\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Default Templates\u003C\u002Fstrong>: Pre-configured templates for common \u003Ccode>.well-known\u003C\u002Fcode> files\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Validation\u003C\u002Fstrong>: Content validation to ensure files meet required standards\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Priority Files\u003C\u002Fstrong>: Highlighted support for important files like \u003Ccode>security.txt\u003C\u002Fcode>, \u003Ccode>assetlinks.json\u003C\u002Fcode>, and \u003Ccode>apple-app-site-association\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Cleanup\u003C\u002Fstrong>: Removes files when disabled to keep your server clean\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Preservation\u003C\u002Fstrong>: Files and settings are preserved when the plugin is deactivated or uninstalled\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Supported Files:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Files\u003C\u002Fstrong>: \u003Ccode>security.txt\u003C\u002Fcode>, \u003Ccode>security-txt\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>App Associations\u003C\u002Fstrong>: \u003Ccode>assetlinks.json\u003C\u002Fcode>, \u003Ccode>apple-app-site-association\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Protocol Handlers\u003C\u002Fstrong>: \u003Ccode>change-password\u003C\u002Fcode>, \u003Ccode>gpc\u003C\u002Fcode>, \u003Ccode>hoba\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Discovery\u003C\u002Fstrong>: \u003Ccode>host-meta\u003C\u002Fcode>, \u003Ccode>host-meta.json\u003C\u002Fcode>, \u003Ccode>nodeinfo\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authentication\u003C\u002Fstrong>: \u003Ccode>openid-configuration\u003C\u002Fcode>, \u003Ccode>oauth-authorization-server\u003C\u002Fcode>\u003C\u002Fli>\n\u003Cli>And many more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>How It Works:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This plugin takes a \u003Cstrong>physical file approach\u003C\u002Fstrong> rather than routing requests through WordPress:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>When Enabled\u003C\u002Fstrong>: Creates actual files in your \u003Ccode>.well-known\u003C\u002Fcode> directory\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When Disabled\u003C\u002Fstrong>: Removes the files from your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Server Configuration\u003C\u002Fstrong>: Works on any hosting setup without requiring \u003Ccode>.htaccess\u003C\u002Fcode> modifications\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Maximum Compatibility\u003C\u002Fstrong>: Files are served directly by your web server for optimal performance\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Benefits:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Universal Compatibility\u003C\u002Fstrong>: Works on any hosting provider without special configuration\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Better Performance\u003C\u002Fstrong>: Files are served directly by the web server, not through WordPress\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Simplified Setup\u003C\u002Fstrong>: No need to configure rewrite rules or server settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic Management\u003C\u002Fstrong>: Files are created and removed automatically based on your settings\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clean Server\u003C\u002Fstrong>: Disabled files are completely removed from your server\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data Safety\u003C\u002Fstrong>: Your files and settings remain intact when deactivating or uninstalling the plugin\u003C\u002Fli>\n\u003C\u002Ful>\n","Manage files in the .well-known directory with ease.",1082,2,"2025-12-16T17:38:00.000Z","6.8.5","5.6","7.4",[127,20],"files","https:\u002F\u002Fgithub.com\u002Fjonoalderson\u002Fwell-known-file-manager\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwell-known-file-manager.1.4.10.zip",{"attackSurface":131,"codeSignals":166,"taintFlows":179,"riskAssessment":180,"analyzedAt":191},{"hooks":132,"ajaxHandlers":162,"restRoutes":163,"shortcodes":164,"cronEvents":165,"entryPointCount":13,"unprotectedCount":13},[133,138,144,147,151,155,158],{"type":134,"name":135,"callback":135,"file":136,"line":137},"filter","query_vars","plugin.php",72,{"type":139,"name":140,"callback":141,"priority":142,"file":136,"line":143},"action","parse_request","delegate_request",99,73,{"type":139,"name":145,"callback":146,"priority":142,"file":136,"line":83},"generate_rewrite_rules","rewrite_rules",{"type":139,"name":148,"callback":149,"file":136,"line":150},"well-known-uri","well_known_uri",106,{"type":139,"name":152,"callback":153,"file":136,"line":154},"admin_menu","add_plugin_page",116,{"type":139,"name":156,"callback":156,"file":136,"line":157},"admin_notices",117,{"type":139,"name":159,"callback":160,"file":136,"line":161},"admin_init","page_init",118,[],[],[],[],{"dangerousFunctions":167,"sqlUsage":168,"outputEscaping":170,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":178},[],{"prepared":13,"raw":13,"locations":169},[],{"escaped":171,"rawEcho":121,"locations":172},7,[173,176],{"file":136,"line":174,"context":175},94,"raw output",{"file":136,"line":177,"context":175},203,[],[],{"summary":181,"deductions":182},"The 'well-known-uris' plugin, version 1.0.3, exhibits a strong security posture based on the provided static analysis. The absence of any identified attack surface points, such as AJAX handlers, REST API routes, shortcodes, or cron events, significantly reduces the potential for external exploitation. Furthermore, the code analysis reveals no dangerous functions, no raw SQL queries, and no external HTTP requests, all of which are excellent security practices. The taint analysis also indicates no identified vulnerabilities related to unsanitized data flows.\n\nHowever, a notable concern is the complete absence of nonce checks and capability checks. While the current analysis shows no exploitable entry points, the lack of these fundamental security mechanisms leaves the plugin vulnerable to various attacks if functionality is ever added or if there are unforeseen interactions with other plugins. The vulnerability history is clean, suggesting a well-maintained plugin or a lack of past scrutiny, but this doesn't mitigate the risks associated with missing essential security controls. In conclusion, the plugin is currently secure due to its minimal attack surface and clean code, but the lack of basic authorization and validation controls represents a significant weakness that could become critical with future development.",[183,186,188],{"reason":184,"points":185},"Missing nonce checks",8,{"reason":187,"points":185},"Missing capability checks",{"reason":189,"points":190},"High percentage of unescaped output",5,"2026-03-16T21:31:24.246Z",{"wat":193,"direct":198},{"assetPaths":194,"generatorPatterns":195,"scriptPaths":196,"versionParams":197},[],[],[],[],{"cssClasses":199,"htmlComments":200,"htmlAttributes":201,"restEndpoints":202,"jsGlobals":203,"shortcodeOutput":204},[],[],[],[],[],[]]